A newly released survey of 515 IT security professionals is giving government officials a no-confidence vote in terms of their ability to understand digital threats, practice cyber hygiene and legislate encryption policies.
Conducted during last August's 2018 Black Hat cybersecurity conference by researchers at Venafi, the survey found that 63 percent of respondents believe government officials fail to understand the cyber risks targeting digital infrastructure, while 67 percent think officials also do not comprehend the cyber risks affecting physical infrastructure.
To address this issue, an overwhelming 88 percent of survey respondents said that government officials should be required to complete a basic cybersecurity training course. Another eight percent said such measures are only necessary if the officials are drafting cyber regulations or legislation, while only four percent said training wasn't necessary.
Roughly two-thirds of survey-takers, 66 percent, agreed that governments should not be able to compel companies to grant them access to their encrypted user data. And 65 percent believe that if governments were to mandate encryption backdoors, election data security would suffer as a result. (On the other hand, 16 percent said election data security would improve while 19 percent think it would stay the same).
“Over the last several months, we’ve seen government officials from across the globe propose dangerous surveillance laws and protocols,” said Jeff Hudson, CEO of Venafi, in a blog post. "They don’t seem to realize that the same encryption technology that creates barriers for law enforcement is also used to protect all types of classified intelligence and other highly sensitive government data. A backdoor sounds great until a malicious actor gets the key, which they always do.”