recommended reading

White House Preps New Cyber Policy Dealing with Federal Contractors

Orhan Cam/

The Obama administration is preparing to release a new policy to homogenize the way vendors secure agency data.

The proposal, which could be published as early as today, follows hacks at two background checkers and the Office of Personnel Management that potentially compromised the security of personnel who handle U.S. secrets.

"The increase in threats facing federal information systems demand that certain issues regarding security of information on these systems is clearly, effectively, and consistently addressed in federal contracts," states a notice scheduled to be posted Thursday in Federal Register.

More details about the contract rules are expected to be posted on shortly, along with a deadline for submitting comments on the proposal.

As of early this afternoon, a placeholder webpage stated the White House is reviewing current contractor data security policies to create the new guidelines for "improving cybersecurity protections in federal acquisitions."  

Today, there is a hodgepodge of laws, White House policies and government standards that direct agencies to secure data wherever that information is housed. Discrepancies among these many regulations have created confusion for companies and departments.

On June 18, the National Institute of Standards and Technology issued guidelines for potential contractor clauses involving the protection of sensitive “controlled unclassified” information inside company systems.

The Pentagon in May 2014 released rules specific to defense contractors on counterfeit electronic parts, which aim to address the problem of suppliers damaging computerized military systems.

Then, there are November 2013 contractor stipulations for guarding confidential military technological and scientific data, known as “unclassified controlled technical information.”

In recent years, a spate of hacks at contractors exposed sensitive government data that might have armed foreign adversaries with U.S. intelligence. Also, some of these data breaches resulted in the loss of medical information on agency personnel.

In 2011, Tricare military health insurance data on 4.9 million service members and their families was stolen out of an SAIC contractor's car. On Wednesday, SAIC, now known as Leidos, won a multi-billion deal with the Pentagon to upgrade electronic health records. In 2012, it was discovered that hackers entered a Serco computer containing the Social Security numbers of 123,000 federal employee retirement plan participants.

And in the largest known breach of sensitive government information, suspected Chinese spies used a password stolen from a KeyPoint contractor to hack into OPM networks. Through a series of coordinated intrusions, the attackers ultimately gained records on 21.5 million past and present feds, individuals applying for clearances to see classified information, and their family members.

One of the hacks, which targeted background investigator USIS, also retrieved personal data on more than 31,000 employees at the Department of Homeland Security, the National Geospatial-Intelligence Agency and the U.S. Capitol Police.

(Image via Orhan Cam/

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.