|
Results of
ERRI/EmergencyNet News Local/County/State Computer "Hacking"
Survey-May/June, 1999 Principal Researcher: Emergency Response & Research Institute, Chicago, IL. 19
July 1999
|
· In your opinion, is "Hacking" or "Cracking" of
local emergency service/government dept./agency/offices a problem??
Raw
score Percentage of
Respondents
Yes, I
think it is 110 62.8%
No, I don't
think so 55
31.4%
Unknown or
no opinion 9
5.1%
· To your knowledge, has your dept./agency/office has been the victim of
an unauthorized intrusion or attack on your computer system(s)??
Raw score Percentage of Respondents
Yes, I
believe so... 45
25.7%
No, I don't
think so... 99
56.5%
Unknown, or
no opinion 30
17.1%
· To your knowledge, has anyone in your dept./agency/office been the
victim of a computer virus??
Raw score Percentage of Respondents
Yes
145 82.8%
No
25 14.2%
Unknown or
no opinion 5
2.8%
· Does your dept./agency/office have a webpage that is accessible to the
public??
Raw score Percentage of
Respondents
Yes 165 94.2%
No 5 2.8%
Unknown or
No Opinion 5 2.8%
· Does your dept./agency/office regularly use electronic mail to respond
to citizen inquiries or complaints??
Raw score Percentage of Respondents
Yes
104
59.4%
No 71 40.5%
Unknown or
no opinion 0 0.0%
· Do you believe that "Hacking" or "Cracking" of
local, county or state dept./agency/offices will become more of a problem in
the future??
Raw
score
Percentage of Respondents
Yes 149 85.1%
No
9 5.1%
Unknown or
no opinion 16 9.1%
· In your opinion, will
"Cyber-terrorism"/"Netwar"/"Information Warfare"
affect your dept./agency/office
Raw score Percentage of Respondents
Yes, I
think so
152 86.8%
No, I
don't think so 12
6.8%
Unknown or
no opinion 11 6.2%
· What is your rank/position in your dept./agency/office??
Raw score Percentage of Respondents
Chief/Administrator/Supervisor 94 53.7%
Technology
professional 41 23.4%
First-line
Responder 16
9.1%
Other
25
14.2%
· In your opinion, should more research about "computer
attacks" on local, county, or state dept./agency/offices be conducted??
Raw score Percentage of Respondents
Yes, it is
warranted
149
85.1%
No, there
is no need 16
9.1%
Unknown or no opinion 10 5.7%
· I would like ERRI to send me a copy of the accumulated results of this
survey by e-mail??
Raw score Percentage of
Respondents
Yes, please send it to me 142 81.1%
NO, Do not send it to me 13 7.4%
No need, I'll read it on the website 21 12.0%
ERRI Study Parameters and
Explanations
·
To
the best of our knowledge, this is the first survey of local/county/state
agencies ever completed in regard to "hacking"/"cracking,"
viruses, and other computer security issues. A total of 175 respondent
questionnaires were tabulated. They were received by the Emergency Response
& Research Institute during the months of May and June, 1999.
·
The
survey is accurate within +/- 4%.
Percentages are rounded to the nearest tenth of percent and summary results may
add up to more or less than 100% due to the fact that some respondents did not
answer some questions and/or provided more than one answer to others.
· This survey should not be
considered a strictly "scientific study" as there was no
"blind" sampling or non-voluntary participation. All survey
respondents did so by means of completion of a javascript webpage, via e-mail,
or by fax.
ERRI Examination and
Analysis
·
Most
interesting to reviewers of the data is the fact that only a little more than
half (62.8%) of respondents reported that they believed that computer
"hacking/cracking" is a problem. Apparently, about 1/3 of respondents
(31.4%) don't believe that this issue is currently a problem.
·
More
startling is the fact that 82.8% of respondents reported being the victim of a
computer virus. This is a significant percentage of respondents and may
indicate a lack of effective anti-virus software or "unsafe computing
practices" on the part of survey participants. This percentage, in and of
itself, should probably prompt system chiefs/administrators to reexamine system
software and policy issues relating to computer viruses.
