Sprint leaders take a modest lap

Shutterstock image (by ToheyVector): Running man polygonal.


The agencies behind two of the biggest cyber sprint success stories are pleased with their achievement.

But they’re not exactly gloating about them.

Spokespersons for the General Services Administration and the Office of Personnel Management offered positive comments on their agencies cyber sprint performances, but agency leadership demurred on interviews.

“[W]e’re excited,” OPM spokesman Sam Schumach said of his agency’s two-factor authentication implementation improvement.

In the wake of the massive OPM breaches that sparked the government-wide cybersecurity refocus in the first place, OPM shot from 42 percent two-factor authentication implementation to 97 percent in just a few months.

But the leader on the results sheet published by federal CIO Tony Scott’s office: GSA.

GSA started from a position of strength, with 99 percent of non-privileged users subject to two-factor authentication at the sprint’s start in April.

But none of GSA’s privileged users were under the same stricture, something GSA had almost completely turned around by the end of July. Privileged user two-factor authentication rocketed from 0 percent to 96 percent at GSA over the course of the sprint.

“GSA leadership has made good investments in cybersecurity and will continue to do so to safeguard our data assets,” said GSA spokeswoman Teressa Wykpisz-Lee. “In addition, we will continue to work very closely with [the Homeland Security Department], other agency partners, and the rest of the cybersecurity community to ensure we are doing all we can to protect these assets.”

“It is surprising – and pleasing – to see such significant progress,” said Paul Christman, VP of Federal at Dell Software, of the cyber sprint. “These results clearly show that agencies have the ability to successfully put the right security measures in place.”

He cautioned against labeling some agencies winners and others laggards, given the diversity of the agencies involved and their varying cybersecurity starting points.

He also noted that two-factor authentication isn’t the end-all, be-all.

“Two-factor authentication is an essential part of identity and access management (IAM) – but only one piece of the complex cybersecurity puzzle,” Christman said. The cyber sprint focused on HSPD-12 driven personal identification verification (PIV) card usage, but we cannot confuse this with complete access control.”

“Effective IAM governs data access and ensures not only that the right people have access to appropriate devices, but also the right information, at the right time,” he added. “The next steps need to go beyond IAM, using the initial efforts as a starting point for end-to-end security and utilizing other security elements outlined by the sprint.”

“Of course work isn’t done yet,” noted OPM’s Schumach, echoing the oft-repeated notion that cybersecurity is a marathon, not a sprint.

“GSA understands that additional and continued investments in cybersecurity will be needed as time goes on, and we are committed to adjusting our strategy to appropriately safeguard our data assets against ever-changing cybersecurity threats,” added Wykpisz-Lee.

Federal CIO Tony Scott, the man who ordered the sprint, has said he’s pleased with the results.

And for OPM, the agency at the center of it all, Scott said Aug. 11 that embattled CIO Donna Seymour should not follow her former boss, Katherine Archuleta, out the door.

“If you look at the pace of change they’re [Seymour and her IT team] driving at OPM and look closely, they’re doing a pretty darn good job,” Scott remarked.

About the Author

Zach Noble is a former FCW staff writer.


  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.