Cybersecurity firm Sera-Brynn is urging Arizona defense companies to immediately begin implementing security controls required by the U.S. Department of Defense or risk being ineligible for 2018 defense contracts.
Sera-Brynn reports that most companies are less than sixty percent compliant with the cybersecurity requirements imposed by the Defense Federal Acquisition Regulation Supplement 252.204-7012 (DFARS), and time is running out. The deadline for compliance is December 31, 2017, and it typically takes 6-9 months to achieve full compliance.
Widespread non-compliance by Arizona defense companies will have major impact on the state economy. According to the Office of Economic Adjustment, defense spending in Arizona ranks number eleven in the nation, and for the past ten years, Arizona defense companies have been awarded contracts exceeding $8 Billion, peaking at over $12 Billion in 2012. Defense companies in Maricopa and Pima Counties routinely reap well over eighty percent of that bounty. Even better times should be ahead – given that the proposed increase in defense spending is over $50 Billion. Failure to implement DFARS requirements means that many Arizona defense contractors will miss out on business because their information security programs are not up to standards.
“With billions of dollars at stake, Arizona has a lot to gain or lose depending on whether or not their defense companies are DFARS-compliant,” stated Rob Hegedus, CEO of Sera-Brynn. “It will be interesting to see if companies get on board with making changes to their security infrastructure, or if widespread non-compliance will shift the defense industry landscape.”
Considering that 2.4% percent of the total federal defense budget is spent in Arizona and that it accounts for nearly four percent of Arizona’s GDP, if multiple companies fail to meet the deadline, the impact to Arizona’s economy – and Maricopa and Pima Counties in particular – could be billions of dollars lost.
The risk is not merely financial. The consequences of failing to comply include breach of contract, liability under the False Claims Act, whistleblower actions, termination, liquidated damages, and suspension or debarment by the Government for failing to make mandatory disclosures or failing to perform in accordance with the Government contract.
Achieving compliance is a daunting challenge for both large and small companies, but there are many ways for Arizona defense contractors to get help. Sera-Brynn’s website is laden with useful information including advice on implementing a systematic, phased approach to compliance. Sera-Brynn also offers complementary DFARS flow-down Webinars for prime defense contractors to present to their valued sub-contractors. Finally, Sera Brynn offers full compliance audits that include, along with a full risk assessment and vulnerability gap analysis, mandatory documents such as a System Security Plan, Cyber Incident Response Plan, and Plan of Action and Milestones – all required by DFARS 7012.
The Defense Federal Acquisition Regulation Supplement 252.201-7012 – finalized in October 2016, requires all defense contractors that receive, transmit, process, or store Covered Defense Information (CDI) to implement over 100 security controls and be able to detect and report incidents when CDI is compromised. CDI includes unclassified controlled technical information, information that can impact operational security (OPSEC), and other information described in the Controlled Unclassified Information (CUI) Registry. The deadline for DFARS compliance is December 31, 2017.
Sera-Brynn is a leading global cybersecurity audit and advisory firm. The Virginia-based company offers threat management, compliance and risk assessment, risk control, and incident response services that enable clients to secure their computing environments and meet applicable and mandatory cybersecurity regulatory standards. This technical expertise is the backbone of their DFARS compliance services.
Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn is ranked #10 worldwide on the Cybersecurity 500 list.
For more information on DFARS, visit https://sera-brynn.com/dfars
For more information on Sera-Brynn, visit: www.sera-brynn.com
Sera-Brynn, LLC / Cyber Risk Management
5806 Harbor View Blvd., Suite 204
Suffolk, Virginia 23435