In light of recent and ongoing cyber incidents, this executive order (EO), released on May 12, reflects the government’s heightened concerns. Important issues addressed in the EO include:
- Modernizing Federal Government Cybersecurity: the EO provides minimum cybersecurity requirements for federal agencies.
- Removing Barriers to Sharing Threat Information includes the need to expand existing cyber breach notification requirements by modifying contract terms to require all providers of IT and operational technology services to the federal government, including, but not limited to, cloud service providers, to share threat and security incident information with select executive departments and agencies responsible for investigation and remediation of cyber incidents.
- New standardized cybersecurity requirements for all government contractors may be considered and adopted by the FAR Council.
Related BRG Information
RAND Corporation Study
Steven Klemencic writes about the RAND Corporation’s recently released major study, Managing Risk in Globalized Supply Chains. While the report was commissioned by the United States Air Force (USAF) and, as a result, is USAF-centric, it has applicability across US military services and US defense contractors. With supply chain risk management (SCRM) meaning different things for different people, the key findings are both unsurprising and, given the highly competitive geopolitical environment we find ourselves in, worrisome.
Read Mr. Klemencic’s full paper, A Perspective on Threat-Based Supply Chain Risk Management.
Data Security and the Constant Threat of Cyber Attacks
In January 2021, there were two huge data leaks in Brazil. One exposed information such as names, dates of birth, vehicle data, and CNPJ (business tax registration numbers) of more than forty million companies, information that is circulating free of charge on the internet. The other exposed information about education, INSS (social security information), social programs enrollment, and income, among others. Denise Debiasi discusses compliance programs and what companies can do to protect their data.