The White House’s New National Cyber Strategy: How It Impacts Government Contractors
President Donald Trump revealed a new National Cyber Strategy centering around four pillars of priority in September 2018. The strategy includes two main areas of impact for government contractors to include:
- Strengthen Federal Contractor Cybersecurity
- Improve Federal Supply Chain Risk Management
The Four Pillars
The National Cyber Strategy follows the release of the May 2017 White House Cybersecurity Executive Order, which addressed key issues and areas related to federal networks as well as a focus on critical infrastructure sectors. Key U.S. Department of Homeland Security officials rolled out the new cybersecurity strategy at a recent State of Cybersecurity Conference, detailing the four pillars.
- Pillar I: Protect the American people, the homeland, and the American way of life by securing our information systems and combating cybercrime.
- Secure Federal Networks and Information
- Secure critical infrastructure
- Combat cybercrime and improve incident reporting
- Pillar II: Promote American prosperity by pursuing cyberspace as an engine of economic growth, innovation, and efficiency.
- Foster a vibrant and resilient digital economy
- Foster and protect United States ingenuity
- Develop a superior cybersecurity workforce
- Pillar III: Preserve peace through strength by identifying, countering, disrupting, degrading, and deterring bad behavior in cyberspace.
- Enhance cyber stability through norms of responsible state behavior
- Attribute and deter unacceptable behavior in cyberspace
- Pillar IV: Advance American influence by preserving the long-term openness, security, and reliability of the Internet.
- Promote an open, interoperable, reliable, and secure internet
- Build international cyber capacity
Pillar I is the main area of focus for government contractors with two main areas of impact – strengthen federal contractor cybersecurity and improve federal supply chain risk management.
Strengthening Federal Contractor Cybersecurity
Implementation of the National Cyber Strategy will impact federal contractors by utilizing a more proactive government role in assuring contractors’ information systems are adequately protected.
Federal contracts must contain provisions authorizing the government to review contractor cyber protections by “testing, hunting, sensoring, and responding to incidents on contractor systems.” Current DoD and civilian agency contracts depend on contractors to evaluate and test their own systems or use a third-party consultant. However, the National Cyber Strategy focuses on acute concerns for defense-related contractors as well.
The National Cyber Strategy also calls for consolidation of cyber acquisition strategies to reduce the cost of utilizing contract provisions that differ from agency to agency. The Department of Defense has its own cybersecurity regulations and contract clauses, and individual civilian agencies supplement the Federal Acquisition Regulation (FAR) cyber provisions with their own requirements. This has resulted in a significant compliance challenge.
Improving Federal Supply Chain Risk Management
Supply chain security is another key area of importance for government contractors and has been a growing risk by the government. Over the last two years, the focus on securing the government’s technology supply chain has increased. The National Cyber Strategy focuses on better integration of the supply chain risk management into the acquisition process.
Additionally, The National Cyber Strategy calls for the creation of a new supply chain risk assessment shared service to centralize information about supply chain threats. This document requires the implementation of new and “streamlined authorities to exclude risky vendors, products, and services”.
In general, civilian federal contractors and defense-related contractors can expect a more robust set of contracting standards and requirements in the future.
Trained Cybersecurity Experts
Additionally, the administration is looking to change how cybersecurity workers are managed, due to the Homeland Security Department’s new personnel readiness system combined with authority to pay cyber works 20 to 25 percent more. The administration will explore options to establish distributed cybersecurity personnel under the management of DHS to oversee development, management, and deployment of cybersecurity personnel across federal departments and agencies.
H2L Solutions, Inc. implements, tests, administers, and sustains cybersecurity solutions. We have a staff of information security professionals skilled in the development and management of cybersecurity programs. Our professionals assist our clients with multiple layers of information assurance and cybersecurity requirements.