Security Top Concern Of Federal CIOs
CIOs at federal agencies want better advance planning and new metrics for security monitoring as they deal with growing internal and external threats.
survey released last week by TechAmerica, a tech industry group.
TechAmerica interviewed 40 CIOs and other federal IT leaders, from agencies including the Department of Defense, Homeland Security, and Veterans Affairs. Twenty percent identified cybersecurity as their top concern, followed by 15% who pointed to controlling costs, and 12% human capital.
More Government Insights
- Building a Hybrid Cloud in Government: It's not that Complicated
- Demystifying Big Data: A Practical Guide to Transforming the Business of Government
- Forrester Whitepaper: IT Operations Managers Must Rethink Their Approach to Private Cloud
- Mobile Data Center Brings the Mobile Cloud to Life: Portable, Mobile Data Centers Aligned with Army Operations
- Strategy: FISMA Lifts All Compliance Boats
- Strategy: Cybersecurity: Continuous Monitoring Action Plan
Survey respondents told TechAmerica that, while most of their security resources are directed toward outside threats, internal threats are a growing concern. At the same time, TechAmerica said outside threats are on the rise and becoming more sophisticated.
The preoccupation with cybersecurity is consistent with InformationWeek's own survey findings. IT security and cybersecurity ranked as the No. 1 priority in InformationWeek's 2011 Federal Government IT Priorities Survey, with 69% of survey respondents viewing it as "extremely important."
[ Learn how to do more with less. Read 10 Lessons From Leading Government CIOs. ]
One CIO surveyed by TechAmerica said IT security is inconsistently applied in federal government and quality is "all over the place." A consequence of such concerns is that agencies are unwilling to embrace federal IT goals for centralization and mobility, according to TechAmerica. Concerns would be lessened by a consistent, high-quality security framework applied across government.
Survey respondents recommended that agencies identify which department "owns" security; that they plan ahead and build infrastructure with security in mind; and that the government develop sound metrics for security monitoring.
Cost control was the second most-mentioned concern of federal CIOs, a reflection of flat IT budgets over the past three years. Some said that budget discipline has driven changes such as dropping unused software licenses and adopting thin-client hardware. However, across-the-board budget cuts were deemed the "most feasible and least effective way" to control costs.
George DelPrete, a partner with Grant Thornton, which helped conduct the survey, warned that OMB's strategy of encouraging federal IT teams to be more innovative as a way of stretching their budgets may not be enough to meet all of the challenges and objectives they face. "Survey respondents agree that budget cuts can spur innovation, but there are limits to what scarcity can do," DelPrete said. "Further, there is no guarantee that cost-cutting solutions will meet government-wide needs or even make sound business sense."
In terms of managing human capital, 70% of survey participants said their staffing levels had been affected by budget cuts. More than half (52%) didn't have a plan to replace baby-boomer senior executives.
Central agency policy ranked fourth among the top concerns of federal CIOs. Respondents gave the Office of Management and Budget's 2010 IT Management Reform Plan a C grade. CIOs view the plan as a good start, but not an end in itself.
Mobility ranked fifth on the list of concerns, with device ownership, access, and security among the issues to be addressed.
Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformqtionWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)