The “hottest issue for federal contractors today is Cybersecurity awareness and defense. So, you may be thinking; “I’m just a subcontractor to the Primes why would they want to penetrate my internal IT system?”

Those nation states who are committing cyber theft are doing so on a grand scale. No matter how good the protection there is a small amount of information that leaks out from the defense prime contractors and that is why targeting first, second and third tier subcontractors as well as the prime contractors has become more important to the international cyber thief. If they are able to acquire information on pieces and components the incomplete picture that they may have stolen from the primes becomes clearer to them. This is especially true if you are manufacturer of defense pieces, parts or complete sub-assemblies.

shutterstock_208646665-2Think about it: you are passing manufacturing information from the engineering staff to the manufacturing staff electronically. Your manufacturing drawings, process and procedures are all digital, moving around the office and factory at lightning speed. At the same time that is exactly the information that you don’t want to share with your competitors, you developed it, built it and made it work with other equipment… for you it is your Intellectual Property and you’re not going to share it with the US Government.  So why would you allow it to be shared with an international cyber thief.

You may not think it’s all that important but if you are not protecting and monitoring your IT systems there is an elevated possibility that your IT system has already been penetrated and your IP is in the hands of cyber thieves. 

The Defense Department has imposed requirements to protect “”unclassified controlled technical information”,” and it recently expanded these obligations via interim rules with immediate effect.

In a recent addition of FCW The Business of Federal Technology Magazine, author Brian D. Miller gives us a “heads up”, telling us: We are going to see new cyber protection requirements in many solicitations and contract modifications. And an unwary contractor might become a casualty when it certifies compliance, even implicitly, with “all IT security standards.” For example, the second draft request for proposals for GSA’s Alliant 2 subjects’ contractors to “all ordering activity IT security standards … and government wide laws or regulation applicable to the protection of government wide information security.” How can a contractor certify before it knows what “sensitive data and information” will be part of the performance of a task order? Or even what all the standards will be? Yet if a contractor does not certify or impliedly certify, it may lose the chance to compete for award. What we are being told here is that failing to certify can and most likely will be pursued by the government under the False Claims ACT (FCA). You can be sure that when it imposed on the “Primes” it will be a “flow down” to the “subs” for full compliance.

To get started be aware that the FBI provides assistance upon request. The Cyber Action Teams were established by the FBI’s Cyber Division in 2006 to provide rapid incident response on major computer intrusions and cyber-related emergencies, the team has approximately 50 members located in field offices around the country. They are either special agents or computer scientists, and all possess advanced training in computer languages, forensic investigations, and malware analysis. And since the team’s inception, the Bureau has investigated hundreds of cyber-crimes, and a number of those cases were deemed of such significance that the rapid response and specialized skills of the Cyber Action Team were required. Some of those cases affected U.S. interests abroad, and the team deployed overseas, working through our legal attaché offices and with our international partners.

So, don’t have your IT folks just respond to the “Help Tickets”. Proactive monitoring of your IT systems has become a requirement that cannot be overlooked, no matter how benign your activity. Then if an intrusion is detected the FBI is there to help.