While the nation has made strides in preparing for a wide range of potential disasters, state and local officials said they feel least prepared for an emerging threat: a cyber attack.
Cybersecurity "was the single core capability where states had made the least amount of overall progress," according to the annual National Preparedness Report released Thursday by the Federal Emergency Management Agency, or FEMA. Less than half of state and local officials thought their cybersecurity was sufficient, according to the survey. In particular, about two-thirds said they had not updated their cybersecurity plans in the last two years.
The report, commissioned by President Barack Obama's administration, assessed how prepared the nation would be in the event of a natural disaster or terrorist attack. It surveyed government agencies, companies, nonprofit groups, faith-based organizations, communities and individuals.
"Demonstrable progress" has been made in some key areas, according to the report. The survey's respondents said they were most confident in their ability to deploy public health and medical services in a disaster. They were least confident in their ability to secure the nation's computer networks from attack, the survey found.
Many security experts worry about a potential cyber attack against the nation's critical infrastructure. If hackers could shut down the power grid or the transportation sector, it would not only be devastating to the economy, but it could cost lives, they said.
Yet the report found that only half of operators at "priority facilities" said they publicly report cyber threats against their computer networks.
Nearly two-thirds of U.S. companies said they have been victims of cybersecurity incidents or data breach. The number of cyber incidents reported by federal agencies over a five-year period spiked, increasing from 5,503 cyber incidents in 2006 to 41,776 in 2010, the report said. Trends point to "cyber criminals’ continued focus on stealing customer records, including personally identifiable information, payment card data, email addresses, and other customer data."
The growing number of threats has sparked several cybersecurity initiatives in the government and private sectors, yet "stakeholders have an incomplete understanding of cyber risk, and inconsistent public and private participation in cybersecurity partnerships," the report said.
The survey's findings come as Congress debates legislation to strengthen the nation's computer security. Last week, the House passed legislation aimed at preventing hackers from stealing companies' intellectual property by improving information sharing between the government and private sector. The bill passed despite concerns that companies may share sensitive customer data, such as private emails, with the government, and infringe on privacy and civil liberties.
The Senate is expected to debate two cybersecurity bills in coming weeks. One bill, sponsored by Sen. Joe Lieberman (I-Conn.) and supported by Democrats and the White House, requires critical infrastructure to meet baseline security standards. Another bill, sponsored by Sen. John McCain (R-Ariz.) and supported by Republicans and the business lobby, does not focus on regulations, but instead on increased information sharing between the government and private sector.