If a new poll sponsored by Cisco is to be considered an accurate indicator of the opinions held by a majority of federal IT leaders, it appears that the security of the United States government's network infrastructure remains a serious problem.
According to the report released last week -- and detailed by Cisco CTO John Stewart at an ongoing government security summit in Washington -- federal IT decision makers are even more concerned about issues related to security than they were when the company carried out the same survey one year ago.
The federal employee interviews feeding the report were carried out online for Cisco by researchers Market Connections.
Based on the results of the survey of 200 federal technology experts representing more than 30 federal agencies and all branches of the military -- and carried out online for Cisco by researchers with Market Connections -- project leaders continue to feel as if they do not have enough time or funds to adequately address what they view as their most pressing network security issues.
For instance, while 65 percent of those people interviewed said that they spent more time dealing with security issues in 2007 than during previous years, only 50 percent of respondents said they feel more confident about their agency's security than they did three years ago.
Perhaps even more concerning, the report finds that respondents working for branches of the U.S. military were generally less confident in their security standing than their civilian counterparts, Cisco officials said.
In a nod to the frustration that federal entities often face in terms of keeping their network security protections on the same level as their private industry peers, respondents to the study cited a lack of a sufficient budget as their leading challenge with 67 percent of those interviewed reporting a lack of money as their biggest problem.
Behind budget, respondents ranked the high amount of user training needed to install new network security technologies (55 percent), existing security architecture (55 percent) and the need to give prioritization to other projects over network security improvements (53 percent) as leading barriers to improving their standing.
Even when federal security workers find technologies they believe can significantly improve network protections, such as through the adoption of IPv6 (Internet Protocol Version 6) technologies, they apparently have a hard time getting their employers to get onboard with the tools.
While almost 60 percent of respondents said they expect IPv6 to bolster their agencies' security architecture, only one third of those people said their organizations have already deployed the technologies or are currently developing plans to do so.
Web 2.0, spyware, and botnets worry IT managers
"These decision makers are so busy fighting fires with emerging security issues that they're not having the opportunity to focus on architecture and building a better foundation for providing security to operations, even if they know that's the case," said Gerald Charles Jr., executive advisor for the Internet Business Solutions Group at Cisco.
"As a result, they're telling us that they want more integration and embedded services among security and network technologies so that they can become more proactive in their approach," he said. "Some will wait for the big implosion, where they have to respond after the fact, to get what they need, but others are truly looking to evolve their security infrastructure today to prevent the ticking time bomb from going off."
Among the technological issues that those interviewed for the report find most frustrating in advancing their efforts were a lack of collaboration among standalone products (50 percent), a shortage of integrated reporting tools in individual products (39 percent), and a scarcity of proactive response capabilities (35 percent).
One of the most troubling trends in the eyes of the federal security experts was the rise of Web 2.0 applications, such as social networking sites, which could potentially be used to post sensitive data and evade other data-filtering protections.
Potential security issues connected to Web 2.0 were cited by more than 40 percent of respondents as a top concern with file sharing, remote access and application compatibility listed by respondents along with the use of social networking sites like MySpace.
In terms of more traditional malware threats, botnet programs and spyware were cited as the leading problems with 56 percent of respondents listing the virus programs at the top of their current concerns.
This year marked the first time that botnets were added to the list of options that respondents could choose from.
"It's somewhat surprising that botnets and spyware jumped to the top of the list even though this is the first year they've been included," said Dave Graziano, manager of federal sales and security at Cisco. "But we're also hearing a lot from our customers about their concerns with these threats, based largely on some of the malware and denial-of-service attacks that have already affected the federal sector."