The U.S. government is due for a “major” cyberattack within the next 12
months and is unprepared to counter the threat, according to a poll of IT managers
by the Business Software Alliance (BSA).
This time, it isn’t the relatively uninformed opinion of the general public
concerned over the security of government information, as a December 2001
poll revealed, but IT professionals in the business world — the
individuals who protect sensitive information on a daily basis.
The poll was conducted after Congress issued a failing grade to federal
computer security efforts in November 2001. Results were released Tuesday.
The “BSA Cyber Security Survey” found that more than half of those
polled think a major attack is likely within the next
year. The survey polled corporate IT managers around the country for their
views on the readiness of government networks. The results show
businesses have little faith in U.S. preparedness.
According to Robert Holleyman, BSA president and chief executive officer,
the threat has, if anything, grown since the events of 9/11. He called on
President Bush and his administration to seek help from the
business world to secure government intranets and Internet sites.
“It is critical that the Bush Administration and Congress move quickly on
their commitments both financial and philosophical to secure this nation
and its critical infrastructure,” he said. “And as an industry that is
developing the systems necessary to secure our country’s complex
information networks from terrorists and other attackers, we stand ready to
help them follow through on those commitments to secure the resources and
develop policies that promote a safe and legal online world.”
Ipsos Public Affairs, a Parisian subsidiary of Ipsos Research, conducted
the survey of 395 IT professionals earlier this month, in a variety of
business sectors. The results show, among other things, that 85% of
respondents think the government should devote as much or more time than
they did on the Y2K “crisis,” where fears ultimately were proved unwarranted.
Other results show:
- By a margin of 10 to one, IT managers are more likely to say
government security measures are “not at all” adequate than extremely
- 72% of respondents felt there was a gap between the
government’s preparedness and the threat of cyberattack.
- 96% feel the government should deploy some form of encryption
to sensitive data so information is protected even in the event of a
U.S. networks have been the recipients of a number of highly publicized
network breaches this year. A couple of teenage hackers calling themselves
the “DeceptiveDuo” made it their mission to break into military
Web servers and publish the information contained within the databases.
Before getting apprehended by the Federal Bureau of Investigations after
weeks on the job, PimpShiz and The Rev had hacked into more than a
dozen military, government and financial Web servers. In the case of the
U.S. Navy, the pair broke into a supposedly secure server, published the
contents of a database, helped military IT staff repair the breach, and
then broke into another
Navy server two weeks later.