Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Have DoD Contractors and Subcontractors Been Drafted? Once Voluntary Defense Industrial Base CS/IA Regulations Now Mandatory and Aligned With New DFARS Cybersecurity Rules

When last we left the Department of Defense, it had issued a rather wide-reaching interim DFARS rule addressing cybersecurity practices, data retention, and cloud services purchasing guidance. Now, effective October 2, 2015, before the ink can dry on those nascent rules (comments are due October 26, 2015), the DoD has applied them to all DoD … Continue Reading

DoD Addresses Cybersecurity Preparedness, Incident Reporting, and Cloud Computing Acquisitions with new DFARS interim rule

Announced and effective today, August 26, 2015, DoD has issued an interim rule that significantly expands existing DFARS provisions and clauses requiring contractors and subcontractors to report cyber incidents.  The interim rule will apply “to all contractors with covered defense information transiting their information systems,” an estimated 10,000 contractors.  Additionally, in an effort to ensure … Continue Reading

Ransoming Sensitive Personal Information: Will OPM’s Data Breach Trigger Your Insider Threats?

Perhaps it’s the books I’ve been reading or the television shows I’ve been watching, but my mind can’t seem to stop linking the recent barrage of cybersecurity attacks with those ne’er-do-wells that plagued the Caribbean from 1650 through the 1730s.  Yes, I’m talking about pirates, but not the Errol Flynn/Johnny Depp-style buccaneer, more the Edward … Continue Reading

ALERT: NIST Issues Final Guidance on Federal Contractor Cybersecurity Standards for Controlled Unclassified Information

On June 19, 2015, the National Institute of Standards and Technology (“NIST”) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal systems.  The guidelines, Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, apply to nonfederal information systems and organizations … Continue Reading

Another Prologue to Cybersecurity Regulations: Controlled Unclassified Information (“CUI”) – What Contractors Need to Know and Why They Should Care

Government contractors should take note of a proposed new rule that could impose significant new data storage obligations when finalized.  The Federal Government is taking another baby-step towards cybersecurity regulation with a proposed rule intended to standardize protocols relating to designating and safeguarding unclassified information that is to be withheld from public disclosure (also known … Continue Reading

Department of Defense Updates Its Instruction for Acquisitions of Software and Weapons Systems

On January 7, 2015, the U.S. Department of Defense (“DoD” or “the Department”) released an update for DoD Instruction 5000.02, on the “Operation of the Defense Acquisition Service.”  The new Instruction is designed to assist acquisition personnel in tailoring the acquisition process to the specific item or system being purchased and to further the Department’s … Continue Reading

Cyber-Breach & NISPOM Conforming Change 2 – It’s What’s on the Inside That Counts

Most companies are worried about external threats – things that are coming at their people, their group, their company, their government, all from an outside actor.  Like government’s with an eye on counter-intelligence, however, savvy businesses also realize that their employees can also pose a very real, internal threat.  While an insider breach is not … Continue Reading

Shopping for the Cloud Made Easy – GSA’s Special Item Number Project for Cloud Computing and Request for Comments

On November 18, 2014, the General Services Administration (“GSA”) hosted an Industry Day seeking feedback on its proposal to add a Cloud Computing Special Item Number (“SIN”) on  its IT Multiple Award Schedule 70 (“MAS IT-70”).  A SIN is GSA’s categorization method that groups similar products, services, and solutions together to make the acquisition process … Continue Reading

The Cybersecurity Race: Executive Branch Takes The Lead While Congress Watches From The Bleachers

The federal government sector has been abuzz lately with whispers and shouts about pending cybersecurity regulations, frameworks, and requirements. This attention is not particularly surprising, especially given the recent high-profile data breaches, the litigation threats surrounding those breaches, the recent identification of the encryption-disabling, consumer data threatening “Heartbleed SSL” OpenSSL vulnerability, and recent reports that … Continue Reading

Robert Frost and Cybersecurity – Two Roads Diverging

Like Frost’s nameless traveler in “The Road Not Taken,” our Government finds itself confronted with two diverging roads in the cybersecurity realm. The first offers moderation, deliberation, and evolution. The second, speed. Frost expressed regret that he could travel but one road. Armed with taxpayer dollars, our Government is not so constrained and, devoid of … Continue Reading

New Laws and Firewalls – Summer 2013 Cyber Security Round-up

Over the first half of the year there has been a lot of activity surrounding government efforts to confront growing concern over “Cybersecurity.” This flurry of activity comes in the wake of two years during which lawmakers have been unable to define legislatively what, exactly, “cybersecurity” is, what it means, and how it should be … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree