To foment a sense of urgency regarding government spending on information security, the Business Software Alliance said last week that the majority of IT security professionals believe there will be a major cyber-attack against the government in the next 12 months.
In a survey of 395 IT professionals in early June, the alliance did not seek any underlying rationale for the respondents opinions, which could be based on anything from raw fear to financial self-interest to information that they have and we dont. However, the organization maintained that information security professionals are best positioned to assess the risk to government networks.
"I think the important thing is that [the survey respondents] are doing this for a variety of reasons," Robert Holleyman, president and CEO of the BSA, said upon releasing the survey results. "Theyre living and breathing these issues every day."
Despite the Bush Administrations projected massive increase in IT spending over the coming year and the appointment of a cyber-security "tsar," the industry is concerned about sustaining enough momentum to ensure that more resources are allocated to defending the countrys data networks. More than a third of the participants in the BSA survey said that the gap between the threat of a major cyber attack and the governments ability to defend against it has increased since Sept. 11.
"The temperatures been rising, but people arent jumping," said Bill Conner, chairman and CEO of Entrust. "We are at war. We do need to move at war speed."
The BSA recommended last week that to minimize the impact of cyber-attacks, the public and private sectors must accelerate their collaborative efforts. In particular, private companies must disclose more information about the vulnerability of their networks. "Two-thirds of all companies are not reporting or disclosing cyber-attacks or breaches," Conner said.
Additionally, the government must ramp up its resources dedicated to cyber-security and increase partnerships with industry to deploy security technologies on a schedule reminiscent of the Y2K computer initiatives, the alliance said. In short, federal agencies need to spend more money on security technologies faster.
However, regardless of the governments response, cyber-attacks on either public or private networks cannot be prevented altogether, Conner said.
"Major cyber-attacks are going to happen," he said. "Our recommendations start to give a prescription to get from awareness to understanding to action. They would certainly reduce the implications and the impact of attacks."
- Federal IT Integration Takes Shape
- Joining Forces for Homeland Security
- Va. Universities Head Security Project
- Hackers Attack Public, Private Sectors