RSS Alerts

Share

More services

Related Links

Related Stories

  • GAO slams Federal agencies for poor information security
    The Government Accountability Office criticised Federal agencies this week for poorly implementing information security controls, arguing that most of them were deficient.
  • FISMA inches closer to reform
    Legislation has been introduced into the US Senate that would reform existing cybersecurity regulations, just as federal CISOs condemned existing rules as out of touch with current security concerns.
  • Obama orders cybersecurity review
    President Obama has ordered a 60-day review of federal cybersecurity, appointing a former key executive in the Bush administration to lead the charge.
  • Too Many Cooks
    Cyberthreats are increasingly a national security issue, and evidence suggests that the US is not adequately prepared for attacks across the network. Obama’s promise to appoint a Federal CTO is promising, but what else needs to be done to ensure that cyber-enemies are kept at bay? Danny Bradbury reports
  • US Government Receives Grade C in IT Security
    The US federal government improved slightly in its ability to secure its computer systems and networks, from a C- to C.
  • Federal agencies need to bolster information security
    Despite some progress, many US federal agencies continue to experience significant information security control deficiencies, according to a new report.

Top 5 Stories

News

Report: Federal agencies overstretched on cybersecurity

12 November 2009

Only half of the federal government's agencies feel that they have an adequate security budget, according to a report released this week. And yet, cybersecurity incidents are on the rise.

44% of respondents to the CDW Government survey of 300 federal IT professionals said that the number of cybersecurity incidents had increased over the past year, with another 36% reporting that the number had stayed the same. Almost a third said that the cybersecurity incidents had become more severe.

In spite of the increasing security challenges, only 52% of front-line federal IT professionals felt that they had an adequate budget to meet their cybersecurity needs.

Bob Gourley, CTO of technology advisory firm Crucial Point and former CTO for the US Defense Intelligence Agency, said that the lack of budget was a leadership issue.

"I have seen so many issues that could have been solved by a smart leader in a position of responsibility", he said, specifically addressing the survey finding that two thirds of agencies identified inappropriate web surfing and downloads as the biggest cybersecurity issue. Simple gateway-based content scanners could solve that problem. "Good leadership and a tiny budget would address this", he said.

One particularly worrying statistic showed that roughly two thirds of respondents identifying a rising threat from malware had implemented neither anti-spam nor web filtering software. A quarter of these respondents had no anti-spyware solution in place.

"Agencies try simple, independent solutions and those fail. Malware writers rapidly modify and improve their malicous code. Solutions can be found, like Cloudshield DPI, but not every agency has one yet", Gourley said.

The survey also found that agencies were ill-equipped to cope with the rise in mobile and remote working. 60% of respondents said that cybersecurity threats related to mobile computing have increased over the past year. Yet amazingly, two thirds of respondents said that their agencies didn't have wireless encryption, while 70% said that their agency lacked data loss prevention measures.

75% of respondents said that network monitoring and intrusion prevention requirements had increased over the last year, with almost the same number reporting that encryption was higher on the agenda.

The Obama administration has still not appointed a cybersecurity czar who would report directly to the White House and who would orchestrate federal cybersecurity measures. The result of the government's cybersecurity review, which recommended this measure, was announced at the end of May. 

This article is featured in:
Encryption • Malware and Hardware Security • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012