From: The National Law Review
David N. Fagan/Covington & Burling LLP
As an indicator of the continuing focus of government authorities on cybersecurity breaches and potential notification requirements, certain contractors for the federal government may soon face new rapid reporting requirements for successful network penetrations. Specifically, President Obama signed the 2014 Intelligence Authorization Act (“2014 IAA”) into law on July 7, 2014, starting a 90-day clock under Section 325 of the Act for the Director of National Intelligence (“DNI”) to promulgate regulations for “cleared intelligence contractors” to report the successful penetration of their networks and information systems.
Section 325 defines a cleared intelligence community (“IC”) contractor as “a private entity granted clearance . . . to access, receive, or store classified information for the purpose of bidding for a contract or conducting activities in support of [the IC].” The new regulations will apply to “covered” networks and information systems that “contain[] or process[] information created by or for an element of the [IC] with respect to which such contractor is required to apply enhanced protection.”
The Forthcoming Regulations
The regulations proposed by the DNI will require cleared IC contractors to report the following information to a designated IC element following a “successful penetration” of the contractor’s covered network or information system:
Leave a Reply