DOD's Haste May Spell Turbulent Start For Cybersecurity Plan

DOD's Haste May Spell Turbulent Start For Cybersecurity Plan

October 24, 2019, Law360

Susan Cassidy spoke with Law360 about the Department of Defense’s goal for its Cybersecurity Maturity Model Certification (CMMC) and its impact on join bid contractors.

Ms. Cassidy says such teaming arrangements are already complicated and can take years to put together for big defense procurements. Although the DOD has said cybersecurity compliance will be considered an allowable cost for defense contractors, not all contractors have cost-basis contracts, she noted. Commercial suppliers in particular often sell through fixed-price deals and may decide the burden of doing business with the DOD no longer makes sense, and that is just the tip of the iceberg for the uncertainty around the plan. She adds, “The overall point is that the devil is in the details here.”