SecurityWorldMarket

07/02/2023

Research shows most state contractors fail cyber security requirements

Lewes, De

Thought to be the first-ever thorough analysis of the state of cyber security of the US defense industrial base (DIB) by Merrill Research and commissioned by Cybersheath, reveals that nearly 90% of its contractors do not meet the required security standards.

Defence contractors possess sensitive national security information and are being constantly targeted with sophisticated hacking operations led by state-sponsored hackers.

The in-depth analysis of the Pentagon supply chain was commissioned by Cybersheath, a cyber security compliance service provider, and was carried out by Merrill Research, a leader in providing custom, multi-methodological research services. 

The survey questioned 300 US-based DIB contractors via an online survey in July 2022. The supply chain of the departments in question was evaluated using the Supplier Risk Performance System (SPRS), which is the DoD’s single, authorised system to retrieve supplier security performance information.

Contractors who do not possess an SPRS score of 70 or higher are deemed non-compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) criteria.

The DFARS is a set of cyber security regulations the DoD imposes on its contractors. The DFARS, which has been in effect since 2017, demands a score of 110 to be considered fully compliant.

Data presented by Atlas VPN shows that a startling 89% of contractors have an SPRS score of less than 70, which means that they do not meet the legally required minimum. Oover 25% of the supply chain received SPRS scores between -170 to -120, while only 11% of surveyed contractors received a score that is regarded as compliant. And, also according to Atlas VPN the research conclusions show a clear and present risk to US national security. These findings should not be easily overlooked, considering the current global political tensions and the constant barrage of attacks from state-sponsored hackers.

Areas of non-compliance

Approximately 80% of the DIB does not monitor its systems 24/7/365 and does not use security monitoring services headquartered in the United States. Using foreign cyber security services has a risk on its own.

Other flaws were discovered in the following areas:

  • 80% do not have a vulnerability management system.
  • 79% do not have a robust multi-factor authentication (MFA) system in place, and 73% do not have an endpoint detection and response (EDR) solution.
  • 70% of organisations have not implemented security information and event management (SIEM)

These security measures are legally required by the DIB, and if they are not satisfied, Atlas VPN warns that the DoD and its capacity to undertake armed defense could face a major danger.


Tags

News from the startpage
Go to "Business News"  

Product Suppliers
Change market
Global North America Middle East United Kingdom Sweden Norway Denmark
Back to top