·
Also
of note to ERRI analysts was the fact that 94.2% of respondents reported that
they have a website that is used to communicate with the public. This high
percentage may be due to the fact that survey participants are from those
agencies already using computers and readily aware of the value of
website-based public information and education. Our preliminary evaluation might suggest that this percentage of
overall system web participation might be far lower if this survey were broader
and conducted via U.S. mail or some other non-electronic means.
·
Far
fewer of the respondents (59.4%) reported using e-mail to respond to comments
or complaints from the public. This may be indicative of local legal
constraints or a more traditional management view that complaints should be
answered in person or by U.S. mail. Additionally, at least some emergency
system administrators may try to limit the submission of complaints or comments
by e-mail, because it makes the complaint process "all too easy" for
"crank" or "hoax" complainants.
·
When
participants were asked if they believed that "hacking/cracking" will
become more of a problem in the future, an overwhelming majority (85.1%)
reported that they believed it would. Further, an even greater percentage
(86.8%) indicated that they believed that
"Cyber-terrorism"/"Netwar"/"Information Warfare"
will affect them in the future.
·
A
majority (53.7%) of the respondents to the survey reportedly were Chiefs,
Administrators, or Supervisors, while only about a quarter (23.4%) of them
called themselves " technology professionals." One must wonder if the results would remain
constant if a greater percentage of IT (Information Technology) personnel were
completing the survey.
·
A
large percentage (85.1%) of respondents said that they believe that "more
research" should be conducted in regard to this issue. We couldn't agree
more, and believe that a more extensive study, with a greater number of
participants, is now warranted. While this preliminary review appears to
provide some answers in regard to the current state of computer security in
emergency service agencies, it is by no means a definitive indicator.
Recommendations:
It
is respectfully suggested that additional, and more thorough, studies of this
type are needed and must be funded by appropriate authorities. The preliminary
results contained herein would seem to indicate that computer
attacks/hacking/cracking of emergency and governmental agencies will only
increase in the future. Recent trends, as reported by any number of computer
security professionals, would seem to reach a similar conclusion.
As
more and more emergency and government agencies embrace and exploit internet
technologies for their own benefit, they also become more vulnerable to the
associated dangers of the "on-line" world. These preliminary results
would suggest that it is prudent for emergency managers to implement the
necessary changes in internal computer policies and procedures that will serve
to protect their infrastructure.
Finally,
this study should point out that each and every individual computer user must
play a key role in the safe operation and security of government and emergency
service computer systems. The computer operator and his/her awareness of these
issues are the first line of defense in preventing computer operating system
damage, compromise, or data loss.
Suggested Reading:
1.
06/02/99-08:30 CDT: "Netwar:
F0rpaxe Claims Credit For Government/Corporate Computer Attacks," By
Staten, C. L. , available on the world-wide-web at: http://www.emergency.com/1999/fonetwar.htm
2.
Information Warfare and Security, by Dorothy E. Denning, published by Addison,
Wesley, Longman, Inc.
3.
"Asymmetric Warfare, the Evolution and Devolution of Terrorism; The Coming
Challenge For Emergency and National Security Forces," Journal of
Counterterrorism and Security International, Winter, 1999 edition, Vol. 5, No.
4, Pg. 8-11 and on the internet at: http://www.emergency.com/asymetrc.htm
4.
"Insurgency on the Internet; Hackers Target More Federal Computers,"
CNN, on the internet at:
http://www.cnn.com/TECH/computing/9906/01/hackers/index.html
5.
"Pentagon Computers Under Attack??", By Staten, C. L., available on
the internet at: http://www.emergency.com/1999/iw-atk99.htm
6.
"Countering the New Terrorism," by John Arquilla, David
Ronfeldt, and Michele Zanini, Pg. 41, Rand Corporation, on the internet at: http://www.rand.org/publications/MR/MR989/MR989.pdf/
Prepared
by:
Emergency
Response & Research Institute
EmergencyNet
News Service
6348
N. Milwaukee Ave., #312
Chicago,
IL, USA, 60646
(773)
631-3774 - Voice/Messages
(773)
631-4703 - Facsimile
webmaster@emergency.com
- E-Mail
http://www.emergency.com
- Main WWW page