From: InfoSec News (alertsinfosecnews.org)
Date: Fri Jan 09 2009 - 03:41:44 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.meritalk.com/pdfs/MeriTalk_press_release_010809.pdf

Media Contact:
Liz Vandendriessche
MeriTalk
(703) 883-9000 ext. 146
evan (at) meritalk.com

International CES, Las Vegas, January 8, 2009 - MeriTalk
(www.meritalk.com), a new online community at the crossroads of IT and
public policy, today announced the findings of the "Cyber Comedy" study
in partnership with the annual CES Government Conference, an interactive
forum of top industry and government technology executives. Based on
surveys of average Americans and Federal Chief Information Security
Officers (CISOs), the cyber security pros guarding our government, the
study questions the effectiveness of the Federal government's $27.1
billion investment in cyber security since 2004. It shows Americans and
CISOs believe cyber threats are increasing, but reveals that while the
public frets about identity theft, the Feds lose sleep over ongoing
state-sponsored attacks from China and Russia, as well as attacks
against our nation's critical infrastructures. The study provides
perspective for the new administration's cyber policy as the nation
prepares to spend $7.2 billion on cyber security in 2009.

Here's What's Funny

The points of alignment and convergence between the two audiences are
insightful and alarming. Both the public and CISOs assert that the cyber
threat is increasing, 59 percent and 87 percent, respectively. However,
93 percent of CISOs say that the public does not have a clear
understanding of the cyber threat. Some 87 percent of CISOs report an
increase in cyber incidents in the last year. Only 11 percent of the
public believes that the government is addressing cyber threats
effectively.

No Laughing Matter

At the same time, Americans are looking to the Federal government for
information and guidance. Fifty percent of public respondents want
alerts on cyber threats and appropriate remedies, 38 percent want a
clear understanding of what the threats are, and 32 percent want one
place to go to get the latest information. This stands in contrast to
the performance of the Department of Homeland Security National Cyber
Alert System. None of the 494 public respondents have signed up to this
free national cyber alerting that launched in January 2004. Of note,
CISOs assert that the next administration should take a "straight-man"
approach to public communication on cyber issues, with nearly 87 percent
calling for improved alerts and cyber protection initiatives and nearly
73 percent calling for improved public education.

"The gap between the national need and the success of the national
policy response is dramatic," said Donald W. Upson, president, CES
Government. "The cyber threat is a clear and present danger to the
security of the nation, and the government needs to respond with speed,
resources, and leadership in line with that threat."

But Seriously Now

As 93 percent of CISOs assert that the public does not have a clear
understanding of the cyber threat - and these CISOs rate the current
threat level at eight on a scale of 10 - our cyber defenders provide
insight on the hidden international cyber war. Asked about the source of
the most serious cyber threats in 2008, CISOs rated state-sponsored
cyber warfare programs as the biggest threat. They note that Chinese and
Russian state-sponsored cyber forces present the greatest threat to the
United States. Nearly 29 percent of CISOs assert that the biggest cyber
security threat to the United States in the next four years will come
from uniformed soldiers.

A recent Government Accountability Office (GAO) report backs up the
CISOs' outlook. Despite significant Federal funding for cyber security -
nearly $7.2 billion in fiscal 2009 - the nation is underprepared to
anticipate and defeat cyber attacks, according to the GAO. Until a
better system is developed for identifying cyber attacks and
vulnerabilities, the nation's critical infrastructure will remain at
risk, GAO reports.

So Who's On First?

"Considering who owns responsibility for this cyber comedy, there are
plenty of jokers in the pack - from the Department of Homeland Security
to Capitol Hill to the White House," said Stephen W.T. O'Keeffe,
founder, MeriTalk. "We own a powerful opportunity to learn from the
mistakes of the past - let's not throw $7 billion dollars of new
investment after $27 billion of sunk cost. Americans are disappointed,
but still look to their government for security. The new administration
needs to listen, prioritize, and communicate - and if we wait too long,
the joke will be on us..."

The "Cyber Comedy" study is based on an online survey of 494 Americans
and 20 online and telephone surveys with Government Chief Information
Security Officers. The general public sample has a margin of error of
±4.36 percent with a confidence level of 95 percent. Margin of error is
not calculated for the CISO sample. The full "Cyber Comedy" study is
available for download at www.meritalk.com/cybercomedy.

About MeriTalk

IT is enabling significant changes in our government. The implications
for average Americans are profound. The voice of tomorrow's government
today, MeriTalk is an online community at the crossroads of IT and
public policy. Designed to mix new faces, new voices, and fresh
perspectives from government IT, workforce, and policy leaders, MeriTalk
enables new cross-cutting debate. For more information, visit
www.meritalk.com.

_______________________________________________
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]