recommended reading

New Defense Contracts Will Protect Vendor Trade Secrets From Hackers

Defense Department file photo

All future Pentagon contracts will regulate the security of certain unclassified networks owned by suppliers, amid concerns that the theft of technical information can jeopardize economic security.

But, in response to industry pressure, Defense Department officials softened their initial June 2011 proposed rule that would have covered all unclassified data. 

Under the Nov. 19 final regulations, companies must take measures to protect technical data, computer software, and other so-called unclassified controlled technical information inside their systems.  Contractors also must notify the Pentagon of network breaches that affect such information. 

"Defense contractors throughout the department's supply chain have been targeted by cyber criminals attempting to steal unclassified technical data," Undersecretary of Defense for Acquisition, Technology and Logistics Frank Kendall said in a statement. "We cannot continue to give our potential adversaries the benefits in time and money they obtain by stealing this type of information."

Defense received about 50 comments on the 2011 draft rule, including concerns from Rand, Orbital Sciences Corp. and SRI International about its breadth. 

"After comments were received on the proposed rule it was decided that the scope of the rule would be modified to reduce the categories of information covered," the final regulations stated. "This final rule addresses safeguarding requirements that cover only unclassified controlled technical information and reporting the compromise of unclassified controlled technical information."

The move is part of a broader effort to secure such information departmentwide, which Defense Secretary Chuck Hagel announced Oct. 10. 

Kendall said the protection of technical information “is critical to preserving the intellectual property and competitive capabilities of our national industrial base. This information, while unclassified, is comprised of data concerning defense systems requirements, concepts of operations, technologies, designs, engineering, production and manufacturing capabilities."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.