WASHINGTON (AP)— Leaders from across the District of Columbia municipal government gathered last April for a summit on cybersecurity, where they agreed in writing on the need to improve computer safety training for its workers. Yet nearly a year later, no organized, across-the-board training is offered for employees even though electronic data theft from governments is on the rise.
Information technology experts see training as a vital component of cybersecurity and D.C. officials acknowledge their own employees should be better educated on computer use, especially as governments face increasingly sophisticated cyber-threats and as human errors have contributed to widespread data breaches.
But officials say they’ve put plans for such training on the back-burner while they continue efforts to improve network security, including through new tools and products as well as additional levels of monitoring and inspection. Those improvements are more efficient and longer-lasting than educating thousands of workers who may not be in their jobs permanently, contends Rob Mancini, the District’s chief technology officer
“You don’t start talking about what people should do unless you know you’ve got protections in place to help,” Mancini said in an interview. “You don’t go educating users until you’ve got something behind it.”
The federal government has identified cybersecurity as a critical priority, unveiling new efforts to fight the theft of trade secrets and discourage intellectual property theft. In his State of the Union address, President Barack Obama urged Congress to pass legislation to help protect computer networks from attack and warned that American enemies are exploring ways to sabotage the power grid, financial institutions and air traffic control system. Companies including Facebook, Twitter, Microsoft and Apple have been recently hacked, as have financial services companies that maintain credit card account information.
State governments, repositories of personnel information, financial data, emergency operations plans, health care records and other documents, are particularly vulnerable targets. A 2012 study by the Deloitte consulting firm and the National Association of State Chief Information Officers found that less than a quarter of the state information security chiefs felt confident in their state’s ability to protect data from an outside threat.
D.C. officials, recognizing the problem, organized an exercise last April to gauge the government’s cyber-attack readiness.