U.S. defense contractors are now required to incorporate established information security standards on their unclassified networks.
Under an amendment to the U.S. Defense Federal Acquisition Supplement, they are also required to report incidents of cyber-intrusions that result in the loss of unclassified, controlled technical information from their networks.
“Defense contractors throughout the department’s supply chain have been targeted by cyber-criminals attempting to steal unclassified technical data,” said Frank Kendall, undersecretary of defense for acquisition, technology and logistics.
“This (the new requirement) is an essential step to ensure that this valuable information is protected,” he said. “We cannot continue to give our potential adversaries the benefits in time and money they obtain by stealing this type of information.
“This amendment will apply to all new contracts that will use or generate technical information,” Kendall said.
The amendment was published on Monday.
The Department or Defense said protection of technical information is critical to preserving the intellectual property and competitive capabilities of U.S. industry, and that while the technical information on networks may be unclassified it still contains data, designs and operational concepts concerning defense system requirements.