recommended reading

White House Preps New Cyber Policy Dealing with Federal Contractors

Orhan Cam/

The Obama administration is preparing to release a new policy to homogenize the way vendors secure agency data.

The proposal, which could be published as early as today, follows hacks at two background checkers and the Office of Personnel Management that potentially compromised the security of personnel who handle U.S. secrets.

"The increase in threats facing federal information systems demand that certain issues regarding security of information on these systems is clearly, effectively, and consistently addressed in federal contracts," states a notice scheduled to be posted Thursday in Federal Register.

More details about the contract rules are expected to be posted on shortly, along with a deadline for submitting comments on the proposal.

As of early this afternoon, a placeholder webpage stated the White House is reviewing current contractor data security policies to create the new guidelines for "improving cybersecurity protections in federal acquisitions."  

Today, there is a hodgepodge of laws, White House policies and government standards that direct agencies to secure data wherever that information is housed. Discrepancies among these many regulations have created confusion for companies and departments.

On June 18, the National Institute of Standards and Technology issued guidelines for potential contractor clauses involving the protection of sensitive “controlled unclassified” information inside company systems.

The Pentagon in May 2014 released rules specific to defense contractors on counterfeit electronic parts, which aim to address the problem of suppliers damaging computerized military systems.

Then, there are November 2013 contractor stipulations for guarding confidential military technological and scientific data, known as “unclassified controlled technical information.”

In recent years, a spate of hacks at contractors exposed sensitive government data that might have armed foreign adversaries with U.S. intelligence. Also, some of these data breaches resulted in the loss of medical information on agency personnel.

In 2011, Tricare military health insurance data on 4.9 million service members and their families was stolen out of an SAIC contractor's car. On Wednesday, SAIC, now known as Leidos, won a multi-billion deal with the Pentagon to upgrade electronic health records. In 2012, it was discovered that hackers entered a Serco computer containing the Social Security numbers of 123,000 federal employee retirement plan participants.

And in the largest known breach of sensitive government information, suspected Chinese spies used a password stolen from a KeyPoint contractor to hack into OPM networks. Through a series of coordinated intrusions, the attackers ultimately gained records on 21.5 million past and present feds, individuals applying for clearances to see classified information, and their family members.

One of the hacks, which targeted background investigator USIS, also retrieved personal data on more than 31,000 employees at the Department of Homeland Security, the National Geospatial-Intelligence Agency and the U.S. Capitol Police.

(Image via Orhan Cam/

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.