Department of Defense: Interim Rule on CyberSecurity

Data Breach

The Department of Defense has issued an Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS).

The specific focus is on new rules  which require contractor reporting on network penetrations.

Additionally, this Rule implements DoD policy on the purchase of cloud computing services.

The Interim Rule is here.

According to the Federal Registry:

This interim rule requires contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability to provide operationally critical support. DoD is working to establish a single reporting mechanism for DoD contractor reporting of cyber incidents on unclassified information systems.

In addition, this rule also implements DoD policies and procedures for use when contracting for cloud computing services. The DoD Chief Information Officer (CIO) issued a memo on December 15, 2014, entitled “Updated Guidance on the Acquisition and Use of Commercial Cloud Computing Services” to clarify DoD guidance when acquiring commercial cloud services (See memo here: http://iase.disa.mil/cloud_security/Pages/docs.aspx). The DoD CIO also released a Cloud Computing Security Requirements Guide (SRG) Version 1, Release 1 on January 13, 2015, for cloud service providers to comply with when providing the DoD with cloud services (See SRG here: http://iase.disa.mil/cloud_security/Pages/index.aspx). This rule implements these new policies developed within the DoD CIO memo and the SRG in the DFARS to ensure uniform application when contracting for cloud services across the DoD. The combination of the two statutes as well as the cloud computing policy will serve to increase the cyber security requirements placed on DoD information in contractor systems and will help the DoD to mitigate the risks related to compromised information as well as gather information for future improvements in cyber security policy.

Data Breach
Christopher Hopkins Discusses Cybersecurity & Technology for Lawyers At Law Firm Leaders Summit

I was invited to speak today in Tampa about cybersecurity and technology for lawyers at the Law Firm Leaders Summit conference. I presented to both “small firm” and “large firm” tracks at the seminar. We covered: Getting hacked on public wifi Phishing, Spearfishing and other hacks Ransomware U.S. Government’s “NIT” …

Data Breach
Christopher Hopkins Presents Keynote Cybersecurity Presentation at Florida Dispute Resolution Conference

Special thanks to the Florida Dispute Resolution Center and the 1,000+ attendees at this year’s ADR: Options and Opportunities (27th annual) Conference. My keynote address covered various forms of cybersecurity risks (not just for mediators) including phishing, spearfishing, WiFi Pineapple man in the middle attacks, DDOS attacks, physical attacks, and …

Data Breach
Is Your PC Keeping Your Information Private? Take This 10-Question Quiz

A law firm was behind that largest hack in history. How safe is your desktop or laptop PC? For both home and work, this article presents 10 questions in a quiz format about your security and privacy practices. The article also includes the steps how to find the answers — …