|
By Michael Eggebrecht
A foreign cyber-attack on critical U.S. IT infrastructure is highly likely to occur within the next two years, according to a group of people who should know -- federal IT personnel.
In a survey by Clarus Research Group of more than 200 IT security employees in federal agencies and departments, 61 percent pegged the chances of such a cyber-attack as “high,” with another 28 percent stating that there is a “medium” likelihood. The survey, which was conducted in February, was sponsored by security vendor Lumension.
Asked to rate the government’s ability to prevent or handle cyberattacks, just 6 percent of respondents called it excellent; another 47 percent said good, while 35 percent believe that it’s fair and 7 percent poor.
The IT staffers were also asked to identify the biggest security risks over the next 12 months (participants were allowed to pick more than one answer). Sixty-four percent cited the sophistication and growth in cyberattacks, followed by negligent or malicious insiders (64 percent) and insufficient resources (42 percent).
Fifty-nine percent of respondents said their agency has been the victim of a virus or malware intrusion in the last year, and another 53 percent said that their organization has seen desktops, laptops or other devices stolen. Twenty-two percent said that their agency has been on the receiving end of a cyberattack by a foreign nation or terrorist organization.
But despite the threat, 41 percent reported that they spend less than 10 percent of their time at work on tasks related to the Comprehensive National Cyber Security Initiative. And 55 percent said they expect the Federal Cyber Security Coordinator to make minor or no changes to cyber-security policies in the next two years.
“The traditional government responses we’ve seen so far, such as naming a security coordinator, announcing a cyber security initiative and focusing on compliance initiatives will not alone successfully address this problem,” said Lumension chairman and CEO Pat Clawson in a statement.
Clawson added that he would like to see a more powerful cyber-security czar, “with budget and policy authority, reporting directly to the president,” as well as more collaboration between government and the private sector, “to better understand the risks at hand and to better define IT security standards, practices, and contingency plans in the event of a major attack.”
Only registered users can write comments.
Please login or register. |
