First, to our friends in France. C'est le jour de la Bastille! Happy Bastille Day!
I have a long-time buddy and a bunch of clients who work for the government (ok, their client/employer is the DOD/NSA) and their only portfolio is cybersecurity.
The big push? Making sure that governmental and military information is safe from prying eyes- and from ransomware. After all, such data is critical to our national sovereignty and economy. Up to now, that meant folks who processed government data simply stated they were in compliance with DFARS/NIST SP-800 guidance. Yeah, we all know how that works.
Which is why there is now a Cybersecurity Maturity Model Certification (CMMC) process, an outgrowth of the 2020 National Defense Authorization Act. All folks who expect to obtain a government contract will have to meet this new standard. The costs for these firms are the required process by CMMC 3rd party assessment organizations (C3PAO’s).
This requirement has been attached to a few contracts this year (actually 15 of them), will hit 75 in 2022, but by 2026, every contractor must meet the CMMC,as verified by the C3PAO’s. Which is going to throw a monkey wrench into the business of folks who provide PCB (printed circuit boards), effect contract manufacturing, and other supplies to the DOD. The electronics trade association (IPC International Inc.) estimates that ¼ are going to stop being part of the Pentagon supply chain- because the cost of compliance is prohibitive. Note that most of these folks operate on very thin margins- so the additional cost could make these projects run in the red.
The Pentagon feels the assessment will add from $ 1000 to $ 482K annually for these firms. The IPC found, from its polling of members, that about 40% would be willing to drop $ 50K on the process, and that 1/3 of them consider costs of $ 100K to $ 300K to be outside their reach, let alone that nearly $ 500K price tag, That’s true despite the fact that the CMMC allows contractors to add this cost to their contracts- but there’s no guarantee their competitors will do so, which could make the possibility of reimbursement via contract procurement process moot. (Not to mention these additional costs involved when one does NOT get the contract.)
And, now, that means that the DOD may lose a whole bunch of American firms willing to serve their needs. And, that (the use of foreign entities) can also be a real problem for maintaining security for the Pentagon and its needs.
This is going to be interesting.
Scary how frequently nowadays hackers are getting into governmental systems.
Absolutely true, Marcia.
Which is also funny (not as in ha ha), since your comments ALWAYS end up quarantined until I seek them out.
You share such interesting topics Roy! Thanks for the lessons.
Martha recently posted..Wordless Wednesday Puppy Love
Glad to oblige, Martha! Thanks for the visit.