Overview
Steptoe’s Cybersecurity & Incident Response practice leader Michael Gruden was quoted in Law360 on the Department of Defense’s cybersecurity compliance program for defense contractors, and the recent decision to pause the next phase, citing high costs, implementation challenges, and limited capacity among third-party assessors. The article explains that while the underlying standards remain in place, the move reflects broader difficulties across the defense industrial base and the ongoing tension between strengthening cybersecurity and maintaining contractor participation.
Michael noted that "the tension that we've identified over the last two to three years is that many of those suppliers are unable and/or unwilling to implement these security requirements, largely because they are expensive to implement all the technical controls, and many, frankly, lack the sophistication to implement them in a precise and accurate manner."
Read the full article at Law360.