Sprint leaders take a modest lap

Shutterstock image (by ToheyVector): Running man polygonal.


The agencies behind two of the biggest cyber sprint success stories are pleased with their achievement.

But they’re not exactly gloating about them.

Spokespersons for the General Services Administration and the Office of Personnel Management offered positive comments on their agencies cyber sprint performances, but agency leadership demurred on interviews.

“[W]e’re excited,” OPM spokesman Sam Schumach said of his agency’s two-factor authentication implementation improvement.

In the wake of the massive OPM breaches that sparked the government-wide cybersecurity refocus in the first place, OPM shot from 42 percent two-factor authentication implementation to 97 percent in just a few months.

But the leader on the results sheet published by federal CIO Tony Scott’s office: GSA.

GSA started from a position of strength, with 99 percent of non-privileged users subject to two-factor authentication at the sprint’s start in April.

But none of GSA’s privileged users were under the same stricture, something GSA had almost completely turned around by the end of July. Privileged user two-factor authentication rocketed from 0 percent to 96 percent at GSA over the course of the sprint.

“GSA leadership has made good investments in cybersecurity and will continue to do so to safeguard our data assets,” said GSA spokeswoman Teressa Wykpisz-Lee. “In addition, we will continue to work very closely with [the Homeland Security Department], other agency partners, and the rest of the cybersecurity community to ensure we are doing all we can to protect these assets.”

“It is surprising – and pleasing – to see such significant progress,” said Paul Christman, VP of Federal at Dell Software, of the cyber sprint. “These results clearly show that agencies have the ability to successfully put the right security measures in place.”

He cautioned against labeling some agencies winners and others laggards, given the diversity of the agencies involved and their varying cybersecurity starting points.

He also noted that two-factor authentication isn’t the end-all, be-all.

“Two-factor authentication is an essential part of identity and access management (IAM) – but only one piece of the complex cybersecurity puzzle,” Christman said. The cyber sprint focused on HSPD-12 driven personal identification verification (PIV) card usage, but we cannot confuse this with complete access control.”

“Effective IAM governs data access and ensures not only that the right people have access to appropriate devices, but also the right information, at the right time,” he added. “The next steps need to go beyond IAM, using the initial efforts as a starting point for end-to-end security and utilizing other security elements outlined by the sprint.”

“Of course work isn’t done yet,” noted OPM’s Schumach, echoing the oft-repeated notion that cybersecurity is a marathon, not a sprint.

“GSA understands that additional and continued investments in cybersecurity will be needed as time goes on, and we are committed to adjusting our strategy to appropriately safeguard our data assets against ever-changing cybersecurity threats,” added Wykpisz-Lee.

Federal CIO Tony Scott, the man who ordered the sprint, has said he’s pleased with the results.

And for OPM, the agency at the center of it all, Scott said Aug. 11 that embattled CIO Donna Seymour should not follow her former boss, Katherine Archuleta, out the door.

“If you look at the pace of change they’re [Seymour and her IT team] driving at OPM and look closely, they’re doing a pretty darn good job,” Scott remarked.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.