NCJ Number
197434
Date Published
2002
Length
49 pages
Annotation
In response to a Presidential Decision Directive (PDD63), the Library Evaluation/Analysis Unit of the Research and Analysis Center conducted a survey during May 2000 to obtain information from law enforcement agencies about their vulnerabilities to cyber attack.
Abstract
This survey of small (less than 50), medium (50-499), and large (500 and more) agencies achieved a response rate of 74 percent from the law enforcement agencies that participated in reports for the 1998 Uniform Crime Report database. More than half of the agencies reported that information security is a factor in their budget process. Unauthorized intrusions to information systems were experienced by 79 (6 percent) of the agencies; the majority of intrusions did not result in any detectable damage. More than half of the agencies that experienced intrusions reported they enhanced their security following an actual or suspected intrusion. Password and user IDs and fire walls were the primary means used by agencies to control outside access to information systems. Agencies also relied on employee awareness and training as well as physical security (locks, alarms, and access controls) to provide security. Agencies use an internal employee or an internal systems administrator for information security within their agency. Agencies perceived their greatest security problems to be lack of funding for security, lack of technical training expertise, lack of employee awareness and education, and lack of dedicated staff. All agencies are planning information system/application upgrades within the next 12 to 18 months. Survey information also encompasses the types of information networks and software being used by the responding agencies. 1 figure, 12 tables, and appended survey materials and supplementary data