Contractors Pose Cyber Risk To Government Agencies

Ian Barker, writing for BetaNews: While US government agencies are continuing to improve their security performance over time, the contractors they employ are failing to meet the same standards according to a new report. The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector. It finds more than eight percent of healthcare and wellness contractors have disclosed a data breach since January 2016. Aerospace and defense firms have the next highest breach disclosure rate at 5.6 percent. While government has made a concerted effort to fight botnets in recent months, botnet infections are still prevalent among the government contractor base, particularly for healthcare and manufacturing contractors. The study also shows many contractors are not following best practices for network encryption and email security.

Re:Contractors? The govvies are incompetent

[gweihir]

And that is exactly the problem. The "proper" employees are not a risk, because they cannot get even get the work done. The second problem is that the process to get a clearance is based on a completely broken perception of the world. You can not evaluate whether somebody has honor, loyalty and integrity and their history, friends, family, etc. do not indicate so either. At the same time, even somebody deeply loyal may suddenly find they are more loyal to their species than to some scummy government agency trying to screw everybody over.

The only way prevent loyalty-problems with contractors is to a) pay them well b) treat them well and c) do not do evil crap that they may rightfully object to. Of course, all three are beyond what a dysfunctional government agency can do, so leaks (and sabotage) will continue to happen.