Pentagon Contractors Rank Below Retailers and Banks When it Comes to Cybersecurity

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/cybersecurity/2015/07/pentagon-contractors-ranked-below-retailers-and-banks-when-it-comes-cybersecurity/116899/

By Aliya Sternstein
Nextgov.com
July 5, 2015

After revelations that a compromised contractor login abetted a grandiose 
breach of federal employees' background investigations, now comes word 
that Defense Department suppliers score below hacked retailers when it 
comes to cyber defense.

The new industry-developed cyber rankings -- and the recent Office of 
Personnel Management hack -- raise questions about the extent to which 
cybersecurity is a shared responsibility between government agencies and 
contractors.

"You can write a contract requiring somebody to do something. The question 
is, how do you enforce it? And if it's broken, what are the penalties? 
That's what DOD is really struggling with," said Jacob Olcott, vice 
president of business development at BitSight Technologies, which rates 
firms’ susceptibility to hacks. "If you are the only organization that's 
building an F-35, there is only so much that the government can demand of 
you."

When measured in aggregate, network controls at breached J.P. Morgan Chase 
and Home Depot, combined with the rest of the retail and financial 
sectors, rated higher than the top companies supporting the U.S. military, 
according to BitSight. Those firms include Boeing, Lockheed Martin, 
Raytheon and 22 other defense contractors.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/