Security a Weak Link for States

Wednesday, May 9, 2012 @ 11:05 PM gHale


Although states have made huge strides in emergency and natural disaster preparedness, they’re still vulnerable to cyber disasters, said a Federal Emergency Management (FEMA) National Preparedness Report.

The nation has made “significant progress” in prevention, protection, mitigation, response and recovery in its collective preparedness for external, as well as natural and technological hazards, the report said.

RELATED STORIES
Security First; Not in Smart Grid
Smart Meters Getting Smarter
Energy Report: Poor Smart Meter Security
Feds: Grid Security Needs a Boost

“This Report illustrates areas of national strength to include planning, operational coordination, intelligence and information sharing, and other response related capabilities,” said FEMA Administrator Craig Fugate. “As we continually assess and aim to meet the full vision of the National Preparedness Goal, we must continue to build on the significant progress to date and address identified opportunities for improvement.”

One of those areas for improvement was cyber security, which the report said “was the single core capability where states had made the least amount of overall progress.”

The study said despite progress across core areas like planning and operational coordination for natural disasters, information sharing among intelligence agencies on terror activity, the NPR found cyber security was state’s weakest core capability.

It’s a critical weakness, as the NPR noted cyber attacks, network breaches and information theft is skyrocketing. It said U.S. Computer Emergency Readiness Team (US-CERT) reported an increase of over 650 percent in the number of cyber incidents reported by federal agencies over a five-year period — from 5,503 in FY 2006, to 41,776 in FY 2010. Almost two-thirds of U.S. firms, the report said, have reported they have been the victim of cyber security incidents or information breaches. It added the problem most likely ends up underreported with 50 percent of company owners and operators at “high priority facilities” participating in the survey saying they report cyber attacks to external parties.

Despite progress in infrastructure collaboration and reporting initiatives, government cyber tasks forces coordinated by DHS and the Defense Department, cyber security core capabilities were the area that states had made the least amount of overall progress, with an average capability level of 42 percent, the report said.

DHS’ 2011 Nationwide Cybersecurity Review, it said, showed gaps in cyber-related preparedness among 162 state and local entities. It said although 81 percent of respondents adopted cyber security control frameworks and/or methodologies, 45 percent said they hadn’t implemented a formal risk management program. It added that two-thirds of respondents hadn’t updated information security or disaster recovery plans in at least two years and challenges probably cut across all sectors.



Leave a Reply

You must be logged in to post a comment.