U.S. infrastructure at risk from sophisticated cyber attacks

Nearly three-quarters of federal IT decision-makers who work in national defense and security departments or agencies say the possibility is “high” for a cyber attack by a foreign nation in the next year, according to a Clarus Research Group survey. Additionally, a third of these respondents say they have already experienced such a cyber attack within the last year.

The survey of 201 federal IT decision-makers and influencers also identifies the growing volume and sophistication of cyber attacks as the top IT security risks facing federal IT in the coming year. Yet, more than half of those surveyed expect only minor policy changes as a result of the recently created federal cyber security coordinator position. Of federal IT personnel surveyed, 41 percent said they spent less than 10 percent of their time over the past year working on the Comprehensive National Cyber Security Initiative — and a solid majority, 62 percent, said they spent less than 25 percent of their time on it.

Key findings:

• 33 percent of respondents who work for departments or agencies affecting national security say they have experienced an attack by a foreign nation or terrorist organization in the last year
• 61 percent of respondents view the threat of a cyber attack from foreign nations against critical U.S. IT infrastructure in the next year as “high”
• 42 percent of respondents believe the U.S. government’s ability to prevent or handle these attacks is only fair or poor
• 64 percent of respondents identified the increasing sophistication and growth in the volume of cyber attacks as the number one IT security risk
• 49 percent of respondents believe that negligent or malicious insiders/employees are the largest IT security risk.

Only six percent of respondents rated the federal government’s overall ability to prevent or handle possible threats from cyber attacks on critical IT infrastructure in the U.S. as “excellent.” Difficulty integrating multiple technologies, aligning IT needs with department objectives and in complying with requirements were identified as the greatest challenges in managing IT security operations today. While the majority of respondents felt more confident in their level of IT security today versus a year ago, this was mainly due to improved IT security technology, collaboration between IT operations and security and internal compliance and audit requirements. However, increasing audit burdens and a lack of resources were identified as major challenges in meeting ongoing compliance requirements.

In addition, the introduction of new technologies, such as application whitelisting, whole disk encryption and device control for removable media, were identified as having an anticipated expanded use within federal IT environments. According to the survey, 76 percent of federal IT professionals expect an increased use of virtualization technology; 57 percent expect an increase in cloud computing; 63 percent say they will increase their use of social networking; and 66 percent will increase use of mobile platforms, all within the next year.

According to the survey results, federal IT decision-makers expect that over the next few years there will continue to be a growing threat to America’s critical IT infrastructure from foreign entities and terrorist organizations. Survey respondents also view compliance as a double-edged sword: on the one hand, it helps IT departments acquire additional resources that can be used to enable new security technologies, but is also placing a growing strain on departmental resources through increasing audit burdens.