DoD Cybersecurity Incident Reporting

OHIO, UNITED STATES

03.03.2022

Video by Dave Pope 

Air Force Research Laboratory

✔ ✗ Subscribe

30

Welcome!

My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer and AFWERX.

Today, we're going to talk about #2 in the Blue Cyber education series for small businesses. It's called DoD Cybersecurity Incident Reporting.

DoD cyber incident reporting is grounded in the DFARs. You'll remember that DFARs contain requirements of the law and DoD wide policies. The DFARs which is driving DoD incident reporting is DFARs 252-204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.

A closer look at DFARs clause 252-204-7012 shows that there are three aspects to cyber incident reporting to consider. They are:
cyber incident reporting
submitting malicious software
and facilitating assessment

I'm often asked what to do if there's a potential breach.

If there is a potential breach, don't panic. Cyber security occurs in a dynamic environment. Hackers are constantly coming up with new ways to attack information systems and the DoD is constantly responding to these threats. DoD does not penalize contractors who act in good faith.

Do contact the DoD immediately--bad news does not get better with time. And do respond within 72 hours of the discovery of any incident.

Be helpful and transparent. Contractors must cooperate to respond with the DOD to security incidents and should immediately preserve and protect evidence and capture as much information about the incident as possible.

In a moment, I’m going to show you the DoD website where you can report cyber incidents and submit malicious software. There you will find many things to help you including a portal, helpdesk numbers, and email helpdesk.

But, it won't tell you what to report.

Here is what to report:
report all cyber incidents that may result in a significant loss of data, system availability, or control of systems
impact a large number of victims
indicate unauthorized access to or malicious software present on critical information systems
affect critical infrastructure or core government functions
or impact national security, economic security, or public health and safety

If you need to report a cyber incident, you'll go to dibnet.dod.mil. There you will see by the screenshot that it's a very modern site for your cyber report. It contains phone numbers and emails to provide assistance. The contractor shall conduct a review for evidence of compromise and rapidly report cyber incidents to the DOD at dibnet.dod.mil.

With regard to malware, if discovered and isolated in connection with a reported cyber incident, the contractor or subcontractor shall submit the malicious software to the DoD cyber crime center. If the DoD elects to conduct a damage assessment, the contracting officer will be notified by the requiring activity to request media and damage assessment information from the contractor.

You don't want the first time you visit dibnet.dod.mil to be for the reason to submit a cyber incident. There are also resources on that page. On the far-right hand column, you'll see links to the cyber threat roundup. The cyber threat roundup is a weekly collection of recently open sourced articles of interest for the defense industrial base and also I'll just mention that Blue Cyber number 12 is called “Cyber Threat Resources for Small Businesses.”

Thank you for joining me today. My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer. A reminder that this talk is not a substitute for reading the FAR and DFARs in your small business contract. You will find this presentation and many more on the Department of the Air Force CISO web page under Blue Cyber. Well, thank you for your time. So long.