Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Dysfunctional Congress a Significant Cyber Threat: Security and Compliance Pros

According to a recent survey of security and compliance professionals from U.S. government agencies and contractors, a dysfunctional Congress is a creating a signficant cyber threat to the nation.

According to a recent survey of security and compliance professionals from U.S. government agencies and contractors, a dysfunctional Congress is a creating a signficant cyber threat to the nation.

Sponsored jointly by Tripwire and the Government Technology Research Alliance (GTRA), the online survey evaluated the attitudes and responses of 111 security and compliance professionals from U.S. government agencies and contractors.

Survey findings showed that while 55 percent believe government IT security has improved due to the administration’s policies, 43 percent of the IT security and compliance workers said poor governance and a dysfunctional Congress was “the biggest security threat we face.”

On the positive side, the survey also found that 60 percent of respondents believe the new NIST framework will improve security, and 46 percent say they have seen reductions in risk due to continuous monitoring efforts.

“Cybersecurity continues to be one of the top priorities of senior executives in the federal government,” said Ron Ross, fellow at National Institute of Standards and Technology (NIST). “Studies, such as this one, bring together important data points that help decision makers assess trends and take part in an ongoing dialog that will help us craft effective solutions to our difficult and challenging cybersecurity problems.”

“While these findings show that we have made some progress on federal cybersecurity, we still have a long way to go,” said Parham Eftekhari, executive vice president of research and co-founder of GTRA. “Our hope is that by partnering with federal agency CIOs and industry thought leaders like Tripwire, we can generate thought-provoking research that will help spur dialog and ultimately increase the rate of change.”

Others cited challenges when it comes to putting cyber security programs in place, with 45 percent saying that funding is the greatest challenge their agency faces in successfully implementing cybersecurity programs. Only 37 percent believe they have adequate resources to properly implement policy, the survey found. When asked what federal security leaders should do to connect security to the agency mission, the second-most popular response was “more funding.”

Not very shocking, 47 percent of GTRA members said their agency cares more about compliance regulations than actually improving security.

Advertisement. Scroll to continue reading.

“It is encouraging that government security and compliance professionals are seeing benefits from continuous monitoring and that they are optimistic about future improvements through the new NIST framework However, the survey results highlight the fact that resource constraints are a significant inhibitor to stronger security,” noted Dwayne Melancon, chief technology officer for Tripwire.

“Unfortunately, it seems that agencies still fear the auditor more than the adversary,” Melancon said. “Their biggest concern is becoming compliant, and while compliance can help improve security, it is not the most significant threat to achieving the mission for most organizations.”

Related ReadingThe NIST Cyber Security Framework Completely Misses the Mark

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...