The IPC cyber security panel of 17 participants from state, local and federal government agencies and private corporations discussed the issue and, for the most part, agreed with the FBI study findings. They also discussed strategies that need to be implemented to guard against future attacks, some of the barriers to those strategies, and how those barriers could be overcome.
Lack of Awareness
Not surprisingly, the panel thought the core of the problem is a lack of funding, which stems from a lack of understanding. One panel member said that because of the Y2K threat that never materialized, cyber security is being written off as "alarmist" and funding is difficult to obtain.
Others agreed, saying that it is sometimes difficult to convince officials of the need for increased security because of an inability to demonstrate a return on investment. "They say 'you were wrong about Y2K, why should we spend money on this?' And so we don't have a plan," one panel member said.
Education, though, should not be limited to just policy makers. "The security staff is oftentimes not as smart as the people they're trying to stop," one panel member said. One common problem that results from this lack of education is that "everyone thinks he's an expert," and that causes raging debates, according to another source. "We don't have enough skilled security practitioners."
What's needed to help solve these and related issues, said panelists, is some governance or authority over security issues, policies and procedures. A common refrain regarding this issue is the need for centralization - the need for a central point or body in the organization to determine best practices or "targets" for the enterprise. "Somebody has to stand up and say 'this is what you need to do.'"
Barriers
The barriers to effective cyber-security countermeasures, as detailed by the panel, include:
