CIOs lose sleep over security

CIO survey

Federal chief information officers remain focused on tightening the security of government information, but they are increasingly concerned about balancing security requirements with the public’s right to information, according to a new survey.

The Information Technology Association of America released its 16th annual Federal CIO Survey last week. Titled “Ten Years After Clinger-Cohen: Looking Back, Looking Forward,” the survey outlines successes and problems for government IT executives.

In the survey, CIOs said they had made headway in IT security and privacy, but oversight and the vast space to protect against sophisticated perpetrators are “almost an overwhelming requirement they have,” said Paul Wohlleben, a partner at Grant Thornton’s Global Public Sector and the survey’s program manager.

CIOs are balancing information security and public access, and that brings high stress and significant budget problems, the survey states.

“The consensus seems to indicate that privacy needs to be elevated as an issue and was getting priority attention in only a few agencies where public concerns were driving the issue,” the report states.

The Office of Management and Budget sees IT security as an important issue that all government sectors are wrestling with. The Bush administration’s fiscal 2007 budget, submitted to Congress in February, boosts funding for IT security throughout the civilian departments by 4.4 percent compared with fiscal 2006 appropriations.

“The pendulum is starting to swing back toward privacy,” said Alan Balutis, president and chief executive officer of government strategies at Input.

The 2001 terrorist attacks caused agencies to build barriers to information and beef up their security. But now CIOs are balancing their agencies’ security needs with the responsibility to share information with the public. Some military and intelligence agencies must continue to block information leaks and tighten their security. Other agencies, such as the Commerce Department, have a core mission to share information.

Survey respondents also said that to improve system security, they would continue to develop their IT security programs, emphasizing risk and vulnerability assessments; monitoring, certifying and accrediting IT systems; and conducting Federal Information Security Management Act testing in a more coordinated effort with their agencies’ executives.

In its March 1 FISMA report to Congress, OMB found that agencies made progress toward greater system security, despite uneven execution.

Besides IT security, CIOs listed enterprise architecture development, updates to IT infrastructure, portfolio management, and data strategy and information sharing as top accomplishments during the Bush administration.