Government Is the Biggest Cybersecurity Threat

Seven in ten Americans say crime is rising in US: Gallup

WASHINGTON: Seven in 10 Americans say there is more crime in the US now than there was 12 ...

Learn more

Reports show federal agencies are unprepared for hackers and pending legislation won’t help much.

Government workers see their own agencies as a bigger cybersecurity threat than hackers from China or Russia, according to a new survey.

The Obama administration has worked to boost the networks of the federal government, which have endured a string of data breaches in recent years, including the massive theft of information on an estimated 21.5 million federal employees or job applicants from the databases of the Office of Personnel Management. The hack is thought to have originated in China, but the biggest threat is in Washington, D.C., according to a new survey of federal IT workers sponsored by Hewlett-Packard and conducted by the Ponemon Institute.

The biggest threat to federal cybersecurity is “the negligent insider” at an agency who fails to take enough precautions while using or protecting government networks, according to 44 percent of federal workers responding to the survey. Only 30 percent of respondents stated that nation-state hackers were the primary threat, according to the survey. Hacks known as “zero-day attacks,” so-called because they have never been used publicly, and mistakes by third-party government contractors each tallied 36 percent as the primary threat among respondents.

Figure 8. What are the top 5 security threats that affect your organization?

Federal government workers recognized in the survey that their agencies are unprepared for hacks and that they need more skilled programmers to help secure networks. Forty-one percent of federal workers rated their agency’s ability to prevent a hack as very high, while 46 percent rated their agency’s ability to detect a hack quickly as very high. Lack of skilled personnel was ranked by a majority of 53 percent of federal IT workers as the biggest challenge to cybersecurity within federal agencies.

[READ: OPM Fingerprint Revelations Add Tension to China Visit]

Indeed, Defense Secretary Ash Carter has been reaching out to Silicon Valley in recent months trying to attract more programmers to do cybersecurity work for the government, rather than join a private sector that often pays better. Federal IT workers lost one of their leaders on Wednesday when Ari Schwartz resigned from his post as senior director for cybersecurity policy at the White House’s National Security Council, telling NextGov “it was time to move on.”

The new Ponemon survey matches research published on Tuesday by the Government Accountability Office, when the government watchdog said 15 to 24 federal agencies had “persistent weaknesses” in cybersecurity in the 2013 and 2014 fiscal years. At least 22 agencies reported problems including protecting access to computer servers and implementing security management programs.

Number of agencies within certain information system controls audit manual control areas

The Obama administration has urged lawmakers for years to tackle these problems by passing comprehensive cybersecurity legislation, but many efforts have failed. The Senate is expected as early as next week to debate a bill known as the Cybersecurity Information Sharing Act, which has already passed the House and aims to boost information sharing on hacker threats between businesses and government.

Information sharing, however, has been mostly i
neffective at protecting networks, IT workers said in the Ponemon survey.

Cybersecurity threat information sharing between the government and the private sector is “only somewhat effective or not effective” according to 57 percent of federal government respondents, and 70 percent of respondents from state and local agencies.

[ALSO: This Map From Norse Depicts Hacking in Real Time]

The Constitution Project advocacy group has also said in a statement that observing “cyberhygiene” would be a better solution than granting companies greater legal protection for sending the government data about threats to business networks. The American Civil Liberties Union is also among the privacy advocates concerned that the bill would allow sharing of unnecessary consumer data and enable broader government surveillance.

During a speaking event hosted on Thursday by The Washington Post, Rep. Adam Schiff of California, the ranking Democrat on the House Permanent Select Committee on Intelligence, said information sharing legislation is “on a very short list of things we can get done this year.”

Should 2016 candidates be talking more, less or the same about the issue of cybersecurity?

Voters are taking notice of cybersecurity as a campaign issue as more information emerges on the scope of the recent OPM data breach. A majority of registered voters said that they want presidential candidates to talk more about cybersecurity, according to a poll published on Monday in Morning Consult. Voters aged 65 or older were the most adamant, as 69 percent wanted more cybersecurity dialogue, compared with the average of 49 percent who want it discussed more during the campaign, according to the survey.

U.S. Says Four Million People Affected by Cyber Breach


Seven in ten Americans say crime is rising in US: Gallup

WASHINGTON: Seven in 10 Americans say there is more crime in the US now than there was 12 ...

Learn more