Cybersecurity Deadline for Massachusetts Defense Contractors Could Cost Region
Widespread non-compliance across the Massachusetts defense industry will have major impact on Massachusetts economy, reports Sera-Brynn
Suffolk, VA, May 23, 2017 (Newswire.com) - Cybersecurity firm Sera-Brynn is urging North Eastern Massachusetts defense companies to immediately begin implementing security controls required by the U.S. Department of Defense or risk being ineligible for 2018 defense contracts.
Sera-Brynn reports that most companies are less than sixty percent compliant with the cybersecurity requirements imposed by the Defense Federal Acquisition Regulation Supplement 252.204.-7012 (DFARS), and time is running out. The deadline for compliance is December 31, 2017, and it typically takes 6-9 months to achieve full compliance.
Widespread non-compliance across the Middlesex County defense industry will have major impact on Massachusetts economy. According to the Office of Economic Adjustment, defense spending in Massachusetts ranks number five in the nation, and for the past ten years, Massachusetts’ defense companies have been awarded contracts exceeding $9 Billion, peaking at $13 Billion in 2009. Defense companies in Middlesex County routinely reap about half of that bounty. Even better times should be ahead – given that the proposed increase in defense spending is over $50 Billion. Failure to implement DFARS requirements means that many Massachusetts defense contractors will miss out on business because their information security programs are not up to standards.
“Regions like Middlesex County in Massachusetts, where billions of dollars are at stake, have a lot to gain or lose depending on whether or not their defense companies are DFARS-compliant,” stated Rob Hegedus, CEO of Sera-Brynn. “It will be interesting to see if companies get on board with making changes to their security infrastructure, or if widespread non-compliance will shift the defense industry landscape."
Considering that three percent of the total federal defense budget is spent in Massachusetts and that it accounts for 2.6 percent of Massachusetts GDP, if multiple companies fail to meet the deadline, the impact to Massachusetts’ economy – and Middlesex in particular – could be billions of dollars lost.
The risk is not merely financial. The consequences of failing to comply include breach of contract, liability under the False Claims Act, whistleblower actions, termination, liquidated damages, and suspension or debarment by the Government for failing to make mandatory disclosures or failing to perform in accordance with the Government contract.
Achieving compliance is a daunting challenge for both large and small companies, but there are many ways for Massachusetts’ defense contractors to get help. Sera-Brynn’s website is laden with useful information including advice on implementing a systematic, phased approach to compliance. Sera-Brynn also offers complementary DFARS flow-down Webinars for prime defense contractors to present to their valued sub-contractors. Finally, Sera Brynn offers full compliance audits that include, along with a full risk assessment and vulnerability gap analysis, mandatory documents such as a System Security Plan, Cyber Incident Response Plan, and Plan of Action and Milestones – all required by DFARS 7012.
The Defense Federal Acquisition Regulation Supplement 252.201-7012 – finalized in October 2016, requires all defense contractors that receive, transmit, process, or store Covered Defense Information (CDI) to implement over 100 security controls and be able to detect and report incidents when CDI is compromised. CDI includes unclassified controlled technical information, information that can impact operational security (OPSEC), and other information described in the Controlled Unclassified Information (CUI) Registry. The deadline for DFARS compliance is December 31, 2017.
Sera-Brynn is a leading global cybersecurity audit and advisory firm. The Virginia-based company offers threat management, compliance and risk assessment, risk control, and incident response services that enable clients to secure their computing environments and meet applicable and mandatory cybersecurity regulatory standards. This technical expertise is the backbone of their DFARS compliance services.
Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn is ranked #10 worldwide on the Cybersecurity 500 list.
For more information on DFARS, visit https://sera-brynn.com/dfars
For more information on Sera-Brynn, visit: www.sera-brynn.com
Sera-Brynn, LLC / Cyber Risk Management
5806 Harbor View Blvd., Suite 204
Suffolk, Virginia 23435