We're Under Attack

Share  
1  |  2  |  3  |  4  |  5  |  6
Previous Next

Click through to see key results from the Federal Cyber Security Outlook 2010 study of 201 Federal IT Decsion Makers, sponsored by Lumension Security and conducted by Clarus Research.

Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance


Normally I hate to start off with a reference to surveys, if only because the result can be an instant snooze for readers. This time, however, I’m making an exception. The reality is that the U.S. Government is under attack continuously by foreign interests, but less than two-thirds of respondents in a recent survey believe it.

The survey, performed earlier this year and reported last week by the Clarus Research Group here in Washington, reported among other things that 61 percent of Federal IT managers view the threat of an attack from foreign nations against the U.S. in the next year as “High.” One wonders what these people, all Federal IT decision makers, consider to be a “threat.”

In the interests of full disclosure, this survey was commissioned by the IT security folks at Lumension. But there’s no reason to think the results were skewed by that. The fact is that foreign countries, either directly or through surrogates, are attacking the U.S. and have been for years. This is a reality that Federal IT managers have to deal with on a daily basis.

What’s equally important to realize is that many of the attacks on the U.S. are against private IT interests. Defense contractors, companies that provide critical infrastructure such as power companies and phone companies, and other federal contractors are under attack. Those attacks are aimed at gathering information, disrupting activities, looking for attack vectors against the US government, and even bringing critical infrastructure down in a coordinated attack.

Adding to the complexity is the fact that some foreign countries, notably China, are also attacking private companies for their intellectual property. We’re at war, and anything is fair game. What’s worse is that we’re at war without the weapons and defenses we need.

A telling response to the Clarus survey was one in which only about half of respondents felt that the newly appointed cyber security director would be able to make a difference. This is worrying, but not because of the reasons you may think. Remember, the U.S. government’s IT infrastructure is a maze of independent, unconnected systems purchased at different times for different requirements, and managed by people who are underpaid, overworked and given too little authority to accomplish their missions.

What this means is that changing direction with the current situation in Federal IT is like trying to steer an oil tanker with an oar. You might be able to do it eventually, but it would work better to have something bigger. Lumension Chairman and CEO Pat Clawson suggests in a press release issued by his company that the new cyber security czar needs to have budget and policy authority, and he needs to report to the President. In other words, this needs to be a cabinet-level position.

I don’t think Clawson goes far enough. One of the biggest ongoing problems that afflicts federal IT is the lack of a realistic level of funding. Congress and the Executive Branch love to issue edicts of what Federal IT managers have to do in terms of security, management or standards. They issue compliance and auditing requirements. They bemoan the attacks on the IT infrastructure. But do they provide the money to pay for this? You guess.

The fact is that Federal IT managers, the ones that actually run the systems on a daily basis, are chronically underfunded, they are beset with conflicting requirements, and they are understaffed. They can’t spend money to solve the problem even if they have funding because the web of conflicting procurement regulations makes it nearly impossible to buy anything on a timely basis. It’s kind of like you finding a virus on your computer this year, but having to wait until 2014 to buy an anti-virus package.

The result is that federal IT managers are trying to hold back the rising tide with a couple of sandbags and their pinkie finger. The fact that they’re doing as well as they are is remarkable. The fact that they’re being asked to do it with less because of budgetary fantasies on the part of Congress is disturbing. The best leadership in the world can’t accomplish anything without the right tools, the right information and enough people. In other words, now that we have a cyber security czar trying to steer this oil tanker, maybe we should also buy him a bigger oar.

 

More Slideshows

Lumension10QsSecurityVendors0x 2015 Endpoint and Mobile Security Procurement: 10 Questions to Ask New Vendors

In the spirit of 2015 planning, now is the time of year when IT teams start to tackle big, complicated issues like endpoint and mobile security. ...  More >>

Security41-190x128 Cybersecurity Grades Released for Key Industries

Looking at cyber data through a business intelligence lens ensures that security-related trends and potential impacts to organizations can be understood and effectively addressed. ...  More >>

Security40-190x128 Five Ways Encryption Has (or Hasn't) Changed Since Snowden

Findings from a new study take a closer look at the evolution of encryption, analyzing adoption rates of the technology and the evolution of privacy awareness. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.