Cybersecurity agency CIOs' top priority, says survey

Cybersecurity is the top concern of federal chief information officers, according to a survey conducted by TechAmerica and Grant Thorton. But budget cybersecurity priorities don't match up to their concerns, says the survey of 40 CIOs, information resources management officials, and representatives and congressional oversight committee staff conducted during spring 2012.

Although most cyber incidents come from inside the organizations, such as data breaches that compromise personally identifiable information, most cybersecurity resources are directed at outsider threats, said some CIOs.

As for external threats, CIOs report an increased incidence of phishing. Agencies and departments have largely been able to stave off anonymous denial of service attacks, finds the survey.

CIOs made several recommendations for improving cybersecurity in government, including reforming the Federal Information Security Management Act of 2002 to promote continuous monitoring. They also say agency cybersecurity budgets need more funding and  agencies could benefit from pooling cybersecurity resources for research and development that benefits all government entities.

The survey found that smaller budgets, more generally, aren't seen as a bad thing. CIOs said they can lead to improved planning, better IT development practices and new funding methods. Still, many CIO respondents say they feel accountable for results, but limited in the ability to achieve them. CIOs say it would be helpful if Congress allowed more multiyear funding for IT projects.

"The sense of respondents is that not everything can be 'first," says the report. Says one CIO, "Pick items, prioritize them and let my department know what to spend money on and what not."

When asked to rate the Office of Management and Budget's 25 Point Plan to Reform Federal IT, respondents gave it a C+ on feasibility and a C on value to their organizations, says the report. Despite their doubts, CIOs are still dedicated to meeting goals, says the report. Nine out of 10 respondents said their agencies or departments are consolidating data centers.

Respondents say that "reforming and strengthening investment review boards," or point number 21 of the plan, brings the most value to their organizations and ranked it in second place in terms of feasibility. The 25-point plan would improve if it shifted from a policy focus to more measurable points, say respondents. They also say OMB should group the plan into key focus area,s as 25 points are too many, and OMB should do more cost-benefit analysis on implementing the plan.

Agency and department CIOs also see mobility as a priority, but seem unsure on how to address BYOD, procurement and security. CIOs say they want to see more collaboration across departments, agencies and programs when it comes to app development. They also say they want to leverage existing governmentwide and departmentwide contract vehicles for acquiring mobile technologies.

For more:
- see the survey

Related Articles:
Halvorsen: Acquisition regulations aren't the problem
Beebe: Cloud services will force acquisition reform
NASA networks unsecure, says IG