IT SYSTEMS MANAGEMENT
Major IT challenges remain the same, survey reports
TechAmerica finds security, other problems plague CIOs year after year
- By William Jackson
- Mar 03, 2009
The government is getting used to a new administration with new priorities, but the challenges facing federal chief information officers haven’t changed much during the past few years, according to a study commissioned by the information technology industry trade group TechAmercia.
Key challenges expressed by CIOs, in order of priority, are:
According to the survey, CIOs are aware of the problems they face, but have had difficulty developing effective strategies to deal with them.
“Challenges that remain on this list are complex and difficult to fully resolve,” the survey report said. “That is in large part why they have been identified as priority challenges over a period of years.”
However, the report concluded: “The good news is that for most of the challenges, there is a clear awareness of the problem and an impetus to change; for many a workable strategy or significant components of a workable strategy have been developed and are in various stages of being implemented.”
The survey is the 19th annual study of federal CIOs conducted by the IT industry. It was compiled from interviews with 53 CIOs or Information Resource Management officials from 46 agencies. Thirty-eight agencies are civilian executive branch, 10 are part of the Defense Department and five are from the legislative and judicial branches. It was commissioned by TechAmerica, an industry organization formed recently by the merger of the American Electronics Association, the Cyber Security Industry Alliance, the Information Technology Association of American and the Government Electronics and Information Technology Association.
Much of the focus of the survey was on the transition to a new presidential administration, but it was conducted from August through December 2008, before President Barack Obama took office.
The top concern of CIOs identified in the survey throughout the Bush administration has been IT security.
“It should come as no surprise that this issue was considered the consensus top priority by CIOs over the past eight years,” the report said.
Considerable resources have been focused on this area. “Progress was made on many initiatives (Federal Information Security Management Act, certification and accreditation of systems, encryption of data, etc.), but we heard from many CIOs that the relative vulnerability of federal systems and data had not appreciably improved or had (in some cases) declined somewhat. One reason cited was that while improvements were being implemented, the threats were becoming more complex. Another contention was that much of the IT security program was focused on compliance versus implementing operational improvements that improved security.”
Lessons learned about IT security in last eight years include:
IT security is a complex challenge whose solution interrelates with many other challenges, and strategies to address it need to be broad and inclusive.
Delivering a more secure IT environment requires operational excellence.
A compliance-based model is not sufficient to deliver adequate security.
IT security requires continuous improvement because the threats are dynamic and evolving.
IT security requires enterprise-level thinking.
Closely related to IT security is the issue of information sharing. Lessons learned in this area over the last eight years include:
Trust is a prerequisite for information sharing, especially with classified or privileged information.
Developing relationships based on trust takes time.
Understanding and interpreting information across organizations require a consistent frame of reference in a well-developed data management environment.
· New technologies such as Web 2.0 are providing a foundation for improved collaboration and sharing. Innovation should be encouraged so that multiple ways of sharing are developed and refined, the document said.
William Jackson is freelance writer and the author of the CyberEye blog.