Cyber warfare may seem more the focus of science fiction movies and relatively obscure Congressional panels, but a new survey indicates most Americans take the threat of cyber attacks seriously.
In the latest Unisys (NYSE: UIS) Security Index released Wednesday, 61 percent of Americans surveyed said they would support giving the government the authority to use an Internet "kill switch" that would cut off access to the Internet in response to a cyber attack.
While certain IP addresses have been cut off in the course of criminal investigations, development of an actual kill switch to shut down significant portions of the Internet would be a significant undertaking, according to Patricia Titus, vice president and chief information security officer at Unisys.
"I've talked to Homeland Security officials about it and given where the relationship between the legislature and ISPs stands today, a lot of hurdles would have to be crossed before you could turn off significant segments of the Internet," Titus told InternetNews.com.
"The other component is that a whole lot of people need to sit at the table to determine what constitutes cyberwar versus cyber espionage," she added.
The Unisys Security Index is conducted twice a year and surveys consumers in the U.S. and ten other countries on security issues. Over a thousand U.S. consumers responded to the survey.
A specific breakout
U.S. responses shows most consumers have adopted security and other measures to guard against identify theft, but fall short in some key areas.
For example, 80 percent of those surveyed said they regularly limit access to personal information posted to social media sites and also make use of privacy settings. Almost three-quarters (73 percent) said they regularly update antivirus software to keep their systems protected.
But the results indicate most are taking less than thorough security measures when it comes to mobile devices. For example, only 37 percent said they regularly use and update passwords on their mobile devices. Also, only 46 percent said they regularly update "hard-to-guess" passwords on their computers.
Earlier surveys by security firms have highlighted the need for better password protection, noting the frequent use of password terms like "password" and the user's last name that are easy to figure out.
A wake up call to enterprises?
"As millions of consumer devices, such as mobile phones continue to penetrate the workplace, the survey’s finding on consumers’ inattention to securing mobile devices should serve as a wake-up call for consumers and enterprises to actively pursue measures to protect the information exchanged with and residing on these devices," Mark Cohn, vice president of enterprise security at Unisys, said in a statement. "Enterprises, as well as the manufacturers of mobile devices, should take steps to ensure that sensitive data protection is enabled by default and is as simple and convenient as possible."
U.S. consumer's concerns related to some areas of cybersecurity actually show a decline. For example, 34 percent said they were "not concerned" about computer security issues related to viruses and spam, the highest percentage since the first Index was release in 2007.
Titus said that while software security vendors generally do a good job, it's a mistake for consumers to think that just because they have a security package or service running that they're immune from attack.
"The green light and indicators that say everything is working can provide a false sense of security," she said, admitting it's hard to guard against what's proved to be an evolving series of security threats.
"If you ask me what keeps me awake at night, one of the things is advances in quantum computing that have the ability to break all our encryption," said Titus.
The percentage of consumers concerned with online shopping and banking online also dropped significantly. Only 34 percent said they were "seriously concerned" about the security of banking and shopping online -- that's down from 43 percent in February.
David Needle is the West Coast bureau chief at InternetNews.com, the news service of Internet.com, the network for technology professionals.
Keep up with all the latest cybersecurity news--follow eSecurityPlanet on Twitter @e
Wednesday, October 27, 2010
Subscribe to:
Post Comments (Atom)
Posts
I disagree with the need for the government to develop an Internet kill switch. While a kill switch may be appropriate for the government's own systems, to be able to shut down non-government systems would be a severe overstep. Besides being an obvious target of abuse, this ability would also set a dangerous precedent for Internet censorship - it's not just governments like China that do it, Australia censors the Internet as well.
ReplyDeleteFurthermore, why should the government be able to shut down the Internet but not the telephone networks as well? And while it is true that the government can take over broadcast television and radio in an emergency, that has more to do with the fact that the wireless spectrum these broadcasts occur over is considered a public trust, while the Internet is not.
Finally, much of the article focuses on security vulnerabilities that, in the event of a cyberwar, would not be important. I highly doubt that an aggressor would be overly concerned with data mining information from Facebook.
I agree with kli1's statement that the kill switch would be overkill. If the government needs to shut down its systems than that seems acceptable but taking away internet access from the entire United States would be extremely excessive. Today, many people's lives revolve around having internet access and with that they volunteer to be at risk for internet hacks and security breaches. It is a voluntary choice to use the internet an put private information on computers. These same users can choose to protect this information at whatever level of security they desire. That is why it is important to choose passwords that contain both upper and lower case letters, numbers, and symbols. Users should also avoid repeating passwords for different applications. I think that individuals and business are personally responsible for maintaining secure information and the government should not be able to turn off access to the internet.
ReplyDelete