April 19, 2019

Cybersecurity: A Federal Contractor Safeguard

Cybersecurity: A Federal Contractor Safeguard

Government networks are often targeted by cyber criminals attempting to obtain access to employee data, software, strategic plans and other sensitive information. As a Federal Contractor hired by a government entity, it is important to stay vigilant in identifying possible threats and vulnerabilities, as well as implementing cybersecurity measures. Cyber criminals could potentially use your digital data as a gateway to infiltrate the government, which could also put your business at risk.


Identifying Cyber Threats in the Supply Chain

Over the past three years, cyberattacks on federal contractors have continued to increase. The supply chain between the prime contractor and its subcontractors has become more intricate, which has caused digital systems to become more vulnerable. Because the government is often not aware of the cybersecurity practices of a subcontractor, it is the prime contractor’s responsibility to ensure all subcontractors’ digital systems in the supply chain comply with proper data protection procedures.


Basic Cyber Safeguarding Procedures

In order to keep government information confidential, below are suggestions for federal contractors when reviewing their information systems and their subcontractors’ systems security actions:


Limit access to:

  • Authorized users, processes or devices
  • The type of actions that authorized users are permitted to execute
  • Information systems, equipment and operating environment to authorized individuals


Control and identify:

  • Connections to external information systems
  • Information posted or processed on publicly accessible systems
  • Identities of users, processes or devices
  • Any information or system flaws


Monitor:

  • Media containing federal contract information
  • Visitor activity
  • All organizational communications


Implement:

  • Subnetworks for publicly accessible information separate from internal networks
  • Protection from malicious code and protection updates when new releases are available
  • Periodic scans of the system and real-time scans of files from external sources


Enhancing Cyber and Supply Chain Security

The Department of Defense (DoD) and a few other federal agencies are working to assist contractors in preventing cyber and supply chain attacks. The methods already implemented by the DoD include:

  • Evaluating contractor compliance with National Institute of Standards and Technology (NIST) regulations.
  • Auditing contractors’ compliance with cybersecurity protocols.
  • Researching bill of materials software systems and blacklists to identify high-risk subcontractors.
  • Establishing a Protecting Critical Technology Task Force to address cybersecurity and supply chain risk.

 By keeping cybersecurity at the forefront of their operations, federal contractors can add value to their business. ProSight also adds value beyond traditional insurance coverage with unique products and solutions, such as Data Compromise and Data Protection, that help protect federal contractors from cyberattacks.

-Rebecca Nace-Grover, Value Creation Executive for Federal Contractors