Pentagon Proposes Network Security Regulation for ContractorsMarch 12, 2010
Under proposed regulations, the Pentagon wants contractors to tighten security to their computer networks and to report intrusions within 72 hours. Contractors would also have to retain all evidence of the attacks under the proposed rules, and help the Defense Department (DoD) to investigate the intrusion. The recommended regulation also would require companies to install standard computer security measures like encrypting data and intrusion detection software, according to an article in Bloomberg News. The impetus for the proposed regulations: While the Pentagon's computer network has state-of-the-art defenses, hackers are increasingly attacking the networks of contractors that connect to the DoD's networks. "If you can't break through the front door, you go through the side door," Gunter Ollmann, vice president of research at security firm Damballa Inc., in Atlanta, told Bloomberg News. He added that contractors are considered an easier target than the Pentagon because they don't devote as many resources toward computer security. The Pentagon has instituted defenses to counter some 300 million daily attempts to probe its own systems. The DoD has found a growing number of defense contractor networks being compromised, including the theft of data in some cases. The biggest breaches include the hacking of the F-35 Joint Strike Fighter project through Lockheed Martin's network, according to The Wall Street Journal. Lockheed, however, denied the Journal's report. Another Pentagon contractor, Apptis, which provided information technology, had to return $1.3 million of a $5.4 million DoD contract after investigators found the company lacked adequate computer security. A subcontractor's system was hacked from an Internet address in China, Bloomberg reported. While the proposed regulations shine a spotlight on the importance of contractors protecting sensitive information, analysts wonder how the Pentagon will enforce any reporting requirements. |
|
