Agencies should evaluate contractors for security readiness

The Federal Aviation Administration isn’t the only recent victim of a data breach. Hackers recently broke into USAJobs.com, which houses personal information on thousands of federal job seekers.

The site runs on Monster.com’s platform, and the breach, which occurred in January, included Monster, too. It provoked a debate on the wisdom of outsourcing services, especially considering the potential for identity theft using stolen job-seeker data.

Occasional data breaches will happen no matter how secure a system is, said Jonathon Giffin, an assistant computer sciences professor at the Georgia Institute of Technology.

“The government is actually behaving appropriately,” he said. “They are not experts in data security or in running a Web site that advertises jobs. Contracting that out to a company that has that expertise I think makes a lot of sense.”

But agencies can take steps to minimize the risk of lax treatment of sensitive information by an outside service provider, said Rohyt Belani, a security expert and professor at Carnegie Mellon University. Agencies should study audits of the systems that the technology providers use and investigate employee-awareness programs they have in place.

Employees who are trained to spot fraudulent e-mails – the phishing attacks that can trick employees into revealing passwords, giving the hackers a way into the system – are unlikely to fall for them, he said.

Market pressures also help provide a layer of security when government agencies outsource services, Giffin said. If a service provider has repeated security breaches, agencies are free to find another provider with better security policies.

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.