The report, <em>Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure,</em> is based upon data gathered from a survey of 285 security professionals working at organizations that operate in the 18 industries designated as "critical infrastructure" by the DHS.
The report, found that 68 percent of the critical infrastructure organizations surveyed have experienced at least one security breach in the past 24 months, and 13 percent suffered more than three security breaches in the past 24 months. Twenty percent of respondents working at critical infrastructure organizations rated the effectiveness of their organization s security policies, procedures, and technology safeguards as either "fair" or "poor."
Seventy-one percent of the critical infrastructure organizations surveyed believe that the security threat landscape will grow worse in the next 24-36 months--26 percent believe it will be "much worse."
The research also focused specifically on the cyber supply chain policies, processes, and technical safeguards used by critical infrastructure organizations. The report uncovered that only a small subset of the critical infrastructure organizations surveyed employ cyber supply chain security best practices--therefore many of these firms face an increased risk of a cyber supply chain attack that could impact business operations and service delivery to the public.
Survey respondents were also asked for their input on the cybersecurity role of the U.S. Federal Government. A vast majority (71 percent) of respondents believe that the Federal Government should be more active with cybersecurity strategies and defenses--31 percent believe that the government should be significantly more active. Respondents suggested that the Federal Government should engage in actions like doing a better job of sharing security information and providing incentives like tax credits to organizations that invest in cybersecurity.