Cybersecurity Deadline for Virginia Defense Contractors Could Cost Region
Widespread non-compliance across the Virginia defense industry will have major impact on Virginia's economy, reports Sera-Brynn.
Suffolk, VA, May 23, 2017 (Newswire.com) - Cybersecurity firm Sera-Brynn is urging Virginia defense companies to immediately begin implementing security controls required by the U.S. Department of Defense or risk being ineligible for 2018 defense contracts.
Sera-Brynn reports that most companies are less than sixty percent compliant with the cybersecurity requirements imposed by the Defense Federal Acquisition Regulation Supplement 252.204.-7012 (DFARS), and time is running out. The deadline for compliance is December 31, 2017, and it typically takes 6-9 months to achieve full compliance.
Regions like Fairfax County, where tens of billions of dollars are at stake, have a lot to gain or lose depending on whether or not their defense companies are DFARS-compliant. It will be interesting to see if companies get on board with making changes to their security infrastructure, or if widespread non-compliance will shift the defense industry landscape."
Rob Hegedus, CEO, Sera-Brynn
Widespread non-compliance by Northern Virginia and Hampton Roads defense industries will have major impact on Virginia’s economy. According to the Office of Economic Adjustment, defense spending in Virginia ranks number one in the nation, and for the past ten years, Virginia defense companies have been awarded contracts exceeding $36 Billion, peaking at over $43 Billion in 2012. Defense companies in Fairfax County and Newport News City routinely reap almost half of that bounty. Even better times should be ahead – given that the proposed increase in defense spending is over $50 Billion. Failure to implement DFARS requirements means that many Virginia defense contractors will miss out on business because their information security programs are not up to standards.
“Regions like Fairfax County, where tens of billions of dollars are at stake, have a lot to gain or lose depending on whether or not their defense companies are DFARS-compliant,” stated Rob Hegedus, CEO of Sera-Brynn. “It will be interesting to see if companies get on board with making changes to their security infrastructure, or if widespread non-compliance will shift the defense industry landscape."
Considering that thirteen percent of the total federal defense budget is spent in Virginia and that it accounts for 11.2 percent of Virginia’s GDP, if multiple companies fail to meet the deadline, the impact to Virginia’s economy – and Northern Virginia and Hampton Roads in particular – could be billions of dollars lost.
The risk is not merely financial. The consequences of failing to comply include breach of contract, liability under the False Claims Act, whistleblower actions, termination, liquidated damages, and suspension or debarment by the Government for failing to make mandatory disclosures or failing to perform in accordance with the Government contract.
Achieving compliance is a daunting challenge for both large and small companies, but there are many ways for Virginia’s defense contractors to get help. Sera-Brynn’s website is laden with useful information including advice on implementing a systematic, phased approach to compliance. Sera-Brynn also offers complementary DFARS flow-down Webinars for prime defense contractors to present to their valued sub-contractors. Finally, Sera Brynn offers full compliance audits that include, along with a full risk assessment and vulnerability gap analysis, mandatory documents such as a System Security Plan, Cyber Incident Response Plan, and Plan of Action and Milestones – all required by DFARS 7012.
DFARS Background
The Defense Federal Acquisition Regulation Supplement 252.201-7012 – finalized in October 2016, requires all defense contractors that receive, transmit, process, or store Covered Defense Information (CDI) to implement over 100 security controls and be able to detect and report incidents when CDI is compromised. CDI includes unclassified controlled technical information, information that can impact operational security (OPSEC), and other information described in the Controlled Unclassified Information (CUI) Registry. The deadline for DFARS compliance is December 31, 2017.
About Sera-Brynn
Sera-Brynn is a leading global cybersecurity audit and advisory firm. The Virginia-based company offers threat management, compliance and risk assessment, risk control, and incident response services that enable clients to secure their computing environments and meet applicable and mandatory cybersecurity regulatory standards. This technical expertise is the backbone of their DFARS compliance services.
Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn is ranked #10 worldwide on the Cybersecurity 500 list.
For more information on DFARS, visit https://sera-brynn.com/dfars.
For more information on Sera-Brynn, visit: www.sera-brynn.com
Media Contact
Colleen Johnson
Sera-Brynn, LLC / Cyber Risk Management
5806 Harbor View Blvd., Suite 204
Suffolk, Virginia 23435
colleen.johnson@sera-brynn.com
Source: Sera-Brynn