Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: hackers

Network Security Big and Small

As many companies have discovered, the Pentagon has increased network security requirements. Small companies are having a tough time with the new rules, as expected, but it appears larger companies are having issues as well. (Government Executive, December 3, 2019)

Some big companies are providing too much data to small subcontractors, which in turn leaves them at risk to foreign hackers. Foreign hackers look at fifth or sixth tier subs to find information — where the biggest “holes” are. (ibid)

In 2016, hackers stole sensitive data on the F-35 Joint Strike Fighter. This is just one of the many cases that prompted the Pentagon to issue new rules for handling sensitive information. By January 1, 2018, all companies doing business with the Pentagon were required to have a plan in place to meet the new standards. (ibid)

In the past, companies needed to only self-certify that they had a plan in place. Unfortunately, no one checked the plans, hence the hacking ensued.

Multi-factor authentication and FIPS-validated encryption seem to be two areas where companies are having a great deal of trouble. Without these working properly, it is much easier for unauthorized access into secure systems.

The Pentagon warned contractors that they will lose business if they and their subcontractors do not meet the updated rules. However, full compliance does not make a company safe from hackers. Individual companies must have an unobstructed view into their own networks as well as ongoing, updated security measures from their subcontractors in order to stay ahead of hackers.

Wondering if you are meeting the Pentagon’s new security rules? We can help you figure it out, give us a call.

Keeping a Secret Secret

The Pentagon warns that cyber attacks and threats from foreign intelligence services on national security are very real, and they aim to increase protections for subcontractors from foreign hacking efforts so that sensitive information remains undistributed.  Part of the new standard reads, “a company’s level of security is accepted by all prime contractors, systems integrators, and the DoD.” Subcontractors should now be able to better explain their security controls to defense companies. (J.Lynch, Fifth Domain, December 2018)

Subcontractors are being held to new standards, and the Pentagon is serious about poor or lapsed cybersecurity measures. A Pentagon task force has been created to prevent defense secrets from outside hackers as well as a pilot program for the DoD to learn which companies are actually in their network.

In light of those warnings, the Aerospace Industry Association (AIA) has updated the national aerospace standard, which now consists of a list of 110 security controls broken down into “22 control families.” (J.Lynch, Fifth Domain, December 2018) These new AIA guidelines do not replace the National Institute of Standards and Technology standards, but work to compliment them. Updated AIA standards are built around successive levels of security, thus allowing for continual improvement of cyber defense capabilities.

Questions about your cyber security plan? Give us a call at (301) 913-5000, we are here to help!