Reports Cite Weak US Cybersecurity Readiness

A series of new reports give the US federal government failing grades for cybersecurity readiness.

The Defense Science Board, a committee of civilians providing scientific and technical advice, cites a fragmented culture, "inherently insecure architectures," and inadequate intelligence as reasons for the weak grade. The report said "Without an urgently implemented and comprehensive strategy to offset the cyber security threat, U.S. national objectives will be nearly impossible to achieve in times of crisis."

According to Information Week the report warns "of cyber attacks that could disrupt military actions by turning U.S. weapons against its own troops, and of civilian attacks that could disrupt food and medical distribution systems and make transportation systems 'useless.'"

A White House meanwhile finds a lack of compliance with its goals over the last year. The report does not call it a weakness, but an adjustment in how it measures these factors.

And a survey conducted at RSA Conference 2013 by F5 shows that only 44 percent of the respondents felt their enterprises could handle attacks on their virtualized infrastructure. And only 48 percent said their enterprises could withstand a sophisticated attack.

Greg Maudsley, Sr. Product Marketing Manager at F5 Networks, told Security Bistro said that BYOD was also a topic of concern. “It was surprising that although BYOD was the most prevalent security trend (75% of respondents are seeing it), only 66% feel it has the greatest impact on organization’s ability to achieve the level of security it desires. We feel this 9% gap is due to some organizations having adopted legacy device-centric BYOD technologies which combine mobile device management with layer 3 VPN device connectivity. Although the device-centric approach is secure, it is heavy-handed for employees and creates unnecessary overhead for IT. By taking a more application and data-centric approach to BYOD, we feel more organizations will be able to effectively address personal devices on their networks while preserving the separation of corporate and personal apps and data, thus increasing productivity and reducing IT’s burden. We expect to see the gap widen next year as businesses use mobile application management and app tunnels to minimize the risks associated with this very prevalent trend.”