As cyberthreats proliferate internationally, cybersecurity technology continues to expand and evolve.
Phishing, ransomware, and credential stuffing all are serious online threats exposing countless records. DMV records, police arrest records, finance department payments, and revenue agency data are among the attacks where public agencies had to pay and, in some cases, public data was exposed.
And in 2021, a ransomware attack brought the Colonial Pipeline to a standstill, affecting the movement of people, goods, and services for several days. The company ultimately paid to get the encryption key to take back control of their systems as President Joe Biden called this event a threat to national security. Data breaches of government agencies don’t come cheap. IBM’s 2022 Cost of a Data Breach report states that a public sector data breach cost $2.07 million on average.
Addressing security threats has become an ever-increasing priority for the federal government. Enforcement of Controlled Unclassified Information (CUI) protection continues to escalate as private contractors working with the federal government are continually required to update their security systems and procedures to meet the threats of the day.
With the drive for digital transformation at public agencies and the infusion of funding from the Infrastructure Investment and Jobs Act, Executive Order 14028 was signed to improve the nation’s cybersecurity. It’s move prompts the federal government to secure cloud services and requires agencies and delivery partners that collaborate and share engineering and construction project information via cloud applications to comply with the administration’s Executive Order.
More recently, the Biden administration issued a memo stating that federal departments must ensure all third-party IT software deployed adheres to National Institute of Standards and Technology supply chain security requirements and get proof of conformance from vendors.
The guidance, released in September, gives agencies 120 days from the memo’s release to develop a consistent process for collecting cybersecurity assurance from software providers. Federal agencies also had 90 days to identify all software and determine what is critical. Software providers must provide verification to the agencies that their products adhere to the NIST supply chain security requirements.
“A third-party assessment provided by either a certified FedRAMP Third Party Assessor Organization (3PAO) or one approved by the agency shall be acceptable in lieu of a software producer's self-attestation,” the memo states.
In January, Oracle Aconex for Defense became the first construction and engineering project management and collaboration software to earn Defense Information Systems Agency (DISA) Impact Level 4 (IL4) provisional authorization. The heightened security meets the strict requirements for Defense Department projects while providing a modern cloud project management application.
It connects agency stakeholders and delivery partners to accurate and up-to-date information with collaboration tools, document controls, 3D model viewing, mobile app access, tasks, an immutable audit trail for accountability, and workflow automation to keep project momentum, to name a few.
Oracle Aconex for Defense is a high-compliance instance of Aconex, physically separated from the public cloud, and has gone through a rigorous process, assessed by a third-party assessment organization (3PAO), and is monitored continuously for threats. It is the only construction and engineering project management application to have achieved FedRAMP Moderate and DISA Impact Level 4 authorizations, meeting the stringent compliance requirements of both the U.S. government and the Department of Defense.
Additionally, the application provides for two-factor authentication, password complexity requirements, data encryption in transit and at rest, continuous monitoring, and remediation.
Agencies and contractors are assured that their cloud information management solution is in compliance, and users have a single source of truth for sharing and consuming information that helps to confidently make proactive decisions at speed and maintain mission momentum.
Cyberattacks to a construction project could disrupt the schedule, impact the supply chain, divert payments to wrong parties, cause rework, and put jobsite security at risk, not to mention the potential for spreading to other systems and stealing data or exposing information. Cyberthreats have expanded from targeting individuals, their smartphones, and computer networks, to public assets like railways, power grids, and defense systems and facilities. Defense agencies can look to Oracle Aconex for Defense cloud solution, so their projects are completed efficiently while maintaining the highest levels of security and compliance. Oracle Aconex for Defense also achieved FedRAMP Moderate authorization, facilitated by the US Army Corps of Engineers in November 2020. FedRAMP establishes a risk-based approach to standardize the adoption and use of cloud services by the federal government.
By attaining both FedRAMP and DISA accreditations, Oracle’s defense agency customers and their delivery partners can be assured that Oracle Aconex for Defense has been thoroughly reviewed and approved by leading technology officials and authorized for defense programs.
The Oracle Smart Construction Platform combines our industry-trusted applications with a common data environment and an ecosystem of partners to help owners and delivery teams work together and continuously improve performance. The platform connects teams and data, synchronizes work, and empowers individuals to make informed, proactive decisions. Power performance with proven Oracle Construction and Engineering solutions for scheduling, portfolio management, construction project management, project controls, construction payment management, and more.