Security Experts:

Americans Voice Concerns About Cyberwarfare: Survey

A new poll from Tenable Network Security addresses the views of Americans when it comes to cyberwarfare, or more pointedly, their concerns. As it turns out, a majority of the 1,100 people polled have some legitimate worries.

The poll’s results show that a fear of cyberwar is imminent, and that the U.S. will attack or be attacked within the next ten years is something a majority of the respondents share. Now, many of them may have been influenced by the headlines, which at the time were full of cybersecurity legislation and executive orders, in addition to news of China’s alleged involvement in attacks against The New York Times and The Washington Post. Still, their views are an interesting addition to the news cycle.

As SecurityWeek reported this week, the fact that President Obama signed an executive order that seeks to implement frameworks for voluntary information gathering and sharing, some fell it didn’t go far enough.

"For the most part the executive order is looking to implement frameworks that better enable voluntary cooperation across the public and private sector, especially as it relates to critical infrastructure, however it doesn't really address…how to deal with organizations that willingly neglect basic security procedures," said Amrit Williams, CTO of Lancope told SecurityWeek.

"I am not convinced that legislation is the best approach to ensure a base level of security and instead think that the focus should be on enabling better cooperation, information sharing, and incentives for organizations that meet certain requirements," Williams added.

If there is to be meaningful cybersecurity-based legislation, then according to Tenable’s data, the public supports it for the most part. Sixty percent of Americans who responded to the poll supported increases to government spending, if it pertained to training and equipping so-called cyberwarriors to defend the U.S. against outside attacks. Only 10 percent of respondents were opposed to this increase in spending.

This expense is needed, as 93 percent believe that the nation’s private sector are at least somewhat vulnerable to state-sponsored attacks. Even more, 95 percent, believe that our government agencies themselves are at least somewhat, to very, vulnerable to cyberattacks.

When it comes to the ideals expressed in President Obama’s executive order, the respondents expressed conflicting sentiments about who should shoulder responsibility for protecting corporate networks.

Sixty-six percent believe corporations should be held responsible for cyber breaches when they occur, but 62 percent, say government should be responsible for protecting U.S. businesses and corporations from cyberattacks.

"I think these rather conflicting results on who should be held accountable reveal that Americans want both the public and private sector working closely together on cyber security," said Ron Gula, a former cyber security expert with the NSA and now CEO and CTO of Tenable Network Security. "I think they clearly want the government to be a better first line of defense but they also want to make sure U.S. Corporations are equally diligent in guarding against cyber attacks."

Another interesting data point centers on what would be attacked. Of those who answered, 37 percent said they were worried about disruptions to utilities (water, power, gas), while 21 percent named communications (phone, Internet). Seven percent listed transportation disruptions.

"It’s clear American citizens see the threat of cyber conflict around the corner, and the nation’s state of readiness for such attacks is a major concern," Gula said.

"Americans also want to see more done in both the public and private sector, with the government leading the way in setting standards and ensuring that important networks are protected. Given this strong level of support across age groups and demographics, we may see cyber security move up the list of critical policy and legislative proposals."

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.