Letters to the editor
These letters are in response to an FCW.com survey question that asked, "What is the primary obstacle to improving information security at federal agencies?" (For poll results, visit www.fcw.com/results.asp.)
Effective Management Gets Results
The biggest hurdle to improving security is the same hurdle faced with improving any of the other areas of information technology or for implementing any new ideas, such as the 24 e-government initiatives.
It's not a lack of policy, planning, guidance, strategy or leadership, all of which are nothing more than individuals and committees who pontificate on need and value and provide reams of printed studies and directives. The lack lies in the old-fashioned management of these concepts, whereby these ideas are turned into reality at the agency level.
There is an old expression: my way or the highway. If these ideas are to be successful, this approach needs to be implemented in a fashion that involves picking a pilot project, implementing and demonstrating it successfully, and then mandating that agencies and groups either follow the plan or lose their funding.
This would accomplish two goals. First, a pilot would demonstrate that these ideas can be implemented successfully. Second, by mandating that this approach be used or else, agencies and government officials who are resistant would be forced to do something.
All too often the government comes out with bold ideas only to see them die on the vine due to resistance and the belief that sooner or later administration objectives and focus will change and they can then get back to business as usual. What gets measured gets done.
Policy, guidance, leadership and direction do not measure anything. Effective management does.
Mercury Interactive Corp.
Pay, Procedures Lacking
Information assurance/protection exists across the board in government, and no one is trying to consolidate that into a set of procedures.
Contact Alicia Clay at the Information Technology Laboratory's Computer Security Division at the National Institute of Standards and Technology if you desire to see the first proactive involvement I have seen that addresses these issues.
I served as an information systems security manager in the Navy and helped write the course of instruction. I would still be there if one could live comfortably in the government and do security.
The key then is directly relevant to the pay that the individuals responsible for the security receive. Compare it to the open market. How many former experts from the Defense Department are now experts in the open market? Probably 75 percent to 90 percent.
One Leader, One Security Policy
The primary issue here is the lack of a concerted, single-
focus effort headed by one person who has the authority to develop and implement, with the appropriate budget, a unified security policy. Without that, it doesn't much matter what else happens.
These letters are in response to an FCW.com poll question directed at state and local government IT leaders: "If your jurisdiction received a block grant for homeland security, how would you spend it?"
Equipment and Training
I live in a rural community, and there is a real need for equipment necessary to combat terrorist threats and/or events. Of course, there would also need to be funding for training in use of the equipment.
Squad Car Computers
We'd spend it on an in-car computer system that would help officers have the most updated information. Our department cannot afford to place computers in all of the squad cars, and we only have seven vehicles.
Using a radio system, every person with a scanner would be able to receive information. Also, information is not passed on as needed to officers (those on other shifts, days off, etc.).
Colona (Ill.) Police
The greatest need in this rural region is for the education of local officials and employees of the need for IT security procedures. If [local officials] don't believe that it is necessary, they can't be convinced to implement IT
SEDA-Council of Governments