US Defense Contractors Don't Meet Basic Cyber Security Standards

Uploaded on 2022-12-13 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

A year after the Pentagon announced its newest cyber security guidelines the industry is still trying to work out how it will comply with the new rules and operate in a new environment. Cybersecurity Maturity Model Certification (CMMC) 2.0 recently entered the Defense Department’s rulemaking process, the final step before it becomes an official requirement. 

Despite questions about industry’s cyber security capabilities and the challenging documentation process, defense companies could be required to comply with CMMC for new contracts as soon as May 2023. 

Defense contractors will be required to comply with the CMMC framework and must prove their compliance when bidding for DoD contracts. The problem is that, right now, research shows that 87% of US defense contractors do not meet basic cyber security legal requirements that are considered vital to US national security. 

The security firm CyberSheath conducted a survey of 300 Department of Defense contractors and found that an extremely low number of respondents have the recommended level of security practices in place. Only 13% of respondents had a Supplier Risk Performance System score of 70 or above, way below the score of 110 that is required for full compliance. According to CyberSheath, the defense contractors believed a score of 70 to be adequate.

This report found that 70% have not deployed security information and event management (SIEM), 79% lack a comprehensive multi-factor authentication system, 73% do not have an end-point detection response (EDR) solution and 80% lack a vulnerability management solution. 

With recent attacks targeting the defense and critical infrastructure industries, the survey’s results are disturbing. Furthermore, this could have massive consequences for defense contractors, nearly half of whom would lose up to 40% of their revenue if DoD contract loss occurs, according to the research.

In addition to being largely non-compliant, an astounding 82% of contractors find it “moderately to extremely difficult to understand the governmental regulations on cyber security.”

CyberSheath:     National Defense Magazine:      Oodaloop:       Infosecurity-Mgazine:   HelNetSecurity:    Reddit:  

You Might Also Read: 

Hackers Achieve Widespread Penetration Of Defense Contractors:



 

« The Need For OT-centric Cyber Security Strategies
Misconfigured Cloud Applications Are Putting Your Data At Risk »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Kount

Kount

Kount's “decision engine” platform is ideal for managing fraud in online/telephone channels that process payments and onboard new customers.

EIT Digital

EIT Digital

EIT Digital is a leading digital innovation and entrepreneurial education organisation driving Europe’s digital transformation. Areas of focus include digital infrastructure and cyber security.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

RightCue Assurance

RightCue Assurance

RightCue Assurance identify opportunities for improvement in the Information Security for your organisation and work with you to reduce cyber risk.

Alcatel-Lucent Enterprise (ALE)

Alcatel-Lucent Enterprise (ALE)

We are Alcatel-Lucent Enterprise. Our mission is to make everything connect with digital age networking, communications and cloud solutions.

enQase

enQase

enQase offers security beyond PQC; the only comprehensive, scalable solution that utilizes enhanced quantum technologies to protect data against current and future quantum threats.