Cybersecurity Deadline Looms for SOCAL Defense Companies
Widespread non-compliance across the SOCAL defense industry will have major impact on California's economy, reports Sera-Brynn.
Suffolk, VA, May 14, 2017 (Newswire.com) - Leading cybersecurity firm Sera-Brynn is urging Southern California defense companies to immediately begin implementing security controls required by the U.S. Department of Defense or risk being ineligible for 2018 defense contracts.
Sera-Brynn reports that most companies are less than sixty percent compliant with the cybersecurity rudiments imposed by the Defense Federal Acquisition Regulation Supplement 252.204.-7012 (DFARS), and time is running out. The deadline for compliance is December 31, 2017, and it typically takes 6-9 months to achieve full compliance.
"Regions like Southern California, where tens of billions of dollars are at stake, have a lot to gain or lose depending on whether or not their defense companies are DFARS-compliant. It will be interesting to see if companies get on board with making changes to their security infrastructure, or if wide-spread non-compliance will shift the defense industry landscape."
Rob Hegedus, CEO, Sera-Brynn
Widespread non-compliance across the SOCAL defense industry will have major impact on California’s economy. According to the Office of Economic Adjustment, defense spending in California ranks number two in the nation (behind Virginia), and for the past ten years, California defense companies have been awarded contracts exceeding $34 Billion, peaking at over $42 Billion in 2011. Defense companies in San Diego and Los Angeles Counties routinely reap almost two-thirds of that bounty. Even better times should be ahead – given a whopping $54 Billion increase in the defense budget. Failure to implement DFARS requirements means that many SOCAL defense contractors will miss out on business because their information security programs are not up to standards.
“Regions like Southern California, where tens of billions of dollars are at stake, have a lot to gain or lose depending on whether or not their defense companies are DFARS-compliant,” stated Rob Hegedus, CEO of Sera-Brynn. “It will be interesting to see if companies get on board with making changes to their security infrastructure, or if wide-spread non-compliance will shift the defense industry landscape."
Considering that over twelve percent of the total federal defense budget is spent in California and that it accounts for 2.1 percent of California's GDP, if multiple companies fail to meet the deadline, the impact to California's economy – and SOCAL in particular – could be billions of dollars lost.
The risk is not merely financial. The consequences of failing to comply include breach of contract, liability under the False Claims Act, whistleblower actions, termination, liquidated damages, and suspension or debarment by the Government for failing to make mandatory disclosures or failing to perform in accordance with the Government contract.
Achieving compliance is a daunting challenge for both large and small companies, but there are many ways for California's defense contractors to get help. Sera-Brynn’s website is laden with useful information including advice on implementing a systematic, phased approach to compliance. Sera-Brynn also offers complementary DFARS flow-down webinars for prime defense contractors to present to their valued sub-contractors. Finally, Sera-Brynn offers full compliance audits that include, along with a full risk assessment and vulnerability gap analysis, mandatory documents such as a System Security Plan, Cyber Incident Response Plan, and Plan of Action and Milestones – all required by DFARS 7012.
The Defense Federal Acquisition Regulation Supplement 252.201-7012 – finalized in October 2016, requires all defense contractors that receive, transmit, process or store Covered Defense Information (CDI) to implement over 100 security controls and be able to detect and report incidents when CDI is compromised. CDI includes unclassified controlled technical information, information that can impact operational security (OPSEC), and other information described in the Controlled Unclassified Information (CUI) Registry. The deadline for DFARS compliance is December 31, 2017.
Sera-Brynn is a leading global cybersecurity audit and advisory firm. The Virginia-based company offers threat management, compliance and risk assessment, risk control, and incident response services that enable clients to secure their computing environments and meet applicable and mandatory cybersecurity regulatory standards. This technical expertise is the backbone of their DFARS compliance services.
Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn is ranked #10 worldwide on the Cybersecurity 500 list.
For more information on DFARS, visit https://sera-brynn.com/dfars.
For more information on Sera-Brynn, visit: www.sera-brynn.com
Sera-Brynn, LLC / Cyber Risk Management
5806 Harbor View Blvd., Suite 204
Suffolk, Virginia 23435