With D+ On Their Report Card, Federal Security Officers Try A Study Group - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


With D+ On Their Report Card, Federal Security Officers Try A Study Group

Government cybersecurity managers will form the CISO Exchange after another poor report on federal computer security.

The consistent failure of many federal agencies to secure their IT systems effectively has prompted government officials to create a new organization, to be funded by the private sector, to help federal chief information security officers improve cybersecurity.

The formation of the CISO Exchange, announced Wednesday, came as the House Government Reform Committee issued a federal computer-security report card in which the average grade for 2004 was a D+.

Federal CISOs need better guidance to comply with the 2002 law that requires agencies to secure their IT systems and networks. In a survey of one-quarter of federal CISOs, 70% say they want clarification of guidelines and 53% recommended that guidance be improved on the annual security-control tests conducted by agencies' inspectors general.

"It's not sufficient to keep admonishing these guys," says Stephen O'Keefe, the head of an IT public relations, research, and events firm, who will serve as the CISO group's executive. "We have to provide a forum where they can have a seat at the table, learn from others, and get feedback on ideas."

The creation of the CISO Exchange was announced by Rep. Tom Davis, the Virginia Republican who chairs the Government Reform Committee and the federal CIO Council, a congressionally mandated group of CIOs who represent major federal departments and agencies.

Unlike the CIO Council, the CISO Exchange will be an informal organization aimed at giving 117 federal departmental and agency CISOs a common voice. The exchange will be co-chaired by Justice Department CIO Van Hitch, who chairs the CIO Council's cybersecurity and privacy committee, and Government Reform Committee staff director Melissa Wojciak.

Davis, in a statement, said the exchange is patterned after other government efforts to cross-pollinate ideas and best practices between the private sector and government in order "to move our government to the top of the class in IT security." The CISO Exchange will hold quarterly education meetings as well as produce a report on federal IT security priorities and operations.

O'Keefe says 100% of CISO Exchange funding will come from business, mostly IT security companies, and not government coffers. No company has been asked to commit money to the venture, since O'Keefe says that CISO Exchange wanted to await the announcement of the group's formation before soliciting contributions. He says a number of companies have expressed interest in supporting the exchange, which doesn't yet have a budget.

Seven cabinet departments received a grade of F on their computer-security report card: Agriculture, Commerce, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, and Veterans Affairs. The grades for Commerce and Veterans Affairs dropped from 2003 scores of C- and C, respectively.

The biggest jump in performance occurred at Transportation, which received an A- after getting a D+ in 2003. The Agency for International Development had the highest grade, an A+, up from a C- in 2003.

In the CISO survey, conducted by IT security-management provider Telos Corp., the vast majority of security officers said there was no correlation with the scorecard grades they received and government funding of IT security initiatives. "If there are no incentives for agencies to continue to comply with FISMA requirements," Telos chief security officer Richard Tracy says, "what's the point?"

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
How CIOs Can Advance Company Sustainability Goals
Lisa Morgan, Freelance Writer,  5/26/2021
IT Skills: Top 10 Programming Languages for 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/21/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll