Threat of cyberattacks from overseas high, federal IT execs say

Survey finds majority saying they expect attack against critical infrastructure in the next year

A survey released Tuesday by Lumension Security Inc. highlighted growing fears among federal IT security officials of cyberattacks being launched against critical U.S. infrastructure targets by foreign adversaries in the near future.

Of about 200 IT security managers in civilian and noncivilian federal agencies surveyed, 61% said there was a "high" threat of an attack being launched by a foreign nation sometime in the next year.

About 33% of the respondents said their networks had experienced cyberattacks from overseas groups and terrorist organizations in the past year. The respondents included IT security officials at the Department of Defense and intelligence agencies

At the same time, more than four out of 10 respondents in the Lumension survey said that they believe the U.S. government's ability to defend against the attacks is "poor" to "fair" at best.

About half said that they expect only minor policy changes to result from the recent appointment of Howard Schmidt as the new federal cybersecurity coordinator, while more than 40% admitted to spending very little time during the past year working on the Comprehensive National Cyber Security Initiative.

The CNCI is a multibillion-dollar effort that was launched during the Bush Administration to bolster the federal government's ability to detect and block cyberthreats.

The results underscore just how little the government has revealed about the scope of the cyber challenges it is facing, said Matt Mosher, vice president of sales at Scottsdale, Ariz.-based Lumension.

The fact that more than 30% of federal agencies and departments that deal with national security, including defense, foreign policy and homeland security, appear to have been attacked over the past year is revealing, Mosher said.

Equally significant is the relatively scant attention that apparently is being paid to key initiatives such as the CNCI, he said. "The government hasn't been doing a lot of public talking about the threat from foreign nations and the fact that a lot of it is already happening," he said.

Though there is growing awareness within the security industry about the massive scope of the problem, "the average public" has little to no awareness of the seriousness of the issue, he said.

"You would think there would be some action and some effort spent on these initiatives," given the current threat climate, he said. According to Mosher, respondents in the Lumension survey identified compliance-related issues, lack of resources and technology integration challenges as some of the biggest obstacles to implementing an effective cybersecurity strategy.

The results in the survey reflect the growing anxiety within the industry over cyberattacks emanating from overseas with the aim of stealing intellectual property, commercial trade secrets or government and military data.

Such attacks have been going on for several years now and have resulted in terabytes of data being systematically being siphoned out of the country by overseas adversaries, many of whom are believed to be state-sponsored.

Google Inc.'s disclosure in January that it was attacked by adversaries from China, and its subsequent scaling down of operations there, has given vent to the growing anxiety over the massive scope of the problem.

In the weeks since Google's disclosure, numerous high-profile individuals, including Director of National Intelligence Dennis Blair, former intelligence chief Mike McConnell and others, have warned about cyberattacks against the country growing at an unprecedented rate.

In a recent editorial in the Wall Street Journal, Sens. Jay Rockefeller (D-W.Va) and Olympia Snowe (R-ME) urged the country to prepare for a cyberwar and warned of catastrophic consequences if immediate action isn't taken to deal with the threat.

Some have cautioned against overhyping the situation and have insisted that what is going on is not really a cyberwar but cyber-enabled espionage and theft on a massive and growing scale.

Others, however, say that the attention being paid to the attacks is fully warranted and is the only way to get the government to respond to the situation with the urgency it requires.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at  @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon