The Department of Defense (DoD) has issued a final rule with revisions to the eligibility criteria for the voluntary Defense Industrial Base (DIB) Cybersecurity (CS) Program, greatly expanding the number of DIB companies that can participate in the program.
The CS program shares cybersecurity threat intelligence and other security assistance with the private sector firms that do business with the DoD. Once a defense contractor joins the program, they are also encouraged to share cyber threat indicators with the Pentagon.
The new revisions will allow all defense contractors “who own or operate an unclassified information system that processes, stores, or transmits covered defense information to benefit from bilateral information sharing,” according to the rule.
The rule will take effect on April 11, according to a notice posted to the Federal Register on Tuesday.
“With the revisions to the eligibility criteria, the department will be able to reduce the impact of cyber threat activity on DIB networks and information systems and, in turn, preserve its technological advantage and protect DoD information and warfighting capabilities,” it says. “The mitigation of the cyber threat targeting defense contractors reinforces the nation’s national security and economic vitality.”
The final rule comes after the DoD gathered public feedback on the proposed rule last summer.
“We do this to continue to move forward to reduce cyber risk and to bolster cybersecurity,” Diedra Padgett, deputy director of the DIB Operations Directorate, said in announcing the proposed revision to the program in May 2023.
“This has been a long-fought battle for years in the making, and I’m glad to say that we’re getting there,” Padgett said.
The DIB Cybersecurity Program aims to improve the ability of companies to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
The program is part of a larger department effort to protect information handled by DIB companies “by understanding and sharing information, building security partnerships, implementing long-term risk management programs, and maximizing efficient use of resources,” DoD said in the Federal Register notice.
