As you’ll recall, the White House published an Executive Order (EO) on Improving the Nation’s Cybersecurity back in May 2021. The EO issued several commands such as creating a Cyber Safety Review Board to lead post-incident analysis of significant security events and requiring software developers to make data about their solutions publicly known. The directive also emphasized the importance of moving the federal government to secure cloud services and zero-trust architecture as well as protecting federal systems with encryption, multi-factor authentication (MFA), and other foundational security controls.

It’s been several months since the EO came out. Considering that span of time, many of us at Tripwire found ourselves wondering the following question: How is the federal government doing with the security of its systems and data?

To find out, Tripwire commissioned Dimensional Research to survey 306 security professionals including 103 individuals working for a United States federal government agency with direct responsibility for the security of their employer. Their responses help to provide insight into the current state of federal security and where there’s room for improvement.

A Curious Dichotomy

In its survey, Tripwire found that more than half (56%) of federal security professionals believed federal agencies were doing a better job securing their systems than personnel at non-governmental organizations. A third of security professionals working at critical infrastructure organizations said they felt the same.

Not everyone agreed on this point. Indeed, nearly half (46%) of survey participants working at non-federal organizations felt that federal agencies did a worse job with securing their systems than their employers. It was even higher among critical infrastructure respondents at 50%.

Struggling to Keep Up

Federal respondents aren’t pretending that their organizations security is perfect, however. On the contrary, 24% said that they’re falling behind. When asked why they thought this was (Read more...)