Cybersecurity continues to be a top concern among U.S. government CIOs, but agencies are still falling short of achieving good security results, according to a new survey of top government IT officials.
Cybersecurity was the main concern voiced by most of the 53 top agency IT officials during the survey taken for the Tech America trade association, just as it has been the top issue in every year since 2000, said Paul Wohlleben, a partner with Grant Thornton, which conducted the survey for the tech trade group. Based on interviews with federal CIOs, the Tech America survey gave the U.S. government a failing grade for cybersecurity results, and only middle grades for cybersecurity strategy and execution, Wohlleben said Tuesday.
Federal agencies have made sone progress, but still believe federal IT security is lacking because of increasingly complex threats, the survey said. "It should come as no surprise that this issue was considered the consensus top priority by CIOs over the past eight years," the survey report said. "Progress was made on many initiatives ... but we heard from many CIOS that the relative vulnerability of federal systems and data had not appreciably improved or had (in some cases) declined somewhat."
In many cases, agencies are still using thousands of storage devices and simply cannot monitor or enforce security policies on them, Wohlleben said. "If you don't have an infrastructure that can be secured well, you're not going to secure it," he said.
Agencies still need to be reminded that in cybersecurity, details matter, he added. "You need to do all the little things, and do them right," Wohlleben said.
But score cards showing deficiencies in cybersecurity and other areas don't tell the whole story, some government IT officials said at Tech America's unveiling of its 19th annual federal CIO survey. For example, the Federal Information Security Management Act (FISMA) of 2002 requires that government agencies provide IT security training to all their employees, but some Department of State employees never touch a computer, said Gary Galloway, deputy director of the Office of Information Assurance at the agency.
The State Department has about 40,000 employees and contractors worldwide, and U.S. embassies overseas hire cooks, security guards, maids and gardeners, said Galloway, who just returned from a tour of embassies in southern Africa. "How exactly do you go about training them in IT security?" he said. "In the countries I visited, many of those people have never even seen a computer."
Jacquelyn Patillo, acting CIO at the Department of Transportation, defended requirements from FISMA and from the White House Office of Management and Budget, saying those requirements help CIOs define problem areas and defend the need for additional resources. But agency CIOs need some flexibility to respond to their own set of challenges, she added.
Some years, "I may want to put the majority of dollars in one area of FISMA and not others," she said.
The survey asked government CIOs what initiatives would provide the greatest value this year. An initiative to implement security and privacy measures was the top answer, follow by one to integrate systems and processes. Third on the list was an initiative to improve project management.
Asked what the greatest barriers to the effectiveness of CIO offices, the top answer was conflicting priorities among program units, followed by a shortage of time for strategic planning and inadequate budgets.
Less of a concern this year than in years past was IT worker recruiting needs, Wohlleben said. In past years, CIOs have worried about pending retirements among their top IT workers, but with a tanking U.S. economy, agencies seem to be getting more qualified applicants from the private sector, he said.
The State Department has recently seen an influx of applications from "very qualified people," Galloway said.
Simon Szykman, CIO at the National Institute of Standards and Technology, agreed, saying his department's most recent hire was a person who'd been laid off from another job. "The economy does create more opportunities" for federal hiring, he said.