The U.S. accused the mainland of stealing F-35 technology from Loma through downstream subcontractors to build its own J-31, pictured here in Zhuhai during a training exercise.
“Breaking Defence” reported on the 12th, in order to prevent China’s cyber spies from stealing F-35 data and using it to build advanced warplanes such as the J-31, the Pentagon’s Office of the Under Secretary for Acquisition and Sustainment (A&S) (OUSD) is promoting the Cybersecurity Maturity Model Certification (CMMC). Model Certification (CMMC).
In the future, defense contractors and subcontractors must obtain certification before they can bid on Pentagon bids to maintain the security of the Department of Defense supply chain and to avoid infringement of the U.S. military’s intellectual property rights and sensitive information due to cyber espionage.
CMMC is divided into five levels, in charge of CMMC Bostjanick (Stacy Bostjanick) explained that with the Pentagon CMMC program to promote, the standard will apply to each enterprise in the supply chain, and this reflects the U.S. side of the contractor to comply with the security norms of trust is insufficient. The manufacturer’s disregard for security guidelines has opened the door to the massive theft of F-35 data from the mainland, which in turn has helped the Chinese Communist Party build advanced warplanes such as the J-31.
In other words, once the weapon design and other information is touched, the Pentagon must ensure that the network security is in the best condition. He stressed that “many manufacturers do not understand why the military requirements, just think that compliance will be able to win the bid. Therefore, the J-31 produced in mainland China appears to be very similar to the U.S. F-35.
Burst Janik explained that verification requirements are not only an indispensable part of CMMC, but also have their necessity. Even through prior voluntary guidance, the Pentagon still loses a lot of important information to contractors who mishandle data. Through a long-running espionage program, the mainland gained access to U.S. plans and construction of the J-31 aerial warplane. Such spying operations began in 2007 and were conducted through subcontractors of Lockheed Martin.
While the CMMC cannot guarantee complete protection against the recurrence of similar crimes by state actors, through laws and regulations, the CMMC has limited the flow of classified information to companies that can guarantee security. As state actors continue to launch industrial espionage and steal intellectual property rights, the CMMC makes it difficult for each node to break through, thus demonstrating great value.
He also mentioned that there are five levels of CNNC, and if program managers and prime contractors follow the level specifications, small subcontractors will not receive unclassified information that they cannot secure. In practice, it is often found that a contractor passes the entire data to a subcontractor via LINE, which allows the latter to obtain information that he does not need, which then requires CMMC.
However, contractors who work exclusively for military suppliers with off-the-shelf products are not required to obtain CMMC certification as long as they do not have access to controlled information.” The purpose of CMMC is like making sure your neighbor isn’t stealing your Netflix,” “It’s easy and keeps the network basically secure, and I recommend that everyone (meaning vendors interested in bidding) apply; but if you’re a commercial off-the-shelf vendor, you don’t need to apply.”
As for other contractors who want to sign contracts with the military, obtaining network security certification is no longer just an option, but has become a constituent element. This makes it more difficult for corporate spies to seize intellectual property rights and sensitive information through computer systems.
CMMC’s idea came from public health prevention during the pandemic, through a comprehensive and better practice to reduce the harm of cyber espionage. To ensure security, even in small matters, consistent standards must be followed. With the implementation of CMMC, contractors and subcontractors throughout the supply chain will be required to comply with the code starting in fiscal year 2026.
Recent Comments