Our Website Uses Cookies 

We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.

For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Russian hacker claims there's proof of his DNC breach

January 2, 2018, Politico

Susan Cassidy is quoted in Politico Pro's "Morning Cybersecurity" newsletter regarding the December 31st deadline for defense contractors to meet minimum cybersecurity requirements for the systems they operate for the Pentagon. According to Cassidy, the cybersecurity rule presents “a problem for DoD because there’s a lot of subjectivity in what is ‘adequate security.'” Cassidy says that the Pentagon will likely assess protections based on the sensitivity of each company’s work. “If you are providing commercial items like cleaning products to the government, you might have less ‘adequate security’ requirements than if you are working on a large weapons system."

Cassidy says the plan is an important first step even if overall compliance remains unfinished: “What the government has now is information it can use to help it evaluate contractor compliance.”

To Cassidy, companies are taking the new regulation seriously even though they have some breathing room to implement it. Given that the contracting community has had four years to prepare for the new regulatory environment, “DoD’s been somewhat patient...on these security controls,” Cassidy says. “It’ll be interesting to see how much they enforce it going forward and how [DoD’s] auditing of this compliance works out in the coming year."

As for 2018, Cassidy says that this could be a big year for civilian contractor cybersecurity. The government, Cassidy says, is likely to propose a new regulation “sometime in the next year” that standardizes data protection requirements no matter what agency a contractor is supporting.

Share this article: