The New Mandate for Contractors
So, here we are. It’s another month, so that means there will be more high-profile cyberattacks to within our nation’s infrastructure. One day, it’s a petroleum refinery, the next it’s a meat processing plant, a bank or or even a regional water supply; tomorrow, it’ll be something else.
Then once hacks occur, there are sometimes unsettling postscripts that follow these events. In the case of Colonial Pipeline, the company paid a $4.4 million in ransom to the cybercriminal gang responsible for an act that took the U.S. fuel pipeline offline. Joseph Blount, the CEO of the corporation that has stated it carries 45 percent of the East Coast’s supply of diesel, petrol and jet fuel, authorized the payment because of uncertainty over how long the shutdown would continue.
No market is immune to cyberattacks. Businesses of all sizes, in all markets ― from consumer to commercial to government ― are victims, increasing costs and risks to every U.S. citizen.
While there’s next to no stopping these cyberattacks, they can be mitigated in frequency and in scope. Toward that end, on May 12, the Biden administration released a far-reaching executive order intended to improve the U.S. government’s cybersecurity posture, both internally and in any private information technology (IT) systems that are connected to federal IT systems.
This executive order will work in tandem with existing initiatives, such as the Cybersecurity Maturity Model Certification (CMMC), the Federal Risk and Authorization Management Program, and National Institute of Standards and Technology publications.
Notably, and unlike CMMC, the executive order is concerned more with improving the entire government’s IT systems to protect all information residing on those systems, and less with scaling protections based on types of information residing on contractor systems.
The Executive Order’s Impact
On the contractor’s end, if your firm’s contracts require you to access any government systems using your own internal IT systems or if you develop software for or on behalf of the government, this executive order will likely impact you. Also know that CMMC is for all federal prime contractors, many of whom are also flowing down the same requirements to subcontractors, and that companies certified in the Department of Defense’s Defense Industrial Base must comply with baseline cybersecurity controls to remain in good standing.
While trying thwart this issue in the most efficient manner is the best move for a contractor to make at this juncture, this mandate adds the burden of not just of additional cost, but also the need for more technology and a heightened time commitment. Those are issues that many companies coming out of the COVID-19 pandemic and already under the strains of labor, supply, production and other issues can ill afford.
However, they’re necessary. On an individual level, most citizens have been affected by one or more of these attacks involving The Home Depot, Target, SnapChat, Michael’s, eBay, Adobe and Neiman Marcus, as well as most banks. Personal data stolen can include name, debit/credit card, email, birthday, password, security questions and physical addresses.
It’s also important that the public understand that popular games on Facebook (the name your favorite pet, memories, cities, etc.) mine for typical password or security questions, with sophisticated systems scraping the data that will be used in ongoing attacks.
So now more than ever, it’s important for business owners to mandate protections, use credit monitoring and take out cyberinsurance ― and be more proactive in the process of protecting their cyber assets.
Gloria Larkin is President and CEO of TargetGov, American Express Procurement Advisor and a national expert in business development in the government markets. Email glorialarkinTG@targetgov.com, visit www.targetgov.com or call toll-free 1-866-579-1346 x 325 for more information.