Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security Businesses Privacy

Contractors Pose Cyber Risk To Government Agencies ( 78

Ian Barker, writing for BetaNews: While US government agencies are continuing to improve their security performance over time, the contractors they employ are failing to meet the same standards according to a new report. The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector. It finds more than eight percent of healthcare and wellness contractors have disclosed a data breach since January 2016. Aerospace and defense firms have the next highest breach disclosure rate at 5.6 percent. While government has made a concerted effort to fight botnets in recent months, botnet infections are still prevalent among the government contractor base, particularly for healthcare and manufacturing contractors. The study also shows many contractors are not following best practices for network encryption and email security.
This discussion has been archived. No new comments can be posted.

Contractors Pose Cyber Risk To Government Agencies

Comments Filter:
  • by OffTheLip ( 636691 ) on Sunday February 18, 2018 @01:57PM (#56147662)
    The Feds Office of Personnel Management 2015 data breach wins (or loses) hands down. Not only an employee's personal info but family members and others included in "security" background checks. So, yeah, about those negligent contractors...
    • by PPH ( 736903 )

      Yeah. Things were a lot better before the OPM got into the security clearance business. Who would have thought that the issues with and threats against defense, healthcare, law enforcement and other employees and contractors would differ?

    • by rtb61 ( 674572 )

      Now let's guess who created that system, perhaps contractors. How many failed contractor projects have there been, not just in data management but in every single facet of the function of government. Why contractors because that is the one and only way to achieve high level theft (billions even trillions stolen) in government projects, even to the insane level of no-bid contracts, just charge what you like.

      So perhaps you are right, not negligent contracts but criminally fucking corrupt contractors of which

  • In light of trying to dodge obligations and shortchanging the people doing the work, perhaps they might want to actually hire directly or have contract firms provide better conditions/terms.
    • I guess it's time for companies / government to make a choice:

      Cost vs Security.

      Real security is expensive and not something you can cut corners on if you're serious about it.

  • Simple solution (Score:3, Interesting)

    by Gravis Zero ( 934156 ) on Sunday February 18, 2018 @02:21PM (#56147788)

    Just tie the security clearances of the company's executives to the company's security. If the company's security is compromised, the executives lose their security clearances, leaving the corporation with two options, replace all the executives or forfeit it's government contracts.

    • by AHuxley ( 892839 )
      Then they lose the tools of their trade.
      The gov cannot take the tools of their trade away from the contractors.
      The person gets to walk away with their security clearance and start up a new company.
      • Then they lose the tools of their trade.

        Executives are replaceable. They would be quickly replaced and company would move on without them.

        The gov cannot take the tools of their trade away from the contractors.

        The person gets to walk away with their security clearance and start up a new company.

        Why should an executive that failed to ensure security be allowed to keep their security clearance? The fish rots from the head down.

  • AIA, a trade group, said 700,000 jobs were in the clearance process. This hurts national security, not helping. Robert Oppenheimer losing his clearance was obviously politically motivated. Junk it.

Bell Labs Unix -- Reach out and grep someone.