US Contractors Struggling With Pentagon Cyber Security Standards

Uploaded on 2019-12-17 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The US federal government relies on external service providers to help carry a wide range of government tasks using cyber and digital systems and many federal contractors, routinely process, store, and transmit sensitive federal information in their systems to support the delivery of essential products and services to federal agencies.

These include financial services lik web connectivity, email services; processing security clearances, healthcare data, providing cloud services, developing communications, satellites and weapons systems. Federal information is also frequently provided to or shared with entities such as State and local governments, colleges and universities as well as independent research organisations.

Foreign nations have clearly  recognised that one of the best pathways to hacking and stealing US government technology is by targeting its industrial base. 

Now Foreign countries are actively targeting and compromising US contractors so often that the Department of Defense asked the National Institute of Standards and Technology to develop custom security guidance to address the problem.
The Pentagon is making big moves in an effort to improve cybersecurity for its industrial base. However, the department's biggest roadblocks early on may be the same confusion, doubt and uneven compliance from contractors that led to the vulnerabilities in the first place.

Nine months ago the US Defence Department (DoD), said contractors not up to date on cybersecurity standards will only get a pass from the DoD for a short period before the DoD will begin auditing companies’ cybersecurity procedures that want to win contracts and it plans to start within the next 18 months, according to Ellen Lord, DoD undersecretary for acquisition and sustainment.

Some small companies are struggling to meet the Pentagon’s cyber network security rules, and even larger contractors aren’t doing as well as they think they are according  a recent DoD study.

One reason may be that big companies tend to give their smaller subcontractors a lot of data they don’t need, which then becomes vulnerable to foreign hackers. In 2016, hackers stole sensitive data about the F-35 Joint Strike Fighter from an Australian subcontractor. That and similar cases prompted the Pentagon to issue New rules for handling such information. By Jan. 1, 2018, companies were supposed to have a plan for meeting these new standards.

The Pentagon has been warning companies that they will lose business if they or their suppliers do not meet the rules. 

Areas in which companies are having particular trouble meeting the standards include multi-factor authentication and FIPS-validated encryption. Even full compliance doesn’t mean a company’s networks are safe from thieves and officials from the Department of Defense and the National Institute of Standards and Technology (NIST) are producing new draft cyber security guidance for contractor systems deemed high value assets to comply with thw Pentagon's Cybersecurity Maturity Model Certification (CMMC) program.   

Defense One:       Federal News Network:      Defense Systems:     FCW:      NIST:

You Might Also Read: 

Microsoft, Amazon CEOs Vow To Continue Defense Work:

 

« The Future Of Policing In A Cyber World
Going To The Dark Web »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

Mixed Mode

Mixed Mode

Mixed Mode is a specialist in embedded and software engineering for applications including IoT and secure embedded systems.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

Iceberg

Iceberg

Since 2016, Iceberg has redefined how businesses approach hiring in the Cybersecurity and eDiscovery space.

National Cyber Security Authority (NCA) - Saudi Arabia

National Cyber Security Authority (NCA) - Saudi Arabia

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Passbase

Passbase

Passbase is building a full-stack identity verification engine backed by verified government documents.

eMazzanti Technologies

eMazzanti Technologies

eMazzanti Technologies provides IT consulting services for businesses ranging from home offices to multinational corporations throughout the USA and internationally.

White Tuque

White Tuque

A new way to protect your organization. White Tuque is your partner in identifying threats, understanding your risk, and ensuring your business remains resilient.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.