The Pentagon isn’t taking strong enough action to ensure that defense contractors are protecting highly technical but unclassified information from hacking, according to the top lawmakers on the Senate Armed Services Committee.
The Senate panel “has gathered information that suggests DoD is simply not doing enough to protect controlled, unclassified information,” the lawmakers, including ailing Republican Chairman John McCain and Jack Reed, the panel’s top Democrat, wrote to Defense Secretary Jim Mattis in a previously undisclosed letter obtained by Bloomberg News.
“We are concerned with existing regulations and best practices” not being followed in matters such as contracts lacking appropriate cybersecurity clauses, computer networks operating without multifactor authentication for access, strong remote user policies and “insufficient third-party verification of compliance with cybersecurity standards,” the lawmakers wrote last month.
The vulnerability of U.S. systems to hacking has been highlighted in recent years by incidents including attacks on banks and energy infrastructure, as well as efforts to infiltrate state election systems in 2016 and this year. Earlier this year, five pipeline operators in the U.S. said their third-party electronic communications systems were shut down by hackers. The U.S. says the biggest foreign hacking threats come from Russia, China and Iran.
Keep reading this article at: https://www.bloomberg.com/news/articles/2018-08-23/pentagon-cyber-shortfalls-leave-data-at-risk-key-senators-warn
The Georgia Tech Procurement Assistance Center (GTPAC) has produced a video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules. These resources are available at: http://gtpac.org/cybersecurity-training-video/