Pentagon Warns CEOs: Protect Your Data or Lose Our Contracts
Deputy Defense Secretary Patrick Shanahan says cyber security should be a top priority for its contractors.
SAN DIEGO — The Pentagon is warning defense-industry CEOs to better protect their computer networks or risk losing business.
“The culture we need to get to is that we’re going to defend ourselves and that … we want the bar to be so high that it becomes a condition of doing business,” Deputy Defense Secretary Patrick Shanahan said Tuesday at an industry conference here sponsored by the AFCEA and the U.S. Naval Institute.
Shanahan noted that CEOs would likely be hesitant to “sign a cyber disclosure statement that says everybody you do business with is secure.”
“In areas of safety, protecting your workers, in terms of protecting our data or protecting their information, there should be this standard,” he said after the speech.
The former Boeing executive likened network security to personal hygiene, something that individuals do everyday without thinking about it.
“I came from a company where product integrity and safety was the first order of business,” he said. “I think of things like safety, and cyber falls into that category — whether it’s safety or security, as being one of those things that should be uncompromising.”
Some of the largest defense firms have experienced embarrassing hacks in recent years, exposing sensitive data about top-of-the-line American weapons. Boeing and other defense firms have reportedly been the target of foreign hackers on numerous occasions. Last year it was revealed that an Australian supplier on the F-35 Joint Strike Fighter program reportedly had sensitive, unclassified data stolen from its servers, and there are reports of the F-35 program being targeted by the Chinese as far back as 2007.
In the aerospace industry, Shanahan said, employees are not afraid to admit when they make a mistake, because it’s built in the culture.
“This goes back to who you are based on how you grew up,” Shanahan said. “[Boeing would] spend an enormous amount of time talking safety and security. When I look at the processes, there’s big opportunity for us to continue to improve that.