IT Pros Living in Fear of Major Cyber-Attack

BSA survey: security experts see U.S. Government as quarry.

To inculcate a sense of urgency about government spending on information security, the Business Software Alliance last week said most IT security professionals believe there will be a major cyber-attack against the government in the next 12 months.

In its survey of 395 IT professionals early last month, the alliance did not seek an underlying rationale for the respondents opinions, which could be based on anything from fear to financial self-interest to information they have and others dont. However, the organization said information security professionals are best-positioned to assess the risk to government networks.

"I think the important thing is that [the survey respondents] are doing this for a variety of reasons," Robert Holleyman, president and CEO of the BSA, said at the E-Gov conference in Washington, upon releasing the survey results. "Theyre living and breathing these issues every day."

Despite the Bush administrations projected massive increase in IT spending over the coming year and the appointment of a cyber-security czar, the industry is concerned about sustaining enough momentum to ensure that more resources are allocated to defending the countrys data networks. More than a third of the participants in the BSA survey said the gap between the threat of a major cyber-attack and the governments ability to repel it has increased since Sept. 11. "The temperatures been rising, but people arent jumping," said Bill Conner, chairman and CEO of Entrust Inc., at the conference. "We are at war. We do need to move at war speed."

The BSA recommended last week that to minimize the impact of cyber-attacks, the public and private sectors must accelerate their collaborative efforts. In particular, private companies must disclose more information about the vulnerability of their networks. "Two-thirds of all companies are not reporting or disclosing cyber-attacks or breaches," Conner said.

In addition, the government must ramp up its resources dedicated to cyber-security and increase partnerships with industry to deploy security technologies on a schedule reminiscent of the Y2K computer initiatives, the alliance said. In short, federal agencies need to spend more money faster on security technologies.

However, regardless of the governments response, attacks on networks cannot be prevented altogether, Conner said. "Major cyber-attacks are going to happen," he said. "Our recommendations start to give a prescription to get from awareness to understanding to action. They would certainly reduce the implications and the impact of attacks."

"Everyones doing what they can to take advantage of the insecurities out there," said Jason Thomas, staff economist at Citizens for a Sound Economy, in Washington. "By creating alarm, you can stimulate demand for products. I think its basically scare tactics. In this political climate, the likelihood that theyre going to overspend on IT is very great."