Critical Read

After Snowden, what's changed (and what hasn't)

concept cybersecurity art

What: An independent survey of more than 100 U.S. defense contractors composed of IT and security administrators with top-tier access to either confidential, secret or top-secret information. The survey was commissioned by ThreatTrack Security, a Florida-based firm that specializes in helping organizations identify and stop advanced persistent threats (APTs) and targeted cyberattacks. The study was conducted by Opinion Matters, a market research company.

Why: The survey was done to ascertain what impact the disclosures by former National Security Agency contractor Edward Snowden have had on high-ranking IT officials employed by defense contractors.

The survey sheds light on how disruptive Snowden’s disclosures have been. Seventy –five percent of respondents said their companies’ cybersecurity practices were altered in at least one of the following ways:

  • 55 percent say their employees now receive more cybersecurity awareness training
  • 52 percent have reviewed or re-evaluated employee data access privileges
  • 47 percent are on higher alert for anomalous network activity by employees
  • 41 percent have implemented stricter hiring practices
  • 39 percent say their own IT administrative rights have been restricted

Several of the survey’s findings are particularly enlightening. Among them, 27 percent of respondents did not hold proper clearances to view secret, top-secret or confidential information yet were able to view that information anyway. That stat draws parallels to Snowden, a systems administrator who was able to access information that should have been outside his clearance to see.

However, 88 percent of respondents found a "high level of confidence" in government guidance regarding the protection of sensitive data. Despite that confidence, 62 percent still reported that they were concerned with their companies’ vulnerabilities to APTs, targeted malware attacks and sophisticated cybercrime and cyber-espionage tactics.

Respondents were particularly troubled by malware, citing high-volume and sophisticated malware attacks as major threats to defend against. Defense contractor IT managers revealed a device used by members of their senior leadership team became infected with malware due to executives:

  • Visiting a pornographic website (13 percent) – compared with 40 percent of other enterprises.
  • Clicking on a malicious link in a phishing email (40 percent) – compared with 56 percent in other enterprises.
  • Allowing a family member to use a company-owned device (14 percent) – compared with 45 percent in other enterprises.

Verbatim: "[Forty-four] percent of respondents said they have access to networks and databases that store confidential information. Of those, 27.3 percent have no security clearance at all, which raises a red flag. This means that like Snowden, they may have broad IT administrative privileges but without the proper security clearance. Regardless of what security clearances you have, access to privileged information ultimately may be the greatest risk for defense contractors looking to avoid another Snowden-like event. Further review of IT access privileges, therefore, may be in order."

About the Author

Frank Konkel is a former staff writer for FCW.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group