Defense

New Defense Contracts Will Protect Vendor Trade Secrets From Hackers

Defense Department file photo

All future Pentagon contracts will regulate the security of certain unclassified networks owned by suppliers, amid concerns that the theft of technical information can jeopardize economic security.

But, in response to industry pressure, Defense Department officials softened their initial June 2011 proposed rule that would have covered all unclassified data. 

Under the Nov. 19 final regulations, companies must take measures to protect technical data, computer software, and other so-called unclassified controlled technical information inside their systems.  Contractors also must notify the Pentagon of network breaches that affect such information. 

"Defense contractors throughout the department's supply chain have been targeted by cyber criminals attempting to steal unclassified technical data," Undersecretary of Defense for Acquisition, Technology and Logistics Frank Kendall said in a statement. "We cannot continue to give our potential adversaries the benefits in time and money they obtain by stealing this type of information."

Defense received about 50 comments on the 2011 draft rule, including concerns from Rand, Orbital Sciences Corp. and SRI International about its breadth. 

"After comments were received on the proposed rule it was decided that the scope of the rule would be modified to reduce the categories of information covered," the final regulations stated. "This final rule addresses safeguarding requirements that cover only unclassified controlled technical information and reporting the compromise of unclassified controlled technical information."

The move is part of a broader effort to secure such information departmentwide, which Defense Secretary Chuck Hagel announced Oct. 10. 

Kendall said the protection of technical information “is critical to preserving the intellectual property and competitive capabilities of our national industrial base. This information, while unclassified, is comprised of data concerning defense systems requirements, concepts of operations, technologies, designs, engineering, production and manufacturing capabilities."

Threatwatch Alert

Network intrusion / Unauthorized use of system administrator privileges

Contractor Rejected for Employment Allegedly Infected Power Firm's Network

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// 12:29 PM ET
X CLOSE Don't show again

Like us on Facebook