Government agencies lack well-defined responsibilities for cyber security.
WASHINGTON-A new report based on survey results of federal workers indicates the government is struggling to keep up with cyber threats and has problems understanding its own infrastructure and assets, according to govtech.com.
The report, titled The State of Cybersecurity from the Federal Cyber Executive Perspective, was released by KPMG and the International Information Systems Security Certification Consortium. The findings revealed that 59 percent of federal workers believe their agencies are having issues understanding how their own systems could be breached by a cyber attack, and 40 percent reported they were unaware of where their key assets were located.
A surprising 65 percent said they felt the government in general is not able to detect ongoing cyber attacks from outsiders.
Tony Hubbard, of KPMG said one of the fundamental issues that underlies the survey’s findings is accountability. This is frustrating chief information officers at the various agencies, according to Hubbard, because when something does happen, it is often not clear who is accountable.
Hubbard said, “It seems like any federal meeting you walk into that’s a cyber-related meeting, you get 50 people in the room who all have some aspect of responsibility, but it seems like a minority who actually feel like they’re accountable and empowered to do anything.”
In addition, Hubbard says when someone is assigned to be accountable for a particular area of responsibility, they are quite often not given the resources to make sure the job is properly done. In fact, according to the report, many within the multiple agencies don’t feel that cyber security is important.
When questioned for the survey, eight percent of IT personnel said they felt cyber security was unimportant or very unimportant, but when the question was posed to human resource personnel, the number jumped to 39 percent. Employees in the purchasing and procurement departments answered unimportant or very unimportant 41 percent of the time and, in communications and public relations, the same response was received from 48 percent of the respondents.
Hubbard asked, how can you solve the problem if one-third to one-half of won’t acknowledge everyone is responsible for the issue?
“There’s a strong belief that these types of issues can be solved through a variety of technologies … but it’s not really a technology problem,” continued Hubbard. “It’s a people issue. That was one of the overwhelming themes of the survey — that the biggest risk around cyber is people, but the counter to that is that the biggest asset is people.”
The report wrapped up by saying the struggle against cyber threats was not a sprint, but an everlasting marathon.