Is cybersecurity underfunded? Many feds think so

Organization polls FOSE attendees

Ninety-four percent of government and related information technology professionals believe federal agencies and networks get attacked every day, but 47 percent believe their organization does not have the funding it needs to meet its security requirements, according to a poll of FOSE attendees at CDW-G’s presentation of its November 2009 Federal Cybersecurity Report. A further 27 percent were unsure whether they had the funding needed to support their cybersecurity efforts.

CDW-G polled the attendees directly on Wednesday. The survey respondents came from federal civilian agencies (16 percent), Defense Department( 42 percent) and state and local government (4 percent). Another 26 percent came from industry, and the remaining 12 percent were classed as "other"  in Wednesday’s FOSE session. In all, 50 people were polled. 

The top security issues:

  • Inappropriate employee activity andnetwork use (29 percent).
  • Malware (21 percent).
  • Lost passwords (18 percent).
  • Educating end-users 13 percent. 

The gateway through which attacks are coming through has shifted from email to the Web, said Bob Hansmann, senior product marketing manager of Blue Coat, an application delivery network provider. These threats often come from social networking sites, he said.

“Malware stays an average of two hours on a site, so your solution can’t be static,” Hansmann said.

Agencies also need to have just as many safeguards in place for mobile workers as those on the network, said Stan Oien, network and security specialist for CDW-G. However, security measures can’t be so draconian that employees can’t get their work done, Hansmann added.

The poll also asked respondents what they most need to improve their security. The top responses:

  • More employees dedicated to cybersecurity (40 percent).
  • Better and more widely enforced acceptable usage rules (35 percent).
  • Better technology tools (19 percent).

Findings from FOSE attendees were similar to CDW-G’s report, issued late in 2009, which surveyed 150 federal civilian and 150 DOD IT professionals. In that study, more than half of all federal agencies (54 percent) reported experiencing a cybersecurity incident at least weekly. The majority of respondents (80 percent) said the number of cybersecurity incidents had either stayed the same (36 percent) or increased (44 percent), with the severity of threats either remaining the same (54 percent) or increasing (31 percent).

The top three daily cybersecurity issues from the report: malware (33 percent), inappropriate employee activity/network use (25 percent) and remote user access (25 percent). End user education and forgotten/lost passwords were other obstacles, a top security issue for 44 percent of respondents (22 percent each). Data encryption was another top issue for 23 percent of respondents.

Remote/mobile computing and malware challenges are increasing, said report respondents. Sixty percent listed remote/mobile computing as an increasing security challenge, 49 percent said viruses, worms and spyware and 40 percent listed bots, key loggers and data minors as increasing challenges.

“These threats are ever-evolving. Security needs to be a forethought instead of an afterthought,” Oien said.

CDW-G’s Federal Cybersecurity Report is available at www.cdwg.com/fedcybersecurity.

About the Author

Kathleen Hickey is a freelance writer for GCN.

Reader Comments

Tue, Mar 30, 2010

It isn't just money. The technical know-how is simply not available in most agencies, other than maybe DOD, to recognize what is needed. We need to recruit the hackers and exploit their talents.

Fri, Mar 26, 2010 Bob Doenlson Washington DC

Where the money is spent and accountability for outcome appears to be the issue versus additional money! The reason I suggest education is evidenced by the number who suggest passwords being lost is a problem. All Federal Agencies are required to implement Identity and Credential Access Management(ICAM) Solutions enabled by their PIV Smart Cards, eliminating passwords. These solutions reduce the overall cost of access management. USDA and DOD are great examples of agencies complying. Services to implement an ICAM Solution are fairly economical. Most agencies still have the mentality of needing to develop solutions or to write a SOW directing the details of a solution that they do no understand. It is similar to buying electricity from a utility company. Agencies understand that Power Companies deliver electricity without anyone in the agency knowing how to build a power plant. The Business of Agencies partnering with Security personnel can achieve an improved security posture if they work together versus continuing to fund the silos!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above