A Jan. 9 report from the Pew Research Center shows that many Americans think the United States is prepared to handle a cyberattack.
The nonpartisan fact tank surveyed 27,612 respondents from 26 countries, including South Korea, Argentina and France, between May 14 and Aug. 12, 2018 to track civilian perception of government readiness to handle a major cyberattack. A collective 47 percent of participants stated that their country is prepared for a cyberattack. In the United States, more than half (53 percent) of Americans indicated their confidence in their country’s preparedness.
Some countries expressed high levels of confidence, such as Israel and Russia (at 73 percent and 67 percent respectively). Others are not as confident that their country can handle a cyberattack, particularly residents of Brazil and Argentina (16 and 9 percent respectively).
In the U.S., political affiliation played a part in perception, with Republicans and Republican-leaning independents appearing far more likely (at 61 percent) to indicate confidence in the cybersecurity efforts of the party in power than their Democratic counterparts (at 47 percent).
Out of all of the countries surveyed, the United States was the country in which most people stated that cyberattacks will happen. Eight-three percent of Americans stated that public infrastructure will suffer damage, 82 percent said that national security information will be accessed and 78 percent said that elections will be tampered with via cyberattack.
There also exists a partisan gap with regard to a potential election cyberattack. Eighty-seven percent, or close to nine in 10 Democrats say that an election cyberattack is likely, compared with 66 percent of Republicans. Democrats are more worried, at 86 percent, about sensitive national security information being accessed, when compared to 79 percent of Republicans.
On a more objective front, strengthening cybersecurity continues to be a focal point for the U.S. federal government. President Donald Trump released the National Cyber Strategy in September 2018, identifying key actions to enhance the security needed in all aspects of cybercommunication, including offensive strategies. However, there has been concern about cybersecurity due to the recent partial government shutdown, including trepidation over the number of furloughed workers in cybersecurity and competition for workers in the private and public sectors.
Governmentwide, cybersecurity is something that both large and small agencies grapple with. The Defense Department (DoD), for example, has fallen short of the cybersecurity standards set out in the National Institute of Standards and Technology (NIST) Cybersecurity Framework that was issued in April 2018.
The DoD inspector general issued this summary on Jan. 9 after conducting a review from July 1, 2017 to June 30, 2018 under the annual reporting requirements of the Federal Information Security Modernization (FISMA) Act. In the report, the DoD IG noted that while certain corrective actions were implemented, “as of September 30, 2018, there were 266 open cybersecurity‑related recommendations, dating as far back as 2008.”
The report summary states that “the DoD needs to continue focusing on managing cybersecurity risks related to key areas: governance, asset management, information protection processes and procedures, identity management and access control, security continuous monitoring, detection processes, and communications. The most weaknesses were identified in the area of governance, which allows for communication between employees and management about cybersecurity risk. Those discussions focus on “the policies, procedures, and processes to manage and monitor the organizations regulatory, legal, risk, environmental, and operational requirements.”
If governance is lacking, DoD cannot be sure of its ability to identify threats to cybersecurity. Although the Pew study indicated that the majority of Americans were confident in America’s ability to withstand a cybersecurity attack, government agencies still have work to do when it comes to improving overall cybersecurity.