Federal CISOs: Bad Economy Could Create VulnerabiltiesGovernment security pros focused on external threats
Grant Gross, IDG News Service
Many U.S. government chief information security officers (CISOs) believe the nation's recent recession could hurt their ability to do their jobs, according to a survey released Thursday.
But federal CISOs see some opportunities in the difficult economic times, with 48 percent of those responding saying the economy will make it easier to retain key security workers. Forty-three percent said the recession will create more vulnerabilties, according to the survey, by Cisco Systems, Government Futures and the International Information Systems Security Certification Consortium, or (ISC)2.
The survey didn't ask for details about why CISOs feel the bad economy could create more vulnerabilties, but it seems that federal CISOs are concerned about their budgets and about IT vendors not patching their software as often as in the past, said Lynn McNulty, (ISC)2's director of government affairs.
There seemed to be concern that government cybersecurity efforts "would not be viewed as economic stimulus," McNulty said. "I'm sure there are feelings out there that they're having to compete for resources when the emphasis is being put on financial institutions and money that will ... create jobs."
Thirty-three percent of the respondents said they were concerned that financial pressure could lead vendors to push products to market too quickly, making the products less reliable.
Asked about the biggest threats, 48 percent of federal CISOs identified outsider threats as their main concern, apparently contrasting with some cybersecurity companies that say insider threats are the biggest problem of many companies. Just 26 percent of government CISOs identified insider threats as their biggest threat, and another 26 percent said vulnerable software was the biggest problem.
Insider threats have also been a major cause for concern among U.S. lawmakers, as federal employees have lost hundreds of laptops, including the high-profile theft of a laptop and hard drive containing the personal information of 26.5 million military veterans and family members from the home of a U.S. Department of Veterans Affairs employee in May 2006.
But federal agencies may have experienced a larger number of attacks from foreign hackers, McNulty said. "I think the numbers reflect what the CISOs are having to deal with," he added. "The people who were surveyed are the ones having to grapple with that on a daily basis."
Federal CISOs may be facing more organized and sophisticated attacks than many private companies, McNulty added.
"My perception is that the threat against the federal government goes far beyond what we see in the financial sector," added David Graziano, manager for federal security solutions at Cisco Systems.
The survey also found CISOs divided about whether the U.S. government has made lasting progress against cyber vulnerabilities. About half said they believe the U.S. government is making progress but is still "not getting ahead of the attackers." The other half said they believe "we are turning the corner."