Centralized Hierarchical Cybersecurity Monitoring Towards Securing the Defense Industrial Base Supply Chain
Primary Investigator:
Eric Dietz
Vijay Sundararajan, Dr. J. E Dietz
Abstract
With the rise in cyberattacks by nation-state adversaries, the US Department of Defense (DoD) introduced mandatory cybersecurity compliance to fortify the Defense Industrial Base (DIB) supply chain and communication with its private partners. These private partners, obligated by Defense Federal Acquisition Regulations (DFARS), were required to
conform to the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC) is a compliance regulation built upon the existing DFARS 252.204-7012 and the NIST SP 800-171 security controls. These private partners, also referred to as contractors, currently encounter challenges in implementing and monitoring these controls on their information systems, which store, process, and transmit Controlled Unclassified Information (CUI). Safeguarding CUI and confidential communications throughout the supply chain, from the DoD to its contractors/sub-contractors, is imperative
to mitigate cyber threats. This paper introduces a centralized hierarchical cybersecurity monitoring (CHCM) model for realtime compliance maintenance. The model is applicable to any type of supply chain relying on information systems to transfer important information and data. Results showcasing
the effectiveness of CHCM have been compiled from nine DoD contractors. Furthermore, this paper examines current work on centralized cybersecurity models, elucidates the security aspects, and addresses the benefits and challenges of implementing the CHCM model.