Study: Cybersecurity remains top concern for federal CIOs

Federal chief information officers view cybersecurity as their top information technology challenge, according to a new report from an IT industry association.

The survey, released Tuesday by TechAmerica and Grant Thornton, found that CIOs struggle to balance protecting agency security with transparency, access to information, cloud computing projects and social media initiatives. During a panel discussion following the release, agency officials agreed the varied mission requirements of departments and their individual components present a challenge for coordination and collaboration on security issues.

The challenge is ensuring security enables an agency's mission without being an obstacle, said Simon Szykman, CIO at the National Institute of Standards and Technology, and it is important to let underlying business strategy, rather than trends, drive technology decisions.

"We're not in the business of security for the sake of security, we're in the business of security to enhance mission effectiveness," said Devon Bryan, deputy associate CIO for cybersecurity at the Internal Revenue Service. As new technologies arrive, agencies have to make sure they incorporate them smartly and securely, he added.

The report found that agencies are moving to centralize security programs, as well as infrastructure and IT management. But panelists agreed consolidation can be difficult when agency components have diverse missions. Responsibility for defending network security must be defined clearly, with decisions taking into account risks and other information, they said.

The Homeland Security Department has security operations for each agency component and for the department as a whole, said Alma R. Cole, lead for the DHS security operations center. One of the challenges is finding a way to make everyone aware of threats and efforts to address them in other parts of the department.

The panelists also said stronger cybersecurity leadership and better management of underlying security infrastructure are needed. The report recommended the Obama administration set a target and plan for government security.

The CIOs surveyed identified IT infrastructure, workforce and management, efficiency, performance management and accountability, and acquisition as additional long-term challenges.