98  PRIVACY IN A CYBER AGE

           Services Administration, in conjunction with the Department of Defense,
           recommended that private sector entities be required to comply with “base-
           line” cybersecurity principles at all levels of the supply chain as a condition
                                                         32
           of being awarded contracts with the federal government.  However, this
           recommendation has not been adopted. Several pieces of legislation have
           been proposed in Congress to either sanction private sector entities that
           fail “to adopt ‘reasonable’ data security practices” or to grant the Federal
           Trade Commission authorization to craft cybersecurity regulations for the
                      33
           private sector.  However, like other proposed legislations, these drafted
           bills have not yet become law. Cybersecurity in the private sector, as this
           section has demonstrated, remains far from satisfactory.

                        D. Implications for Homeland Security

           One might hold that if the private sector fails to protect itself from cyber
           attacks, it will suffer the consequences and eventually mend its ways. The
           same line of thinking suggests that the government should focus on pro-
           tecting its computers and networks, especially those that belong to the
           Departments of Defense and Homeland Security, the Central Intelligence
           Agency, and the Federal Bureau of Investigation. This is, in effect, the posi-
           tion that the Bush and Obama administrations have followed. However,
           this approach ignores that considerable amounts of defense and homeland
           security work are carried out by the private sector.
              For fiscal year 2013, the federal government awarded a total of $460
           billion in contracts, much of which seems to have gone to defense contrac-
               34
           tors.  In 2010, the Department of Defense spent about $400 billion of its
           $700 billion annual budget on private contractors that provided vehicles,
           armor, weapons, transportation, logistical support, and many other goods
           and services, which ranged from aircraft carriers and nuclear submarines
           to hand grenades and Meals Ready to Eat (MREs). The federal government
           also outsources much of the work of intelligence collection and analysis to
           private sector contractors. About “one in four intelligence workers has been
           a private contractor, and 70 percent or more of the intelligence commu-
           nity’s secret budget has gone to private firms,” according to a Washington
                    35
           Post report.  And private security firms such as Blackwater—which has
           since been renamed Xe Services and, later, Academi—were contracted to
                          36
           protect diplomats,  offer counterterrorism training, and supplement U.S.
           military forces in Iraq and elsewhere. 37
              Thus, inadequate cybersecurity at private firms allows adversarial gov-
           ernments and nongovernmental actors to acquire information that could
           greatly harm U.S. defense and homeland security. To cite a recent example,
           on May 19, 2014, Attorney General Eric Holder Jr. announced charges