EDITOR'S DESK: FISMA challenge

Wyatt Kash

Last month's flogging of federal agencies by the House Government Reform Committee over network security weaknesses was a fresh reminder of the serious work that remains to be done'and how character-building the job of federal CIO has become.

Committee chairman Tom Davis (R-Va.) deserves credit for holding up an unflattering mirror
on the progress agencies are, and are not, making to comply with the Federal Information Security Management Act.
While 10 agencies improved their scores, eight slipped backward. And though seven agencies earned A-level marks, nine received F's'two more than last year. The result: an overall FISMA grade of D+, unchanged from last year.

That unleashed the usual criticism: How secure can the country be if those charged with its protection can't protect their own networks? That's followed by the recurring concern that FISMA diverts critical resources to paperwork at the expense of actual network security.

Both contentions have merit. The reality, though, is that the FISMA scores paint only a partial, however sobering, picture.

A recent survey of federal CIOs suggests that while progress is being made'establishing security as a top priority, improving planning and training, and integrating security into architecture and application work'the bar for IT security is getting pushed continually higher.

The survey, by the Information Technology Association of America (GCN.com/553), delineates the challenges CIOs face balancing demands to share information yet safeguard privacy on one hand, while consolidating infrastructure and applications on the other. They must deal with game-changing forces: the onslaught of mobile computing, the need for self-adjusting intrusion detection and prevention systems, and pressures to outsource common business applications.

If Congress is impatient for results, perhaps it ought to revisit what it intended with FISMA and acknowledge that current funding can pay for only so many priorities.

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected