US Defense Contractors Don't Meet Basic Cyber Security Standards

A year after the Pentagon announced its newest cyber security guidelines the industry is still trying to work out how it will comply with the new rules and operate in a new environment. Cybersecurity Maturity Model Certification (CMMC) 2.0 recently entered the Defense Department’s rulemaking process, the final step before it becomes an official requirement. 

Despite questions about industry’s cyber security capabilities and the challenging documentation process, defense companies could be required to comply with CMMC for new contracts as soon as May 2023. 

Defense contractors will be required to comply with the CMMC framework and must prove their compliance when bidding for DoD contracts. The problem is that, right now, research shows that 87% of US defense contractors do not meet basic cyber security legal requirements that are considered vital to US national security. 

The security firm CyberSheath conducted a survey of 300 Department of Defense contractors and found that an extremely low number of respondents have the recommended level of security practices in place. Only 13% of respondents had a Supplier Risk Performance System score of 70 or above, way below the score of 110 that is required for full compliance. According to CyberSheath, the defense contractors believed a score of 70 to be adequate.

This report found that 70% have not deployed security information and event management (SIEM), 79% lack a comprehensive multi-factor authentication system, 73% do not have an end-point detection response (EDR) solution and 80% lack a vulnerability management solution. 

With recent attacks targeting the defense and critical infrastructure industries, the survey’s results are disturbing. Furthermore, this could have massive consequences for defense contractors, nearly half of whom would lose up to 40% of their revenue if DoD contract loss occurs, according to the research.

In addition to being largely non-compliant, an astounding 82% of contractors find it “moderately to extremely difficult to understand the governmental regulations on cyber security.”

CyberSheath:     National Defense Magazine:      Oodaloop:       Infosecurity-Mgazine:   HelNetSecurity:    Reddit:  

You Might Also Read: 

Hackers Achieve Widespread Penetration Of Defense Contractors:



 

« The Need For OT-centric Cyber Security Strategies
Misconfigured Cloud Applications Are Putting Your Data At Risk »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

National Information Security & Safety Authority (NISSA) - Libya

National Information Security & Safety Authority (NISSA) - Libya

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

Keyavi Data

Keyavi Data

With Keyavi’s evolutionary data protection technology, your data stays within the bounds of your control in perpetuity.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

Threatsys Technologies

Threatsys Technologies

Threatsys’s Integrated cyber security process helps your organizations to ensure that it’s secure from any fraudulent attacks.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.