Cybersecurity Compliance Deadline Looms for Federal Contractors | Black & Veatch
Perspective

Ready or Not, Cybersecurity Compliance Deadline Looms for Federal Contractors

Cybersecurity Maturity Model Certification framework will help protect the confidentiality of federal contract information and control unclassified information.

Cybersecurity Compliance Deadline Looms for Federal Contractors

Cyber-attacks and cybersecurity breachs are on the rise, incentivized by ransom potential and risk versus reward gambles. Whatever the driver, organizations across the world are increasingly being victimized by hackers.

There are various categories of cybersecurity violations that an organization could fall prey to. As defined by the National Institute of Standards and Technology (NIST), a cybersecurity incident is a violation of “an explicit or implied security policy.”

Incidents are further segmented into cyberattacks and data breaches, which include attempts to access systems without authorization, unauthorized changes to software, and many others. All are costly, for both the company’s bottom line and its public image. It is critical that federal contractors for the U.S. Department of Defense (DoD) comply with the new security protocals to protect the safety and security of our nation’s infrastructure.

It is estimated that cybersecurity incidents cost the American economy between $57 billion and $109 billion in 2016, and they only continue to gain prominence. In August 2021, T-Mobile suffered a breach in which the information for more than 40 million people was stolen. Names, birthdates, social security numbers and driver's license numbers were compromised, leaving users deeply concerned over the safety of their identities.

Though T-Mobile was also a victim, they paid a price for the incident. Besides incurring reputational damage, the company’s stock dropped about 5 percent between August 13 and August 26.

Cybersecurity has become increasingly worrisome in areas related to government and nation-state attacks. As recently as June 2021, iConstituent, a private company that offers communications tools to connect lawmakers to their constituents, was targeted by ransomware. The company provides a newsletter service that U.S. lawmakers use to contact their constituents, and nearly 60 offices in the United States Congress were targeted. Although no House data seemed to have been breached, the event piled on top of already mounting concerns over the U.S. Government’s cyber defenses.

Perhaps one of the most eye-opening incidents occurred in 2020 when hackers breached the systems of Solar Winds, a large information technology firm in Texas. In an attack so stealthy that hackers spent months spying on companies completely unnoticed, malicious code was snuck into Solar Winds’ software systems, which consequently affected thousands of people, companies and government entities. Among those targeted were Microsoft, Intel, Cisco, the Pentagon, the U.S. Department of Homeland Security, the U.S. Department of Energy and many others. The most fearsome part of such attacks is that many companies and their clients may never know they were breached.

Cyber capabilities are constantly evolving and gaining awareness in national security and international relations. Dr. Michael McGuire, a senior lecturer in Criminology at the University of Surrey, wrote in his report "Nation States, Cyberconflict, and the Web of Profit," that his studies point to “a merging of traditional international relations with the cybercrime economy and the tools and techniques which now drive the digital underground.”

In response to this merge, organizations — especially government entities — must be proactive in their cybersecurity efforts. With cybersecurity incidents becoming more common and concerning during this era of rapidly evolving technology, the U.S. government has taken notice and is seeking to implement more stringent cybersecurity policies.

Organizations — especially government entities — must be proactive in their cybersecurity efforts.

As these policies take shape, contractors bidding on federal contracts must take heed when it comes to managing sensitive data. In January 2020 the DoD issued initial guidelines for Cybersecurity Maturity Model Certification (CMMC) to combat the rise in cybersecurity incidences.

This series of processes and practices serve as a cybersecurity framework for those in the Defense Industrial Base (DIB). In short, the effort will attempt to secure the supply chain for the DIB. CMMC will expand NIST 800-171 security requirements by adding additional domains and controls in areas related to asset management, recovery and situational awareness.

Going forward, federal contractors and sub-contractors will need a certain level of CMMC to bid and execute federal contracts. Due to the additional requirements, compliance cannot be achieved through self-certification. Organizations must be certified by a CMMC Third Party Assessment Organization (C3PAO).

Black & Veatch can help. In response to the DoD’s new CMMC framework, Black & Veatch Management Consulting, LLC, has achieved accreditation as a Registered Provider Organization (RPO) from the CMMC Accreditation Body and has launched a new CMMC offering. Combining its more than 20 years of experience in cybersecurity with an expert team of CMMC – AB Registered Practitioners and Certified CMMC Professionals, Black & Veatch is best suited to assist any organization in preparing for Level 1 – 3 CMMC assessment.

Related Perspectives

Design build scoop tools

Design-Build Allows for Additional Scope

What happens when your project has a fixed budget but an open-ended project scope? How do you effectively address specific needs and a “wish list” of additional improvements?
Read more
Apprenticeship Workshops at Black & Veatch
Three Steps to Cultivating Skilled Workforces Through Apprenticeships
Three ways the progressive design-build delivery method benefits project owners
delivery method offers project owners
Which delivery method offers project owners the most flexibility?

Related Projects

Water Supply Diversification Goals
Design-Build Project Achieves Ambitious Budget, Schedule and Water Supply Diversification Goals
Parker Water and Sanitation District (PWSD) previously relied on groundwater as their sole water source. Due to the diminishing nature of this finite source, it was essential for PWSD to reduce reliance on groundwater and diversify its water supplies.
Weekes Wash Teaser
Nature-Based Project Addresses City’s Top Public Works Priority, Winning Record FEMA Grant
Weekes Wash drains a portion of the Superstition Mountains east of metropolitan Phoenix. The usually dry watercourse cuts through desert foliage and is often defined by flash floods. When heavy storms hit, it all quickly comes out in the wash – floodwater, sediment, debris – with destructive force. In harm’s way is Apache Junction, a growing suburb of approximately 40,000 residents.
Green earth image
Creating a Reliable & Affordable Decarbonization Roadmap for California

As utilities around the world face the consequences of the climate crisis, California’s San Diego Gas & Electric (SDG&E) took action to address the public and regulatory policies driving governments, businesses, and utilities alike to evaluate the most viable pathways for economy-wide decarbonization.

Sun Crate SU Manuel Ortiz
Black & Veatch, Coalition Donate Electric Resiliency to Hurricane-Affected Puerto Rico School
A coalition led by Black & Veatch donated tens of thousands of dollars in technology along with the manpower to provide a new, solar-driven power source for the SU Manuel Ortiz in Yabucoa, ground zero of Hurricane Maria.
Meet Black & Veatch

We seek partners in innovation. Let's start the conversation.

Contact UsWork with UsStay in the Know
Industries
Solutions / Services
Company
Careers
Experience