MARCH-APRIL 2022 | WWW.AUSTRALIANDEFENCE.COM.AU
DEFENCE EXPORT 43
 include the implementation of cybersecurity practices and in- stitutionalisation of processes”.
Under the regulations, the contractor must hold a current (not older than three years) CMMC certificate at the re- quired level and which must be maintained at that level for the lifespan of the contract. The contractors have the re- sponsibility of ensuring subcon- tractors in turn have a current CMMC certificate at an appro- priate level.
As a result, Australian
SMEs will have to invest in
additional cybersecurity mea-
sures or risk losing (or being
excluded from) contracts with
the primes. But one Austra-
lian SME already has an af-
fordable and proven way to protect sensitive data, which is applicable to both SMEs and primes alike.
Cocoon Data has developed an encrypted file sharing platform known as SafeShare which offers end to end pro- tection against cyberattack, with each individual file hav- ing its own unique encryption key. This protects data from the time it is encrypted on one computer, all the way to the recipient, including the time spent in the cloud.
A SOLUTION TO HAND
Cocoon Data is an Australian software and services company with a particular focus on high-end data security and compliance with existing customers across government departments and the defence industry sec- tor, including at least one of the ‘big four’ US primes.
particularly defence supply chains,” Cocoon’s CEO Trent Telford explains.
“Basically, if you have a million files in the cloud, you have a million different encryption keys. When you go to upload a file we generate a unique key, we send it down, encrypt it and sent it up and it’s stored encrypted.”
Telford says one of the further advantages of the Safe- Share platform is its ability to ‘geofence’ data based on lati- tude and longitude rather than an IP address, meaning the
file can only be opened within the boundaries of a specified area.
“You enter in an address and it comes up with a map – you can drag and drop a boundary around it and once you’ve hit ‘Save’ it will only issue the key to open the file if the device is inside that boundary. As soon as you cross that boundary it ‘kills’ the key to that file,” he says.
“In the defence industry this has been a big thing, because big primes may manu- facture at multiple facilities in the US, but also in other countries, so if they can en- data can only be opened within the conti-
  The company started out several years ago
with a specialised version of the SafeShare
product that was focussed on national secu-
rity organisations in Australia and across the
‘Five Eyes’ partners. From there, the plat-
form was tailored for federal departments and today it is being offered to the wider supply chain.
sure sensitive
nental US for example, they won’t fall foul of ITAR and/or CMMC regulations.”
“THESE NEW RULES ARE EXPECTED TO BECOME EFFECTIVE ACROSS THE US DEFENCE SECTOR WITHIN THE NEXT TWO YEARS”
  “What’s different about our company is we’re focussed on sensitive and/or classified data in the cloud: for Fed- eral Government, for Defence and for supply chains –
ABOVE: One of the advantages of Cocoon’s SafeShare platform is its ability to ‘geofence’ data based on latitude and longitude rather than an IP address
LEFT: US Government regulations will shortly mandate that any data sent via the cloud will have to be protected by stringent cybersecurity processes
Telford says that only around a quarter of Cocoon’s current business is in Australia with the vast majority of the remainder in the US. “Australian industry has less than two years to get its act together and people do not realise the systemic risk to their business CMMC poses,” he adds. “I’m not being overly dramatic, there is a systemic risk to the Australian defence in- dustry if it doesn’t become CMMC-compliant alongside ITAR.
“Yes, our product solves the problem, but the bigger story here is that people don’t realise this is happening. It is a ma- jor risk for the Australian defence industry – we can solve your problem for you, but the problem needs to be under- stood across the industry first.” ■
  COCOON DATA