Federal suppliers are urging officials to stop computer security rulemakings for contractors until the government issues blanket cyber guidelines for all key industries in the fall. The argument is not that contractor-specific regulations are bad but that they could potentially conflict with the forthcoming national standards.
President Obama, as part of a February executive order, initiated a voluntary program for safeguarding life-sustaining networks, including energy, health care and water treatment systems. By November, the government must publish a draft set of standard policies and techniques, such as promptly installing antispyware updates. The government also must decide if and how these standards should be incorporated into federal contracts.
But — independently — multiple computer security mandates for contractors already are at various stages of development.
The separate cyber rules for government vendors are “all well intentioned. For the longest time, nobody was paying attention to cybersecurity. Now, everybody is paying attention to cybersecurity,” said Alan Chvotkin, executive vice president for the Professional Services Council, a trade association that represents contractors.