New cyberattack rule looms over federal contractors

Nearly 500 area businesses must comply

Federal contractors need to better protect their government data, or they could lose their business with the government.

A looming new federal security directive will require businesses working with the federal government to protect their cyber data, or have a detailed plan for doing so, by year’s end.

The directive is called “NIST 800-171” — or sometimes just “rule 171” — and it will control whether companies from defense engineering firms to janitorial outfits can do business with the federal government.

For local contractors, the stakes are high. Nearly 500 area companies must comply, said Philip Raterman, director of the University of Dayton Research Institute’s Fastlane division.

And that number does not count sub-contractors, said Rob Gillen, program manager and senior electrical engineer for Fastlane.

“This is becoming a thing for Ohio,” Raterman said.

The concern is a timely one. Recently, the “WannaCry” ransomware cyber attack hit at least 74 countries. Retailer Brooks Brothers said Friday that some of its customer payment information was compromised at some stores between April 4, 2016 and March 1, 2017.

Brooks Brothers customers are at risk of having had credit card data — names, account numbers, expiration dates and verification codes — stolen, media reports said.

“We are finding that a lot of companies are not aware of this requirement and face losing their government contracts,” said Tamara Wamsley, a strategist with Fastlane. “This issue could impact the success of many local companies, could result in lost jobs. This is a big deal.”

“It’s not just for R&D (research and development firms),” Gillen said. “It’s for janitors, it’s for accountants.”

“Anyone who has information classified by the government that needs to be protected,” said Shawn Walker, co-founder and vice president of Miamisburg-based Secure Cyber Defense LLC.

Today, the rule affects only Department of Defense contractors. But Gillen said it will “almost certainly” expand to impact every federal contractor and sub-contractors, Gillen said.

The rule is essentially a list of 110 requirements with which contractors must comply.

“They have to do it this year, by the end of this calendar year or even earlier,” Gillen said.

UDRI will be working with Air Force and military contractors on what contractors need to do in a June 1 training session at UDRI’s River Campus headquarters, 1700 S. Patterson Blvd. The training is free but registration at is required.

The day will have two training sessions, in the morning and the afternoon. The first is focused on Air Force small business innovation and research grant awardees. There will also be sessions for federal licensees and any DoD contractor.

How much work will compliance require? That depends on the size of the contractor in question and how much federal information they have.

“Starting from nothing, it will probably take six to 12 months to get all of the technology in place to be able to say you’re compliant,” Walker said. “To put the plan together may take 30 to 60 days.”

Once compliance is in place, constant monitoring is required. Within 72 hours of a hacking incident, every contractor will be required to report it to the DoD. Today, the average hacking victim may not even know of a hacking incident for something like 200 days, Wamsley said.

Hackers “are getting better and better,” Raterman said. “It’s knowing shortly after it happens how to stop it, then recovering from it.”

Shawn Waldman, CEO of Secure Cyber Defense, said his company has a monitoring center at its Miamisburg office to constantly track hacking attempts and report them in “real time.”

“We receive, process and respond to all of those alarms out of that center,” he said.

Reader Comments ...

Next Up in Business

How to win an argument at work - or stop one before it starts
How to win an argument at work - or stop one before it starts

No one expects to navigate the work world without the occasional argument. And it's nice to "win" when you're in the right. »RELATED: Does birth order affect you in the workplace? But what really matters more than besting your manager or co-workers in an argument is how you handle the conflicts that are an inevitable part of work, ...
Downtown Dayton’s third tallest tower sells for $12.5 million
Downtown Dayton’s third tallest tower sells for $12.5 million

The Fifth Third Center has sold in downtown Dayton for $12.5 million, new Montgomery County property records show. One South Main Street Holdings LLC bought the building for that amount from Ducru Spe LLC, along with associated parcels, records show. The sale was recorded Tuesday. RELATED: VR leader Marxent expands Kettering location The building...
8 easy, money-making side gigs for teens 
8 easy, money-making side gigs for teens 

Whether it's the teen who'd like extra money for things like clothes or gas or a parent who'd like to see their high school or college-aged child get off the couch when school’s out, a part-time job can be a wonderful thing. »RELATED: Apple hiring for work from home positions Of course, child labor laws dictate how young is too young...
VR leader Marxent expands Kettering location
VR leader Marxent expands Kettering location

Marxent, a leader in virtual reality (VR) and augmented reality (AR) technologies and capabilities, is expanding its Kettering offices by nearly 5,000 square feet. Marxent Labs LLC struck a lease agreement in the fourth quarter of 2017 to expand its offices at 3100 Research Blvd. by 4,947 square feet, according to a recent Dayton market real estate...
Macy’s ‘fine-tuning’ staffing at some stores
Macy’s ‘fine-tuning’ staffing at some stores

No Macy’s stores will close in the Dayton region in the near future, but staff changes could occur, according to a company spokeswoman. “We are fine-tuning our staffing needs in some of our smaller stores to better tailor our in-store resources with business needs and expectations, while providing the best possible customer service experience...
More Stories