Survey: Security is CIOs’ top challenge

Information security continues to be the leading priority and challenge for chief information officers because threats have become more complex, according to an annual survey of federal CIOs released today. Information technology infrastructure and IT management were also leading concerns in the survey, which Grant Thornton conducted for TechAmerica.

Security efforts have focused on complying with requirements, but security is a moving target, said Paul Wohlleben, a partner at Grant Thornton, at an industry event sponsored by TechAmerica. Some of the 53 CIOs who participated in the survey gauged their progress on information security by the number of vulnerabilities they reduced. Other CIOs relied on a strategic response to enterprise security, which required consolidated and standardized IT infrastructure and good IT management, the survey report states. The CIOs also said the efforts to fix security vulnerabilities were scattered.

“Security monitoring and operational activities must be done effectively,” Wohlleben said. “Our CIOs have said that’s not happening.” The Obama administration needs to establish a broad, comprehensive government response, he added.

CIOs should use industry best practices to move priorities forward, the report states. They include having strong leadership to drive change, focusing on priorities, demanding results and verifying those results.

President Barack Obama has used those best practices in introducing and beginning to implement the economic recovery and financial rescue packages, Wohlleben said, adding that he expects the administration to continue to do so as a matter of practice.

“They’ll use these attributes of good management and drive them down through the agencies,” Wohlleben said.

Agency IT officials who served on a panel at the TechAmerica event said agencies also face problems in establishing the IT processes and applications that are required for receiving money from the economic stimulus package. Beginning March 3, agencies that receive such funds must report how they spend their funds on www.recovery.gov, the Obama administration’s Web site for making the spending information available to the public.

Collecting spending data might be difficult if agencies have not implemented enterprise data applications and systems, said Jacquelyn Patillo, deputy CIO at the Transportation Department, which would receive $58 billion under the legislation. Patillo is looking for applications that already exist within the department and can be modified, she said.

The Office of Management and Budget has met with agencies and provided guidance on the information they need to collect. Much of the stimulus funding will be in the form of grants from federal agencies to states, but accounting for the money flowing to states will be difficult for DOT because it has 10 grant systems, Patillo said.