Cyber security is weakest link in state preparedness, according to FEMA survey

FEMA's Fugate

Although states have made huge strides in emergency and natural disaster preparedness, they’re still vulnerable to cyber disasters, according to the Federal Emergency Management National Preparedness Report released on May 4.

The report said the nation had made “significant progress” in prevention, protection, mitigation, response and recovery in its collective preparedness for external, as well as natural and technological hazards.

“This Report illustrates areas of national strength to include planning, operational coordination, intelligence and information sharing, and other response related capabilities,” said FEMA Administrator Craig Fugate when the report was released. “As we continually assess and aim to meet the full vision of the National Preparedness Goal, we must continue to build on the significant progress to date and address identified opportunities for improvement.”

One of those areas for improvement was Cyber security, which the report said "was the single core capability where states had made the least amount of overall progress.”

The study said despite progress across core areas like planning and operational coordination for natural disasters, information sharing among intelligence agencies on terror activity, the NPR found that states indicated in the survey that underlies the report that Cyber security was their weakest core capability.

It’s a critical weakness, as the NPR noted that Cyber attacks, network breaches and information theft is skyrocketing. It said U.S. Computer Emergency Readiness Team (US-CERT) reported an increase of over 650-percent in the number of Cyber incidents reported by federal agencies over a five-year period  --  from 5,503 in FY 2006, to 41,776 in FY 2010. Almost two-thirds of U.S. firms, it said, have reported they have been the victim of Cyber security incidents or information breaches. It added that the problem is probably underreported with only 50 percent of company owners and operators at “high priority facilities” participating in the survey saying they report Cyber attacks to external parties.

It said despite progress in infrastructure collaboration and reporting initiatives, government Cyber tasks forces coordinated by DHS and the Defense Department, Cyber security core capabilities were the area that states had made the least amount of overall progress, with an average capability level of 42 percent.

DHS’s 2011 Nationwide Cybersecurity Review, it said, showed gaps in Cyber-related preparedness among 162 state and local entities. It said although 81 percent of respondents adopted Cyber security control frameworks and/or methodologies, 45 percent said they hadn’t implemented a formal risk management program. It added that two-thirds of respondents hadn’t updated information security or disaster recovery plans in at least two years and challenges probably cut across all sectors.