Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 06/02/08 web stories

William Jackson | Why security isn't easy

Cybereye—commentary

By William Jackson

A recent survey by Symantec comparing the perceptions of federal information technology and security specialists with those of their peers in state and local government and the private sector raises a couple of interesting points. The first is that the feds have a much higher opinion of their cybersecurity posture and appear to be setting an example for best practices. The second interesting point is that although everybody agrees on the need for better cooperation, these domains are sharing little information with one another.

The two points are not unrelated. Some of the factors that have given the feds reason to feel good about themselves also contribute to the difficulty of sharing cybersecurity information. It is an example of how difficult security can be and why it is likely to continue as a major challenge for a long time.

The survey questioned more than 200 officials in each of three sectors: federal, state and local, and private. When asked to rate the overall level of IT security in their organizations, 77 percent of the feds put it at an 8 or better on a 10-point scale, compared with 58 percent in the private sector and 52 percent in state and local government. Sixty-three percent of feds said they participate in security preparedness exercises (39 percent for the private sector and 32 percent for state and local), 64 percent of feds have automated threat-reporting capabilities (44 percent of private and 38 percent state and local) and 75 percent of feds exchange threat reports with other agencies (only 50 percent of private and state and local respondents share with peers).

This is in marked contrast with the poor assessments federal agencies often receive for their IT security efforts.

“The federal government tends to get a black eye,” said John McCumber, strategic program manager at Symantec. But, he added, “I think they have done a good job of growing a number of gifted men and women who really are leaders” in recognizing threats and understanding the need for policies to protect data rather than focusing solely on the infrastructure.

More news on related topics: IT Security, IT Management, State & Local



GCN Popup