Feb 24, 2009 (07:02 AM EST)
IT Security Remains Top Government CIO Priority
Read the Original Article at InformationWeek
Cybersecurity remains the top priority of IT leaders in federal government, according to a wide-ranging survey of federal IT leadership and interviews with 53 government CIOs.
The interviews, sponsored by information technology trade organization TechAmerica, found that CIOs believe progress has been made over the past several years, but the government still needs a broad, inclusive security strategy that can adapt to meet evolving threats. Gary Galloway, deputy director of the Office of Information Assurance for the Department of State, said during a panel discussion that though the State Department has made progress with metrics for meeting security demands, government security measures are sometimes too blunt.
For example, the Office of Management and Budget requires that the State Department train all of its 40,000 or so employees in IT security.
"If you think about the way any embassy operates, a good deal of those people are security guards, gardeners, cooks, and maids," he said. "How exactly do we go about training them? Some of these people never even use a computer, so it becomes difficult to think those folks should be trained in some aspect of IT security."
Other major areas of focus TechAmerica found in interviews include IT infrastructure and management, including improvements in governance, standardization, and development of enterprise architectures. While one size won't always fit all in the federal government or even within government agencies, government CIOs told TechAmerica they are looking for better enterprise IT infrastructure across the government.
The National Institute of Standards and Technology, for example, has established an IT planning board within the last few years to gather information about what priorities should be as supported by NIST employees' and managers' needs. Last year, NIST expected a budget shortfall and was able to plan for that by using the IT planning board to prioritize projects. NIST also is consolidating and centralizing its IT organization, including developing a technical reference architecture to help guide investments for the overall organization.
A new government process called IT Infrastructure Line of Business should push agencies to meet cost and performance objectives with new projects, but CIOs said it started far too late in President Bush's final term -- within the last 18 months of the administration -- to be effective.
Government CIOs also see IT workforce issues as a critical concern. CIOs told TechAmerica that government IT suffers from technical skills gaps, low training budgets, and difficulty recruiting and retaining quality employees, and that the government suffers from a lack even of strategy to deal with these shortfalls. However, the CIOs said they're hopeful that the Obama administration would be more sympathetic to workforce issues and that the state of the economy is making the federal government a more attractive employer for IT workers.
"The state of the economy does change the HR landscape," said Simon Szykman, the CIO of NIST. "From the perspective of an organization that’s hiring to fill key positions, it's helpful. Our most recent hire was somebody laid off by Fannie Mae, so there are a lot of good people out there who are looking for work."
President Obama has pushed the idea of government transparency and citizen access to government since getting elected in November. While the Bush administration pushed e-government, government CIOs believed the Bush White House pursued too many disparate initiatives, rather than maintaining focused attention on fewer targeted e-government projects. Some agencies also might not be entirely prepared for radical transparency.
The Department of Transportation, for example, will receive $58 billion from the stimulus package and has to report online what it's actually doing with any grants, down to the level of which states get how much money, how many jobs are going to be created by each project, and even subcontractor data. However, Jacquelyn Patillo, deputy CIO of the Department of Transportation, says her agency isn't as prepared for this as she would like because it still has 10 or more financial systems that it will need to pull data from and merge in order to share stimulus information with the public from a central location.
E-government goes hand in hand with information sharing. The Bush administration focused its efforts on information sharing in certain agencies and focus areas like law enforcement and health care, and those remain key priorities going forward.
TechAmerica's survey found among other things that conflicting priorities among program units, followed by shortage of time for strategic thinking, inadequate budgets, and the pace of technology change are the greatest barriers to CIO effectiveness.
Surprisingly, according to survey results going back to 2004, the trend has been toward fewer and fewer government CIOs having to report directly to secretaries, bureau heads, or deputy secretaries. This shifted a bit in 2008 as none of the CIOs report directly to agency CFOs, but the number of CIOs reporting to the top had decreased each year from 89% in 2004 to 65% in 2007 before bouncing back last year.