Pentagon beefs up contractor information security requirements
An amendment to the Defense Federal Acquisition Supplement will require defense contractors to incorporate established information security standards on their unclassified networks and to report cyber-intrusion incidents that result in the loss of unclassified controlled technical information from these networks.
The amendment will apply to all new contracts that will use or generate technical information, said Frank Kendall, undersecretary of defense for acquisition, technology and logistics, in a statement issued Nov. 19.
Defense contractors throughout the department’s supply chain have been targeted by cyber criminals attempting to steal unclassified technical data, Kendall said, calling the amendment “an essential step to ensure that this valuable information is protected.”
“We cannot continue to give our potential adversaries the benefits in time and money they obtain by stealing this type of information,” he added.
Kendall said this is a one of many significant follow on actions to Defense Secretary Chuck Hagel’s Oct. 10 memo directing actions to protect DOD unclassified controlled technical information from cyber intrusions and minimize the consequences associated with loss of this information.
“Protection of technical information is a high priority for the department and is critical to preserving the intellectual property and competitive capabilities of our national industrial base,” the undersecretary said. “This information, while unclassified, is comprised of data concerning defense systems requirements, concepts of operations, technologies, designs, engineering, production and manufacturing capabilities.”