A new survey out from the Government Technology Research Alliance (GTRA) and Tripwire looks at how government cybersecurity and compliance professionals view the state of play in the public sector. The survey results are notable on several levels, specifically the effect congressional dysfunction could have on cybersecurity efforts overall.
43% of the officials included in the study say they think ongoing government dysfunction is the “biggest security threat we face.” Roughly the same number of respondents say continued budget battles which place funding in jeopardy make it difficult to plan and execute on security and compliance mandates. Despite a new budget bill, the threat of another government shutdown could walk back any gains made on this score since October.
60% of respondents said they thought the new NIST framework will help improve security. The finding was notable given the ongoing discussion among security researchers about how NIST may be helping the NSA to compromise systems following news revealed in the Snowden leaks. Despite support among GTRA members for the framework, nearly half – 47% say that their agencies are more focused on compliance than improving security.
Efforts like the presidential cybsersecurity directive may also be helping matters. 55% say the policies of the Obama administration have helped to make security better, and that the new focus on continuous monitoring is reducing risks.
“Unfortunately, it seems that agencies still fear the auditor more than the adversary. Their biggest concern is becoming compliant, and while compliance can help improve security, it is not the most significant threat to achieving the mission for most organizations,” said Dwayne Melancon, chief technology officer for Tripwire.