DISA Chief Signals New Approach to Industry Accountability

DISA Director Lt. Gen. Paul Stanton said Tuesday that contractors supporting War Department networks should be treated as part of the warfighting team and held to common operational standards in cyber defense.

“If you contract with DISA or [Department of Defense Cyber Defense Command (DCDC)], you are on the team because I have a warfighting dependency on your system and the people that are operating it,” Stanton said during a roundtable at AFCEA TechNet Cyber in Baltimore. “As a company doing business with us, you have to be part of the team.”

According to Stanton, the Department of War Information Network (DOWIN) has become too complex, interconnected and reliant on commercial technology for any single organization to defend alone. The diversity of technologies supporting the network, he said, makes collaboration essential.

Stanton said he is working to reshape the culture of the contractor-DOW relationship by replacing traditional arm’s-length engagements with a more integrated, mission-focused approach.

Rather than operating as separate entities, he said government and industry should function as a single team focused on mission outcomes, trained to common standards and accountable to the same objectives.

“I have to make sure that they’re trained to the standard that we are establishing for implementing the weapon system, not your individual solution that you, as an industry partner, brought,” he said. “That’s where I’m drawing this new distinction.”

He said that Defense Industrial Base partners need to work within systems that support warfighters rather than focusing on individual products. Stanton added that industry profitability and DOW mission success can be aligned if contracts clearly establish performance expectations and accountability.

“We have to be uncompromising in our ability to support warfighting. That’s why we exist. This is a combat-support agency,” Stanton said. “Do I think it will be easy? I do not. Do I think it’s going to require relationships, team building, development, new contract language? Absolutely.”

Stanton said that urgency is being driven in part by advances in artificial intelligence, which are accelerating vulnerability discovery and shortening the time to respond. Adversaries are using frontier AI models to accelerate cyber risk faster than the DOW’s current structures can handle.

“The speed, scope and scale of frontier AI models will significantly change the way that we approach delivering warfighting capabilities and securing them for our nation,” he said. “We cannot do that in isolation.”

DIB partners also are using AI-enabled tools to identify software and configuration vulnerabilities in networks like the DOWIN.

“Industry partners are leveraging frontier models to discover vulnerabilities at a pace that is unprecedented,” he said. “Once a vulnerability is exposed, then you’re in a race condition against potential adversaries that will attempt to weaponize that vulnerability.”