DOD Mandates Its Contractors to Report Hacks

The Department of Defense (DOD) has published a notice that mandates its contractors to disclose cyberattacks and breaches.

Following the now infamous OPM (Office of Personnel Management) breach, the Department of Defense has mandated its biggest contractors to report cyber incidents, The Hill reports.

The fully published notice in the Federal Register can be found here.

An excerpt from the notice reads:

“[The new rule is to] implement new statutory requirements for DoD contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system.”

After being at the receiving end of a number of breaches and intrusions, the new rule is a part of a sweeping governmental effort to ensure no stone is unturned while trying to keep government networks and institutions secure.

“The revisions provided in this rule are part of DoD’s efforts to establish a single reporting mechanism for such cyber incidents on unclassified DoD contractor information systems,” the notice adds.

The move comes at a time when the government has set a mandate to ensure that all federal websites are equipped with HTTPS encryption. Set in June 2015, the mandate requires all government and federal websites that are accessed by the public, to use HTTPS encryption by the end of 2016.

Related article: US Govt Mandates Encryption for All Federal Websites

Security breaches in the recent past have put a spotlight on the security infrastructure currently used by contractors that deal with government data.

The recent data breach of the OPM leaked the records of millions of federal employees across every federal agency.

Related article: Massive Cyberattack Results in Data Breach of 4 Million Federal Employees’ Records

Among other federal breaches, two breaches targeting contractors resulted in the leak of personnel files of some 70,000 federal employees. Among the employees’ information breach were many records belonging to those at high security-clearance-level positions at the Department of Homeland Security.

Furthermore, the DOD believes the new ruling will make it easier for contractors to report cyber incidents.

“This rule is intended to streamline the reporting process for DoD contractors and minimize duplicative reporting processes while preserving distinctions where appropriate.”