While sophisticated attacks topped the list of threats keeping government IT staffs awake at night, negligent insiders were also high on the list, Cisco found in a recent survey.
government IT and cyber-security professionals are worried about sophisticated
threats and the level of visibility they have in their networks, Cisco found in
a recent online survey. Many of the professionals are seeing the cloud as a way
to improve security while reducing costs.
behavior, increasingly sophisticated cyber-threats and lengthy IT processes top
the list of cyber-security concerns by federal agencies, according to the
results of a Cisco report released Sept. 14. The "Federal Cyber-Security
Study" explored the security challenges faced by the IT staffs in the
staffs remain concerned about trust within their departments, the survey found.
Nearly two-thirds of the respondents said the greatest risks in the next 12
months will likely come from sophisticated attacks, "negligent use of
data" by internal personnel and increased activity on social media sites.
trust, visibility and resilience is "critical" to improving an
agency's cyber-security posture, regardless of whether the focus is on
"building clouds, securing networks or managing information technology
procurements," said Bill Cooper, director of cyber-security programs at
70 percent of staffs are concerned about the increasingly sophisticated nature
of cyber-attacks. Nearly half of the staffs surveyed said their agency had
experienced at least one phishing attack in the past 12 months, the survey
or loss of computers, mobile devices and other portable media was the second
most common cyber-incident, at 32 percent, followed by denial of service
attacks and data infiltration, at 18 percent and 15 percent, respectively. The
respondents felt there needs to be more visibility into the networks to secure
their agency, and only half said they have a clear picture of all network
visibility would allow agencies and departments to identify "hot
spots," find and fix vulnerabilities, and improve response times. About 65
percent felt education and training would be most useful to address
cyber-security challenges. Approximately 58 percent said network intrusion
detection capabilities would be useful, and 51 percent felt maintaining
situational awareness is important.
light of looming budget cuts, respondents said they plan to invest in networks
and people to fight off cyber-threats. Half of the respondents said they plan
to invest in ways to identify system vulnerabilities, and 37 percent plan to
increase training. Another 32 percent plan to develop threat-resistant
networks, although it was not clear from the study what technology or processes
were meant by that.
than half of agency staffs felt it takes too long to gain approval to purchase
and deploy the technology necessary to protect networks. A similar number of
staff felt budget cuts are negatively impacting their cyber-security goals.
"decision makers and implementers" in the study said shifting
operations to the cloud will improve security capabilities and reduce threats,
especially since the physical infrastructure is getting old and needs to be
replaced. The cloud would deliver "trust and visibility" while
reducing costs and increasing resilience, according to the report's authors.
40 percent are planning to shift to a "Cloud First" policy, while 25
percent of the respondents are discussing the shift. About 16 percent have
completed the shift, and another 16 percent are planning to shift to
"Cloud First," according to the report.
First was first announced by former United States CIO Vivek Kundra in 2010. The
initiative specified that all agencies must move at least one system to a
hosted environment in 2011.
online survey collected information from 200 government IT, cyber-security and
network professionals representing federal, civilian and independent agencies,
the Department of Defense and all branches of the military, intelligence
agencies, government contractors, the judiciary and Congress.