Nearly three-quarters of U.S. government IT managers and decision-makers are spending more time on mandated security requirements than they did a year ago, but only about half feel more confident in their agency's security, according to a survey released Thursday.
The survey, commissioned by Cisco Systems, also found that bots and spyware are the top security concern of respondents, followed by reduced operations due to a security breach, and inadequately trained or unconcerned users. More than half of the respondents also said they are concerned about a loss of privacy for employees and citizens due to security breaches.
"Our customers are spending more time on security, and they're feeling less secure," said Dave Graziano, Cisco's manager of federal sales and security.
Sixty-five percent of the respondents said they're spending more time on security mandates than they were a year ago and only 4 percent said they are spending less time. Fifty-one percent said they are more confidence in their agency's IT security than they were three years ago. Twelve percent said they are less confident.
"Over the past three years, we haven't seen the decrease in time spent and the increase in confidence that you might expect to see with an ongoing effort," said Aaron Heffron, vice president of Market Connections Inc., which reviewed the survey. "We're not seeing that [confidence] number shift like you'd want to see."
Asked what are the top obstacles to achieving better network security, two-thirds of respondents said funding, 55 percent said user training and 55 percent also said the existing security architecture. Other top concerns included other projects having higher priority and a lack of experienced staff. Funding, a lack of trained staff and management support were the top challenges respondents gave to complying with the Federal Information Security Management Act (FISMA), passed by the U.S. Congress in 2002.
Graziano found the concern over bots and spyware interesting, he said. This was Cisco's third annual security survey of U.S. government users and the first time it had asked about bots and spyware as a concern.
But the concern makes sense, given that a handful of agencies have reported bot attacks recently, he said. "We're seeing more and more federal customers concerned with bots and spyware and the impact on their environment," Graziano added. "We're seeing our customers spending more time reacting to these everyday types of events, or one-time types of events, and being able to spend less time on planning their infrastructure."
U.S. lawmakers may want to focus their efforts away from agency compliance and more on allowing agencies to build out security systems, said Gerald Charles Jr., executive advisor to Cisco's Public Sector Internet Business Solutions Group. IT managers say they're spending too much time "fighting fires" and not enough time focused on long-term buildouts, he said.
Survey respondents also said they're looking forward to IPv6, the new version of the Internet Protocol. Nearly six in 10 said they expect IPv6 will improve their agency's cybersecurity.
The survey had 202 respondents from more than 30 U.S. government agencies.