Feds say virus threats keep them awake at night

Feds say virus threats keep them awake at night

Surveys











The GCN Reader Survey is intended to provide data on trends and product preferences. This survey on systems security is based on a telephone survey of 100 federal readers who on their subscription forms identified themselves as federal IT managers.

What's in a name? Code Red, Kournikova, Melissa, I Love You?

Whatever. To federal information technology managers, they're all names for malicious code, and that's what they worry about most, a GCN telephone survey on systems security found.

'Malicious infiltration'that's my biggest scare,' said Dianne Codina, an Energy Department computer specialist in Albuquerque, N.M.

Codina was among the 43 percent of managers surveyed who said viruses and other types of malicious code are the biggest threats to their networks.

Hackers are another worry for Codina, as they were for 25 percent of participants in the survey.

'That's another form of infiltrating your network,' she said. 'With the seriousness of the viruses and the hacking that's going on, I guess I'm getting pretty paranoid.'

'Viruses are a big problem,' agreed Heidi Golden, a systems administrator and analyst at Langley Air Force Base, Va.

Systems managers at Langley are generally prepared to deal with any malicious code threat, and the base's security policies are effective, she said.

'Our security awareness program seems to be working,' she said. 'But there's still the user who opens [a malicious attachment] and goes, 'Oh, no!' Then a lot of people are affected. But users are getting better' about following policies.

Big tech threat

About 18 percent of the managers we surveyed said user indifference or carelessness constitutes the biggest threat to their systems.

'Our biggest headache tends to be users who import files from their home computers or receive outside e-mail from newsgroups or various people,' said Mark Jensen, a Coast Guard telecommunications specialist in San Pedro, Calif.

'We've had some people who opened a virus even after we sent warnings throughout the network,' he added. 'We get people right out of boot camp who aren't familiar with the Coast Guard network. But we don't offer a lot of training. I think that's to our detriment.'

Teaching users the security basics is a key to reducing threats, he said.

'We need to educate them that the computer at the office is really not their personal computer,' he said. 'It belongs to the federal government, and all the information on it belongs to the federal government.'

More than half of feds surveyed, 57 percent, said their agency's security policies were effective.

But a substantial segment, 38 percent, deemed their security policies only somewhat effective.

Nearly all managers reported that their agencies have policies on password use.
Codina said the shortage of IT specialists hampered Energy's ability to enforce security policies and cope with threats.

'We're lacking the resources and the people to do [security] like a full-time job,' she said. 'We need the people to constantly monitor the network for infiltration, to load all those patches, to monitor all those servers. [Government] is downsizing, but they still keep expecting you to do all those things.'

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above