Spotting the Suspicious & Reporting the Threat
The U.S. is increasingly the target of foreign-based cyber operations. We rely on its cyber infrastructure for everything from communications, to the management of critical infrastructure, to the command and control of our military. This dependence on technology, along with the rapid rate of technological innovation, creates numerous vulnerabilities that our adversaries seek to exploit.
Foreign adversaries can conduct cyber operations to collect intelligence or to disrupt and degrade the effectiveness of the technologies on which we depend. Cyber operations are very attractive to foreign intelligence organizations, non-state actors, criminals and terrorists because they can be conducted relatively cheaply and easily and offer high returns with a low degree of risk. The risk of exposure is low because cyber operations can be carried out remotely and with a high degree of anonymity. In addition, cyber operations are comparatively inexpensive, and can be conducted rapidly. For all of these reasons, state and non-state actors are increasingly turning to the cyber domain to augment and bolster their respective intelligence activities against the U.S. in an effort to gain advantage.
NISPOM (National Industrial Security Program Operating Manual) states “Contractors shall report efforts by an individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise a cleared employee.” Cleared contractors must also report actual, probable or possible espionage, sabotage, terrorism, subversion to the FBI and DSS (NISPOM I-301).
If your company is subject to the DFARS Rule 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting,” then you have an additional mandatory reporting requirement. Contractors must report, within 72 hours of discovery, a reportable cyber incident. Contractor must report the incident to DoD via http://dibnet.ded.mil. Subcontractors must report incidents to their prime contractor under the DFARS UCTI rule, or to their prime contractor and the DoD under the DFARS SP800-171 rule.
4681 Research Park Blvd
Huntsville, AL 35806