Should government officials complete basic cyber security training?

Venafi announced the results of a survey of 515 IT security professionals’ views on the cyber security literacy of government officials. The survey was conducted August 4-9, 2018, at the Black Hat conference in Las Vegas.

According to the survey, eighty-eight percent of respondents believe all government officials should be required to complete a basic cyber security training course. In addition, sixty-six percent believe governments should not be able to force technology companies to grant them access to encrypted user data.

“Over the last several months, we’ve seen government officials from across the globe propose dangerous surveillance laws and protocols,” says Jeff Hudson, CEO of Venafi. “For example, the Five Eyes international alliance has been consistently pushing for mandated encryption backdoors into private technology devices. They don’t seem to realize that the same encryption technology that creates barriers for law enforcement is also used to protect all types of classified intelligence and other highly sensitive government data. A backdoor sounds great until a malicious actor gets the key, which they always do.”

Additional findings from the survey include:

• Nearly two-thirds (sixty-five percent) believe government-mandated encryption backdoors weaken the security of election data.
• Only a third (thirty-three percent) believe government officials understand the cyber risks targeting physical infrastructure.
• Only thirty-seven percent believe government officials understand the cyber risks targeting digital infrastructure.

IT professionals may be skeptical about backdoors because government officials may misrepresent the scope of the problem. The FBI has claimed encryption is a ‘major public safety issue’ because law enforcement officials are frequently locked out of devices connected to criminal activities.