A recent Department of Defense study says small and large contractors are struggling to comply with DoD’s new cybersecurity standards, Defense One reported Monday.
“For the most part, the big companies do very well,” Kevin Fahey, assistant defense secretary for acquisition, told reporters at the Pentagon Monday. “But in no case do they meet everything that they thought they met.”
Fahey also mentioned the risk of cyber threat facing small subcontractors, which are receiving large volumes of data from large companies. “The biggest part of our training and the problem is that our adversaries don’t try to come in through the big companies, they come in through the fifth-, sixth-tier. If you’re flowing down information they don’t need, then that’s bad. That’s where we’re seeing our biggest problem,” he added.
Jason Timm, assistant vice president for national security policy at the Aerospace Industries Association, said firms are having difficulty meeting security standards in FIPS-validated encryption and multifactor authentication, among other areas.