US Contractors Struggling With Pentagon Cyber Security Standards

Uploaded on 2019-12-17 in NEWS-News Analysis, GOVERNMENT-Defence, FREE TO VIEW

The US federal government relies on external service providers to help carry a wide range of government tasks using cyber and digital systems and many federal contractors, routinely process, store, and transmit sensitive federal information in their systems to support the delivery of essential products and services to federal agencies.

These include financial services lik web connectivity, email services; processing security clearances, healthcare data, providing cloud services, developing communications, satellites and weapons systems. Federal information is also frequently provided to or shared with entities such as State and local governments, colleges and universities as well as independent research organisations.

Foreign nations have clearly  recognised that one of the best pathways to hacking and stealing US government technology is by targeting its industrial base. 

Now Foreign countries are actively targeting and compromising US contractors so often that the Department of Defense asked the National Institute of Standards and Technology to develop custom security guidance to address the problem.
The Pentagon is making big moves in an effort to improve cybersecurity for its industrial base. However, the department's biggest roadblocks early on may be the same confusion, doubt and uneven compliance from contractors that led to the vulnerabilities in the first place.

Nine months ago the US Defence Department (DoD), said contractors not up to date on cybersecurity standards will only get a pass from the DoD for a short period before the DoD will begin auditing companies’ cybersecurity procedures that want to win contracts and it plans to start within the next 18 months, according to Ellen Lord, DoD undersecretary for acquisition and sustainment.

Some small companies are struggling to meet the Pentagon’s cyber network security rules, and even larger contractors aren’t doing as well as they think they are according  a recent DoD study.

One reason may be that big companies tend to give their smaller subcontractors a lot of data they don’t need, which then becomes vulnerable to foreign hackers. In 2016, hackers stole sensitive data about the F-35 Joint Strike Fighter from an Australian subcontractor. That and similar cases prompted the Pentagon to issue New rules for handling such information. By Jan. 1, 2018, companies were supposed to have a plan for meeting these new standards.

The Pentagon has been warning companies that they will lose business if they or their suppliers do not meet the rules. 

Areas in which companies are having particular trouble meeting the standards include multi-factor authentication and FIPS-validated encryption. Even full compliance doesn’t mean a company’s networks are safe from thieves and officials from the Department of Defense and the National Institute of Standards and Technology (NIST) are producing new draft cyber security guidance for contractor systems deemed high value assets to comply with thw Pentagon's Cybersecurity Maturity Model Certification (CMMC) program.   

Defense One:       Federal News Network:      Defense Systems:     FCW:      NIST:

You Might Also Read: 

Microsoft, Amazon CEOs Vow To Continue Defense Work:

 

« The Future Of Policing In A Cyber World
Going To The Dark Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

WebOrion

WebOrion

WebOrion is an All-in-One Web Security & Performance Suite. Fortify, accelerate and monitor your website today.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

ServerScan

ServerScan

ServerScan specializes in providing server scanning & compliance services to organizations of all types and sizes.

BlueAlly

BlueAlly

BlueAlly helps clients scale, optimize, and manage their IT resources to reach their business goals.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

PhishProtection

PhishProtection

We created Phish Protection to prevent all types of phishing including spear phishing protection and office 365 email protection for your small business.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.