Government // Cybersecurity
Commentary
11/20/2013
09:04 AM
Richard A. Russell
Richard A. Russell
Commentary
Connect Directly
RSS
E-Mail
100%
0%

Cyber Insecurity: When Contractors Are Weak Link

Government and defense contractors play a crucial role in protecting sensitive information. But the evidence suggests they are losing the battle.

The time may have come to hold the contractor companies accountable for inadequate safeguards and lack of security measures which will protect critical program information, sensitive information, and even classified information.

But of even greater concern for our community is its continued reliance on current methods and processes for protecting networks, enterprises, and information.  What is needed is a quantum leap to new and innovative approaches that will change the systems, environments, and networks to make them capable of recognizing malware, intrusion attempts, infected software copies, and other common tools of the cyber-attacker's tradecraft. 

With real innovation and a drive from senior leaders to find and test new solutions, rather than permutations of the same old solutions, the government could get ahead of our adversaries and create the time gap necessary to allow for even more innovation and structural shifts that could frustrate adversaries and provide our country with a competitive advantage in the future.

Our economic well-being and our ability to dominate the battle space of tomorrow hinge on this effort. It is imperative for companies to protect their internal networks and systems, to sequester government information more effectively, and to redouble efforts related to insider threats.  If we do not fix this, we could find ourselves overpowered economically and militarily in the future.

 

 

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Author
11/21/2013 | 11:22:21 AM
Re: Holding contractors accountable
The Snowden incident is one dimension of the problem. Yes, agencies can increase measures to guard against the theft / loss of information. The NSA, for instance, is now requiring that two individuals be present during the transfer of any classified information.  But it's much harder to control, discipline or simply fire a long standing but careless contractors whose systems are often grafted into an agency's systems.

 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
11/21/2013 | 11:00:15 AM
Re: Holding contractors accountable
Given recent events with the world's most famous governement contractor -- Edward Snowden -- you would think that the government would be exerting even more control over contractors. Go figure!
WKash
50%
50%
WKash,
User Rank: Author
11/20/2013 | 10:42:10 PM
Holding contractors accountable
It seems hard to imagine the government couldn't do more, as yoiu put it, to hold contractor companies accountable for inadequate safeguards and lack of security measures to  protect critical program information, sensitive information, and even classified information.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
11/20/2013 | 10:08:37 AM
Lack of expertise
I wonder about the wisdom of spreading records around so many contractors when top-notch security expertise is so expensive and scarce. Sure, putting assets with a few large suppliers makes for more tempting targets, larger firms can in theory afford and deploy cutting-edge security.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
11/20/2013 | 10:00:33 AM
Do other governments do better?
I'd be curious to know whether these same patterns occur in the Canada, the U.K., or other NATO allies. Is their distribution of labor between contractors and government employees similar or vastly different? Much better managed or about the same?

U.S. government systems can't be the only ones that are under attack, although the U.S. is obviously a big target.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.