In the recent times, there have been spate of attacks on government and defense related institutions, which include Oak Ridge National Laboratory (ORNL), Y-12 National Security Complex, and Pacific Northwest National Laboratory (PNNL). Defense contractors such as Lockheed Martin, IRC Federal and Booz Allen Hamilton also suffered cyber-attacks. The attacks pose threat to sensitive data associated with various government and military contracts. Even leakage of unclassified data may provide opportunity for attackers to launch targeted attacks. Recently, U.S Department of Defense (DOD) proposed changes to defense acquisition regulations for safeguarding unclassified information related to the department. The proposed amendment to the Defense Federal Acquisition Regulation Supplement (DFARS) not only aims to safeguard unclassified DOD related data, but also addresses cyber intrusion reporting requirements. The department has sought comments on the proposed rule.
The purpose of the proposed rule is to safeguard data within the information systems related to contractor and prescribe reporting requirements with respect to intrusion, unauthorized access and disclosure of information contained or transmitted from the information systems of a contractor. Such reporting requirements are crucial to assess threat to DOD computer systems and networks, sensitive information related to defense, national security and employee related information stored on such systems. The provision would also facilitate assessment of impact of loss. The proposed amendment is subject to the said data being regarded as critical information under specified DOD directives and rules. The new rule requires organizations to undertake necessary security measures to prevent unauthorized access and pilferage of government related information. The rule requires use of appropriate encryption techniques to ensure security of both stored data as well as that in transmission.
Organizations must also have appropriate network protection and intrusion detection systems (IDS) in place. Professionals may benefit from online technology degree programs to acquaint themselves of latest security mechanisms and devices. Regular assessment of the security scenario through IT masters degree holders and in-depth evaluation of the IT infrastructure through penetration testers would allow organizations to pre-empt cyber-intruders in identifying the security flaws, and initiating necessary security measures.
Government bodies must also have information sharing program with defense contractors and consulting firms to ensure timely assessment of security threats. Government bodies must also satisfy themselves of the cyber security awareness training programs for employees at the contractor’s place. Organizations must create awareness among employees through mandatory e-learning programs, training programs and encouraging them to undertake online computer degree programs. Informed employees would be in better position to thwart spear phishing and other social engineering attacks aimed at extracting privileged information.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: [email protected]
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
