The Biden administration’s national cyber strategy, which came out last week, puts a lot of responsibility on industry. It has a hefty rule-making and legislative agenda to support that. For an early reaction from federal contractors, the Federal Drive with Tom Temin spoke with David Berteau, President & CEO of the Professional Services Council.
David Berteau: The strategy is focused really on the entire nation, not the government contracting community. But as always, it will have major impacts on government contractors and major implications down the road. So it seems, first of all, that there’s a really key dynamic here, which is beginning to shift the responsibility for cyber security to what the strategy calls the most capable and best positioned actors. And that seems to mean, the I.T. community, the cloud providers, the Internet providers, etc. For you and me as private citizens, this might have meaning, but I’m not sure it’s going to shift any burdens away from contractors. In fact, it may complicate those burdens a little further…
David Berteau: Well, this is the real question. Is there overlap? Is there connectivity with other ongoing parts of the federal government that would impact contractors with this strategy? One place that it does mention that connectivity is in the NIST, the National Institute of Standards and Technologies Cybersecurity Framework, which is in the middle of being updated. They put out a draft a few months ago. They had a public workshop back in February. [Professional Services Council (PSC)] Stephanie Sanok Kostro was attending that. And so we’re looking for what that framework puts out there. It’s not finalized yet, we’re still operating under the old one. But you mentioned the Cybersecurity Maturity Model Certification Programs, CMMC. DoD already has an acquisition regulation issued. It’s been suspended, put on hold. It’s not taking effect, yet. They’re revising it. They’ve been revising it since 2021. It’s now 2023, we haven’t seen a revised rule yet. So you have questions of both, how these things connect? And there’s no indication of that connection in this strategy. And what the timetable is Tom? Because for two years, DoD has been working on this revised rule. We haven’t seen it yet, maybe we’ll see it this summer and maybe it’ll be something we can comment on. We certainly look forward to that… Read the full interview here.