Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: DFARS Cybersecurity Survey Results
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > DFARS Cybersecurity Survey Results
Security

DFARS Cybersecurity Survey Results

AlexOlesker
AlexOlesker
0 Min Read
SHARE

In July, CTOvision.com created and distributed a survey on the new proposed 

In July, CTOvision.com created and distributed a survey on the new proposed Defense Federal Acquisition Regulation Supplement (DFARS) to safeguard unclassified Department of Defense information on contractor networks. After receiving responses from government, industry, and academia, we’ve summarized feelings and expectations towards the policy below. Of the respondents, 73% said that they were familiar with DFARS, so we believe we hit a good community with our survey. Additionally, about a third of the respondents reported that they were security executives, and another third said they were practitioners. It is good having inputs from both those groupings. A quarter of respondends were in government and three fourths came from industry and academia.

Summary of the proposed DFARS changes:

Changes to the Defense Federal Acquisition Regulation Supplement were proposed after the recent string of high profile cyber attacks on defense contractors. Information on Department of Defense networks is protected by DIACAP standards but as of now, protecting information on private networks is left up to the company’s discretion. Yet since so much of the government’s information storage and R & D is performed by private corporations, DFARS has been put forward in an attempt to standardize protection and reporting for contractor networks and systems. Aside from an extensive list of reporting requirements, the following three policies are at the heart of DFARS:

More Read

Cloud Services: Benefits Far Outweigh Security Concerns
What if WikiLeaks Hacked Your Company?
Big Data Makes Black Hat Hackers More Terrifying Than Ever
Organization’s Data Protection: Be Aware of the Different Ways Hackers Attack
Globalization, Cloud and Mobility Change Network Needs

a) The Government and its contractors and subcontractors will provide adequate security to safeguard unclassified DoD information on their unclassified information systems from unauthorized access and disclosure.

b) Contractors must report to the Government certain cyber incidents that affect unclassified DoD information resident on or transiting contractor unclassified information systems. Detailed reporting criteria and requirements are set forth in the clause at 252.204-70YY.

c) A cyber incident that is properly reported by the contractor shall not, by itself, be interpreted as evidence that the contractor has failed to provide adequate information safeguards for DoD unclassified information, or has otherwise failed to meet the requirements of the clause at 252.204-70YY. Contracting officers shall consult with a functional manager to assess contract performance. A cyber incident will be evaluated in context, and such events may occur even in cases when it is determined that adequate safeguards are being used in view of the nature and sensitivity of the DoD unclassified information and the anticipated threats.

Government:

Public sector respondents believed in extending regulation to private industry. 75% answered that government regulations such as FISMA, OMB’s M-11-11, NISTIC , and FICAM should apply to all contractors if they hope to work with the government, while 25% felt that companies could secure their data on their own.

Most, however, did not believe that the public sector was better at protecting information. 46% of respondents believed that government was better than industry at protecting information systems, 54% thought it was not, and numerous wrote in that it depends on which industry, company, or agency, and on which aspect of protection from what threat.

Of government respondents, 83% worked for organizations with policies in place for encryption of data for storage and transmission, network protection and intrusion detection, and cyber intrusion reporting based on NIST Special Pub 800-53 “Recommended Security Controls for Federal Information Systems and Organizations”  while only 7% said they did not and 10% did not know.

To make DFARS better, the most prevalent suggestion was to get more specific. There were concerns over the government having too broad an influence in contracor systems, overlaps and confusion in rules, departments, and agencies, and insufficiently explicit requirements. Another repeated suggestion was to mandate red team exercises to test the vulnerability of systems.

Private citizens:

In the private sector, faith in government control and regulation was much lower. Only 24% thought the government was better than industry at protecting information, and even then there were heavy reservations with comments such as “both are awful” and numerous responses that it depends on which industry, which government agency, and what data.

Two thirds of respondents feared that their costs would go up if DFARS were to be implemented. At the same time, only 42% felt that adhering to these rules would make their organization or government data any more secure, as opposed to 58% that did not.  Reasons given include that some corporations already exceed DFARS standards and that regulations do little to improve fundamental problems of security on the internet such as attribution.

Suggesting ways to make DFARS better, industry respondents also cited making definitions and requirements more precise and clarifying terms like “adequate” just as government respondents did. Private sector respondents also expressed concern for smaller contractors, who may have difficulty implementing the recommendations and “go broke trying to comply.”

Overall trends:

Both government and industry respondents were concerned about the fuzzy language of DFARS and ambiguity in its implementation. Public sector respondents were much more confident in the government’s ability to keep information secure than private sector though both thought it could be improved, raising questions on whether government should dictate security measures to industry. While most respondents thought DFARS was generally a good set of guidelines, there were doubts over the cost and implementation.

To those that took our survey, thanks! Your inputs will do more than just contribute to this post. We are also providing comments into the formal DFARS process in the hopes of helping government decision-makers think through the right approach.

TAGGED:defensefederalsurvey
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing
AI Document Verification for Legal Firms: Importance & Top Tools
AI Document Verification for Legal Firms: Importance & Top Tools
Artificial Intelligence Exclusive
AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Cloud Front Group Capabilities Featured in Geospatial Intelligence Forum

7 Min Read

Learning about data warehousing for mid-sized companies

2 Min Read

Predictive Analytics in the Cloud survey update

1 Min Read

Looking at dashboards and ROI

1 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

data-driven web design
5 Great Tips for Using Data Analytics for Website UX
Big Data
AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?