IT systems in both the public and private sectors are woefully unprepared for an environment in which cyberthreats are becoming more constant and complex, according to Curtis Dukes, director of the National Security Agency’s Information Assurance Directorate.
Dukes, speaking at the recent Cyber Resilience Summit hosted by the Consortium for IT Software Quality, gave disappointing grades for the nation’s cybersecurity. The government’s national security systems — his primary customers — are at 70 to 75 percent, a C, he said. The government as a whole receives only a D, and the nation as a whole, including industry, gets a failing grade.
“We’re never going to be 100 percent effective, no matter how good we are,” he said, but there are ways to improve.