[ISN] Contractors, Expect 72-hour Rule for Disclosing Corporate Hacks

http://www.nextgov.com/cybersecurity/2014/09/contractors-expect-72-hour-rule-disclosing-corporate-hacks/95399/ By Aliya Sternstein Nextgov September 29, 2014 Look for the whole government to take a page from the Pentagon and require that firms notify their agency customers of hacks into company-owned systems within three days of detection, procurement attorneys and federal officials say. Right now, vendors only have to report compromises of classified information and defense industry trade secrets. The trade secret rule is new and covers breaches of nonpublic military technological and scientific data, referred to as “unclassified controlled technical information.” That new reporting requirement kicked in Nov. 18, 2013 and applies to all military contracts inked since. The rule “is impactful in large part because it is one of the first very clear cybersecurity directives,” said Anuj Vohra, a Covington & Burling senior associate in the firm’s government contracts practice. “We’ll see more regulations like that among nondefense agencies.” […]