Ed Moyle, a founding partner of SecurityCurve in Amherst, N.H., and co-author of the new InformationWeek "Federal Cybersecurity: The New Threat Landscape” report, admits that caught him off-guard. "From a threat standpoint, folks are pretty concerned about foreign governments, but they’re also concerned about the hacktivism thing," he says. "We’ve heard about hacktivism as it relates to a lot of core services and we’ve seen groups like Anonymous and LulzSec [figure prominently in the media], but in the back of my mind I thought that would very much play second fiddle by a wide margin to the foreign actors--countries like China and Iran, for instance--that might be actively targeting our federal systems."
That said, an InformationWeek survey of 106 federal IT professionals on the cybersecurity threats facing their agencies and their strategies for dealing with them finds the majority feeling optimistic about their chances to stave off a cyberattack. This is in and of itself interesting when considering the tough fiscal climate in Washington.
"The one area where, generally, a lot of organizations are ill-prepared is in coordinated, well-funded, sophisticated, low-noise targeted attacks, both against key systems of the federal government but also against critical infrastructure," Moyle says. "Industry-wide, the real sophisticated attackers … it’s very hard to defend against them. That’s one of the biggest threat areas: the really well-funded foreign government actor who might want to leverage attacks against infrastructure."
According to the survey, more than half of agencies plan to increase cybersecurity spending in fiscal year 2013. What might be sacrificed by federal IT managers to achieve targeted goals at a time when budgets are flat or declining remains unclear.