MeriTalk announced the findings of the “Cyber Comedy” study in partnership with the annual CES Government Conference. Based on surveys of average Americans and Federal CISOs, the cyber security pros guarding our government, the study questions the effectiveness of the Federal government’s $27.1 billion investment in cyber security since 2004.
It shows Americans and CISOs believe cyber threats are increasing, but reveals that while the public frets about identity theft, the Feds lose sleep over ongoing state-sponsored attacks from China and Russia, as well as attacks against our nation’s critical infrastructures. The study provides perspective for the new administration’s cyber policy as the nation prepares to spend $7.2 billion on cyber security in 2009.
Here’s what’s funny
The points of alignment and convergence between the two audiences are insightful and alarming. Both the public and CISOs assert that the cyber threat is increasing, 59 percent and 87 percent, respectively. However, 93 percent of CISOs say that the public does not have a clear understanding of the cyber threat. Some 87 percent of CISOs report an increase in cyber incidents in the last year. Only 11 percent of the public believes that the government is addressing cyber threats effectively.
No laughing matter
At the same time, Americans are looking to the Federal government for information and guidance. Fifty percent of public respondents want alerts on cyber threats and appropriate remedies, 38 percent want a clear understanding of what the threats are, and 32 percent want one place to go to get the latest information. This stands in contrast to the performance of the Department of Homeland Security National Cyber Alert System. None of the 494 public respondents have signed up to this free national cyber alerting that launched in January 2004. Of note, CISOs assert that the next administration should take a “straight-man” approach to public communication on cyber issues, with nearly 87 percent calling for improved alerts and cyber protection initiatives and nearly 73 percent calling for improved public education.
But seriously now
As 93 percent of CISOs assert that the public does not have a clear understanding of the cyber threat – and these CISOs rate the current threat level at eight on a scale of 10 – our cyber defenders provide insight on the hidden international cyber war. Asked about the source of the most serious cyber threats in 2008, CISOs rated state-sponsored cyber warfare programs as the biggest threat. They note that Chinese and Russian state-sponsored cyber forces present the greatest threat to the United States. Nearly 29 percent of CISOs assert that the biggest cyber security threat to the United States in the next four years will come from uniformed soldiers.
A recent Government Accountability Office (GAO) report backs up the CISOs’ outlook. Despite significant Federal funding for cyber security – nearly $7.2 billion in fiscal 2009 – the nation is underprepared to anticipate and defeat cyber attacks, according to the GAO. Until a better system is developed for identifying cyber attacks and vulnerabilities, the nation’s critical infrastructure will remain at risk, GAO reports.