Pentagon orders broad initiative to drive cybersecurity compliance, change cyber ‘culture’

October 19, 2015

The Defense Department is spending tens of millions of dollars per year to clean up after cybersecurity breaches – about 80 percent of which are caused by defensive lapses like poor user behavior and failure to apply software patches. So Pentagon leaders say it’s time to ratchet up the pressure on senior leaders to comply with existing security policies and better train their personnel on cyber hygiene.

The DoD Cybersecurity Culture and Compliance Initiative (DC3I) – billed as an effort to “transform DoD cybersecurity culture” – will include a new regime of no-notice inspections, mandates for commanders to incorporate real-world cyber scenarios into all of their unit training and a yet-to-be-determined amount of spending to make military networks more defensible, based on the premise that every dollar spent on up-front security prevents $7 of costs in fixing a breach after the fact.

Read full story…