The Department of Defense and other security and intelligence agencies are waging an undeclared war, a cyberwar. The barrage of attacks on government networks and computers is dwarfed, however, by those that take place against private sector businesses. The administration is proposing a rule change to the Federal Acquisition Regulation that could help with that problem.
The current rules about securing classified government data and secrets are clear. The FAR does not address the data and systems surrounding the government’s secrets and the new rule will change that. It will require specific protections for networks and systems that transmit, connect to or store data under government contract.
While it may seem obvious that this would be happening as a matter of course, it is not. The gaps in cybersecurity in American businesses are resulting in the loss of trade secrets, formulas, manufacturing processes and financial data. These types of data losses provide other nations or international businesses an advantage, both in competing with U.S. businesses and with matching U.S. innovations. Data theft damages the backbone of the defense industry, especially the smaller second or third tier subcontractors.
In mid-May, Eric Rosenbach, deputy assistant secretary of defense for cyber policy, and Richard Hale, deputy chief information officer for cybersecurity, spoke to reporters about the DoD’s efforts to improve the cyber defenses of the defense industrial base. The discussion marked the expansion of a pilot program for sharing threats to data security among private and public partners in the defense industry.
The new rule change goes much farther. It mandates that contractors and subcontractors use anti-virus software, regularly update programs including operating programs and provide both physical as well as programmed security to systems. Along with other requirements, the rule represents the DoD mandating private sector cybersecurity controls that prudent businesses ought to have been using from day one. The proposed rule would make intelligence gathering through data theft much more difficult. And while in the past the private sector has balked at such information sharing propositions, with today’s budget crunch making every contract count, and renewed need to protect government data, more firms are likely to get on board and support the proposal.
Charles Simmins brings thirty years of accounting and management experience to his coverage of the news. An upstate New Yorker, he is a freelance journalist, former volunteer firefighter and EMT, and is owned by a wife and four cats.