"Cyber Comedy" Study Asks: What Did We Get for $27 Billion IT Security Investment?

MeriTalk announced today the findings of the "Cyber Comedy" study in partnership with the annual CES Government Conference, an interactive forum of top industry and government technology executives. Based on surveys of average Americans and Federal Chief Information Security Officers (CISOs), the cyber security pros guarding our government, the study questions the effectiveness of the Federal government's $27.1 billion investment in cyber security since 2004. It shows Americans and CISOs believe cyber threats are increasing, but reveals that while the public frets about identity theft, the Feds lose sleep over ongoing state-sponsored attacks from China and Russia, as well as attacks against our nation's critical infrastructures. The study provides perspective for the new administration's cyber policy as the nation prepares to spend $7.2 billion on cyber security in 2009.

Here's What's Funny

The points of alignment and convergence between the two audiences are insightful and alarming. Both the public and CISOs assert that the cyber threat is increasing, 59 percent and 87 percent, respectively. However, 93 percent of CISOs say that the public does not have a clear understanding of the cyber threat. Some 87 percent of CISOs report an increase in cyber incidents in the last year. Only 11 percent of the public believes that the government is addressing cyber threats effectively.

No Laughing Matter

At the same time, Americans are looking to the Federal government for information and guidance. Fifty percent of public respondents want alerts on cyber threats and appropriate remedies, 38 percent want a clear understanding of what the threats are, and 32 percent want one place to go to get the latest information. This stands in contrast to the performance of the Department of Homeland Security National Cyber Alert System. None of the 494 public respondents have signed up to this free national cyber alerting that launched in January 2004. Of note, CISOs assert that the next administration should take a "straight-man" approach to public communication on cyber issues, with nearly 87 percent calling for improved alerts and cyber protection initiatives and nearly 73 percent calling for improved public education.

"The gap between the national need and the success of the national policy response is dramatic," said Donald W. Upson, president, CES Government. "The cyber threat is a clear and present danger to the security of the nation, and the government needs to respond with speed, resources, and leadership in line with that threat."

But Seriously Now

As 93 percent of CISOs assert that the public does not have a clear understanding of the cyber threat -- and these CISOs rate the current threat level at eight on a scale of 10 -- our cyber defenders provide insight on the hidden international cyber war. Asked about the source of the most serious cyber threats in 2008, CISOs rated state-sponsored cyber warfare programs as the biggest threat. They note that Chinese and Russian state-sponsored cyber forces present the greatest threat to the United States. Nearly 29 percent of CISOs assert that the biggest cyber security threat to the United States in the next four years will come from uniformed soldiers.

A recent Government Accountability Office (GAO) report backs up the CISOs' outlook. Despite significant Federal funding for cyber security -- nearly $7.2 billion in fiscal 2009 -- the nation is underprepared to anticipate and defeat cyber attacks, according to the GAO. Until a better system is developed for identifying cyber attacks and vulnerabilities, the nation's critical infrastructure will remain at risk, GAO reports.

So Who's On First?

"Considering who owns responsibility for this cyber comedy, there are plenty of jokers in the pack -- from the Department of Homeland Security to Capitol Hill to the White House," said Stephen W.T. O'Keeffe, founder, MeriTalk. "We own a powerful opportunity to learn from the mistakes of the past -- let's not throw $7 billion dollars of new investment after $27 billion of sunk cost. Americans are disappointed, but still look to their government for security. The new administration needs to listen, prioritize, and communicate -- and if we wait too long, the joke will be on us..."