Breach, Data Security, Network Security

Assessment: Security posture of U.S. government contractors inferior to federal agencies using them

Share

An independent risk assessment conducted this month found that the security posture of U.S. government contractors was markedly worse than the federal agencies that use these third-party services, suggesting contractors must raise their game and bridge the gap.

The analysis, performed by security ratings firm BitSight, encompassed more than 120 federal agencies, and over 1,200 federal government contractors divided across six different industry sectors. Using its own methodology and grading system, BitSight found that the mean security score for each industry-segmented contractor group was at least 15 points lower than the mean security rating of the 120+ federal agencies.

The six studied contractor industry segments were: aerospace/defense, business services, health care/wellness, engineering, technology, and manufacturing.

A BitSight research report detailing the study further reveals that almost 50 percent of the contractors earned a C grade or worse for failing to adequately adhere to the "Protective Technology" guidelines laid out by the NIST (National Institute of Standards and Technology) Cybersecurity Framework. The engineering sector fared the worst in this respect, with 61 percent of contractors grading out at C or below. (Manufacturing was the next worst industry, with 53 percent scoring a C or worse).

By comparison, only 24 percent of federal agencies scored a C or below, while 38 percent earned an A grade. None of the federal agencies received an F score.

However, federal agencies did not always come out on top: they scored worse than all but two contractor categories -- technology and aerospace/defense -- for using outdated web browsers.

Assessment: Security posture of U.S. government contractors inferior to federal agencies using them

An independent risk assessment conducted this month found that the security posture of U.S. government contractors was markedly worse than the federal agencies that use these third-party services, suggesting contractors must raise their game and bridge the gap.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.