White House wants consistent cyber rules for contractors

The White House wants to establish strict, consistent rules for how government contractors should lock down sensitive data.

“The threats facing federal information systems have dramatically increased as agencies provide more services online, digitally store data and rely on contractors for a variety of these information technology services,” said a notice in Thursday's Federal Register.


The administration said it will release updated cybersecurity rules for contractors to address this reality.

The move comes on the heels of hacks at the government’s two largest background-check contractors, KeyPoint Government Solutions and U.S. Investigations Services (USIS).

Combined, the digital hits exposed files on roughly 70,000 federal employees, many of whom held security-clearance-level positions with the Department of Homeland Security.

Hackers were also able to crack the Office of Personnel Management (OPM) networks after lifting login credentials from a KeyPoint employee.

The OPM intrusion led to what’s considered the largest-ever digital theft of government data. Hackers, suspected to be from China, made off with more than 22 million people’s personal information, including 21.5 million people’s data taken from highly sensitive security-clearance forms.

The White House thinks part of the problem is inconsistency in the data-security standards of federal contracts. Multiple agencies have issued varying guidelines that have further complicated things.

“The increase in threats facing federal information systems demand that certain issues regarding security of information on these systems is clearly, effectively and consistently addressed in federal contracts,” the administration said.

The White House said it is currently reviewing contractor data security policies and will soon present its proposal for comment.