All future Pentagon contracts will regulate the security of certain unclassified networks owned by suppliers, amid concerns that the theft of technical information can jeopardize economic security.
But, in response to industry pressure, Defense Department officials softened their initial June 2011 proposed rule that would have covered all unclassified data.
Under the Nov. 19 final regulations, companies must take measures to protect technical data, computer software, and other so-called unclassified controlled technical information inside their systems. Contractors also must notify the Pentagon of network breaches that affect such information.
"Defense contractors throughout the department's supply chain have been targeted by cyber criminals attempting to steal unclassified technical data," Undersecretary of Defense for Acquisition, Technology and Logistics Frank Kendall said in a statement. "We cannot continue to give our potential adversaries the benefits in time and money they obtain by stealing this type of information."
"After comments were received on the proposed rule it was decided that the scope of the rule would be modified to reduce the categories of information covered," the final regulations stated. "This final rule addresses safeguarding requirements that cover only unclassified controlled technical information and reporting the compromise of unclassified controlled technical information."
The move is part of a broader effort to secure such information departmentwide, which Defense Secretary Chuck Hagel announced Oct. 10.
Kendall said the protection of technical information “is critical to preserving the intellectual property and competitive capabilities of our national industrial base. This information, while unclassified, is comprised of data concerning defense systems requirements, concepts of operations, technologies, designs, engineering, production and manufacturing capabilities."