Cyber Security — A Tough Row to Hoe for Small and Large Businesses, Especially Government Contractors

Jeff Greene is a Senior Policy Counsel for a large government contractor and is responsible for a variety of issues including cyber security, identity management, and privacy, His work experience has been extensively with industry and the government. Prior to joining Symantec, he was Senior Counsel with the Senate Homeland Security and Governmental Affairs Committee, where he focused on cyber security and Homeland Defense issues. He also worked on the House Committee on Homeland Security and was counsel to the Senate’s Hurricane Katrina investigation. Before that he was an attorney with a Washington, D.C. law firm. Jeff currently serves as Vice-Chair of the Homeland Security Committee of the American Bar Association’s Section of Science & Technology Law and co-chair of the Supply Chain Working Group on the Information Technology Sector Coordinating Council. After having the pleasure of listening to a talk he gave at George Washington University on the “Internet of Things”, there were many questions asked by the enthusiastic crowd.

One question asked by a gentleman in the front row had to do with cyber security in corporate business. This question, not verbatim, asked Jeff Greene “do you think that small businesses, due to their lack of cyber security measures, will continue to take down the large corporations?” Of course the gentlemen asking the question was referring to the small business that had the security breach that ultimately led to the cyber-attack on Target. This sparked all types of questions in my mind due to the fact that the first blog post was titled “Is corporate America protected from cyber-attacks?” I was particularly interested in how secure were the transactions of small businesses, since I often purchase items from them using my credit card. In the February 27, 2013 issue of Entrepreneur, the author John Patrick Pullen cited the fact that “a bandit and his gang of cyber crooks compromised at least 53 Seattle-area small and medium-size businesses between 2008 and 2010, stealing enough data to cause $3 million in damages to the companies, their employees and their customers.” He states that a big part of the problem is that most small businesses don’t have a cyber or network security plan, not even informal ones. They feel secure in their small isolated worlds and never believe they will be targeted by hackers. Of course this is a fallacy, as hackers are opportunistic and will seek easy and vulnerable networks that are readily available. This article indicates that there are 6 relatively simple steps that can help secure the networks of small businesses — encrypt your data, secure your hardware, lock your network, install anti-malware and anti-virus protection, educate your employees, and hire Internet security vendors. Hopefully this kind of message will get out to the small and medium size businesses!

As I am walking to my car, I notice Jeff Greene is walking in stride next to me. I had to ask the question that had been also plaguing me all night. Do you think that the government will put any cyber security policies/legislation on corporate business to protect the American people? He chuckled and said that there is probably no way this is going to happen unless there are grandiose lawsuits that force the government’s hand. He then went on to add that if a company had to have their cyber security plan and networks audited by the government every so often to be able to do business that this would end up slowing down the economy and commerce. So basically he was saying to me that we would rather risk the cyber protection of corporate America than slow down the economic growth. This is very scary and follows the adage that “Money makes the world go round”. After a little research, I did discover that President Obama just recently announced that he is introducing a New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts. As part of this they hosted a Summit on Cybersecurity and Consumer Protection at Stanford University, to help shape public and private sector efforts to protect American consumers and companies from growing threats to consumers and commercial networks (White House Press Release, January 13, 2015).

One aspect of the conversation that made me feel a little more comfortable about the government’s attitude towards cyber security was the subject of government contracting. When the government is spending its money it wants to know their information is secure. Prime contractors have to state the level of security measures that they will institute and maintain in order to bid and win work with the Federal government. Plus any subcontractors, whether large or small businesses, that will be working under the prime contract must match the security levels of the prime. Eli Sugarman in a Forbes article indicated that cybersecurity is a particularly thorny issue for contractors because they face greater legal and commercial risk than other companies. Failure to adhere to government cyber security regulations or requirements can result in stiff penalties that are more severe than those faced by a typical company. For example, the government may terminate a contract by default, withhold payment, and levy penalties. It may also use past cybersecurity compliance problems to penalize a company when it competes for future government contracts. Companies can even be suspended from all current contracts and barred from future ones for breach of cybersecurity obligations. Particularly egregious lapses in cyber hygiene can result in extensive civil liability under the False Claim Act (Forbes, August 26, 2014).

Work Cited:

Obama, Barack. “SECURING CYBERSPACE — President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts.” The White House. The White House, 13 Jan. 2015. Web. 29 Jan. 2015. <http://www.whitehouse.gov/the-press-office/2015/01/13/securing-cyberspace-president-obama-announces-new-cybersecurity-legislat>.

Pullen, John P. “How to Protect Your Small Business Against a Cyber Attack.” Entrepreneur. N.p., 27 Feb. 2013. Web. 27 Jan. 2015. <http://www.entrepreneur.com/article/225468>.

Sugarman, Eli. “Cybersecurity Is A Severe And Growing Challenge For Government Contractors.” Forbes. Forbes Magazine, 26 Aug. 2014. Web. 29 Jan. 2015. <http://www.forbes.com/sites/elisugarman/2014/08/26/cybersecurity-is-a-severe-and-growing-challenge-for-government-contractors/>.