ITAPS recommends vast changes to federal cybersecurity policy

After the unprecedented breaches of the Office of the Personnel Management exposed the personal information of some 22 million people, the Obama administration turned to industry for ideas for shoring up federal cybersecurity. The Information Technology Industry Council’s public sector division  offered a slew of ideas Aug. 3, including establishing a permanent position that directs cyber activities across the government.

The feedback, which came from experts at 20 tech firms, including IBM, Microsoft and Oracle, said that the government’s 30-day “cybersecurity sprint” to shore up vulnerabilities “manifests the sense of urgency that should be core to the cybersecurity culture and approach.”

The Information Technology Alliance for Public Sector recommended separating the functions of agency chief information security officers from chief information officers, setting up a means for CISOs to send their security concerns directly to agency heads, and making IT security part of performance reviews for government employees and contractors.

On recruitment, ITAPS recommended the government tout that its networks are under siege and pose “unique security challenges.” Like the Department of Homeland Security, other agencies should look for pay incentives to recruit and retain cyber talent, the report said.  

The ITAPS recommendations also recognized that the clock is running out on an administration that has prioritized cybersecurity while responding to a series of large hacks of federal agencies. “Urgently identify and prioritize protection of … all vulnerable systems, updating to more secure configurations before reconnection,” the report advised.

Cybersecurity “can no longer be viewed as an isolated issue. It should be a top priority government wide,” Trey Hodgkins, ITAPS’ senior vice president for public sector, said in a statement.