Cyber Insecurity: When Contractors Are Weak Link - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
11/20/2013
09:04 AM
Richard A. Russell
Richard A. Russell
Commentary
100%
0%

Cyber Insecurity: When Contractors Are Weak Link

Government and defense contractors play a crucial role in protecting sensitive information. But the evidence suggests they are losing the battle.

The time may have come to hold the contractor companies accountable for inadequate safeguards and lack of security measures which will protect critical program information, sensitive information, and even classified information.

But of even greater concern for our community is its continued reliance on current methods and processes for protecting networks, enterprises, and information.  What is needed is a quantum leap to new and innovative approaches that will change the systems, environments, and networks to make them capable of recognizing malware, intrusion attempts, infected software copies, and other common tools of the cyber-attacker's tradecraft. 

With real innovation and a drive from senior leaders to find and test new solutions, rather than permutations of the same old solutions, the government could get ahead of our adversaries and create the time gap necessary to allow for even more innovation and structural shifts that could frustrate adversaries and provide our country with a competitive advantage in the future.

Our economic well-being and our ability to dominate the battle space of tomorrow hinge on this effort. It is imperative for companies to protect their internal networks and systems, to sequester government information more effectively, and to redouble efforts related to insider threats.  If we do not fix this, we could find ourselves overpowered economically and militarily in the future.

 

 

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
11/20/2013 | 10:00:33 AM
Do other governments do better?
I'd be curious to know whether these same patterns occur in the Canada, the U.K., or other NATO allies. Is their distribution of labor between contractors and government employees similar or vastly different? Much better managed or about the same?

U.S. government systems can't be the only ones that are under attack, although the U.S. is obviously a big target.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
11/20/2013 | 10:08:37 AM
Lack of expertise
I wonder about the wisdom of spreading records around so many contractors when top-notch security expertise is so expensive and scarce. Sure, putting assets with a few large suppliers makes for more tempting targets, larger firms can in theory afford and deploy cutting-edge security.
WKash
50%
50%
WKash,
User Rank: Author
11/20/2013 | 10:42:10 PM
Holding contractors accountable
It seems hard to imagine the government couldn't do more, as yoiu put it, to hold contractor companies accountable for inadequate safeguards and lack of security measures to  protect critical program information, sensitive information, and even classified information.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
11/21/2013 | 11:00:15 AM
Re: Holding contractors accountable
Given recent events with the world's most famous governement contractor -- Edward Snowden -- you would think that the government would be exerting even more control over contractors. Go figure!
WKash
50%
50%
WKash,
User Rank: Author
11/21/2013 | 11:22:21 AM
Re: Holding contractors accountable
The Snowden incident is one dimension of the problem. Yes, agencies can increase measures to guard against the theft / loss of information. The NSA, for instance, is now requiring that two individuals be present during the transfer of any classified information.  But it's much harder to control, discipline or simply fire a long standing but careless contractors whose systems are often grafted into an agency's systems.

 
Slideshows
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll