Government Contractors and Cyber Security Compliance
Cybersecurity has become crucial need for government contractors at this time. Computer systems have become vulnerable to hackers and spies, whether from right across the street or the other continent. Although this has been a growing concern for so many years for all Internet users,government contractors in particular are now facing the additional challenge of complying with special regulatory obligations, which they must fulfill without hampering their ability to secure and fulfill government contracts.
New cybersecurity rules for government contractors are set to take effect on December 31, 2017. These will affect the General Services Administration (GSA), the Department of Defense (DOD), and the National Aeronautics and Space Administration (NASA).
Because cybersecurity standards and practices have been established for classified projects, the target of the new regulations is sensitive but unclassified information. This is the result of the evident fact that security breaches have become very common in the last few years.
While the new cybersecurity rules were first issued in 2015 yet, some government contractors failed to act on them and are not even fully apprised as to the requirements. According to more than a hundred new regulations, GSA, DOD and NASA contractors will have to impose tighter physical security measures at their premises, implement and document cybersecurity guidelines and practices, and devise an extensive emergency plan to address a cybersecurity attack.
The cost of cybersecurity compliance will be different for various companies. For some contractors, only minor adjustments to their existing cybersecurity policies and practices may be necessary; for others, thousands of dollars may have to be spent to update old servers or buy new onesor hire security experts.
While there are government contractors who are all set for the new guidelines, others may even be just beginning to prepare for them. The regulates require a new range of compliance obligations. But the not-so-known risks to government contractors, like the potential for litigation or subcontractor-related compliance issues, can pose bigger risks for them as time goes by. Thus, it is necessary for government contractors to be closely working with their lawyer, with cyber specialists as well as with compliance officers in order to avoid problems.
In 2016, many regulatory actions were announced by federal officials with the goal of promoting effective cybersecurity. In February, for example, the federal government released a “Cybersecurity National Action Plan” as well as two related executive orders.
After a few months in that same year, the Department of Defense came up with its final rule on the cyber incident reporting requirements, which covered all contractors and subcontractors of the department. DOD is encouraging its contractors to take part in the voluntary Defense Industrial Base cybersecurity information sharing scheme, which allows them to trade cybersecurity information with other contractors for mutual benefit.
