Monday, July 06, 2015

Defence Contractors are like Leaking Sieves

Critics of the uber-costly F-35 usually expect to hear some variation of "no bucks, no Buck Rogers".   In other words if you want the super secret, latest and greatest,  you have to pay top dollar for it.  In this case you're buying the sizzle and the steak.

About that secrecy business.  What if it's only secret to you, not to the country you might have to use it against?

Here's the thing.  That F-35?  There's a fuselage full of technological wizardry that ought to be really secret.  Loose lips sink ships, that sort of thing.  Its premium price tag reflects having something that the other guys don't have. What, then, is it worth if the other guys do have it?

Brace yourself.  A new report on cyber-security finds that major Pentagon contractors, including Lockheed Martin, have weaker cyber security even than already hacked outfits like Home Depot and JP Morgan Chase.

"You can write a contract requiring somebody to do something. The question is, how do you enforce it? And if it's broken, what are the penalties? That's what DOD is really struggling with," said Jacob Olcott, vice president of business development at BitSight Technologies, which rates firms’ susceptibility to hacks. "If you are the only organization that's building an F-35, there is only so much that the government can demand of you."
When measured in aggregate, network controls at breached J.P. Morgan Chase and Home Depot, combined with the rest of the retail and financial sectors, rated higher than the top companies supporting the U.S. military, according to BitSight. Those firms include Boeing, Lockheed Martin, Raytheon and 22 other defense contractors. 

What are you going to do if those same secrets that some contractor is selling you for billions of dollars already went out the back door, free of charge, long ago?

1 comment:

Toby said...

Mound, if you can find a copy read The Cuckoo's Egg by Clifford Stoll. See . It's a fascinating story of tracking a hacker as he wormed his way through the Defence industry. Of course, the contractors were the weak link often not even requiring passwords.

If I remember correctly, Edward Snowden worked for a Defence contractor.