Risk
4/19/2012
12:10 PM
Connect Directly
RSS
E-Mail
50%
50%

Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats

Our first Federal Government Cybersecurity Survey reveals what concerns IT teams the most, and how they’re fighting back with continuous monitoring and other technologies.

InformationWeek Green - April 2012
InformationWeek Green
Download the entire April 2012 issue of InformationWeek Government, distributed in an all-digital format as part of our Green Initiative
(Registration required.)

Threats Vs. Readiness

Cybersecurity is the No. 1 priority of federal IT professionals, by a long shot. That's been the key finding of InformationWeek's Federal Government IT Priorities Survey each of the past two years, and you don't have to look any further than the threats posed by Anonymous, LulzSec, or WikiLeaks to understand why.

What are the most dangerous cyberthreats? And how are agencies responding? InformationWeek launched our 2012 Federal Government Cybersecurity Survey to find out. Our poll of 106 federal IT pros involved in IT security for their organizations was conducted in March. We asked respondents to rank the threats they face and their readiness to deal with them. We inquired about cybersecurity spending and where agencies are investing. And we probed into the most significant challenges they face.

Our survey results show that organized cybercriminals and hacktivists are viewed as the greatest threats to IT security. At the same time, government IT pros say they're least prepared for leaks that take place through social media. And a crush of competing priorities is the biggest challenge to effective execution.

The good news is that agencies feel they've made significant improvements in cybersecurity. This is the perception of agencies themselves, as well as the assessment of government evaluators charged with monitoring progress under the Federal Information Systems Management Act (FISMA).

Despite the progress, attacks are on the rise, and agencies must continue to bolster their defenses. In a report to Congress published in March on FISMA implementation in fiscal year 2011, the Office of Management and Budget (OMB) disclosed that the number of computer security incidents reported to the U.S. Computer Emergency Readiness Team (US-CERT) that impacted government agencies rose 5%, to 43,889. Longer term, federal computer security incidents have risen 650% over five years, according to a report released last fall by the Government Accountability Office. In explaining that increase, the GAO cited persistent weaknesses in information security controls, due to incomplete implementation of security programs.

So clearly, there's room for improvement in how agencies prepare and respond. Step one is raising awareness of cyberthreats and establishing an organizational commitment to readiness. It's imperative that an agency's top leaders--not just chief information security officers and their information assurance teams--get behind the effort. Steps to improve security include meeting the FISMA requirements and also understanding the security implications of new technologies such as virtualization and cloud computing.

To read the rest of the article,
Download the April 2012 issue of InformationWeek Government

The New Threat Landscape

Our full report on federal cybersecurity is free with registration.

This report includes 26 pages of action-oriented analysis, packed with 15 charts. What you'll find:
  • The top cybersecurity priorities of federal agencies
  • How FISMA compliance affects cybersecurity planning
Get This And All Our Reports


Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3090
Published: 2014-09-23
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3101
Published: 2014-09-23
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2014-3103
Published: 2014-09-23
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2014-3104
Published: 2014-09-23
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3105
Published: 2014-09-23
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account n...

Best of the Web
Dark Reading Radio