Dysfunctional Congress contributes to IT insecurity, report finds

WHAT: Government IT Security Survey Analysis

WHY: A survey of mostly civilian federal IT workers and contractors conducted around the time of the government shutdown last October and released to the public May 18 found that just 7 percent of respondents rate their agency's cybersecurity efforts since 2012 as excellent, and that 60 percent would give their agency a grade of C or below. The survey also found that 47 percent of respondents said that agency leadership is more concerned with meeting compliance requirements than with security.

Federal information security workers haven't arrived at a consensus about what poses the greatest threat to their networks. State-sponsored attacks were most commonly cited as the leading threat, at 34 percent, but insider threats were named by 26 percent. Other major threat categories included cyber crime and "hacktivists" who are looking to penetrate government systems for political purposes.

Funding and oversight continue to trouble workers on the front lines of securing federal systems. More than 40 percent of respondents agreed that a "dysfunctional Congress" that can't agree on cybersecurity legislation is among the leading security threats, and 45 percent named lack of funding – another congressional function -- as the key impediment to implementing cybersecurity programs.

Verbatim: "Agency CIOs and IT leaders continue to be challenged with the dynamics associated with compression of budgetary outlays and the ability to adjust outcomes based upon resources available. Both this study and fiscal year reductions in funding should provide a compelling catalyst to close the gap between the ability to take actionable steps to strengthen the future cybersecurity environment, inclusive of workforce and integrated information technology solutions, and lawmaker’s actions for satisfactory funding and support to federal agencies and departments."