CGP EVENT SHOWS WHY CYBERSECURITY MUST BE TAKEN SERIOUSLY
A small business working on a classified DOD project while logged onto an open, unsecured wifi network, a contractor who didn’t get paid because an adversary had stolen their CAGE code, and the relatively ease with which China was able to get complete F-35 blueprints are just some examples of why federal contractors and their customers must take cybersecurity seriously. If these examples shock you, imagine how shocked you’d be if you knew some of the examples that are so troubling that they, themselves, are classified. These were among the points driven home this week during a Coalition for Government Procurement “cyber-side chat”. While much of the discussion focused on new DOD CMMC requirements, the basic message was that contractors of all sizes need to exercise good cyber hygiene or run the risk of losing money and/or government business if they do not. Experts speaking at the event state that cybersecurity problems have only gotten worse as the technological capability to hack into unprotected systems has grown. Search on the term “12-year-old hacks into system” and get multiple results showing how children that age, and younger, regularly break into IT systems. If pre-teens can do it, imagine what dedicated, trained professionals are capable of. While industry may have legitimate concerns about the costs involved of complying with CMMC and other rules, for some companies deciding whether or not to make necessary investments may come down to whether or not they want to continue as government contractors. If your company handles controlled unclassified information DOD, and probably eventually all agencies, will require you to have appropriate cybersecurity protocols. This is not to say that the cost of compliance is necessarily easy. Only CMMC Level One certification is a self-certification. Level Two requires third-party review. Level Three requires working with DOD for additional certification. IT security professionals made their case about why cyber hygiene is necessary but even they acknowledged that training the acquisition workforce to understand and evaluate the higher prices that come with the increased requirements may be challenging. This can, again, put contractors in the middle. Increasingly, however, the price of participating in the government market will be having to have secure cyber systems. The time is now to plan accordingly.