Full Disclosure: It’s Just Good Customer Service

NoVA native @taosecurity tweeted an interesting article earlier today about new legislation that could affect the security reporting requirements of defense contractors. The legislation, introduced by John Levin as an amendment to the defense budget, would require them to disclose to the Pentagon when they’ve fallen prey to spies and malicious hackers. A lot of government data often exists on contractor networks so any breach could potentially result in the leaking of this information.

Defense contractors may try to fight the amendment, but to a certain extent, they usually already have to disclose this information as part of contract requirements. Of course the best part of the article was the final quote from @taosecurity  where he noted “It’s just good customer service” to notify people if there’s a breach involving their data.

via MotherJones.com

In 2009, it came to light that hackers had successfully broken into the most expensive Pentagon weapons program of all time, the F-35 fighter jet, by gaining access to computers allegedly belonging to the defense contractor BAE Systems (the contractor part came out later). There had “never been anything like it,” one unnamed official told the Wall Street Journal. The intruders were later confirmed to be Chinese spies, and lo and behold, in 2012 China rolled out a stealth fighter that looked suspiciously like the F-35. Was it a coincidence?

It took several years for all of the details of the F-35 breach to be unearthed. (The first hack took place in 2007, wasn’t publicly reported until 2009, and BAE Systems’ alleged role didn’t come out until 2012.) But a new amendment to the defense budget, introduced by Sen. Carl Levin (D-Mich.), would prevent contractors from not disclosing when they’ve been hacked. The amendment would require defense contractors to report to the Pentagon when spies and hackers successfully scale their firewalls. And the contractors don’t appear to be happy about it.

Some of the contractors’ grievances were aired in Politico on Monday. Trey Hodgkins, a senior vice president at TechAmerica, a trade association, said that contractors are already participating in a voluntary information-sharing program, and they “are likely to fight the change.”

Continued here.

#####

Do you think defense contractors should be required to disclose when they have been hacked? Post your comments below. Today’s post pic is from Executive.gov.

7 comments for “Full Disclosure: It’s Just Good Customer Service

  1. December 13, 2012 at 4:17 pm

    BLOGGED: Pentagon May Require Full Disclosure on Hacking from Defense Contractors http://t.co/4MuSU3lm

  2. December 13, 2012 at 5:04 pm

    We received information from http://t.co/cdqm8iiS native @taosecurity on an interesting article about defense con… http://t.co/N7uOnrT6

  3. December 13, 2012 at 5:56 pm

    Pentagon May Require Full Disclosure on Hacking from Defense Contractors: [nova#infosec.com] We received information… http://t.co/cKQ557xL

  4. December 13, 2012 at 6:32 pm

    Makes sense.. RT @cybfor: Pentagon May Require Full Disclosure on Hacking from Defense Contractors http://t.co/CkLFznWr

  5. December 13, 2012 at 7:20 pm

    “RT @cybfor: Pentagon May Require Full Disclosure on Hacking from Defense Contractors http://t.co/l0BVgu1P” < meh, need public disclosure

  6. December 13, 2012 at 9:20 pm

    BLOGGED: Full Disclosure: It’s Just Good Customer Service http://t.co/MNR2P6Ma //Some tweaks to this article.

  7. December 14, 2012 at 12:50 am

    Pentagon May Require Full Disclosure on Hacking from Defense Contractors http://t.co/D3lWad0q

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.