New cyberattack rule looms over federal contractors

Nearly 500 area businesses must comply

Federal contractors need to better protect their government data, or they could lose their business with the government.

A looming new federal security directive will require businesses working with the federal government to protect their cyber data, or have a detailed plan for doing so, by year’s end.

The directive is called “NIST 800-171” — or sometimes just “rule 171” — and it will control whether companies from defense engineering firms to janitorial outfits can do business with the federal government.

For local contractors, the stakes are high. Nearly 500 area companies must comply, said Philip Raterman, director of the University of Dayton Research Institute’s Fastlane division.

And that number does not count sub-contractors, said Rob Gillen, program manager and senior electrical engineer for Fastlane.

“This is becoming a thing for Ohio,” Raterman said.

The concern is a timely one. Recently, the “WannaCry” ransomware cyber attack hit at least 74 countries. Retailer Brooks Brothers said Friday that some of its customer payment information was compromised at some stores between April 4, 2016 and March 1, 2017.

Brooks Brothers customers are at risk of having had credit card data — names, account numbers, expiration dates and verification codes — stolen, media reports said.

“We are finding that a lot of companies are not aware of this requirement and face losing their government contracts,” said Tamara Wamsley, a strategist with Fastlane. “This issue could impact the success of many local companies, could result in lost jobs. This is a big deal.”

“It’s not just for R&D (research and development firms),” Gillen said. “It’s for janitors, it’s for accountants.”

“Anyone who has information classified by the government that needs to be protected,” said Shawn Walker, co-founder and vice president of Miamisburg-based Secure Cyber Defense LLC.

Today, the rule affects only Department of Defense contractors. But Gillen said it will “almost certainly” expand to impact every federal contractor and sub-contractors, Gillen said.

The rule is essentially a list of 110 requirements with which contractors must comply.

“They have to do it this year, by the end of this calendar year or even earlier,” Gillen said.

UDRI will be working with Air Force and military contractors on what contractors need to do in a June 1 training session at UDRI’s River Campus headquarters, 1700 S. Patterson Blvd. The training is free but registration at is required.

The day will have two training sessions, in the morning and the afternoon. The first is focused on Air Force small business innovation and research grant awardees. There will also be sessions for federal licensees and any DoD contractor.

How much work will compliance require? That depends on the size of the contractor in question and how much federal information they have.

“Starting from nothing, it will probably take six to 12 months to get all of the technology in place to be able to say you’re compliant,” Walker said. “To put the plan together may take 30 to 60 days.”

Once compliance is in place, constant monitoring is required. Within 72 hours of a hacking incident, every contractor will be required to report it to the DoD. Today, the average hacking victim may not even know of a hacking incident for something like 200 days, Wamsley said.

Hackers “are getting better and better,” Raterman said. “It’s knowing shortly after it happens how to stop it, then recovering from it.”

Shawn Waldman, CEO of Secure Cyber Defense, said his company has a monitoring center at its Miamisburg office to constantly track hacking attempts and report them in “real time.”

“We receive, process and respond to all of those alarms out of that center,” he said.

Reader Comments ...

Next Up in Business

Silfex begins hiring for up to 400 jobs in Springfield
Silfex begins hiring for up to 400 jobs in Springfield

A firm that has pledged to invest more than $220 million into Clark County has started hiring and will host a job fair next month. Silfex, based in Eaton, will host a job fair from 10 a.m. to 3 p.m. Saturday, April 21, at the OhioMeansJobs-Clark County office at 1345 Lagonda Ave. in Springfield. The company has pledged to create more than 400 jobs...
Portman challenges businesses to ‘step up’ as part of opioid fight
Portman challenges businesses to ‘step up’ as part of opioid fight

U.S. Sen. Rob Portman met with business leaders in Dayton Friday and challenged them to “step up even more” in the fight against opioids. ”I’m deeply concerned about where are our country is heading in terms of the opioid crisis, and all of the consequences,” Portman said in an appearance before the Dayton Area Chamber...
St. Patrick’s Day: Don’t drink and drive. Uber, AAA offer special deals
St. Patrick’s Day: Don’t drink and drive. Uber, AAA offer special deals

Thousands of Ohioans will head to their favorites pubs this weekend in celebration of St. Patrick’s Day, but officials have a warning for residents: “Don’t drink and drive.” From 2012 to 2016, 269 people were killed in drunk driving crashes during this holiday period, accounting for 38 percent of all crashes, according to the...
Jewelry store company expects to close 200 stores
Jewelry store company expects to close 200 stores

Signet Jewelers, parent of Zales, Kay Jewelers, Jared and other jewelry brands, expects to close more than 200 stores by the end of fiscal 2019. Signet will undertake a real estate review as part of a new three-year strategy plan to drive change and profitability within the company. The plan will save $85 million — $100 million is fiscal 2019...
Lima mulch company building Moraine location
Lima mulch company building Moraine location

A Lima, Ohio-based mulch company is building a retail and distribution site in Moraine. Wright Mulch has already laid the foundation for its new building just east of Dryden Road, near Heidelberg Distributing’s Moraine distribution center and south of the DMAX truck engine plant. MORE: Speedway parent CEO makes 935 times as much as his employees...
More Stories