Katie Arrington, the Department of Defense’s (DoD) CISO for acquisition and a prime mover for the recently released Cybersecurity Maturity Model Certification (CMMC) program, this week emphasized the vital importance of defense contractors making the switch away from Chinese-built communications equipment.
“If any of our contractors in the Department of Defense, our industrial base, have Huawei, ZTE or Hikvision video surveillance cameras or telecoms, we can no longer do business,” she said at NeoSystems’ CMMC Impact on GovCon: Part 2 event on March 26.
Arrington told the DoD industrial base to contact industry associations and legislators about the issue if they are still working with the unapproved companies. Her comments echo what she said last month at the RSA conference in California, holding strong on the practical rationale behind the Huawei ban to improve security at DoD and within the defense industrial base.
She added that the importance of supply chain security is especially clear during the COVID-19 coronavirus pandemic.
“If COVID-19 has shown us anything, getting our own supply chain, making sure that we are taking care of home first is crucially important to our national defense,” Arrington asserted.
A Federal judge ruled in February that the congressional ban on Federal agencies and contractors doing business with Chinese communications equipment maker Huawei is constitutional. Mandated in section 889 of the National Defense Authorization Act, Arrington said this law is “more important right now to businesses in the DoD environment than anything.”
“We need to impart some risk mitigation strategies as we work to eliminate the reliance on those particular manufacturers of video surveillance equipment specifically out of our supply chain, and bring it back home to the United States,” she said.
Arrington also announced that the CMMC program signed up a nonprofit to serve as its accreditation body, according to numerous news reports about the webinar.