Our Website Uses Cookies 

We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.

For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

DOD Updates Cyber Reporting Rule for Contractors

October 3, 2016, Federal Contracts Report

Susan Cassidy is quoted in a Federal Contracts Report article regarding the Defense Department’s updated cyber incident reporting rule. According to Cassidy, the rule succeeded in clarifying some industry concerns, but did not address them all. “They didn't take an opportunity to clarify everything you might have hoped they would.” For example, when asked whether Internet service providers fit the definition of subcontractors, the DOD punted, and said it would depend on the individual contract, she says. On the other hand, industry had complained about the requirement to report an incursion within 72 hours, and DOD made clear that it is going to keep that requirement.

Cassidy adds that the rule reflects a recognition that the more information the government has regarding hostile incursions, the better it can defend itself from ongoing attacks. “Because the threat is evolving, it's going to be in flux for a while. She continues, “Contractors are going to have to be flexible, and you hope that the government will remain equally flexible.”


Share this article: