IT Security Could Benefit from Public-Private Collaboration, Survey Says

State and local government agencies need to catch-up with the federal government and private sector in the realm of information security.

by / June 13, 2008

State and local government agencies need to catch-up with the federal government and private sector in the realm of information security, according to a survey by antivirus and security vendor Symantec and Dell Inc. The study also suggests all three sectors should collaborate to enhance information security.

The 2008 Critical Connections study, released on June 2, surveyed 600 IT respondents - 200 from state and local government, 200 from federal government and 200 from the private sector - to gauge opinions about their information-security capabilities and their views of a federal initiative to enhance these capabilities.

Statistics from the study include:
o When asked to rate their IT security level on a scale from one to 10, 52 percent of state and local respondents rated their agencies with an eight, nine or 10, compared to 58 percent with the same rating in the private sector and 77 percent in federal government;
o 32 percent of state and local respondents said their agencies conducted cyber-security preparedness exercises, compared to 39 percent in the private sector and 63 percent in federal government;
o 38 percent of state and local respondents said they have automated threat and vulnerability reporting, compared to 44 percent in the private sector and 64 percent in federal government;
o 50 percent of state, local and private-sector respondents said they shared data within their peer group, compared to 75 percent in federal government;
o 34 percent of state and local respondents said mobile security is a critical issue, compared to 51 percent in the private sector and 52 percent in federal government;
o Only 24 percent of state and local respondents plan to increase spending on mobile security efforts in 2008, compared to 37 percent in the private sector and 27 percent in federal government;
o 48 percent of state and local respondents, 59 percent of private-sector respondents and 68 percent of federal respondents said there's a need for increased public-private collaboration;
o Less than 50 percent of federal respondents said they reported threat incidents to the private sector or state and local government;
o Less than 50 percent of private-sector respondents said they reported threat incidents to federal or state and local government.

John McCumber, public-sector strategic programs manager for Symantec, said there is growing demand for threat and vulnerability data, particularly among smaller organizations.

"We're seeing them specifically asking for threat data or they're specifically looking to the federal government to help them to distill this information and to provide it to their agencies and organizations," he said. "In order for these smaller organizations to be able to have effective information security, they need to have empirical threat data."

However, the study suggests that survey respondents had little understanding of the National Cyber Security Initiative, a federal government initiative released in January. The initiative's goals include increasing the integrity of federal networks and consolidating federal Internet connections.

At least 70 percent of respondents in each category said the initiative will have a positive impact, but less than 13 percent of respondents in each category said having a "common cyber-security operating picture" was the initiative's chief objective.

Symantec unveiled the survey results at the fourth annual Government Forum of Incident Response and Security Teams (GFIRST) National Conference that was held June 1-6 in Orlando, Fla. The GFIRST is composed of professionals responsible for securing government IT system

 

Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.

Platforms & Programs