Government Contractors and Cyber Security Compliance
Cybersecurity has become crucial need for government contractors at this time. Security threats have become so real and strong that all computer systems can be considered vulnerable to attacks, whether the hacker is located on the other side of the world, or in the same room as the computer. Although this has been a growing concern for so many years for all Internet users,government contractors in particular are now facing the additional challenge of complying with special regulatory obligations, which they must fulfill without hampering their ability to secure and fulfill government contracts.
There will be new cybersecurity rules for government contractors starting December 31, 2017. To be affected by these are the Department of Defense (DOD), the General Services Administration (GSA) and the National Aeronautics and Space Administration (NASA).
Because cybersecurity standards and practices have been established for classified projects, the target of the new regulations is sensitive but unclassified information. This is to address the problem of security breaches becoming increasingly common since the last few years.
The new cybersecurity rules were first issued two years ago, but some government contractors have not seriously acted on them and may not be fully aware of the requirements. As per a hundred new regulations, NASA, DOD and GSA contractors must enforce tougher physical security measures at their physical premises, enforce and document cybersecurity guidelines and practices, and build a comprehensive emergency plan that will protect them against a cybersecurity attack.
The cost of complying with the new cybersecurity regulations can vary from one company to another. For some contractors, only minor adjustments to their existing cybersecurity policies and practices may be necessary; for others, thousands of dollars may have to be spent to update old servers or buy new onesor hire security experts.
While some government contractors are well-prepared for the new set of regulations, many are not. The regulates require a new range of compliance obligations. But the not-so-known risks to government contractors, like the potential for litigation or subcontractor-related compliance issues, can pose bigger risks for them as time goes by. Hence, government contractors should keep working with their lawyer, with cybersecurity professionals and with compliance officers to avoid problems with their cybersecurity posture.
In 2017, federal officials promoted more effective cybersecurity by announcing different regulatory actions. For instance, in February of the same year, a “Cybersecurity National Action Plan” was announced, followed by two related executive orders.
Months later in the same year, the Department of Defense set a final rule that instituted the requirements for cyber incident reporting, covering all DOD contractors and subcontractors. DOD is encouraging its contractors to take part in the voluntary Defense Industrial Base cybersecurity information sharing scheme, which allows them to trade cybersecurity information with other contractors for mutual benefit.