Cybersecurity is again among the top priorities and challenges facing agencies, according to a new survey from TechAmerica and Grant Thornton LLP.
Along with improving cybersecurity, chief information officers face the major tasks of “modernizing/transforming IT operations, migrating to the cloud and maturing mobility,” a report on the survey said. Meanwhile, it states, “The internal and external cyber threats facing CIOs continue to grow.”
At a cross-agency panel organized by TechAmerica to coincide with the release of the survey, Larry Zelvin, the director of the National Cyber and Communications Integration Center at the Department of Homeland Security, said he agreed with the survey’s findings.
“I think it’s interesting that the report highlighted that the number one priority, the number one challenge is cybersecurity,” Zelvin said. “So it’s the thing we’re most certain about and the thing we’re most interested in. I think what we need to explore is ‘now what?’”
The report may offer some answers. Respondents of the survey indicated that agencies need to integrate security into the IT development process from start to the finish, rather than after the fact. One of the ways this can be done, according to the survey, is through the adoption of continuous monitoring.
Respondents also said that regulations and assessments had become cumbersome, and instead of reporting on compliance they would rather spend their time and energy mitigating and dealing with the increasing number of cyber threats.
Cybersecurity spending also increased for 87 percent of responding agencies and departments. That increase compares with a two percent increase in spending overall on information technology in 2014.
The majority of the spending, however, is on operations and maintenance of existing systems and infrastructure. Last year’s report, said George DelPrete of Grant Thornton LLP, found that agencies were spending 85 percent of their budgets on O&M. This year O&M spending is down to 73 percent, while spending for development and modernization has increased.
“I would encourage you not to use [the results] as a soundbite, but rather as the start of a conversation: what to do?” Zelvin said. “There’s a lot of good information there, there’s a lot of interesting information that can be broadcast out to the broader community, so what I’m hoping is that you look at this and say alright — how do we be better for that?”
Lisa Schlosser, the deputy associate administrator for the office of e-government and IT at the Office of Management and Budget, said that innovation and progress in federal IT starts with a shift in thinking.
“How do we change the culture so we are thinking and operating that we are going to act one way while underscoring all of that with a good cybersecurity program,” Schlosser said.
For Bill Zielinski, CIO for the Social Security Administration, the backbone of the results were the relationships that existed between each of the report’s findings.
“Understand that there’s tremendous relationships among all pieces and parts that are there,” Zielinski said. “There really are connections. It’s taking that mess of information and saying how do you apply that and where are the relationships that are meaningful between these pieces so you’re not just treating the symptoms.”