Defense Media Network

Experts Say U.S. Unprepared for Cyber Attacks

At a time when defense contractors have increased their acquisitions of cyber security firms, a new poll shows experts in the field overwhelmingly believe critical U.S. commercial and government computer networks remain unprepared for attacks.

Moreover, some 93 percent of respondents representing security professionals from a wide range of industries said cyber attacks are on the rise. And despite recent federal government emphasis on cyber security in an era of increasing international threats, 88 percent said the federal government is not equipped to protect itself.

Narus, Inc., a leader in real-time traffic intelligence and analytics technologies, conducted the survey jointly with Converge! Network Digest and Government Security News.

Officials said they developed survey questions with input from noted telecom and security experts. The team gathered opinions online from a cross-section of security professional, many of whom amplified on their answers with personal interviews.

“News reports of various worms, bots, viruses and identity theft have put the public on high alert,” the Narus survey observed. “But despite an increased awareness of cyber attacks and a renewed effort by the Obama administration to fight cyber threats, few respondents feel critical government networks and company networks are adequately protected.”

Although most organizations have installed network security safeguards, more than 73 percent of respondents said the onus of protection should fall on digital carriers or Internet service providers, the Narus survey found.

“While not part of this survey, we believe the reasons for this expectation are because of resource constraints in most organizations, the relative scarcity of skilled personnel, and the lack of widely available tools to detect and mitigate attacks,” the authors wrote.

Key findings of the survey include:

•  Some 69 percent believe an inability to protect sensitive and confidential data is a top concern, particularly with the rise of cloud computing, in which information is stored on the Web.

•  Professionals are nearly unanimous – with a 95 percent response rate – in the belief that attacks today are much more sophisticated than just two years ago.

•  Just 59 percent believe technology currently exists to provide proper protection against sophisticated attacks and more than 40 percent say they don’t understand their options for improving security against cyber threats.

•   Roughly 90 percent believe the best way to protect against cyber attacks is with a solution that detects, analyzes and mitigates unwanted or malicious traffic in real time.

•  A majority believes the number of attacks will likely increase.

Other experts back up this last belief. Executives at security firm McAfee Inc. say threats are growing at an exponential rate.

They report sampling some 34 million pieces of malware last year, more than double the 16 million in 2008. Currently, that translates into 47,000 pieces of such malicious code as trojan horses and viruses per day that are sent via email, delivered through USB drives, or through a telephone line connected to the Internet.

Against this backdrop, large corporations that either do business with defense agencies or who want to enter that space are buying cyber security firms. McAfee itself was recently involved in one of the larger deals to date when it was sold to Intel Corp. for $7.7 billion.

The last two years have been particularly active, industry officials say. For instance, Harris Corp. augmented its security business with defense and intelligence agencies with the April 2009 purchase of Crucial Security Inc.

In making the buy for an undisclosed sum, Harris officials noted most of Crucial Security’s 110 employees have security clearances. Moreover, Harris’ cyber security unit is headed by a retired Air Force major general.

In an interesting recent twist, Narus, author of the cyber-security survey, was itself sold to The Boeing Co., and operates as a subsidiary of the aircraft behemoth.

In April 2008, Raytheon purchased SI Government Solutions, a maker of software security solutions for federal intelligence agencies. And in January 2010, CACI International announced the purchase of SystemWare, Inc., a cyber security firm that services both the Pentagon and U.S. allies.

By

Michael A. Robinson has written articles for some of the nation's more prestigious publications. As...