The contractors themselves are bound by contract language that TRANSCOM intends to require them to report certain incidents, but the contractors say the language is ambiguous and they did not report, the committee says.
Further, as of January 2014 TRANSCOM hadn't provided a list to the FBI or Department of Defense of those contractors whose intrusions it would like to hear about.
In one case a contractor suffered 24 intrusions but reported none to TRANSCOM. The report says, "wile the yber incident reporting requirement was included in TRANSCOM's contract with te company, it was included as an option that TRANSCOM did not exercise."
In another case a contractor didn't report intrusions to TRANSCOM because it thought the provision applied only to a particular network run by one of its subcontractors. The company in question did report the incidents to other defense agencies, but took four to six months to do so.
Sign up for CIO Asia eNewsletters.