Report: Federal agencies overstretched on cybersecurity

44% of respondents to the CDW Government survey of 300 federal IT professionals said that the number of cybersecurity incidents had increased over the past year, with another 36% reporting that the number had stayed the same. Almost a third said that the cybersecurity incidents had become more severe.

In spite of the increasing security challenges, only 52% of front-line federal IT professionals felt that they had an adequate budget to meet their cybersecurity needs.

Bob Gourley, CTO of technology advisory firm Crucial Point and former CTO for the US Defense Intelligence Agency, said that the lack of budget was a leadership issue.

"I have seen so many issues that could have been solved by a smart leader in a position of responsibility", he said, specifically addressing the survey finding that two thirds of agencies identified inappropriate web surfing and downloads as the biggest cybersecurity issue. Simple gateway-based content scanners could solve that problem. "Good leadership and a tiny budget would address this", he said.

One particularly worrying statistic showed that roughly two thirds of respondents identifying a rising threat from malware had implemented neither anti-spam nor web filtering software. A quarter of these respondents had no anti-spyware solution in place.

"Agencies try simple, independent solutions and those fail. Malware writers rapidly modify and improve their malicous code. Solutions can be found, like Cloudshield DPI, but not every agency has one yet", Gourley said.

The survey also found that agencies were ill-equipped to cope with the rise in mobile and remote working. 60% of respondents said that cybersecurity threats related to mobile computing have increased over the past year. Yet amazingly, two thirds of respondents said that their agencies didn't have wireless encryption, while 70% said that their agency lacked data loss prevention measures.

75% of respondents said that network monitoring and intrusion prevention requirements had increased over the last year, with almost the same number reporting that encryption was higher on the agenda.

The Obama administration has still not appointed a cybersecurity czar who would report directly to the White House and who would orchestrate federal cybersecurity measures. The result of the government's cybersecurity review, which recommended this measure, was announced at the end of May. 

What’s Hot on Infosecurity Magazine?