Government IT security by the numbers

Nov. 9, 2012
While big data remains a mystery, the government is progressing with cyber and mobile security, and cloud adoption

The same technology questions that drive private-sector IT security efforts are also driving government IT security. Just as it is in the private sector, it appears that government IT security is moving closer to understanding and embracing the benefits of the cloud; while the latest up-and-coming term – “big data” – largely remains an enigma to just about everyone.

According to a survey released this week by the Lockheed Martin Cyber Security Alliance, as you might expect, cyber security dominates the priorities of government IT professionals, as 85% of government technology decision makers in federal, defense/military and intelligence agencies see cyber security as a high priority, followed to a lesser degree by mobile computing (39%), cloud computing (26%) and big data (27%).

The Alliance, whose members are a veritable who’s who of IT and mobile security, surveyed 203 IT professionals: 103 from Federal, civilian and independent agencies; 60 from the Department of Defense and Intelligence communities; and 40 from state and local governments. 

The Big Data Conundrum

If five years ago the cloud was the one solution that showed promise but was not yet ready for prime time, this year the enigma surrounds “big data” – so what is it, and can it benefit security?

Big data technologies describe a new generation of technologies and architectures, designed to economically extract value from very large volumes of a wide variety of data, by enabling high-velocity capture, discovery, and/or analysis. The Obama Administration’s “Big Data Research and Development Initiative,” introduced in March 2012, calls on agencies to find ways to improve their extraction of knowledge and insights from large and complex collections of digital data. These insights can be applied to hugely complex problems—setting the stage for the White House’s release of its Digital Government Strategy (DGS) in May.

Nobody knows about vast amounts of data more than IT professional working in the government sector. Grance offered two examples of the trillions and trillions of bytes of data the government produces, at an ever-increasing rate. U.S. drone aircraft, for example, sent back 24 years worth of video footage in 2009 alone; and The Hadron Collider generates 40 terabytes of data every second. “Data is a really big part of a new way of doing business – analyzing that data is a tremendous challenge,” Grance said. “We can’t store all the data we produce, and we are really challenged by relational database systems and our ability to examine that data.”

With that kind of vague explanation from the technology experts, it is no wonder that half of all respondents said they either don’t know or see zero benefit in using big data. “The awareness is just so low right now with all the capabilities and what can be done with it that this kind of result wasn’t surprising to us,” Poole said.

Still, big data has the potential to “inject almost an entrepreneurial spirit into the government,” Poole said, by developing new trend models and performance data based on information that has been “locked away in these vast quantities of raw data.”

Grading Cyber-Threats

As expected, cyber security and mobile device security dictate the majority of government IT security initiatives. In fact, 83% of respondents already have one or more cyber security initiatives under way; while 70% said the same for mobile device security. More than three-quarters of the respondents said their agency is well equipped to deal with cyber threats; in fact, 90% or more of all respondents said they are quite prepared to deal with 8 of these top 10 cyber threats:

  1. Malware
  2. SPAM
  3. Phishing
  4. Accidental data leakage
  5. Hackers
  6. Data breaches
  7. Social engineering
  8. Cyber espionage
  9. Insiders
  10. Mobile

The bottom two – the insider threat and mobile devices – remain the most difficult cyber challenges. “Mobile is the threat category with the lowest readiness percentage,” said Cynthia Poole of Market Connections, a firm that helped conduct the research. “This reflects how quickly mobile computing is overtaking established safeguards, mechanisms and techniques that are out there.”

According to the survey, while nearly 75% said they have already invested heavily in cyber-security initiatives, only 36% say the same for mobile device security; thus, the area is still emerging.

Embracing the cloud

Perhaps the most interesting part of the survey regarded what National Institute of Standards and Technology (NIST) senior computer scientist Tim Grance called “transformational technologies” – whose appeal is the potential reduction of costs. Today, the cloud and “big data” appear to be those technologies.

“These transformational technologies pose very profound challenges, they can solve problems and create others at the same time,” Grance said.

Still, much like their private-sector counterparts, 63% of the respondents cited security or privacy as the top challenge to using the cloud. Despite the benefits, just 26% cited the cloud as a high priority at this time. The top three cited benefits were:

  1. Easy and flexible access and usability;
  2. Cost savings; and
  3. Added infrastructure efficiency.

That said, the overall degree of understanding of how the cloud can benefit IT security efforts is increasing at a breakneck pace. “Back in 2011, this study saw that many IT professionals in the government expressed concern about cyber security in the cloud,” Poole said. “This was in part because they did not know enough about the working security under different cloud models to protect sensitive information.” Those who identified themselves as well-versed in IT security knowledge and understanding of the cloud expanded from 24% in 2011 to 41% today.    

Cloud model preference remained steady this year, with the majority of respondents choosing private agency or Federal community cloud infrastructures; however, even the public cloud model has gained a bit of traction in 2012.

To learn more about the survey, please visit: http://www.lockheedmartin.com/content/dam/lockheed/data/isgs/documents/LM-Cyber-Security-Transformational-Technologies.pdf

More information on the Lockheed Martin Cyber Security Alliance can be found here: http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security/cyber-security-alliance.html

About the Author

Paul Rothman | Editor-in-Chief/Security Business

Paul Rothman is Editor-in-Chief of Security Business magazine. Email him your comments and questions at [email protected]. Access the current issue, full archives and apply for a free subscription at www.securitybusinessmag.com.