Small companies are struggling to meet the Pentagon’s newish network security rules, and even larger contractors aren’t doing as well as they think they are, a recent Department of Defense study has found. For one thing, big companies tend to give their smaller subcontractors a lot of data they don’t need, which then becomes vulnerable to foreign hackers.
In 2016, hackers stole sensitive data about the F-35 Joint Strike Fighter from an Australian subcontractor. That and similar cases prompted the Pentagon to issue new rules for handling such information. Companies were supposed to have a plan for meeting these new standards by the start of 2018. What’s changed is that the Pentagon is starting to check whether self-certifying contractors are in fact complying with those rules.
