SSC Partners with Pacific Northwest National Laboratory to Offer Free Cybersecurity Scanning to Vendors

  • Published
  • By Lisa Sodders, SSC Public Affairs
Commercial vendors who want to do business with the U.S. Space Force can now take advantage of free cybersecurity supply chain and vulnerability scanning paid for by the USSF.
Col. Jennifer Krolikowski, chief information officer for Space Systems Command, said SSC is providing the scans in partnership with Pacific Northwest National Laboratory to commercial vendors and other government agencies.

“One of the reasons why we wanted to establish the program was to help improve cyber defense across the industry,” Krolikowski said. “Yes, we can work with the [defense] ‘primes’ and have an amount of cybersecurity [built in] but when it comes down to subcontractors or non-traditional types of companies, we don’t have as much insight as to their cyber posture. We wanted to offer them an assessment, so they can be aware of it, get better management of it, so it raises the level of systems we’re procuring from in general.”

“Imagine you’re a CEO of a small company with a great idea that could be applied to a national security space enterprise, and you’ve been up and running for a year with the government on a top secret contract and then you got hacked – imagine what that does to the prospects for your business,” said Dennis Graves, SSC CIO for Cyber. “The basic point of these scans is: let us help you soft-diagnose your own defects.”
 
The scans are non-attributable, which means SSC doesn’t see the results, Krolikowski said.

“The scans are to help encourage companies to get that assessment and then make their remediations without the government,” Krolikowski said. “We have seen instances in companies where the cyber is kind of thought of at the end, and then it creates a lot of ‘tech debt’ to try to make things more secure at the end of the process rather than thinking about it at the beginning.”

Graves said while the overarching goal is supply chain integrity, the cyber assessment covers a lot of ground and has a short and a long version, depending on the company.
 
Some of the areas the scan considers include information technology controls in terms of NISP (National Industrial Security Program) – the nominal authority in the U.S. that manages the needs of private industry to access classified information. But the scans also can look at background checks for personnel, whether the company has any foreign ownership, potential for insider threat, and third- and fourth-level contractors.
 
Cyber hackers are becoming more creative, but often when security experts reverse-engineer an attack, it’s revealed to be triggered by something employees could be easily trained to recognize and prevent, like social engineering or phishing attacks, Graves said.
 
“A lot of times, you don’t even know you’ve had a breach, but [the hackers] are just lurking there, waiting to infiltrate,” Graves said. “Those of us who live in this space and know how to reverse-engineer all these, we know what to look for, and that’s what we instruct PNNL to look for.”
 
Companies interested in undergoing the cyber scans may contact: brian.parker@pnnl.gov or ashlee.adame@pnnl.gov