When it became law on July 7, 2014, the 2014 Intelligence Authorization Act (“IAA”) gave the Director of National Intelligence (“DNI”) 90 calendar days to issue new regulations addressing the requirement that “cleared intelligence contractors” report any “successful penetration” of their networks and information systems. With the DNI on the clock, what can these contractors expect?
For one thing, following a penetration of a covered network or information system, the DNI regulations will require that a cleared intelligence contractor report the following information to a designated element of the Intelligence Community (“IC”):
- A description of the technique or method used in such penetration;
- A sample of the malicious software, if discovered and isolated by the contractor, involved in such penetration; and
- A summary of information created by or for an element of the IC that has been potentially compromised.
Continue Reading Cleared Intelligence Contractors Readying for New Cybersecurity Reporting Requirements