Government, Not Vendors, Must Lead In Securing Federal IT - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
Commentary
4/18/2005
10:20 AM
Commentary
Commentary
Commentary
50%
50%

Government, Not Vendors, Must Lead In Securing Federal IT

No doubt the IT security industry has a lot of knowledge to share with the federal government to help secure government IT systems and Web sites. With near-failure grades on IT security scorecards, the feds need the assistance.

No doubt the IT security industry has a lot of knowledge to share with the federal government to help secure government IT systems and Web sites. With near-failure grades on IT security scorecards, the feds need the assistance.One approached died last week when the federal CIO Council withdrew its support from the CISO Exchange, a privately run group chaired ostensibly by senior government IT officials. The way the CISO Exchange worked, six companies willing to fork over $75,000 could join the Exchange's exclusive advisory board comprised of leading federal CIOs and chief information security officers. Other vendors, with smaller contributions, would have had some, but more limited access to these officials. The arrangement smacked of pay to play, and the Exchange's initial cheerleader in Congress, House Government Reform Committee chairman Tom Davis, vacated his earlier, enthusiastic endorsement.

There's talk in Washington of having the Industry Advisory Council to sponsor a group to help the federal government in securing its IT. As its name suggests, the IAC is an industry-run organization that mingles frequently with senior government IT officials at events and retreats funded by the IT industry. Indeed, many of IAC's members are former government IT executives. It's the way Washington works, the revolving door between business and government. Unlike the CIO Exchange, no individual company needs to pony up extra money to gain special access to government IT officials. In Washington, that's a big difference.

Still, as raised in an earlier blog, having a private organization charged with leading the fight to secure government IT systems isn't the best approach. If government IT security is so important-and it is-then money to fund research to generate better ideas should come from government coffers. Otherwise, the appearance of a conflict of interest exists. Regardless of their good intentions, the specter of vendors more interested in selling products and services than offering unbiased advice permeates such an environment.

Though she hasn't ruled out an association with the likes of the IAC, the government's top IT executive Karen Evans last week called on the CIO Council's best-practices committee to develop ways to improve weak cybersecurity scores among federal departments and agencies. Evans, as administrator of IT and E-government in the White House Office of Management and Budget serves who chairs of the CIO Council, is onto something. Whether it's the best-practices committee or some other panel on the CIO Council, that's where efforts to improve IT security through collaborations inside and outside of government belong. There's nothing stopping the CIO Council from seeking advice from the private sector, including the IAC. Retaining control within the CIO Council means government officials will call the shots, and not those who could reap benefits beyond that of a more secure federal IT system.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Augmented Analytics Drives Next Wave of AI, Machine Learning, BI
Jessica Davis, Senior Editor, Enterprise Apps,  3/19/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll