After revelations that a compromised contractor login abetted a grandiose breach of federal employees’ background investigations, now comes word that Defense Department suppliers score below hacked retailers when it comes to cyber defense.
The new industry-developed cyber rankings — and the recent Office of Personnel Management hack — raise questions about the extent to which cybersecurity is a shared responsibility between government agencies and contractors.
“You can write a contract requiring somebody to do something. The question is, how do you enforce it? And if it’s broken, what are the penalties? That’s what DOD is really struggling with,” said Jacob Olcott, vice president of business development at BitSight Technologies, which rates firms’ susceptibility to hacks. “If you are the only organization that’s building an F-35, there is only so much that the government can demand of you.”