The 2020 SolarWinds cybersecurity breach exposed several U.S. government agencies, in addition to 100 companies, and the aftermath is still being assessed, with experts regarding it as the largest and most sophisticated cyberattack to date. Optiv, an end-to-end cybersecurity provider, has announced new capabilities to assist clients through new federal requirements—specifically, the Cybersecurity Maturity Model Certification (CMMC).
Announced in January 2020, the CMMC is a new regulated unified standard of cybersecurity across the defense industrial base (DIB) of contractors. Although the program has been rolling out for over a year, the standards only became requirements near the end of 2020, just one week before the discovery of the SolarWinds attack. As a managed security service provider (MSSP), Optiv is prepared to help its DIB clients act sooner rather than later, considering the ramifications of the next possible cyberattack against the U.S. Department of Defense and its supply chain management.
Full implementation of CMMC regulations is not expected until 2025, but Optiv is wisely getting a head start on reassuring current clients and attracting new ones. Rather than considering it a compliance checklist, Optiv (as well as some in the CMMC accreditation body) is approaching the certification as a new standard of doing business with the federal government. The CMMC is designed to assure the DOD of contracting companies’ “cyber hygiene,” the maintenance of overall system health and enhanced security. DIB companies can use Optiv’s services and tools to determine their cyber hygiene and maturity and enable new practices, policies, and processes.
The new cybersecurity standards are crucial to protecting the DOD from further supply chain attacks, which work by identifying and exploiting weaknesses within the chain. The federal defense supply chain includes a wide range of equipment—everything from weapons and munitions to spare parts—and disruptions within could lead to any number of unknown consequences. In response to the COVID-19 pandemic, the Defense Production Act (DPA) has been invoked by former President Trump and current President Biden to combat shortages in medical equipment and supplies.
Retired Army General David H. Petraeus sits on Optiv’s Board of Directors, so he understands the dangerous possibilities of the next attack, whether from external or internal enemies. When the supply chain is attacked, it can wreak havoc on the companies involved or possibly provide a back-door-entrance into federal agencies’ networks, not unlike the SolarWinds attack. It will be the role of Optiv and other MSSPs to help to strengthen each link of the chain, to eliminate any vulnerabilities that could lead to another catastrophic breach.
