Government Unprepared on Cybersecurity?


From CIO magazine:

A new survey conducted by the Business Software Alliance has found that almost half of all IT professionals believe that the government will be hit by a major cyber attack some time in the next year. Wait, it gets worse. One third of those who believe that a cyber attack is on the way also believe that such an attack is extremely likely, and almost three quarters think the government is unprepared.

I'm not sure how much I trust a survey done by BSA.  Seems like the results are pretty self serving.  What's even more ironic is that Microsoft is at the same time the largest supporter of BSA and the largest cause of security problems in government or out!

States will probably beat the Feds to security for several reasons:

  1. Most state governments are much smaller than even small federal agencies.  Utah, for example, employs just 22,000 people. 
  2. The Feds are "assisting us" with requirements like HIPPA that give us a monetary interest in security.  HIPPA will set a minimum security standard for the entire network.  
  3. Some states (like Utah) have a statewide network with controlled access points to the Internet.  Having one group managing security for the entire network greatly increases the chances of doing effective intrusion detection, profiling, etc. 

I'm much more concerned about what is being done to protect "non-IT" assets from cybersecurity threats than the standard computer attack.  Many critical systems have embedded computer systems, but no IT oversight. (Can you say "Docutex"?  I knew you could.)  Until business managers (in government and out) start treating IT professionals as partners who can make important contributions to the business as a whole, we'll continue to be vulnerable.