You will be redirected to the page you want to view in  seconds.

How COTS endangers national security

Jan. 27, 2014 - 03:45AM   |  
By KEVIN G. COLEMAN   |   Comments
  • Filed Under


I have long said that if you look at all the disclosures of cyber attacks and breaches, you may not have an accurate view of the current state of this national security threat. Well, last year CNBC posted a piece titled “Cyberattacks: Why Companies Keep Quiet” that expressed the same concern.

I was involved in a discussion recently about the disclosure requirements that apply when publically traded companies experience a cyber breach. The rule of thumb for the breach or cyber attack to require disclosure - it would have to be “material” (an accounting term). The Journal of Accounting states that “materiality” is based on an assumption that a fluctuation in net income of 5 percent or less is unlikely to influence a reasonable investor.

Take a look at the revenue of those in the defense industry and just how significant the costs of the attack would have to be before it needs to be disclosed. That would explain the limited number of disclosures we see. Do you think this might be what is behind the Securities and Exchange Commission’s (SEC) decision to “Focus on Corporate Cybersecurity Risks in 2014?”

If you examine how much of our military equipment falls into the COTS (commercial off the shelf) category as well as how much of our critical infrastructure is operated by the private sector in addition to all the commercial equipment they use, you can see the danger of companies and the supply-chain being compromised by counterfeit equipment or products with built in malicious code. This is a critical issue!

Supply-chain security has increasingly become an area of deep concern for the DoD, the government and the private sector. The Brookings Institution published a report that focuses on compromised electronic components. In their executive summary they state “supply chain is almost completely unprotected.” Given all of that perhaps COTS should now stand for “Can't Obtain Till Secured” or at least put a clause in all purchasing contracts requiring all cyber breaches be disclosed.


Start your day with a roundup of top defense news.

More Headlines



Login to This Week's Digital Edition

Subscribe for Print or Digital delivery today!

Exclusive Events Coverage

In-depth news and multimedia coverage of industry trade shows and conferences.



Defensenews TV

  • Sign-up to receive weekly email updates about Vago's guests and the topics they will discuss.