Pentagon releases interim rule for cyber-incident reporting

The Defense Department has released for public comment its long-delayed regulations for requiring the defense industry to report cybersecurity incidents.

The interim rule on “network penetration reporting and contracting for cloud services,” published in today’s Federal Register, requires contractors and subcontractors to report “cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor's ability to provide operationally critical support.”

The Defense Department...