The U.S. accused the Chinese of stealing Loma’s F-35 technology through downstream subcontractors to build its own J-31, pictured here in Zhuhai during a training exercise.
“Breaking Defence 12 reported that the Pentagon’s Office of the Under Secretary for Acquisition and Sustainment (OUSD) is pushing for “Cybersecurity Maturity Model Certification” (CMM) to prevent Chinese cyber spies from stealing F-35 data and using it to build advanced warplanes such as the J-31. Cybersecurity Maturity Model Certification (CMMC). In the future, defense contractors and subcontractors will be required to obtain certification before they can bid on Pentagon bids to maintain the security of the DoD supply chain and to prevent the U.S. military’s intellectual property and sensitive information from being compromised by cyber espionage.
CMMC is divided into five levels, in charge of CMMC Bostjanick (Stacy Bostjanick) explained, as the Pentagon CMMC program to promote, the standard will apply to every enterprise in the supply chain, and this reflects the U.S. side of the contractor to comply with the security norms of trust is not enough. The manufacturer’s disregard for security guidelines has opened the door to massive domestic theft of F-35 data, which in turn has helped the Chinese Communist Party build advanced warplanes such as the J-31.
In other words, the Pentagon must ensure that cybersecurity is at its best once information such as weapons design is touched. He stressed that many manufacturers do not understand why the military requirements, just think to comply to win the bid. Therefore, the J-31 produced by the Chinese Communist Party appears to be very similar to the U.S. F-35.
Burstchenyk explained that the verification requirement is not only an integral part of CMMC, but also a necessity. Even through prior voluntary guidance, the Pentagon lost a great deal of important intelligence through the contractor’s mishandling of data. Through a long-running espionage program, the Chinese Communist Party gained access to U.S. plans and construction of the J-31 aerial warplane. Such espionage operations began in 2007 and were conducted through Lockheed Martin subcontractors.
While the CMMC cannot guarantee complete protection against the recurrence of similar crimes by state actors, through the development of laws and regulations, the CMMC has restricted the flow of classified information to companies that can guarantee security. As state actors continue to launch industrial espionage and steal intellectual property, the CMMC makes it difficult for each node to break through, thus demonstrating great value.
He also mentioned that there are five levels of CNNC, and if program managers and prime contractors follow the level specifications, small subcontractors will not receive unclassified information that they cannot secure. In practice, it is often found that the contractor passes the entire data to the subcontractor via LINE, which gives the latter access to data he doesn’t need, and that’s when CMMC is needed.
However, contractors who work exclusively for military suppliers with off-the-shelf products are not required to obtain CMMC certification as long as they do not have access to controlled information. “The purpose of CMMC is like making sure your neighbor isn’t stealing your Netflix”, “It’s easy and keeps the network basically secure, and I recommend that everyone (meaning vendors interested in bidding) apply; but if you’re a commercial off-the-shelf vendor, you don’t need to apply “.
As for other contractors who want to sign contracts with the military, obtaining cybersecurity certification is no longer just an option, but has become a constituent element. This makes it more difficult for corporate spies to seize intellectual property and sensitive information through computer systems.
The CMMC’s idea came from public health prevention during a pandemic to reduce the harm of cyber espionage through comprehensive and better practices. To ensure security, even in small matters, consistent standards must be followed. With the implementation of CMMC, contractors and subcontractors throughout the supply chain will be required to comply with the code starting in fiscal year 2026.
Recent Comments