The U.S. Department of Defense (DOD) has issued an advanced notice of proposed rulemaking regarding amendments to the Defense Federal Acquisition Regulation Supplement (DFARS) that would add new data protection requirements for unclassified DOD information used or handled by contractors. See 75 F.R. 9563 (March 3, 2010). The proposed amendments would create a two-tiered system of data security requirements as well as an obligation to notify the DOD of security incidents, including all intrusions attempted by an “advanced persistent threat.”