Reporting Cyber Security Incidents To The Department of Defense

Reporting Cyber Security Incidents To The Department of Defense

The United States government’s Department of Defense (DoD) is ramping up efforts to keep sensitive data protected. What’s more, the DoD is making it clear that it expects contractors and subcontractors to secure all data that they create or receive. The DoD also requires them to report any incident affecting this data immediately.

How to Prevent Cyber Security Incidents with Managed IT Security

A contractor must understand the obligations that require them to secure all information they receive or generate due to a DoD contract. This understanding will help them keep their networks and cloud resources such as Microsoft Azure and AWS environments secure.

The Advantage IT Security solution is a comprehensive monitoring solution for on-site, cloud, and hybrid computing environments. It provides monitoring for all of your organization’s cloud apps to give you varied security capabilities in a unified platform.

Advantage Industries ensures that you have proper implementation of the solution for adequate compliance management, threat detection, and incident response for your Department of Defense projects without affecting your team’s productivity and efficiency.

When to Report a Cyber Security Breach to the DoD

the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.239-7010 defines a reportable cyber-security incident. The clause states that there should be unauthorized access to CDI – information related to defense contracts – or systems used to store or generate the data. CDI includes export-controlled or restricted information or Controlled Unclassified Information. The data is either:

• Identified or marked in a contract, delivery order, or task order received by a contractor on behalf of the DoD during the performance of a contract, or
• Collected, used, generated, stored, or transmitted by a contractor to support the contract’s performance.

Many contractors and subcontractors subject to DFARS do not know what CDI covers, how to process and store the information, or the protections they should apply to CDI. The answers to these questions and a managed IT security solution need to be in place in advance of a security incident.

How Does Reporting The Incident Work?

Reportable cybersecurity incidents have broad definitions that include system policy violations, actual and attempted cyber-attacks or even disclosure by the contractor to unauthorized persons. Defense contractors should report all cybersecurity-related incidents to the department via the DoD’s Defense Industrial Base online portal. However, to access this reporting form, a contractor must have an approved Public Key Infrastructure (PKI) certificate from a DoD-approved External Certificate Authority. Because there is only a 72-hour window for reporting, contractors should ensure they obtain the document in advance.

What Is A Cyber Security Incident Report?

Immediately a contractor discovers a DFARS cyber-incident, they should report the 20 items listed below in Incident Collection Format (ICF) on the DoD portal within 72 hours:

1. Company name
2. Company point of contact information (address, position, telephone, email)
3. Data Universal Numbering System (DUNS) Number
4. Contract number(s) or other types of agreement affected or potentially affected.
5. Contracting officer or other types of agreement point of contact (address, position, telephone, email)
6. USG program manager point of contact (address, position, telephone, email)
7. Contract or other types of agreement clearance level (unclassified, confidential, secret, top-secret, not applicable)
8. Facility CAGE code
9. Facility clearance level (unclassified, confidential, secret, top-secret, not applicable)
10. Impact to covered defense information
11. Ability to provide operationally critical support
12. Date incident discovered
13. Location(s) of compromise
14. Incident location CAGE code
15. DoD programs, platforms, or systems involved.
16. Type of compromise (unauthorized access, unauthorized release (includes inadvertent release), unknown, not applicable)
17. Description of technique or method used in cyber incident
18. Incident outcome (successful compromise, failed attempt, unknown)
19. Incident/compromise narrative
20. Any additional information

Protect Your DoD Contracting Business with A Managed IT Security and Compliance Solution

Today, the average cost of a cybersecurity incident or data breach is $4.6 million. As a DoD contractor, you cannot afford to risk this level of exposure. With Advantage Industries’ Managed IT Security and Compliance as a Service, you enjoy centralized incident response and threat detection across cloud computing environments and on-site infrastructure. These managed solutions also provide log management that ensures continuous compliance with government regulations and enables forensic investigation.

Call Advantage Industries today for a wide range of IT solutions and technical advisory services throughout Baltimore, Washington, and Northern Virginia.