I don’t have anything against Boeing…but, they stood out in my industry news feed the other day. For the last few years, I have been listening to senior government officials explain how the lack of Cybersecurity compliance has led to our adversaries’ compromising companies in the Defense Industrial Base (DIB) and exfiltrating confidential defense industrial information and how they (our adversaries) have used that to build their own military industrial capabilities, at a fraction of the cost. Hence, the introduction of the Cybersecurity Maturity Model Certification (CMMC) so we all must now prove we are in compliance with the NIST 800-171 security controls.
Well, I am not going to argue if that is true or false, cause I would have no way of knowing…BUT…I suspect these incidents at Boeing likely have a bigger impact on the exfiltration of industrial data than that stolen from small manufacturing companies in the DIB – probably for the last decade.
So. what is Government doing about it? $51 Million fine…”$24 million of the fine will be suspended as long as that money is used to strengthen Boeing’s compliance program further.” WHAT!?? Hasn’t the government been saying that the cost of implement security controls (i.e., NIST 800-171 and CMMC) is part of doing business with the government?
“It is also recognized that prudent business practices to protect an information technology system are generally a common part of everyday operations.” (From the 2016 rule that created FAR clause 52.204-21).
Unless you are a mega corporation in the Defense Industry apparently. So not only did Boeing get to add compliance cost to their allowable billing rates to the government, but they now get subsidized to strengthen their compliance program…How about allocating that $51 Million to small businesses trying to make it in the DIB where the cost of Cybersecurity compliance really is not a common part of everyday operations.
Oh, and to add insult to injury…here are a few more Boeing headlines (from Google around the web) around the 24 hours of this article:
Boeing Lands $680M Navy IDIQ for Aircraft Modernization Support (GovCon Wire)
US Navy Awards Boeing $3.4 Billion Contract For 17 P-8A Poseidons (Simple Flying)
Air Force Modifies Boeing’s Wideband Global SATCOM 12 Contract for $439M (Executive Biz)
Somehow, I expect $51 Million is just going to get lost in the numbers…