Threat of cyberattacks from overseas high, federal IT execs say
Survey finds majority saying they expect attack against critical infrastructure in the next year
Computerworld - A survey released Tuesday by Lumension Security Inc. highlighted growing fears among federal IT security officials of cyberattacks being launched against critical U.S. infrastructure targets by foreign adversaries in the near future.
Of about 200 IT security managers in civilian and noncivilian federal agencies surveyed, 61% said there was a "high" threat of an attack being launched by a foreign nation sometime in the next year.
About 33% of the respondents said their networks had experienced cyberattacks from overseas groups and terrorist organizations in the past year. The respondents included IT security officials at the Department of Defense and intelligence agencies
At the same time, more than four out of 10 respondents in the Lumension survey said that they believe the U.S. government's ability to defend against the attacks is "poor" to "fair" at best.
About half said that they expect only minor policy changes to result from the recent appointment of Howard Schmidt as the new federal cybersecurity coordinator, while more than 40% admitted to spending very little time during the past year working on the Comprehensive National Cyber Security Initiative.
The CNCI is a multibillion-dollar effort that was launched during the Bush Administration to bolster the federal government's ability to detect and block cyberthreats.
The results underscore just how little the government has revealed about the scope of the cyber challenges it is facing, said Matt Mosher, vice president of sales at Scottsdale, Ariz.-based Lumension.
The fact that more than 30% of federal agencies and departments that deal with national security, including defense, foreign policy and homeland security, appear to have been attacked over the past year is revealing, Mosher said.
Equally significant is the relatively scant attention that apparently is being paid to key initiatives such as the CNCI, he said. "The government hasn't been doing a lot of public talking about the threat from foreign nations and the fact that a lot of it is already happening," he said.
Though there is growing awareness within the security industry about the massive scope of the problem, "the average public" has little to no awareness of the seriousness of the issue, he said.
"You would think there would be some action and some effort spent on these initiatives," given the current threat climate, he said. According to Mosher, respondents in the Lumension survey identified compliance-related issues, lack of resources and technology integration challenges as some of the biggest obstacles to implementing an effective cybersecurity strategy.
The results in the survey reflect the growing anxiety within the industry over cyberattacks emanating from overseas with the aim of stealing intellectual property, commercial trade secrets or government and military data.
Such attacks have been going on for several years now and have resulted in terabytes of data being systematically being siphoned out of the country by overseas adversaries, many of whom are believed to be state-sponsored.
Google Inc.'s disclosure in January that it was attacked by adversaries from China, and its subsequent scaling down of operations there, has given vent to the growing anxiety over the massive scope of the problem.
In the weeks since Google's disclosure, numerous high-profile individuals, including Director of National Intelligence Dennis Blair, former intelligence chief Mike McConnell and others, have warned about cyberattacks against the country growing at an unprecedented rate.
In a recent editorial in the Wall Street Journal, Sens. Jay Rockefeller (D-W.Va) and Olympia Snowe (R-ME) urged the country to prepare for a cyberwar and warned of catastrophic consequences if immediate action isn't taken to deal with the threat.
Some have cautioned against overhyping the situation and have insisted that what is going on is not really a cyberwar but cyber-enabled espionage and theft on a massive and growing scale.
Others, however, say that the attention being paid to the attacks is fully warranted and is the only way to get the government to respond to the situation with the urgency it requires.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- After Google-China dust-up, cyberwar emerges as a threat
- Targeted attacks test enterprise security controls
- Is the U.S. the nation most vulnerable to cyberattack?
- In cyberwar, who's in charge?
- Schmidt: Private sector key to stopping Google-style attacks
- Threat of cyberattacks from overseas high, federal IT execs say
- Estonia readies for the next cyberattack
- Think tank in Estonia ponders war in cyberspace
- Botnets 'the Swiss Army knife of attack tools'
- 'Cyber War' author: U.S. needs radical changes to protect against attacks
- Special report: Web giants attacked
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cybercrime and Hacking White Papers | Webcasts