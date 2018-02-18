Contractors Pose Cyber Risk To Government Agencies (betanews.com) 34
Ian Barker, writing for BetaNews: While US government agencies are continuing to improve their security performance over time, the contractors they employ are failing to meet the same standards according to a new report. The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector. It finds more than eight percent of healthcare and wellness contractors have disclosed a data breach since January 2016. Aerospace and defense firms have the next highest breach disclosure rate at 5.6 percent. While government has made a concerted effort to fight botnets in recent months, botnet infections are still prevalent among the government contractor base, particularly for healthcare and manufacturing contractors. The study also shows many contractors are not following best practices for network encryption and email security.
Manning, Snowden, and Winters were not H1B.
Point?
The OPM data breaches wins though
Stop forcing them to install backdoors and you solve half of all internet security problems.
Can you cite even a single breach that was enabled by a government mandated backdoor?
Yeah. Things were a lot better before the OPM got into the security clearance business. Who would have thought that the issues with and threats against defense, healthcare, law enforcement and other employees and contractors would differ?
Perhaps benefit-dodging isn't worth it.
I guess it's time for companies / government to make a choice:
Cost vs Security.
Real security is expensive and not something you can cut corners on if you're serious about it.
Simple solution
Just tie the security clearances of the company's executives to the company's security. If the company's security is compromised, the executives lose their security clearances, leaving the corporation with two options, replace all the executives or forfeit it's government contracts.
Abolosh cleaance
And that is exactly the problem. The "proper" employees are not a risk, because they cannot get even get the work done. The second problem is that the process to get a clearance is based on a completely broken perception of the world. You can not evaluate whether somebody has honor, loyalty and integrity and their history, friends, family, etc. do not indicate so either. At the same time, even somebody deeply loyal may suddenly find they are more loyal to their species than to some scummy government agency
Re: (Score:2)
It would also help to require that they not have been proven to have been doing unethical work during the past, say, five years. (I didn't say illegal, I said unethical. Unfortunately, that makes the term "proven" a bit difficult to define. Also the term unethical. So you'd need to set down certain minimum requirements that would substitute.)