Industrial Security

The security of the defense industrial base (DIB) requires dynamic, risk-based threat assessments and solutions instead of static, check-list solutions. The government must streamline its use of classification and its processing of security clearances. DoD cybersecurity rules must be developed with industry input, reflect industry best practices, and be effectively communicated and implemented across all levels of the supply chain.

AIA Position StatementLook Toward the Future

The aerospace and defense industry is committed to staying ahead of cyber threats and ensuring resilience in today’s complex cybersecurity global ecosystem. It also supports government leaders’ efforts to align with industry on a path toward true security. Industry shares DoD’s objectives on cybersecurity, but the implementation of the cybersecurity rule has many challenges, especially for those at lower tiers of the supply chain.

AIA’s cybersecurity work in recent years has been focused on DoD’s Cybersecurity Maturity Model Certification (CMMC), an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology. Our objective is to work closely with DoD to ensure that cost effective and viable federal regulations drive consistent cyber security awareness and behaviors throughout the defense supply chain.

Take Action Now

Together, we must drive the industry toward true risk- and threat-based cybersecurity by establishing data protection best practices across diverse enterprises and evolving computing environments, while also contractually complying with DoD requirements for cyber protections on industry infrastructure.

A persistent challenge is DoD’s categorization of nearly all DoD information as Covered Defense Information (CDI) and Controlled Unclassified Information (CUI). This overly broad designation of CUI and CDI requires placing security controls on systems processing low-risk data. Instead, DoD should streamline processes and procedures for DoD CUI identification, creation, and derivative categorization, and implement them for all government and industry stakeholders. This will enable industry to more effectively manage that information, implement necessary controls on more high-risk data, and control costs.

AIA’s Role

AIA brings together industrial security, compliance, and ethics executives from our member companies with government officials to develop and promote policies related to all aspects of physical industrial security, cyber and information security, and their relationship to the National Industrial Security Program (NISP).

As with many issues, one of the main challenges we face is in ensuring that current and accurate threat information, government policy changes, and industry best practices are shared accurately and promptly across our industry. To facilitate that, AIA regularly convenes conferences and meetings to examine continuing security clearance reforms and implementation, insider threat information, evolving cybersecurity requirements and policy, security “best practices,” and other current special security and NISP issues.