CybersecurityImproving cybersecurity top priority: Federal CIOs, CISOs

Federal chief information officers (CIOs) and chief information security officers (CISOs) cite improving cybersecurity as their top priority, according to an annual survey from TechAmerica. 63 percent of participants said cybersecurity issues were one of their top three priorities; with 66 percent noting that cyber threats to their organizations rose by at least 10 percent in 2013. Fedtech Magazine reports that the study, co-sponsored by auditing firm Grant Thornton, surveyed fifty-nine federal IT leaders and key congressional staff members. Eighty-seven percent of respondents pointed out that their organizations have increased spending on cybersecurity, but noted that the fiscal 2015 budget proposal which calls for $13 billion toward cybersecurity improvements at civilian and defense agencies, will need to be increased in the future.

Workforce development, modernizing IT operations, and shifting to cloud and mobile services are other concerns highlighted in the survey. “The hardworking and dedicated CIOs and CISOs face unprecedented change in their agencies and their field,” said Mike Hettinger, senior vice president, public sector, TechAmerica. “This report shows that they are working diligently to take advantage of new technologies to improve services for the federal workforce, while at the same time being mindful of budget constraints. Within this framework, they also are endeavoring to enhance IT security and lower risk.”

As agencies look to invest in cybersecurity and new IT infrastructure, they are faced with the challenges of maintaining a skilled workforce. “While CIOs have a dedicated workforce, they still continually face the need to navigate through the impacts of budget cuts on hiring, skills gaps and workload imbalances on performance,” the report said. 52 percent of respondents said they have difficulty attracting and retaining personnel with skill sets that can keep up with changing technology. One CIO stated, “we are using the same hiring processes we used over 50 years ago, and they don’t work with the type of people we want to recruit.”

The survey highlighted cybersecurity trends within federal agencies including a shift towards continuous monitoring of systems using real-time analysis of assets and vulnerabilities, and automating threat detection and mitigation. 66 percent of survey participants said their organizations have adopted recommendations from the Federal Risk and Authorization Management Program (FedRAMP) which offers a “standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.”

On the overall 2014 IT budget, CIOs reported a 12 percent decrease in spending, compared to 2013, on operations and maintenance of existing systems and infrastructure, as more funds are being allocated towards developing and modernizing new systems. “Within this fiscally constrained environment, federal CIO shops are gradually turning the focus to developing with less resources, highlighting the need to implement innovative and cost-effective technology and processes,” the report said. Federal CIO Steven VanRoekel told InformationWeek that the proposed 2.9 percent reduction in IT spending in the fiscal 2015 budget reflects savings from measures to consolidate commodity IT, eliminate duplication, and cut wasteful programs. For the past few years, the Office of Management and Budget has offered programs to help agencies monitor and consolidate IT investments VanRoekel said.

You may download TechAmerica’s 24th annual CIO/CISO survey.