How Committed are Feds to Cybersecurity?IT Security Pros Question Gov't IT Security Effort
An early analysis of responses to GovInfoSecurity.com's State of Government Information Security survey suggests that many government IT security managers and professionals don't think so.
Indeed, many of the early responses show a healthy amount of skepticism about government cybersecurity efforts. A word of caution: the survey remains open, and the final results could change by the time we present our findings at RSA Conference 2011, the popular IT security convention in San Francisco later this month. We'll provide a series of analytical reports on the survey findings once we evaluate the final results.
Still, many of the responses have been consistent as the number of survey takers with government IT security management, operations and technical responsibilities grows. Among consistent themes found in our preliminary analysis:
- Need to create a federal cybersecurity leadership post with budgetary authority.
- Skepticism over cloud computing's adequacy to secure data, even on a private cloud.
- Likelihood of a major breach at respondents' agencies within the next 12 months.
- Dearth of IT security pros to hire, and that fact putting government IT systems at risk.
The survey also asks: How free are you to speak publicly about your agency's non-sensitive incidents and processes? So far, a clear majority say they feel muzzled.
One hopeful sign: The move to continuous monitoring of IT systems should improve government IT security.
We intentionally are not providing specific percentages now because of the possibility of changes in the results when they are finalized. Yet, many responses remain consistent in the nearly two weeks the survey has been open.
If you're directly involved in federal, state, local, tribal or regional government IT security in the United States, there's still time to take the State of Government Information Security survey.