Cyber-Security: Getting a Grip

October 8, 2002 By Jim McKay

In April, an FBI poll of some 500 government agencies and corporations revealed that more than 90 percent detected some form of security breach within the last year. The study suggested that computer attacks are common, are often not reported when detected, and that such breaches pose a significant threat to the enterprise.

The IPC cyber security panel of 17 participants from state, local and federal government agencies and private corporations discussed the issue and, for the most part, agreed with the FBI study findings. They also discussed strategies that need to be implemented to guard against future attacks, some of the barriers to those strategies, and how those barriers could be overcome.

Lack of Awareness

The panel concluded that as cyber attacks become more sophisticated and the risks continue to rise, state and local government agencies continue to fall behind in their efforts to combat computer crime. The reasons for this vary but include a lack of awareness and understanding of sophisticated threats and a lack of governance over security issues, including standards, policies and more.

Not surprisingly, the panel thought the core of the problem is a lack of funding, which stems from a lack of understanding. One panel member said that because of the Y2K threat that never materialized, cyber security is being written off as "alarmist" and funding is difficult to obtain.

Others agreed, saying that it is sometimes difficult to convince officials of the need for increased security because of an inability to demonstrate a return on investment. "They say 'you were wrong about Y2K, why should we spend money on this?' And so we don't have a plan," one panel member said.

A key to solving this problem is educating those who call the shots. "Educate the politicians, they make the decisions."

Education, though, should not be limited to just policy makers. "The security staff is oftentimes not as smart as the people they're trying to stop," one panel member said. One common problem that results from this lack of education is that "everyone thinks he's an expert," and that causes raging debates, according to another source. "We don't have enough skilled security practitioners."

What's needed to help solve these and related issues, said panelists, is some governance or authority over security issues, policies and procedures. A common refrain regarding this issue is the need for centralization - the need for a central point or body in the organization to determine best practices or "targets" for the enterprise. "Somebody has to stand up and say 'this is what you need to do.'"

Barriers

The barriers to effective cyber-security countermeasures, as detailed by the panel, include:

You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Cyber-Security-Getting-a-Grip.html

| More

Comments

Add Your Comment

Name *

Comment *

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

Latest From Security

GovTech Papers and Case Studies View Library

Follow @govtechnews

Government Best Practices

Accelerate and Protect Your eLearning Initiatives With Akamai’s Cloud Based Intelligent Platform

IDC: Delivering Customer Value with Enterprise Flash Deployments

The Legacy Play

Five Myths of Cloud Computing

Secure Access to Your Data in a Bring-Your-Own-Device (BYOD) World

Disaster Recovery

Big Data, Big Promise

Protecting Government and Citizen Data

Virtualizing the Government Desktop

Service Virtualization: Streamlining Development of Complex Applications

Uncovering Costs in Towing and Impound Services

Mobile Government: Getting your employees the right tools for the job

Secure Mobile Productivity

Collaborative Video Solutions in Healthcare

Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration

Most Viewed

This Section | Whole Site

Most Commented

Site Reveals Salaries of New York State Employees, Other State Financial Data

"Under the current mayor all NYC agencies increased the number of overpaid managers and their salarie"
Washington State Courts Office Suffers Data Breach

"Yep, I'm sure they do regret this breach has occurred. Once again, SS #'s being used for something o"

Collaboration for the Public Sector

Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration
This issue brief examines video collaboration in every stage of the human justice process, demonstrating how this technology can not only make services more efficient, affordable, and accessible.