Small Contractors Struggle to Meet Cyber Security Standards, Pentagon Finds

[InfoSec News <alerts () infosecnews org>]

https://www.defenseone.com/threats/2019/12/small-contractors-struggle-meet-new-cyber-security-standards-pentagon-finds/161625/

By Marcus Weisgerber
Defense One
December 2, 2019

Even large companies aren’t doing as well as they think they are, the 
assistant acquisition chief said Monday.

Small companies are struggling to meet the Pentagon’s newish network 
security rules, and even larger contractors aren’t doing as well as they 
think they are, a recent department study has found.

“For the most part, the big companies do very well,” Kevin Fahey, 
assistant defense secretary for acquisition, told reporters at the 
Pentagon on Monday. “But in no case do they meet everything that they 
thought they met.”

For one thing, big companies tend to give their smaller subcontractors a 
lot of data they don’t need, which then becomes vulnerable to foreign 
hackers.

“The biggest part of our training and the problem is that our adversaries 
don’t try to come in through the big companies, they come in through the 
fifth-, sixth-tier,” Fahey said. “If you’re flowing down information they 
don’t need, then that’s bad. That’s where we’re seeing our biggest 
problem.”

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_