Skip to content

Home » cybersecurity

cybersecurity

By Jonathan Sanders, Director, Research, GovExec

On Monday, July 25, the Department of Defense (DoD) took a major step in its efforts to protect the United States’ defense supply chain by sending the proposed Cybersecurity Maturity Model Certification (CMMC) rule to the White House for review. The Office of Information and Regulatory Affairs at the Office of Management and Budget will now begin its review process. 

The CMMC Rule

CMMC will replace the existing self-certification process for DoD contractors. It will require them to achieve specific levels of cybersecurity maturity in order to continue doing business with the government.

Cyber AB, the nonprofit organization created to authorize and accredit third-party assessment organizations involved in conducting cybersecurity assessments for defense contractors, recently held a town hall meeting. Cyber AB CEO Matthew Travis led the meeting, which walked through the major milestone this represents to the DoD moving forward.

Travis noted the success of the Washington Technology sponsored CMMC Ecosystem Summit. In partnership with Cyber AB, the second iteration takes place November 8th. 

The proposed CMMC rule will now undergo OMB’s regulatory review. OMB has 60-90 days to complete their review of the rule, after which it will be published in the Federal Register (estimated for September or October). After posting, the rule will undergo a 60-day public comment period where the public can provide suggestions and feedback on the suggested requirements. 

One of the major obstacles is the NIST revision of the compliance standards, expected to be released in late FY 2023 or early FY 2024, which generally aligns with the Pentagon’s proposed timeline for implementation of Fall 2024. This update will include additional cybersecurity controls/requirements for contractors, which means that the bar for cyber compliance assessments will continue to rise.

What does this mean for you?

As CMMC moves one step closer to becoming law, it is imperative for your organization to keep up with the requirements and make necessary changes to cybersecurity practices to remain viable and competitive in the DoD marketplace. Keep in the know by attending Washington Technology’s CMMC Summit in partnership with Cyber AB taking place November 8th from 8am – 6pm ET. (Click here to register.)

Insights, Research, and YOUR Path to More Awards

GovExec’s Insights & Research Group (comprising Market Connections, Government Business Council, and Leading Brands) and GovTribe can keep you up to date on what is happening in this rapidly changing contract environment. 

GovTribe is a collaborative platform that lends business development teams a hand through research and tracking of contracting vehicles as well as targeted intelligence on GSA Federal Supply Schedules, GWACS, IDIQs, and other multiple award vehicles.

Combining the data, insights, and expert analysis you get at Market Connections with the ease, agility, and usability of GovTribe can help you strategically position yourself right where you want to be for future opportunities.

Questions? Please reach out to Jonathan Sanders at jsanders@govexec.com.

By Jonathan Sanders, Director, Research, GovExec

In response to the growing concern about the threat quantum computing poses to cybersecurity, President Biden signed the Quantum Computing Cybersecurity Preparedness Act in December 2022. The act encourages “federal government agencies to adopt technology that will protect against quantum computing attacks,”  an emerging technology rapidly gaining steam in the computing domain. 

Encryption has played the lead role in securing enterprise data for years, and with recent advancements in Quantum computing, these traditional encryption methods, standards, and solutions are at a serious risk of decryption. Traditional enterprise and customer vendors rely on advanced encryption methods to secure their products and offerings, and the leaps and bounds that quantum represents could massively upend them in a matter of years.

The Act recognizes the urgent need for the development of quantum-safe protocols due to the rapidly advancing state of quantum computing technology. The threat posed by quantum computing to traditional encryption methods is real and has been identified as a national security concern. 

It also calls for program development with National Institute of Standards and Technology (NIST) that will address the cybersecurity risks posed by quantum computing. It provides for the creation of a public-private partnership to develop a plan to address these risks, tasked with developing a framework for identifying and addressing the risks posed by quantum computing to critical infrastructure and other sensitive systems. 

The Act provides funding to NIST to establish the program and to engage with industry experts, government agencies, and other stakeholders to develop and implement the framework. It also establishes a National Quantum Initiative Advisory Committee to provide guidance and support for the program. 

Within six months of the Act’s signing, it requires the Director of the Office of Management and Budget (“OMB”), together with the National Cyber Director and Director of the Cybersecurity and Infrastructure Security Agency (“CISA”), to issue guidance for agencies to inventory and develop plans to prioritize information systems for migration to post-quantum cryptography to include: 

  • Inventory of Vulnerable Systems Guidance:  The Act will require guidance from agencies to establish and maintain an inventory of IT in use by the agency that is vulnerable to decryption by quantum computers. 
  • Priority Systems for Migration Guidance: This guidance must also include a description of IT that should be prioritized for migration to post-quantum cryptography and a process for evaluating progress on the migration of those systems. 

Within 15 months of signing the Act, the Director of OMB must submit a report to Congress on a strategy to address risk posed by vulnerabilities of information technology systems, to include an estimate of the amount of funding needed by agencies to secure vulnerable information technology, and a description of efforts to develop standards for post-quantum cryptography by NIST. 

One of the major criticisms of the Act is its lack of funding. While the Act authorizes the allocation of funds towards quantum computing research, it does not specify any amount, leaving it open to interpretation and potential underfunding.

What does this mean for you?

Quantum computing represents a major threat across all markets, whether DoD, Federal, or SLG, the advent of quantum technology represents a monumental shift to Government and industry alike. As the Government and DoD begin to prime their cybersecurity infrastructure updates to be ready for quantum computing capabilities, industry must be primed to lead that discussion. 

Insights, Research, and YOUR Path to More Awards

GovExec’s Insights & Research Group (comprising Market Connections, Government Business Council, and Leading Brands) and GovTribe can keep you up to date on what is happening in this rapidly changing contract environment. 

GovTribe is a collaborative platform that lends business development teams a hand through research and tracking of contracting vehicles as well as targeted intelligence on GSA Federal Supply Schedules, GWACS, IDIQs, and other multiple award vehicles.

Combining the data, insights, and expert analysis you get at Market Connections with the ease, agility, and usability of GovTribe can help you strategically position yourself right where you want to be for future opportunities.

Questions? Please reach out to Jonathan Sanders at jsanders@govexec.com.