Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Lumension Commissioned Survey “Federal Cyber Security Outlook for 2010”

June 2010 by lumension

According to a new Clarus Research Group survey commissioned by Lumension, nearly three-quarters of federal IT decision-makers who work in national defense and security departments or agencies say the possibility is “high” for a cyber attack by a foreign nation in the next year. Additionally, a third of these respondents say they have already experienced such a cyber attack within the last year.

The survey of 201 federal IT decision-makers and influencers, conducted February 18-26, 2010, also identifies the growing volume and sophistication of cyber attacks as the top IT security risks facing federal IT in the coming year. Yet, more than half of those surveyed expect only minor policy changes as a result of the recently created federal cyber security coordinator position. Of federal IT personnel surveyed, 41 percent said they spent less than 10 percent of their time over the past year working on the Comprehensive National Cyber Security Initiative — and a solid majority, 62 percent, said they spent less than 25 percent of their time on it.

Key Findings:

• 33 percent of respondents who work for departments or agencies affecting national security say they have experienced an attack by a foreign nation or terrorist organization in the last year;

• 61 percent of respondents view the threat of a cyber attack from foreign nations against critical U.S. IT infrastructure in the next year as “high”;

• 42 percent of respondents believe the U.S. government’s ability to prevent or handle these attacks is only fair or poor;

• 64 percent of respondents identified the increasing sophistication and growth in the volume of cyber attacks as the number one IT security risk; and,

• 49 percent of respondents believe that negligent or malicious insiders/employees are the largest IT security risk.

Additional Findings:

Only six percent of respondents rated the federal government’s overall ability to prevent or handle possible threats from cyber attacks on critical IT infrastructure in the U.S. as “excellent.” Difficulty integrating multiple technologies, aligning IT needs with department objectives and in complying with requirements were identified as the greatest challenges in managing IT security operations today. While the majority of respondents felt more confident in their level of IT security today versus a year ago, this was mainly due to improved IT security technology, collaboration between IT operations and security and internal compliance and audit requirements. However, increasing audit burdens and a lack of resources were identified as major challenges in meeting ongoing compliance requirements. In addition, the introduction of new technologies, such as application whitelisting, whole disk encryption and device control for removable media, were identified as having an anticipated expanded use within federal IT environments. According to the survey, 76 percent of federal IT professionals expect an increased use of virtualization technology; 57 percent expect an increase in cloud computing; 63 percent say they will increase their use of social networking; and 66 percent will increase use of mobile platforms, all within the next year.

Key Conclusions:
According to the survey results, federal IT decision-makers expect that over the next few years there will continue to be a growing threat to America’s critical IT infrastructure from foreign entities and terrorist organizations. Survey respondents also view compliance as a double-edged sword: on the one hand, it helps IT departments acquire additional resources that can be used to enable new security technologies, but is also placing a growing strain on departmental resources through increasing audit burdens.

“Unfortunately, when it comes to our infrastructure, we are already under attack and are faced with the reality of a growing and advanced persistent threat from foreign entities that are targeting our critical U.S. infrastructure,” explained chairman and CEO of Lumension, Pat Clawson. “The traditional government responses we’ve seen so far, such as naming a security coordinator, announcing a cyber security initiative and focusing on compliance initiatives will not alone successfully address this problem.”

According to Clawson, “We must do three things if we are to truly empower and implement a robust national cybersecurity plan. One – we need to have an empowered cyber security czar, with budget and policy authority, reporting directly to the President. Next – given that 90 percent of our critical infrastructure is owned or managed by private entities, we need a collaborative government and private sector partnership to better understand the risks at hand and to better define IT security standards, practices, and contingency plans in the event of a major attack. And finally – we need to shift from an absolute focus on being compliant with ad-hoc audits for verification, to one of being secure and continuously monitoring our IT environment to ensure that the proper controls are always in effect.”


Methodology:

The Federal Cyber Security Outlook for 2010 survey was conducted by Washington, D.C.-based Clarus Research Group and commissioned by Lumension. The survey included interviews with 201 federal government IT security decision makers and influencers who work in federal government agencies and departments that deal with national security – such as defense, foreign policy, and homeland security– as well as agencies and departments that are not dealing with national security affairs.




See previous articles

    

See next articles