Justin Sloan

I’m not a compliance professional. I’m just an IT guy doing the work inside a TSP.

2 minute read

I get it. As TSPs, we move household goods. Our military contracts deal with futons and family mementos, not highly classified defense projects. CMMC seems like overkill for what we do. It’s also expensive to implement and maintain, often requiring specialized expertise when implementing controls and conducting self-assessments.

But let me tell you where I think this whole thing ultimately stems from, and why it is deeply important. CMMC isn’t just about compliance. It’s about the safety and well-being of our military service members.

The 2016 Islamic State Hacks: A Wake-Up Call

In 2016, a series of alarming hacks targeted military personnel. Islamic State (ISIS) extremists gained access to databases containing the personal information of over 1,300 U.S. military and government personnel. This wasn’t about stealing secrets; it was about identifying targets.

The hackers compiled a “kill list” of service members, publishing their names, addresses, photos, and even social security numbers online. This information was actively used to encourage attacks against these individuals – putting them and their families in direct danger.

Think about that for a moment. Someone’s home address, publicly available because of a data breach, used to target them for violence. The data wasn’t classified, but it was deeply sensitive and incredibly dangerous when exposed.

This wasn’t a one-off event. It highlighted a critical vulnerability: the ease with which seemingly innocuous personal data could be weaponized against our troops. While the breaches originated from various sources, it underscored the need for a much stronger, standardized approach to protecting this information across the entire defense industrial base – including industries like ours.

Why CMMC Matters Beyond Just Checking Boxes

The DoD realized that relying on self-attestations wasn’t enough. They needed a verifiable, consistent level of cybersecurity across all contractors. That’s where CMMC comes in. It’s not about thinking your data isn’t valuable; it’s about recognizing that even seemingly harmless information can be devastating in the wrong hands.

Beyond just compliance, meaning avoiding penalties and keeping contracts, CMMC is vital to our industry for several key reasons:

  • Trust is Paramount: We want our customers to feel safe with us when everything they own is under our care. Entrusting us with their belongings is a big deal. Knowing we take their data security seriously builds that trust and differentiates us from the competition. Families are understandably anxious during a PCS move; removing the worry about data security is a huge value-add.
  • Protecting Our Service Members: We play a role in supporting those who serve. By prioritizing cybersecurity, we’re contributing to the safety and security of the men and women in uniform and their families. This isn’t just good business, it’s a moral obligation.
  • Reputational Risk: A data breach can devastate your reputation. News travels fast, and a compromised TSP will quickly lose customer trust and potentially face legal repercussions.
  • Competitive Advantage: As CMMC implementation rolls out, companies that proactively achieve compliance will be better positioned to win bids and secure contracts.

CMMC isn’t just a bureaucratic hurdle; it’s a necessary evolution in how we protect sensitive information and support our military community. It’s about recognizing the real-world consequences of data breaches and taking proactive steps to safeguard the information entrusted to us.

Tags:

Updated:

You may also enjoy

Keep your military contracts. Here’s how.

3 minute read

So you provide transportation services for military household goods – moving families when they PCS (Permanent Change of Station)? That’s a valuable service,...