IT Budgets, Cybersecurity Top Federal CIO Concerns

New survey from TechAmerica reveals the mounting pressure facing agency CIOs to do more with less, as budget cuts imperil new initiatives such as cloud computing and data-center consolidation.

By Kenneth Corbin
Fri, May 04, 2012

CIO — WASHINGTONAsk federal CIOs what keeps them up at night, and you'll hear an earful. From cybersecurity and governance policy to modernization initiatives and adjusting to tightening budget constraints, CIOs in the federal government have their hands full, according to a new study from the advocacy organization TechAmerica and the consulting firm Grant Thornton.

Presenting the findings of the survey here on Thursday, George DelPrete, a partner at Grant Thornton and chair of TechAmerica's CIO Survey Group, began his talk with a gesture toward an image of a magician projected onto a large screen at the front of a conference room.

"We were trying to think of a good theme, and for us a good metaphor for the CIO was a magiciansomeone who has to pull the rabbit out of the hat," DelPrete said. "Today the number of things that CIOs need to do hasn't declined, yet they're being forced to find ways to innovate with less resources than they previously had."

Cybersecurity Tops the List

In the surveyof 40 federal CIOs and other officials and staffers across executive agencies and congressional oversight committees, the respondents identified cybersecurity as their chief concern.

That encompasses both attacks from outside entities and internal risks, such as lost or stolen laptops, sharing passwords and other lax security practices or employees who shift roles but retain access to sensitive information from their former position. Some respondents pointed to an imbalance that sees the majority of some agencies' cybersecurity resources directed toward external threats, while most serious data breaches are attributed to internal factors.

"Internal threats aren't always reported but they are a big concern for the CIO community," DelPrete said.

At the same time, the volume and intensity of attacks from outside groups is escalating.

"The nature of external threats is changing," DelPrete said, noting the emergence of sophisticated attackers supported by nation-states and so-called hacktivist groups such as Anonymous that target organizations to make a social or political statement. "A number of the folks that we spoke with felt that the existing security framework that they saw was really not consistently applied," he added.

The CIOs surveyed generally agreed that their efforts to protect their IT infrastructure are hobbled by the absence of a centralized security authority within the government and the wide inconsistencies in the quality and implementation of agencies' defenses. They also suggested, perhaps hopefully, that increased funding for cybersecurity initiatives could improve their defensive posture.

IT Budget Cuts Threaten Infrastructure

But IT

Continue Reading

Our Commenting Policies