Cybersecurity in Government Contracting – 2020 and BeyondPosted: April 22, 2020
Government contractors often outsource proposal writing and proposal management services, which means the company you use for your proposal support is part of your supply chain and must meet established security standards.
The folks at ProposalHelper have documented and ingrained security processes and practices in every aspect of their operations, and their information security processes have been independently audited and verified to meet ISO 27001:2013 standards.
The following is a guest post by Dr. Troy A. Tyre, Vice President U.S. Operations/Delivery Solutions, ProposalHelper, LLC.
Businesses focused on government contracts for significant amounts of the company’s revenue face unique challenges as we move into 2020 and beyond. The cybersecurity industry faces unparalleled changes, more so than other industries. The status quo will no longer meet the requirements. Key changes include:
- Business requirements: Federal agencies are now evaluating cybersecurity preparedness and maturity of programs in awarding new contracts. Cybersecurity preparedness is now a competitive advantage.
- Regulatory complexity: New regulations, imposed by federal and state agencies, are either already in effect or going into effect in 2020. Some of these regulations are clear while others require interpretation, making compliance difficult.
- Liability increasing: Several new elements of liability impact Government contractors. Government contractors are now held accountable for cybersecurity deficiencies in products/services under the False Claims Act. The Government contractor may also be liable under new and existing state laws, which are more frequently being enforced.
- Evolving threats: Cybersecurity threats are increasingly working their way down the supply chain. Vendors are often seen as the “weakest link” and the easiest way to infiltrate the government.
Understanding the changing landscape is a real requirement and can provide first adopter differentiation, at least initially. In 2019, the Department of Defense (DoD) identified cybersecurity weaknesses in supply chains as a critical threat to the economy and national intelligence. DoD’s response was the development of the Cybersecurity Maturity Model Certification (CMMC), which sets standards for cybersecurity preparedness and documents the process for all DoD contractors.
Large and small, primes and subs, all contractors are required to be third-party certified for cybersecurity preparedness in order to bid on new contracts and re-competes with the DoD. The DoD has deemed cybersecurity to be a foundational element in their procurement process. In other words; if a contractor does not meet the required level of preparedness, they cannot bid on any DoD contracts or re-competes. The DoD is the first agency to mandate third-party audits for their entire supply chain and to remove the ability to self-certify.
The military sees the importance of cybersecurity as well. In March 2018, the Marine Corps took the next step in growing cyber forces with the creation of the new officer military occupational specialty (MOS) focused on cyber operations. Senior leadership intends for the new cyber officers to lead within both the Marine Corps Cyberspace Command and across the wider Fleet Marine Forces.
The new officers will integrate the capabilities and effects of offensive and defensive cyberspace operations at the tactical level, supporting troops on the ground; the operational level, supporting commanders at every echelon; and the strategic level, supporting policymakers across the DoD. On November 21, 2019, the Naval Academy Class of 2020 received their first cyber warfare community selections, including six highly qualified candidates who were designated as Marine Corps cyber warfare officers.
Cybersecurity is one of the most eminent requirements for companies, regardless of whether you provide services, construction, commodities or products.
Dr. Troy Tyre, Vice President of Delivery Solutions at ProposalHelper, brings over 35 years of industry experience in project and proposal management. He can be reached at firstname.lastname@example.org or 571-449-6071.