Could the technology that powers shadowy online cryptocurrencies used by terrorists, cyber criminals, and money launderers soon be deployed by the Department of Defense?

Another month, another regulation deadline to comply with. But this time, it’s defense contractors who are in the hot seat.

To safeguard defense information in non-federal systems and organizations, U.S. defense contractors and soon all federal agencies, must meet the DFARS 7012 mandate and implement all of the requirements of NIST Special Publication 800-171 Protecting Controlled Unclassified Information (CUI).

If you’re wondering where to spend your federal fiscal year-end dollars, no doubt cybersecurity is top of mind. With threats increasing and constantly evolving, protecting federal systems, networks, and data has never been more important.

But this year, there’s a new imperative for federal CIOs – the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

Securing government networks and systems takes a village. Keeping pace with attacks and shortage of security talent has driven security operations to pool data resources and orchestrate actions across vendors, open source projects, and internal development efforts. It’s a community effort. Sharing threat information and codifying procedures to better fend off the enemy with no face. This kind of intel also improves detection efforts and response through collaboration across systems.

The Cyber Shield Act, commissioned by Senator Ed Markey, recommends the establishment of a voluntary program to institute uniform cybersecurity and data benchmarks for consumer devices. The goal of the bill is to improve consumer decision making from the point of purchase, standardized by industry and maintained by manufacturers – similar to an EPA energy rating on appliances, or NHTSA safety rating on automobiles.

Time is running out for federal contractors to comply with the Federal Controlled Unclassified Information (CUI) Program.

What does the CUI Program mean to contractors?

As of December 31, 2017, all federal contracts will require that businesses contracting with the federal government must comply with the Federal CUI rule (32 CFR Part 2002) which strives to eliminate ad-hoc policies and markings that agencies and departments apply to unclassified information that requires safeguarding or dissemination controls.

Another nameless, faceless adversary (or as the U.S Army calls them “the enemy with no face”) struck again in the last week of June. Hot on the heels of WannaCry attack in May, the Petya ransomware campaign brought widespread disruption to organizations, government agencies, and infrastructure worldwide.

It’s clear that smart technologies and the Internet of Things (IoT) are the future of our communities. But, is your agency ready for the billions – soon to be trillions – of sensors and devices connected to one another that will transform our society?

The risks of a breach or attack, particularly to vulnerable network endpoints, are worrying and costly.  Impacts include:

After hearing Congressman Langevin and NSA speak at the ICIT Annual Forum event it became obvious that the “Enemy with No Face” is getting in to our networks and what they want is our data. FinalCode is purpose built to protect files with encryption and Information Rights Management (IRM), sometimes called Enterprise Digital Rights Management (EDRM).

The theme of the recent ICIT Forum was “Rise of the Machines”, a call to recognize the vulnerability of an infrastructure increasingly under control of computers.  The steady increase in connected systems mandates a broad range of strategies – managing supply-chain risk, analysis of huge amounts of data through machine learning, dealing with the insider-threat problem, sealing up holes in applications.  I had the privilege of discussing threat intelligence sharing on a panel with Todd Helfrich of Anomali, John Kupcinsky of KPMG, and Ana Besk