Cyber Risk Management and Prioritization

Cyber Risk Management and Prioritization

Introduction


Instituted in 2006, the Federal Funding Accountability and Transparency Act (FFATA) requires that federal contract, loan, and other financial assistance awards of more than $25,000 are displayed on a publicly accessible and searchable website to to provide the American people better access to information on government revenue and spending. (USA Spending Mission Statement). Through a variety of processes, the US government ensures the quality of the data sourced through multiple internal data systems. Here, the focus is looking at the investments made by the government, through contracts and the subsequent investments in subcontracts. Contracts are an agreement creating mutual obligations between parties that are enforceable by law. Government contracts specifically are contracts between the US government and businesses that "obligate the seller to provide the supplied or services (including construction) and the buyer (the US Government) to pay for them" (USA Spending).

In a recent executive order from the Biden Administration, cybersecurity standards for United States defense contracts have become much more rigorous. However, according to an article in CPO Magazine, "a survey of 300 small-to-medium business defense contractors found common failures to comply with CMMC requirements, with 48% having severe vulnerabilities" (CPO Magazine). This is highly concerning on the National Security front where the US government must worry about cyberattacks to both the government and to their defense contractors. Recently, a list of critical and emerging technologies was announced by the Fast Track Action Subcommittee on Critical and Emerging Technologies (CETs) of the National Science and Technology Council. This list included Artificial Intelligence, Biotechnologies, Quantum Information Technologies, and Hypersonics. In particular, hypersonics is of great interest to the Department of Defense. Hypersonics generally applies to weapons that travel over five times the speed of sound and are challenging to stop. Combining these concerns and national security interests, the National Security Agency is able to prioritize new methods of determining critical subcontractors in the supply chain and where to boost their cybersecurity protection.