Cybersecurity Deadline for Maryland Defense Contractors Could Cost Region

Widespread non-compliance across the Central Maryland defense industry will have major impact on Maryland’s economy, reports Sera-Brynn.

SUFFOLK, Va., May 22, 2017 /PRNewswire/ — Leading cybersecurity firm Sera-Brynn is urging Maryland defense companies to immediately begin implementing security controls required by the U.S. Department of Defense or risk being ineligible for 2018 defense contracts.

Sera-Brynn reports that most companies are less than sixty percent compliant with the cybersecurity requirements imposed by the Defense Federal Acquisition Regulation Supplement 252.204. 7012 (DFARS), and time is running out. The deadline for compliance is December 31, 2017, and it typically takes 6-9 months to achieve full compliance.

Widespread non-compliance across the Central Maryland defense industry will have major impact on Maryland’s economy. According to the Office of Economic Adjustment, defense spending in Maryland ranks number four in the nation, and for the past ten years, Maryland defense companies have been awarded contracts exceeding $12 Billion, peaking at over $13 Billion in 2009 and 2015. Defense companies in and around Anne Arundel and Montgomery Counties routinely reap almost two-thirds of that bounty. Even better times should be ahead – given that the proposed increase in defense spending is over $50 Billion. Failure to implement DFARS requirements means that many Maryland defense contractors will miss out on business because their information security programs are not up to standards.

“Regions like Central Maryland, where tens of billions of dollars are at stake, have a lot to gain or lose depending on whether or not their defense companies are DFARS-compliant,” stated Rob Hegedus, CEO of Sera-Brynn. “It will be interesting to see if companies get on board with making changes to their security infrastructure, or if widespread non-compliance will shift the defense industry landscape.”

Considering that over five percent of the total federal defense budget is spent in Maryland and that it accounts for 5.7 percent of Maryland’s GDP, if multiple companies fail to meet the deadline, the impact to Maryland’s economy – and Central Maryland in particular – could be billions of dollars lost.

The risk is not merely financial. The consequences of failing to comply include breach of contract, liability under the False Claims Act, whistleblower actions, termination, liquidated damages, and suspension or debarment by the Government for failing to make mandatory disclosures or failing to perform in accordance with the Government contract.

Achieving compliance is a daunting challenge for both large and small companies, but there are many ways for Maryland’s defense contractors to get help. Sera-Brynn’s website is laden with useful information including advice on implementing a systematic, phased approach to compliance. Sera-Brynn also offers complementary DFARS flow-down Webinars for prime defense contractors to present to their valued sub-contractors. Finally, Sera Brynn offers full compliance audits that include, along with a full risk assessment and vulnerability gap analysis, mandatory documents such as a System Security Plan, Cyber Incident Response Plan, and Plan of Action and Milestones – all required by DFARS 7012.

DFARS Background

The Defense Federal Acquisition Regulation Supplement 252.201-7012 – finalized in October 2016, requires all defense contractors that receive, transmit, process, or store Covered Defense Information (CDI) to implement over 100 security controls and be able to detect and report incidents when CDI is compromised. CDI includes unclassified controlled technical information, information that can impact operational security (OPSEC), and other information described in the Controlled Unclassified Information (CUI) Registry. The deadline for DFARS compliance is December 31, 2017.

About Sera-Brynn

Sera-Brynn is a leading global cybersecurity audit and advisory firm. The Virginia-based company offers threat management, compliance and risk assessment, risk control, and incident response services that enable clients to secure their computing environments and meet applicable and mandatory cybersecurity regulatory standards. This technical expertise is the backbone of their DFARS compliance services.

Founded in 2011 by former members of the U.S. intelligence community, Sera-Brynn is ranked #10 worldwide on the Cybersecurity 500 list.

For more information on DFARS, visit

For more information on Sera-Brynn, visit:

Media Contact
Colleen Johnson
Sera-Brynn, LLC / Cyber Risk Management
5806 Harbor View Blvd., Suite 204
Suffolk, Virginia 23435