DoD contractors brace for new cyber rules

Looming federal directives on cyber-security are about to affect hundreds of Dayton-area defense contractors.

A Dayton conference this week aims to arm contractors with the information they need to comply with those approaching directives.

Eric Van Hoose, president of Dayton’s Van Hoose Associates and FlowVU Solutions, sums up the challenge this way:

  • Department of Defense suppliers are "under attack."
  • Cyber-attacks so far have happened mostly via emails.
  • This challenge hard to defend without help.
  • The DoD wants firms to start getting ready by Dec. 31.

To that end, a workshop exploring compliance with the new federal rules is set for Friday at 444 E. Second St., Dayton. The event is scheduled for 2 to 4 p.m. with networking to follow.

“My approach, because of where I sit … if you want to get a real big jump on it, then get to the … secure government-approved cloud sites,” Van Hoose said.

Several clouds or servers have been approved by the federal government as being secure.

“If it were my company — and it is my company — I would get to the cloud,” Van Hoose said.

A federal security directive will require businesses working with the federal government to protect their cyber data, or have a detailed plan for doing so, by Dec. 31.

The directive is called “NIST 800-171” — or sometimes called “Rule 171” — and it will control whether companies from defense engineering firms to janitorial outfits can do business with the federal government.

Van Hoose believes that those who regularly deal with Wright-Patterson Air Force Base already know about the rules. But he wonders if smaller contractors are up to speed.

“That really is what prompted us to start to work on this,” he said.

At a recent training session where 14 companies were in attendance, only two or three were aware, he said.

“It told me that the awareness was not there,” Van Hoose said.

To register or for more information, go to http://www.flowvu.us/dfars/.

There is no registration deadline, but the event is limited to 100 seats. If there is a big demand, there will a follow-up event, Van Hoose said.

For local contractors, the stakes are high. Nearly 500 area companies must comply, Philip Raterman, director of the University of Dayton Research Institute’s Fastlane division, told this news outlet earlier this year.

There’s plenty of work ahead. According to conference organizers, as of the second quarter of the year, 87 percent of all defense contracts contained the federal cyber-security compliance requirement clause.

And as of July this year, 93 percent of Navy contracts, 83 percent of Air Force contracts, and 72 percent of Army contracts had the clause, event organizers say.

About the Author