[ISN] MeriTalk "Cyber Comedy" Study Asks What Did We Get for $27 Billion IT Security Investment?

From: InfoSec News <alerts_at_private>
Date: Fri, 9 Jan 2009 03:41:44 -0600 (CST)
http://www.meritalk.com/pdfs/MeriTalk_press_release_010809.pdf

Media Contact:
Liz Vandendriessche
MeriTalk
(703) 883-9000 ext. 146
evan (at) meritalk.com

International CES, Las Vegas, January 8, 2009 - MeriTalk 
(www.meritalk.com), a new online community at the crossroads of IT and 
public policy, today announced the findings of the "Cyber Comedy" study 
in partnership with the annual CES Government Conference, an interactive 
forum of top industry and government technology executives. Based on 
surveys of average Americans and Federal Chief Information Security 
Officers (CISOs), the cyber security pros guarding our government, the 
study questions the effectiveness of the Federal government's $27.1 
billion investment in cyber security since 2004. It shows Americans and 
CISOs believe cyber threats are increasing, but reveals that while the 
public frets about identity theft, the Feds lose sleep over ongoing 
state-sponsored attacks from China and Russia, as well as attacks 
against our nation's critical infrastructures. The study provides 
perspective for the new administration's cyber policy as the nation 
prepares to spend $7.2 billion on cyber security in 2009.


Here's What's Funny

The points of alignment and convergence between the two audiences are 
insightful and alarming. Both the public and CISOs assert that the cyber 
threat is increasing, 59 percent and 87 percent, respectively. However, 
93 percent of CISOs say that the public does not have a clear 
understanding of the cyber threat. Some 87 percent of CISOs report an 
increase in cyber incidents in the last year. Only 11 percent of the 
public believes that the government is addressing cyber threats 
effectively.


No Laughing Matter

At the same time, Americans are looking to the Federal government for 
information and guidance. Fifty percent of public respondents want 
alerts on cyber threats and appropriate remedies, 38 percent want a 
clear understanding of what the threats are, and 32 percent want one 
place to go to get the latest information. This stands in contrast to 
the performance of the Department of Homeland Security National Cyber 
Alert System. None of the 494 public respondents have signed up to this 
free national cyber alerting that launched in January 2004. Of note, 
CISOs assert that the next administration should take a "straight-man" 
approach to public communication on cyber issues, with nearly 87 percent 
calling for improved alerts and cyber protection initiatives and nearly 
73 percent calling for improved public education.

"The gap between the national need and the success of the national 
policy response is dramatic," said Donald W. Upson, president, CES 
Government. "The cyber threat is a clear and present danger to the 
security of the nation, and the government needs to respond with speed, 
resources, and leadership in line with that threat."


But Seriously Now

As 93 percent of CISOs assert that the public does not have a clear 
understanding of the cyber threat - and these CISOs rate the current 
threat level at eight on a scale of 10 - our cyber defenders provide 
insight on the hidden international cyber war. Asked about the source of 
the most serious cyber threats in 2008, CISOs rated state-sponsored 
cyber warfare programs as the biggest threat. They note that Chinese and 
Russian state-sponsored cyber forces present the greatest threat to the 
United States. Nearly 29 percent of CISOs assert that the biggest cyber 
security threat to the United States in the next four years will come 
from uniformed soldiers.

A recent Government Accountability Office (GAO) report backs up the 
CISOs' outlook. Despite significant Federal funding for cyber security - 
nearly $7.2 billion in fiscal 2009 - the nation is underprepared to 
anticipate and defeat cyber attacks, according to the GAO. Until a 
better system is developed for identifying cyber attacks and 
vulnerabilities, the nation's critical infrastructure will remain at 
risk, GAO reports.


So Who's On First?

"Considering who owns responsibility for this cyber comedy, there are 
plenty of jokers in the pack - from the Department of Homeland Security 
to Capitol Hill to the White House," said Stephen W.T. O'Keeffe, 
founder, MeriTalk. "We own a powerful opportunity to learn from the 
mistakes of the past - let's not throw $7 billion dollars of new 
investment after $27 billion of sunk cost. Americans are disappointed, 
but still look to their government for security. The new administration 
needs to listen, prioritize, and communicate - and if we wait too long, 
the joke will be on us..."

The "Cyber Comedy" study is based on an online survey of 494 Americans 
and 20 online and telephone surveys with Government Chief Information 
Security Officers. The general public sample has a margin of error of 
±4.36 percent with a confidence level of 95 percent. Margin of error is 
not calculated for the CISO sample. The full "Cyber Comedy" study is 
available for download at www.meritalk.com/cybercomedy.


About MeriTalk

IT is enabling significant changes in our government. The implications 
for average Americans are profound. The voice of tomorrow's government 
today, MeriTalk is an online community at the crossroads of IT and 
public policy. Designed to mix new faces, new voices, and fresh 
perspectives from government IT, workforce, and policy leaders, MeriTalk 
enables new cross-cutting debate. For more information, visit 
www.meritalk.com.


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Fri Jan 09 2009 - 01:41:44 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 09 2009 - 01:52:54 PST