2018 National Cyber Strategy: Barely a Wimper

Connect--But, be very careful

What does this mean for federal contractors?


The September 2018 “National Cyber Strategy” was released by President Trump with barely any discussion or mention of its impacts pro or con. (Of course, the distraction of the Kavanaugh nomination had all but drowned out its release.)

For the most part is is a fairly benign recycling of past administrations “best practices.” This includes mention of  holding nation-state actors criminally liable such as the indictment of 5 People Liberation Army (PLA) officers under the Obama Administration.  It also is only a trite continuation of the need for even more  “information sharing”–thanks CIA and FBI! If you remember how that issue emerged from September 11, 2001. (Also, while I was working on Nebraska Avenue in 2005, there were three different organizations within DHS working this very same issue  Neither of these organizations showed any “info sharing” within the agency charged with fixing this shortfall).

However, one item caught our attention.  It was the area of strengthening federal contractor cybersecurity standards.  This goes to several of our previous blog postings looking at the two competing NIST frameworks, NIST 800-171 and the National Cybersecurity Framework (NCF). While there was no hint which direction the Administration is going the verbiage of the “adoption of consolidated acquisition strategies to improve cybersecurity and reduce overhead costs…” portends that there may eventually be a government-wide standard. (Our vote is with NIST 800-171).

In late 2018, the expectation is that the United States federal government will expand the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, revision 1, Protecting Unclassified Information in Nonfederal Information Systems and Organizations cybersecurity technical publication will apply to the entirety of the federal government.  It will require that any company, business, or agency, supporting the US Government is fully compliant with NIST 800-171 no later than the date of a contract award.

The Federal Acquisition Regulation (FAR) Committee’s Case # 2017-016 had an original suspense date of March 2018; that date has come and gone. The latest and expected timeframe for any final decision has moved to an expected timeframe of late 2018.  While it is possible that the Federal Acquisition Regulation Committee may further delay NIST 800-171 (or NCF, or other) implementation, it appears a standard will most likely occur during the current Administration.

Let’s hope we have some progress in the US’s cybersecurity strategy…soon


One of the author’s favorite foundational books on “Anonymous”

If you want to know what Anonymous has done and can do, this book looks at their recent activities…and arrests
(Image takes you to Amazon for purchase)