Risk
1/29/2010
01:08 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Government's Cybersecurity Role Gets Mixed Reaction

A survey of critical infrastructure executives finds mixed views on government's role in cybersecurity in the private sector.

A worldwide survey that shows widespread cyber attacks on critical infrastructure companies finds that the role of government in working to stop those attacks is up in the air. Indeed, a majority of respondents believes governments to be among the culprits.

Overall, more than half of the 600 industry executives surveyed by the Center for Strategic and International Studies, with support from security vendor McAfee, think their nation's laws aren't strong enough to deter cyber attacks, and 45% believe that their countries are incapable of preventing attacks.

The survey comes as a heated debate has emerged about the proper role of government in bolstering cybersecurity in the private sector. In his first public speech as White House cyber coordinator earlier this week, Howard Schmidt said that fostering public-private partnerships is among his top agenda items.

The survey does find, by a thin margin, a belief that government regulation is improving security. "I have sensed for a year or more that industry, which used to think that the government didn't need to get involved, doesn't have any confidence that they can solve this problem on their own," Stewart Baker, distinguished visiting fellow at CSIS and a partner at law firm Steptoe & Johnson, said in an interview.

In all, 58% of respondents said that government regulation had "sharpened [corporate] policy and improved security." However, on this question, just as on others, the views diverge widely among different countries. In China and Germany, for example, more than 60% believe government regulation has been helpful, while only a minority held that view in Italy and Australia.

Only about a third of respondents said that they were involved in a public-private partnership. However, the report notes, that in some countries, such as the United States, where participation in those partnerships is higher, "data suggests that industry concerns persist about information-sharing being a one-way street."

Somewhat counter-intuitively, despite frequent reports of data breaches and successful cyber attacks against companies in the United States and the fact that survey respondents ranked the United States among the countries most vulnerable to attacks, they also looked to light regulation in the U.S. as a model for cybersecurity.

Part of the mixed view on government's role in private sector cybersecurity may come from the fact that many companies think they are in fact under attack from government cyber warriors. About 60% of respondents believe governments are already attacking their infrastructure, with the United States as the leading suspect, followed by China and Russia.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5316
Published: 2014-09-21
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.

CVE-2014-5320
Published: 2014-09-21
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.

CVE-2014-5321
Published: 2014-09-21
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319...

CVE-2014-5322
Published: 2014-09-21
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.

CVE-2014-6602
Published: 2014-09-21
Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option.

Best of the Web
Dark Reading Radio