Threat of cyberattacks from overseas high, federal IT execs say
Survey finds majority saying they expect attack against critical infrastructure in the next year
Computerworld - A survey released Tuesday by Lumension Security Inc. highlighted growing fears among federal IT security officials of cyberattacks being launched against critical U.S. infrastructure targets by foreign adversaries in the near future.
Of about 200 IT security managers in civilian and noncivilian federal agencies surveyed, 61% said there was a "high" threat of an attack being launched by a foreign nation sometime in the next year.
About 33% of the respondents said their networks had experienced cyberattacks from overseas groups and terrorist organizations in the past year. The respondents included IT security officials at the Department of Defense and intelligence agencies
At the same time, more than four out of 10 respondents in the Lumension survey said that they believe the U.S. government's ability to defend against the attacks is "poor" to "fair" at best.
About half said that they expect only minor policy changes to result from the recent appointment of Howard Schmidt as the new federal cybersecurity coordinator, while more than 40% admitted to spending very little time during the past year working on the Comprehensive National Cyber Security Initiative.
The CNCI is a multibillion-dollar effort that was launched during the Bush Administration to bolster the federal government's ability to detect and block cyberthreats.
The results underscore just how little the government has revealed about the scope of the cyber challenges it is facing, said Matt Mosher, vice president of sales at Scottsdale, Ariz.-based Lumension.
The fact that more than 30% of federal agencies and departments that deal with national security, including defense, foreign policy and homeland security, appear to have been attacked over the past year is revealing, Mosher said.
Equally significant is the relatively scant attention that apparently is being paid to key initiatives such as the CNCI, he said. "The government hasn't been doing a lot of public talking about the threat from foreign nations and the fact that a lot of it is already happening," he said.
Though there is growing awareness within the security industry about the massive scope of the problem, "the average public" has little to no awareness of the seriousness of the issue, he said.
"You would think there would be some action and some effort spent on these initiatives," given the current threat climate, he said. According to Mosher, respondents in the Lumension survey identified compliance-related issues, lack of resources and technology integration challenges as some of the biggest obstacles to implementing an effective cybersecurity strategy.
The results in the survey reflect the growing anxiety within the industry over cyberattacks emanating from overseas with the aim of stealing intellectual property, commercial trade secrets or government and military data.
Such attacks have been going on for several years now and have resulted in terabytes of data being systematically being siphoned out of the country by overseas adversaries, many of whom are believed to be state-sponsored.
Google Inc.'s disclosure in January that it was attacked by adversaries from China, and its subsequent scaling down of operations there, has given vent to the growing anxiety over the massive scope of the problem.
In the weeks since Google's disclosure, numerous high-profile individuals, including Director of National Intelligence Dennis Blair, former intelligence chief Mike McConnell and others, have warned about cyberattacks against the country growing at an unprecedented rate.
In a recent editorial in the Wall Street Journal, Sens. Jay Rockefeller (D-W.Va) and Olympia Snowe (R-ME) urged the country to prepare for a cyberwar and warned of catastrophic consequences if immediate action isn't taken to deal with the threat.
Some have cautioned against overhyping the situation and have insisted that what is going on is not really a cyberwar but cyber-enabled espionage and theft on a massive and growing scale.
Others, however, say that the attention being paid to the attacks is fully warranted and is the only way to get the government to respond to the situation with the urgency it requires.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- After Google-China dust-up, cyberwar emerges as a threat
- Targeted attacks test enterprise security controls
- Is the U.S. the nation most vulnerable to cyberattack?
- In cyberwar, who's in charge?
- Schmidt: Private sector key to stopping Google-style attacks
- Threat of cyberattacks from overseas high, federal IT execs say
- Estonia readies for the next cyberattack
- Think tank in Estonia ponders war in cyberspace
- Botnets 'the Swiss Army knife of attack tools'
- 'Cyber War' author: U.S. needs radical changes to protect against attacks
- Special report: Web giants attacked
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Cybercrime and Hacking White Papers | Webcasts