Cybersecurity measures across the supply chain were the focus of the Deputy Deputy Secretary of Defense Patrick Shanahan during the annual Air Force conference.
The responsibility falls on the prime contractors to ensure that tier 1 and tier 2 suppliers have security measures in place. According to the Deputy Secretary the measure will be the "fourth critical measure" , in addition to cost, quality, and schedule to hold "people accountable."
Security is the standard not the exception. To ensure these measures are in place the Pentagon could launch red team cyber attacks to test the vulnerability of contractor's systems.