Biggest threats to federal systems and critical infrastructure
E-Government initiatives aimed at modernizing federal information systems are fraught with risk, according to a new study sponsored by CA and conducted by the Ponemon Institute, Cyber Security Mega Trends: Study of IT leaders in the U.S. federal government.
The study surveyed 217 senior-level IT executives employed by various U.S. federal agencies to identify significant areas of risk to information security associated with government efforts to adopt new technologies such as cloud computing, virtualization, mobile devices, and Web 2.0 tools such as collaboration and social networking applications, blogs and wikis.
According to them, the most significant threats to confidential data, proprietary government systems, and the nation’s critical infrastructure are as follows:
- 79 percent of respondents see the rise in the use of collaboration tools as significantly increasing the storage of unstructured data sources that contain confidential or sensitive information that is not adequately protected or secured
- 71 percent of respondents believe that cyber terrorism is on the rise and this trend poses a very serious threat to the protection of proprietary systems as well as U.S. critical infrastructure
- 63 percent see the mobility of the government workforce as contributing significantly to endpoint security risks as a result of a plethora of insecure mobile data-bearing devices that are susceptible to malware infections and botnet attacks
- 52 percent of respondents say that Web 2.0 applications such as social networking, social messaging, blogging and wikis contribute to the leakage of confidential or sensitive information as well as the susceptibility to malware and botnet attacks.
Other mega trends that exacerbate security risks in the U.S. federal government according to government IT executives include: a continued rash of data breach incidents (40 percent), virtualization technologies (44 percent), rise in the usage of cloud computing resources and applications (39 percent), outsourcing to third-parties (34 percent), and use of open source applications (18 percent).
Thirty-five percent of respondents said their department’s networks had been victimized by an unauthorized infiltrator one or more times over the past 12 months. Another 38 percent of respondents were unsure about possible unauthorized intrusions.
In addition to the above, respondents to the survey reported that the targets representing the most serious threats to data security were wireless devices (57 percent), endpoints (35 percent), networks (29 percent), databases (25 percent), applications (12 percent), paper documents (11 percent), and off-line devices (6 percent).