CyberEye

By Patrick Marshall

Blog archive
Exhausted runners after a race

Can federal cybersecurity survive the sequester?

An optimistic scorecard estimates that federal agencies will meet 95 percent of the administration’s high-priority cybersecurity goals by the end of fiscal 2014, but agencies still have a strong climb remaining in the face of increasing budget uncertainties.

Although the current budget sequester might not have a big impact on recent initiatives to secure critical infrastructure, where the government is playing an advisory role, cybersecurity operations within agencies are likely to take their share of the hit from the across-the-board cuts. How big those cuts will be remains to be seen, but when agencies are struggling just to keep up with a growing surge of cyber threats, it will not be easy to actually make improvements.

The Cross-Agency Priorities are an attempt to bring some order to federal cybersecurity efforts, incorporating milestones into Federal Information Security Management Act reporting metrics and identifying officials to be held accountable. The goals are strong authentication (the use of PIV Cards for physical and logical access control), the Trusted Internet Connections (TIC) program, and continuous monitoring of IT systems. Agency officials will work with interagency groups that include the President’s Management Council, the Performance Improvement Council and the Federal CIO Council.

Based on FISMA reporting for fiscal 2012, the administration estimates 95 percent success by the end of fiscal 2014. But as of the first quarter of fiscal 2013, only TIC consolidation was in the green, with an 84 percent completion rate. The strong authentication and continuous monitoring efforts both were in the red at 57 percent and 78 percent, respectively. The overall scores for the priorities actually dropped from 76.82 percent in the last quarter of fiscal 2012 to 75.87 percent in the first quarter of 2013, a drop ascribed in the report to “adjustments and improvements to measurement methodology.”

The effort to prioritize cybersecurity initiatives with milestones and deadlines is worthwhile. But considering how long the TIC, PIV and continuous monitoring initiatives have been in place, the race to the finish is looking more like a slog than a sprint.

Indiscriminate budget cuts are not going to help progress in an environment in which security officials have to run as fast as they can just to keep up. If Congress cannot match budget to operational priorities, don’t expect to see a lot of progress in the next two years.

Posted by William Jackson on Mar 07, 2013 at 9:39 AM


Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.