There has always been a risk of losing business for defense contractors that haven’t achieved compliance. That threat alone wasn’t compelling enough for the Department of Justice (DOJ), which has vowed to crack down on contractors that fail to follow required cybersecurity standards.
As we heard from Aries Security CEO Brian Markus at CMMC Con 2021, the False Claims Act has a huge influence on the Defense Industrial Base (DIB) and that legal avenue is how the DOJ says it will levy fines.
“Everyone’s role as a defense contractor is to protect the information that the government’s entrusting you with,” Markus said. “If you’re a small [contractor], it actually, in some cases, is more important and more critical because the smalls tend to have less security and the threat actors have been picking them off one by one. The nation-state attackers are able to see what the government is ordering, how many, when they’re ordering them, so they can get an understanding of what we’re actually doing as a nation and how we’re doing it.”
CMMC-AB vice chairman Jeff Dalton raised similar concerns at CMMC Con 2021, saying, “adversaries are after our intellectual property.” The willingness of nations to hack into others’ systems is expected to rise.
Dr. Robert Spalding shared at CMMC Con 2021 that artificial intelligence (AI) and quantum computing could further complicate foreign relations in the coming years. This will mark the period of a “second cold war.” Geography is a defining matrix of competition and governments will favor cyberwarfare as a means of avoiding mass casualties and destruction.
What’s at stake for a lapse in security is now too valuable for the federal government to rely simply on self-assessments or let compliance go unchecked. Contractors should have been compliant all along and now the pressure has increased to prove it. We wrote the book on how contractors should get started with CMMC, a clear playbook for how to navigate the process of compliance. We should know. CyberSheath has been performing assessments for years.
CMMC will remain important as the security landscape continues to change. Tenable CEO Amit Yoran, the keynote speaker at CMMC Con 2021, noted the government is now just as involved as private companies in cybersecurity.
“Minimum standards for security are an absolute necessity to follow,” Yoran said. “We’d really like a level of visibility, understanding, and accountability. Establish levels of care and identify what negligence looks like. Once we achieve this, we can make progress on a long-term basis. We can stop a majority of attacks today by following these standards.”
If you missed out on CMMC Con 2021, catch up with a full recording of the day’s events and speakers.