Takeaways from CMMC Con 2021: Compliance Gains Importance

By Kristen Morales • October 13, 2021

There has always been a risk of losing business for defense contractors that haven’t achieved compliance. That threat alone wasn’t compelling enough for the Department of Justice (DOJ), which has vowed to crack down on contractors that fail to follow required cybersecurity standards.

 

As we heard from Aries Security CEO Brian Markus at CMMC Con 2021, the False Claims Act has a huge influence on the Defense Industrial Base (DIB) and that legal avenue is how the DOJ says it will levy fines.

 

“Everyone’s role as a defense contractor is to protect the information that the government’s entrusting you with,” Markus said. “If you’re a small [contractor], it actually, in some cases, is more important and more critical because the smalls tend to have less security and the threat actors have been picking them off one by one. The nation-state attackers are able to see what the government is ordering, how many, when they’re ordering them, so they can get an understanding of what we’re actually doing as a nation and how we’re doing it.”

 

CMMC-AB vice chairman Jeff Dalton raised similar concerns at CMMC Con 2021, saying, “adversaries are after our intellectual property.” The willingness of nations to hack into others’ systems is expected to rise.

 

Dr. Robert Spalding shared at CMMC Con 2021 that artificial intelligence (AI) and quantum computing could further complicate foreign relations in the coming years. This will mark the period of a “second cold war.” Geography is a defining matrix of competition and governments will favor cyberwarfare as a means of avoiding mass casualties and destruction.

 

What’s at stake for a lapse in security is now too valuable for the federal government to rely simply on self-assessments or let compliance go unchecked. Contractors should have been compliant all along and now the pressure has increased to prove it. We wrote the book on how contractors should get started with CMMC, a clear playbook for how to navigate the process of compliance. We should know. CyberSheath has been performing assessments for years.

 

CMMC will remain important as the security landscape continues to change. Tenable CEO Amit Yoran, the keynote speaker at CMMC Con 2021, noted the government is now just as involved as private companies in cybersecurity.

 

“Minimum standards for security are an absolute necessity to follow,” Yoran said. “We’d really like a level of visibility, understanding, and accountability. Establish levels of care and identify what negligence looks like. Once we achieve this, we can make progress on a long-term basis. We can stop a majority of attacks today by following these standards.”

 

If you missed out on CMMC Con 2021, catch up with a full recording of the day’s events and speakers.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft