As the US Department of Defense’s deadline requiring contractors to establish and maintain an insider threat program (NISPOM Change 2) looms near, experts are commenting on the industry’s readiness for the defense overhaul – including Haystax CEO Bryan Ware.
“Is it enough? I don’t think so,” Ware tells National Defense magazine. “To get to the place where industry really has good insider threat programs is not going to come from this change and it’s not going to come quickly.”
Although the new rule, which takes effect November 30, is a step in the right direction, Ware argues that the industry is slow to conform to new regulations, regardless of their positive impact. Most companies don’t have insider threat programs because they aren’t typically viewed as a business driver or competitive advantage to winning contracts.
Experts believe the new regulations will be difficult for small business to comply with, and some are suggesting a better approach would be customizing programs to meet their specific needs. Ware suggests the problem isn’t with customization, but with the ethos of regulations themselves.
“What I would love to see would be that having a strong insider threat program was a strategic advantage for winning government business…When it’s just a security check-in-the-box, that’s not going to happen. But when instead it gives you an advantage over a competitor winning a contract…then I think we’ll see real, serious programs emerge that become the best practices.”