US Contractors Struggling With Pentagon Cyber Security Standards

Uploaded on 2019-12-17 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The US federal government relies on external service providers to help carry a wide range of government tasks using cyber and digital systems and many federal contractors, routinely process, store, and transmit sensitive federal information in their systems to support the delivery of essential products and services to federal agencies.

These include financial services lik web connectivity, email services; processing security clearances, healthcare data, providing cloud services, developing communications, satellites and weapons systems. Federal information is also frequently provided to or shared with entities such as State and local governments, colleges and universities as well as independent research organisations.

Foreign nations have clearly  recognised that one of the best pathways to hacking and stealing US government technology is by targeting its industrial base. 

Now Foreign countries are actively targeting and compromising US contractors so often that the Department of Defense asked the National Institute of Standards and Technology to develop custom security guidance to address the problem.
The Pentagon is making big moves in an effort to improve cybersecurity for its industrial base. However, the department's biggest roadblocks early on may be the same confusion, doubt and uneven compliance from contractors that led to the vulnerabilities in the first place.

Nine months ago the US Defence Department (DoD), said contractors not up to date on cybersecurity standards will only get a pass from the DoD for a short period before the DoD will begin auditing companies’ cybersecurity procedures that want to win contracts and it plans to start within the next 18 months, according to Ellen Lord, DoD undersecretary for acquisition and sustainment.

Some small companies are struggling to meet the Pentagon’s cyber network security rules, and even larger contractors aren’t doing as well as they think they are according  a recent DoD study.

One reason may be that big companies tend to give their smaller subcontractors a lot of data they don’t need, which then becomes vulnerable to foreign hackers. In 2016, hackers stole sensitive data about the F-35 Joint Strike Fighter from an Australian subcontractor. That and similar cases prompted the Pentagon to issue New rules for handling such information. By Jan. 1, 2018, companies were supposed to have a plan for meeting these new standards.

The Pentagon has been warning companies that they will lose business if they or their suppliers do not meet the rules. 

Areas in which companies are having particular trouble meeting the standards include multi-factor authentication and FIPS-validated encryption. Even full compliance doesn’t mean a company’s networks are safe from thieves and officials from the Department of Defense and the National Institute of Standards and Technology (NIST) are producing new draft cyber security guidance for contractor systems deemed high value assets to comply with thw Pentagon's Cybersecurity Maturity Model Certification (CMMC) program.   

Defense One:       Federal News Network:      Defense Systems:     FCW:      NIST:

You Might Also Read: 

Microsoft, Amazon CEOs Vow To Continue Defense Work:

 

« The Future Of Policing In A Cyber World
Going To The Dark Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

CyberGhost

CyberGhost

CyberGhost is a Virtual Private Network services provider offering secure encrypted access to the internet.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Global Accelerator Network (GAN)

Global Accelerator Network (GAN)

Global Accelerator Network are a highly curated community of independent Accelerators, Partners and Investors.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.