DoD predicts cost of fixing cyber vulnerabilities will surpass $250 million

The rise of the Internet of Things (IoT) has increased the need for the Department of Defense (DoD) to strengthen its cybersecurity defenses – something already long overdue. The DoD estimates that it may have to spend more than $250 million over the next four years to mitigate existing vulnerabilities.

The money would cover an inventory of the facilities control systems, meeting risk management framework requirements, investing in training, human capital, and equipment, and more. However, as the inventory is incomplete, the estimated figures may rise – and this is before unexpected costs caused by the rapidly changing cyber landscape are taken into account.

What does this mean for contractors working with the DoD?

While the DoD is taking action to improve its cybersecurity measures, contractors must implement similar measures to comply with the Defense Federal Acquisition Regulation Supplement (DFARS), which is administered by the DoD.

The DFARS contains basic security controls for contractor information systems upon which this information resides. Contractors and subcontractors must implement the controls based on the National Institute of Standards and Technology (NIST) Special Publication 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”. Failure to comply with the DFARS can result in the loss of DoD contracts.

Learn how to comply with NIST and DFARS cybersecurity requirements and NIST by downloading our free green paper.

NIST Cybersecurity Framework and ISO 27001


The NIST Cybersecurity Framework (CSF) is a voluntary framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices. 

Our green paper discusses how the Framework can work in conjunction with ISO 27001, helping you comply with the NIST SP 800-171 requirements mandated by the DFARS cybersecurity rules.