Security, funds occupy CIOs' minds

TechAmerica’s annual federal CIO survey usually does a good job of identifying what’s on the minds of federal IT professionals. The latest survey, released earlier this month, finds the IT community worried about costs as budgets dwindle and concerned about cybersecurity as threats grow.

“I was pleased that cybersecurity was listed first, and not budget,” on the ranking of priorities, said Teri Takai, CIO at the Defense Department, in a panel discussion at a TechAmerica conference associated with the report. “At DOD, cybersecurity is the No. 1 priority.”

DOD is transitioning away from protecting systems at the perimeter and moving toward redesigning systems, moving them to the cloud and managing data differently, Takai said, as quoted in Alice Lipowicz’s article in Federal Computer Week.

The two priorities are intertwined, of course. With less money to spend, investing in cybersecurity becomes more difficult. According to some analysts, the people who control agency purse strings might see cyber threats as remote, almost invisible, until a successful attack belatedly shows its importance.

“IT security isn't easy to pull off, especially when IT and IT security groups don't get the support of their non-tech bosses,” wrote Eric Chabrow in “The Public Eye” blog at GovInfoSecurity.com. “Risk, as the report points out, is a difficult [concept] for most people to grasp, but it is one that is important to convey to users, executives and, in the federal government, to Congress.”

Kenneth Corbin, writing at CIO.com, pointed out that prioritizing the funds that are available for cybersecurity is important.

He noted that cyber threats include “attacks from outside entities and internal risks, such as lost or stolen laptops, sharing passwords and other lax security practices or employees who shift roles but retain access to sensitive information from their former position. Some respondents pointed to an imbalance that sees the majority of some agencies' cybersecurity resources directed toward external threats, while most serious data breaches are attributed to internal factors.”

Enhancing the 25-point plan

One section of the survey report lists the respondents’ suggestions for improving the Obama administration’s 25-Point Implementation Plan to Reform Federal IT Management. Here are the recommendations.

• Shift from a policy focus and measure tangible successes instead.
• Group the plan into key focus areas because it is too hard to do justice to all 25 points.
• Return to a focus on lines of business as was done before 2009, such as human resources, finance and payroll, which would give a boost to cloud computing and shared-services initiatives.
• Work closely with the President’s Management Council when doing investment reviews.
• Encourage government entities to be ruthless in setting priorities, as private companies are.
• Provide seed money for some initiatives that will generate long-term savings but have short-term costs not tenable in the current budget crunch.
• At the Office of Management and Budget, develop a better partnership among the federal CIO, chief financial officer and chief procurement officer.
• Encourage Congress to fund more projects on a two-year basis.
• Require OMB to do more cost/benefit analyses on implementing the plan.
• Pick activities that can be done in one year and be ready to regroup because “there will be changes at the top regardless of the political views of the administration.”