FEMA: State, Local Officials Not Prepared to Respond to Cyberattack


A report by the Federal Emergency Management Agency (FEMA) finds that state and local government officials in the U.S. are pessimistic about their ability to respond to a cyberattacks. The National Preparedness Report (NPR) was commissioned by the Obama Administration. It found that, although the United States’ “portfolio of preparedness capabilities” has improved significantly in the post-9/11 era. Planning, cybersecurity was a “national area for improvement.”Despite the nation’s increased dependence on technology, certain stakeholders don’t properly understand the risks posed by cyber attack. In self-assessments, many states indicated that cybersecurity was the arena in which they possessed the lowest capability level. Problematically, the NPR cites the DHS’s 2011 Nationwide Cybersecurity Review, which highlighted gaps in the cyber-preparedness of 162 state and local entities. In that review, 45 percent of respondents admitted to not having a formal risk management program in place. In addition to that, two-thirds of respondents claimed that they had not updated their information security or disaster recovery plans in at least two years. According to findings from the U.S. Computer Emergency Readiness Team, there has been a 650 percent increase in cyber incidents over the past five years. Two-thirds of American firms admit to having been the victim of a data breach or other cybersecurity incident. Worse yet, just half of the owners and operators of high-priority facilities that responded in the Enhanced Critical Infrastructure Protection (ECIP) security survey said they report cyber incidents to third parties. [The New York Times notes](<http://www.nytimes.com/2012/05/04/us/politics/study-finds-concerns-on-readiness-for-cyberattacks.html?_r=1>) that the Obama Administration is attempting to push a bill through the Senate that would grant authorities to the DHS to issue regulations that would protect critical infrastructure. Of course, [the House recently passed the Cyber Information Sharing and Protection Act](<https://threatpost.com/cispa-passes-house-cacophony-groans-and-cheers-042712/>), but the Obama Administration has made clear its intention to veto that piece of legislation if it makes it through the Senate and to the President’s desk. You can download the FEMA report [here](<http://www.fema.gov/prepared/ppd8.shtm>).