Pentagon Wants More Cyber Threat Info from Contractors in 2017


DOD’s 2017 regulatory agenda also aims to make it easier for contractors to get cyber threat information from the government.

The Defense Department plans to gather more information from contractors about cyber threats during the 2017 fiscal year, according to a governmentwide regulatory agenda released Thursday.

The Pentagon’s fiscal 2017 regulatory wish list includes finalizing a rule that requires defense contractors with security clearances to report network breaches to DOD and give Pentagon personnel access to their systems to assess the scope and impact of the damage.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The rule also requires contractors deemed “operationally critical” to report every cyber incident on its networks to DOD. The rules were required by major defense policy bills in 2013 and 2015.

The Pentagon also plans to publish an interim final rule during 2017 aimed at increasing participation in its Defense Industrial Base program, which promotes information sharing about cyber threats between defense contractors and the government.

The Office of the Comptroller of the Currency and other banking agencies are also considering beginning the rulemaking process for establishing more stringent cyber risk management standards for the nation’s largest financial institutions, according to the notice.