Threat of cyberattacks from overseas high, federal IT execs say
Survey finds majority saying they expect attack against critical infrastructure in the next year
Computerworld - A survey released Tuesday by Lumension Security Inc. highlighted growing fears among federal IT security officials of cyberattacks being launched against critical U.S. infrastructure targets by foreign adversaries in the near future.
Of about 200 IT security managers in civilian and noncivilian federal agencies surveyed, 61% said there was a "high" threat of an attack being launched by a foreign nation sometime in the next year.
About 33% of the respondents said their networks had experienced cyberattacks from overseas groups and terrorist organizations in the past year. The respondents included IT security officials at the Department of Defense and intelligence agencies
At the same time, more than four out of 10 respondents in the Lumension survey said that they believe the U.S. government's ability to defend against the attacks is "poor" to "fair" at best.
About half said that they expect only minor policy changes to result from the recent appointment of Howard Schmidt as the new federal cybersecurity coordinator, while more than 40% admitted to spending very little time during the past year working on the Comprehensive National Cyber Security Initiative.
The CNCI is a multibillion-dollar effort that was launched during the Bush Administration to bolster the federal government's ability to detect and block cyberthreats.
The results underscore just how little the government has revealed about the scope of the cyber challenges it is facing, said Matt Mosher, vice president of sales at Scottsdale, Ariz.-based Lumension.
The fact that more than 30% of federal agencies and departments that deal with national security, including defense, foreign policy and homeland security, appear to have been attacked over the past year is revealing, Mosher said.
Equally significant is the relatively scant attention that apparently is being paid to key initiatives such as the CNCI, he said. "The government hasn't been doing a lot of public talking about the threat from foreign nations and the fact that a lot of it is already happening," he said.
Though there is growing awareness within the security industry about the massive scope of the problem, "the average public" has little to no awareness of the seriousness of the issue, he said.
"You would think there would be some action and some effort spent on these initiatives," given the current threat climate, he said. According to Mosher, respondents in the Lumension survey identified compliance-related issues, lack of resources and technology integration challenges as some of the biggest obstacles to implementing an effective cybersecurity strategy.
The results in the survey reflect the growing anxiety within the industry over cyberattacks emanating from overseas with the aim of stealing intellectual property, commercial trade secrets or government and military data.
Such attacks have been going on for several years now and have resulted in terabytes of data being systematically being siphoned out of the country by overseas adversaries, many of whom are believed to be state-sponsored.
Google Inc.'s disclosure in January that it was attacked by adversaries from China, and its subsequent scaling down of operations there, has given vent to the growing anxiety over the massive scope of the problem.
In the weeks since Google's disclosure, numerous high-profile individuals, including Director of National Intelligence Dennis Blair, former intelligence chief Mike McConnell and others, have warned about cyberattacks against the country growing at an unprecedented rate.
In a recent editorial in the Wall Street Journal, Sens. Jay Rockefeller (D-W.Va) and Olympia Snowe (R-ME) urged the country to prepare for a cyberwar and warned of catastrophic consequences if immediate action isn't taken to deal with the threat.
Some have cautioned against overhyping the situation and have insisted that what is going on is not really a cyberwar but cyber-enabled espionage and theft on a massive and growing scale.
Others, however, say that the attention being paid to the attacks is fully warranted and is the only way to get the government to respond to the situation with the urgency it requires.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- After Google-China dust-up, cyberwar emerges as a threat
- Targeted attacks test enterprise security controls
- Is the U.S. the nation most vulnerable to cyberattack?
- In cyberwar, who's in charge?
- Schmidt: Private sector key to stopping Google-style attacks
- Threat of cyberattacks from overseas high, federal IT execs say
- Estonia readies for the next cyberattack
- Think tank in Estonia ponders war in cyberspace
- Botnets 'the Swiss Army knife of attack tools'
- 'Cyber War' author: U.S. needs radical changes to protect against attacks
- Special report: Web giants attacked
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts