Certification Survey Extra: The role of government in cybersecurity, Part 1
Certification Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Certification Survey. These posts contain previously unpublished Certification Survey data.
Part of living in any human society is that we agree to live by certain rules and organize a body of leaders to administer those rules. That just the way these things work. So as frustrating as we all sometimes find it that governments — national, state or provincial, and local — are slow-moving, irrational, inefficient, and so forth, they are also integral and essential.
Some things that we all rely on are too complicated to function or be implemented without a large-scale cooperative effort. And that requires organization and coordination — to say nothing of funding — at a level that, for the most part, only governments can reliably and sustainably provide. And, let’s be honest, government does a pretty good job with at lot of this stuff.
As with most complex and large-scale systems or issues, then, there’s a fair amount of intertwining between government and cybersecurity. So when we conducted our recent survey of certified cybersecurity professionals, we asked a series of questions that address the role of government in cybersecurity.
We’ll address our findings in a series of posts, starting today with a fairly simple question. Governments at all levels are rapidly moving to integrate services and operations with the internet, which means that there is now a responsibility to secure and protect those systems. Naturally, government IT assets are now a key point of attack for rival governments and other bad actors.
So how secure and well protected are those government IT assets? Is it as easy to, say, hack the national power grid as movies and TV shows sometimes make it seem? Here’s what learned by asking survey respondents to rate their level of agreement with two key statements.
Statement 1: Protection of government information and technology assets is adequate.
Strongly Agree: 5.2 percent
Agree: 14.3 percent
Neither Agree nor Disagree: 22.1 percent
Disagree: 44.8 percent
Strongly Disagree: 13.6 percent
Statement 2: Protection of government information and technology assets should be improved.
Strongly Agree: 43.1 percent
Agree: 47.7 percent
Neither Agree nor Disagree: 7.2 percent
Disagree: 2.0 percent
Strongly Disagree: [No responses]
Sometimes, it would seem, you get a different outlook depending on how you ask the question. A majority of respondents do disagree or strongly disagree that protection of government IT assets is adequate. When you ask whether protection of government IT assets should be improved, however, there’s a much stronger reaction: More than 80 percent of those surveyed agree or strongly agree.
Perhaps the seeming dissonance can be somewhat resolved along this line: Most certified cybersecurity professionals are less-than-convinced that present protection measures are adequate, but maybe there’s a sense that, “Well, things are OK for the time being.” And maybe those same individuals are inclined to be a little more forward-looking by the phrase “should be improved.”
When they look even a little bit down the road, it would seem, almost everyone is concerned about the grim possibilities that could lie in store. The clear message, it would seem, is that there may not be a clear and present emergency on every front yet — but governments will need to take swift and decisive action to keep things that way.