In response to the Defense Industrial Base becoming the target of more frequent and complex cyberattacks from foreign and independent bad actors, the U.S. Department of Defense is expected to release new cybersecurity regulations in 2023 designed to enforce protection of sensitive federal contract information and controlled unclassified information that is shared by the DOD with its contractors and subcontractors, including general contractors and subcontractors performing DOD contracts for construction services.

According to the DOD chief information officer, “To protect American ingenuity and national security information, the DOD developed the Cybersecurity Maturity Model Certification 2.0 program to reinforce the importance of DIB cybersecurity for safeguarding the information that supports and enables our warfighters.”

“The forthcoming CMMC 2.0 rulemaking presents an opportunity for ABC members and other construction industry contractors pursuing DOD contracts to examine their cybersecurity hygiene, participate in the rulemaking process and conform with changes outlined in the final rule, or else they will no longer be qualified to win DOD construction contracts,” said Ben Brubeck, ABC vice president of regulatory labor and state affairs. “In an effort to help ABC members win more work, ABC plans to engage in the forthcoming rulemaking process and provide additional educational resources for ABC member contractors to participate in the rulemaking process and comply with the DOD’s eventual cybersecurity changes.”

On Jan. 25, 2023, ABC hosted a webinar, “Cybersecurity Maturity Model Requirements for ABC Members Doing Federal Work,” with two cybersecurity experts who provided some practical tips and best practices for businesses to assess their cybersecurity readiness in advance of complying with CMMC 2.0.

Nick Decker, practice leader for the construction industry of Egnyte, an ABC Tech Alliance member, informed webinar participants that the forthcoming CMMC 2.0 policy is expected to affect $2.4 trillion worth of DOD construction contracting opportunities before 2027.

Nick Espinosa, a cybersecurity expert and founder of Security Fanatics––a company dedicated to designing custom cyberdefense strategies for medium to enterprise corporations––presented a thorough “nerd to English translation” of CMMC 2.0 and answered frequently asked questions from DOD contractors about the program and cybersecurity best practices.

Espinosa’s practical tips about how contractors can strengthen cybersecurity policies and prepare for CMMC 2.0 are also of value to contractors who perform construction work for private and federal, state and local government entities.

“CMMC 2.0 experts expect other federal agencies and even state and local governments and private customers to adopt similar cybersecurity requirements in the future,” said Brubeck. “With regulatory change on the horizon and a sharp increase in cybersecurity incidents experienced by public and private contractors, now is the time for all contractors to understand the competitive advantage and other benefits of tackling cybersecurity head on.”

ABC will be rolling out additional resources and educational opportunities on CMMC 2.0 and cybersecurity throughout 2023, including a website solely dedicated to this effort.