Alright, let’s have a natter about something that’s been causing quite the stir recently across the pond in the US. You know those blokes who provide IT services to the American government? Well, they’re none too pleased, I can tell you! New proposals have surfaced that could have them scrambling to open up their systems to US government agencies if a security hiccup arises.
Now, these aren’t just off-the-cuff ideas. They’re actually part of a draft update to what the Americans call the Federal Acquisition Regulation (FAR for short). Under the guiding hand of President Biden’s 2021 executive order on the subject, these rehashed security reporting standards for government contractors are looking like the new big thing.
So, what’ve we got tucked away in these potentially incoming requirements? First off, if contractors spot a security incident, they’ll have a tight eight-hour window to report this to the Cybersecurity and Infrastructure Security Agency (CISA). Oh, yes, and they’ll need to send through updates every 72 hours after that. No rest for the wicked, eh!
Secondly, these contractors will also have to maintain a so-called ‘software bill of materials’ (or SBOM for us abbreviation fans). You can see how the pressure’s starting to pile on, can’t you?
Lastly, and here’s where it gets really interesting, after any incidents, these contractors would be obligated to provide “full access” to their IT systems and staff. And we’re not just talking to the CISA, but federal law enforcement agencies as well. A bit of nerve-racking thought, wouldn’t you say?
Despite all this, though, it’s worth remembering that these are just proposals for now, and still in the draft stage. And while we might be thousands of miles away and these changes might seem only relevant for Uncle Sam, cybersecurity concerns have a sneaky way of being a global affair. So, it won’t hurt to keep tabs on these developments. After all, the winds of cybersecurity blow far and wide, affecting us all in some way or another!
And in the thick of our own ongoing cybersecurity challenges, it’s worth considering what these proposals could mean for the UK’s own IT services sector, given our deep-rooted connections with the US. The implications are vast, but we’re Brits, aren’t we? We’ll tackle whatever comes our way with resolve and a good cup of tea!
So, keep the kettle brewing and join me in continuing to follow—and learn from—these unfolding events in the world of cybersecurity. Because regardless of the side of the pond we’re on, we’re all in this together, aren’t we? Let’s make the world of cybersecurity a safer place, one cuppa at a time.
by Parker Bytes