Mike Petters, the chief executive of Huntington Ingalls Industries, said he supports the Defense Department's effort to implement the Cybersecurity Maturity Model Certification program, but said that will be only one part of a "dynamic" effort to protect critical data and systems.
In an interview with Inside Defense last week, Petters said managing the defense industry's cybersecurity won't be an easy task.
"Unlike most other sorts of things that you see in acquisition, this is not going to be one of those things where we're going to get it and say, 'OK, we've got that done,'" he said. "This one's going to change every day."
"It's not readily apparent, given the depth and variety of our supply chain, that there's a one-size-fits-all solution to it," Petters added.
But he said he's a "fan of the approach the Pentagon is taking right now" with CMMC.
"That makes a lot of sense, but I think that falls in the 'OK, that's necessary, but that's not going to be sufficient'" category, he said. "In the end, that's going to have to be a very dynamic process as well, and I would say the people in the Pentagon agree with that."
Navy Chief Information Officer Aaron Weis has said the service will rely on prime contractors to help with cybersecurity among subcontractors.
Petters said it's not unreasonable to expect primes to get involved, but he needs to see more information about what the military wants.
"We're the gatekeeper for a lot of things so I think if you can define it in such a way it actually solves the issue and is something you can get your arms around, then yeah, I think the primes can do that," he said. "If you're going to ask the primes to walk on water, I'm not sure . . . they can actually do that."
Specifically, Petters said both the risks and consequences need to be identified.