From: Defense Systems
New regulations release by the Defense Department will require contractors to implement information security standards on their unclassified networks as a way to stem the theft of sensitive technical information by hackers.
The new rules published on Nov. 18 also require contractors to report cyber intrusions into their networks that result in the loss of unclassified technical data.
Acknowledging industry concerns that the proposed rules would have covered all unclassified networks operated by contractors, DOD said “the scope of the rule [was] modified to reduce the categories of information covered. This final rule addresses safeguarding requirements that cover only unclassified controlled technical information and reporting the compromise of unclassified controlled technical information.”
The new rules are part of a larger effort outlined in October by Defense Secretary Chuck Hagel to tighten security controls on unclassified networks as a way to stop the loss of what the Pentagon calls “unclassified controlled technical information” through cyber intrusions. In the past, many contractors have been reluctant to publicly disclose network breaches.
“We cannot continue to give our potential adversaries the benefits in time and money they obtain by stealing this type of information,” Frank Kendall, undersecretary of defense for acquisition, technology and logistics, said in a Nov. 19 statement. Neither Kendall nor the new rules identified the “potential adversaries,” but a Chinese military unit was cited in a report released earlier this year.
Leave a Reply