Experts: Workforce needs cybersecurity awareness

Federal computer networks are continually under cyber attack, but agencies have not used available information security controls to protect them, experts said today.

“For many in both government and industry, the threats are abstract, the implications are not fully understood, and their ability to help is unclear,” said retired Air Force Lt. Gen. Harry Raduege, co-chairman of the Center for Strategic and International Studies’ Commission on Cybersecurity for the 44th Presidency.

Inadequate security controls put federal assets and taxpayers’ personal and financial information at risk of inadvertent or deliberate mishandling, several experts said in testimony before the House Oversight and Government Reform Committee’s Government Management, Organization and Procurement Subcommittee.

For example, in their fiscal 2008 Performance and Accountability Reports, 20 of 24 major agencies indicated that inadequate controls over financial systems and information were either a significant deficiency or a material weakness for financial reporting, said Gregory Wilshusen, director of information security issues at the Government Accountability Office.

To reduce those numbers, Raduege, who is also chairman of the Deloitte Center for Network Innovation, said the government must change the culture of the federal workforce. “We need to ensure that every person who logs onto a system connected to the federal enterprise is properly educated and trained to protect the information in which they have been entrusted,” he said.

The government and private sector have enough advanced technology that their computers should not be hacked, said Marcus Sachs, director of the SANS Internet Storm Center.

“It’s also inexcusable that we continue to run our computer networks as though they are some magical enterprise only understandable by geeks and nerds,” he added.