Government Is the Biggest Cybersecurity Threat
Reports show federal agencies are unprepared for hackers and pending legislation won’t help much.
Government workers see their own agencies as a bigger cybersecurity threat than hackers from China or Russia, according to a new survey.
The Obama administration has worked to boost the networks of the federal government, which have endured a string of data breaches in recent years, including theÂ massive theft of information on an estimated 21.5 million federal employees or job applicants from the databases of the Office of Personnel Management. The hack is thought to have originated in China, but the biggest threat is in Washington, D.C., according to a new survey of federal IT workers sponsored by Hewlett-Packard and conducted by the Ponemon Institute.
The biggest threat to federal cybersecurity is â€œthe negligent insiderâ€ at an agency who fails to take enough precautions while using or protecting government networks, according to 44 percent of federal workers responding to the survey. Only 30 percent of respondents stated that nation-state hackers were the primary threat, according to the survey. Hacks known as â€œzero-day attacks,â€Â so-called because they have never been used publicly, and mistakes by third-party government contractors each tallied 36 percent as the primary threat among respondents.
Federal government workers recognized in the survey that their agencies are unprepared for hacks and that they need more skilled programmers to help secure networks. Forty-one percent of federal workers rated their agencyâ€™s ability to prevent a hack as very high, whileÂ 46 percent rated their agencyâ€™s ability to detect a hack quickly as very high. Lack of skilled personnel was ranked by a majority of 53 percent of federal IT workers as the biggest challenge to cybersecurity within federal agencies.
Indeed, Defense Secretary Ash Carter has been reaching out to Silicon Valley in recent months trying to attract more programmers to do cybersecurity work for the government, rather than join a private sector that often pays better. Federal IT workers lost one of their leaders on Wednesday whenÂ Ari Schwartz resigned from his post as senior director for cybersecurity policy at the White House’s National Security Council, telling NextGov â€œit was time to move on.â€
The new Ponemon survey matches research published on Tuesday by the Government Accountability Office, when the government watchdog said 15 to 24 federal agencies had â€œpersistent weaknessesâ€ in cybersecurity in the 2013 and 2014 fiscal years. At least 22 agencies reported problems including protecting access to computer servers and implementing security management programs.
The Obama administration has urged lawmakers for years to tackle these problems by passing comprehensive cybersecurity legislation, but many efforts have failed. The Senate is expected as early as next week to debate a bill known as the Cybersecurity Information Sharing Act, which has already passed the House and aims to boost information sharing on hacker threats between businesses and government.
Information sharing, however, has been mostly ineffective at protecting networks, IT workers said in the Ponemon survey.
Cybersecurity threat information sharing between the government and the private sector is â€œonly somewhat effective or not effectiveâ€ according to 57 percent of federal governmentÂ respondents, and 70 percent of respondents from state and local agencies.
The Constitution Project advocacy group has also said in a statement that observing â€œcyberhygieneâ€ would be a better solution than granting companies greater legal protection for sending the government data about threats to business networks.Â The American Civil Liberties Union is also among the privacy advocates concerned that the bill would allow sharing of unnecessary consumer data and enable broader government surveillance.
During a speaking event hosted on Thursday by The Washington Post, Rep. Adam Schiff of California, the ranking Democrat on the House Permanent Select Committee on Intelligence, said information sharing legislation is â€œon a very short list of things we can get done this year.â€
Voters are taking notice of cybersecurity as a campaign issue as more information emerges on the scope of the recent OPM data breach. A majority of registered voters said that they want presidential candidates to talk more about cybersecurity, according to a poll published on MondayÂ in Morning Consult. Voters aged 65 or older were the most adamant, as 69 percent wanted more cybersecurity dialogue, compared with the average of 49 percent who want it discussed more during the campaign, according to the survey.