[gnarbarian]

I think that's because most of the people doing the work are contractors. Not because of some notion of contractors being less secure/loyal/honest/organized than gov employees.

For one federal organization I work for literally everyone I work with and talk to at all levels seems to be a contractor except for a couple people. the ratio is at least 20:1 contractors to federal employees. As for why this is, it's mostly related to the reasons I mentioned in my wall of text

[thingexplainer]

I agree, I never meant to imply that I thought contractors were less loyal. I appreciate the depth of your responses and hope I haven't given offense.

There are just so many of them that it projects the attack surface of the DoD out; now you can attack contractors which aren't as tightly regulated, and they might hire people to, say, build their website that aren't even cleared. So now I can steal some web dev's credentials and pivot towards classified networks.

[gnarbarian]

No offense taken. And yes external contractors can pose additional security vulnerabilities since they are not always under the same security policies on their own machines. I know that some departments are changing things so all work must be performed on government equipment with government source control on internal networks. If my client does this I will definitely quit. I am already pretty burned out on the work (their policy is all internal projects must be in cold fusion)