Can federal cybersecurity survive the sequester?
An optimistic scorecard estimates that federal agencies will meet 95 percent of the administration’s high-priority cybersecurity goals by the end of fiscal 2014, but agencies still have a strong climb remaining in the face of increasing budget uncertainties.
Although the current budget sequester might not have a big impact on recent initiatives to secure critical infrastructure, where the government is playing an advisory role, cybersecurity operations within agencies are likely to take their share of the hit from the across-the-board cuts. How big those cuts will be remains to be seen, but when agencies are struggling just to keep up with a growing surge of cyber threats, it will not be easy to actually make improvements.
The Cross-Agency Priorities are an attempt to bring some order to federal cybersecurity efforts, incorporating milestones into Federal Information Security Management Act reporting metrics and identifying officials to be held accountable. The goals are strong authentication (the use of PIV Cards for physical and logical access control), the Trusted Internet Connections (TIC) program, and continuous monitoring of IT systems. Agency officials will work with interagency groups that include the President’s Management Council, the Performance Improvement Council and the Federal CIO Council.
Based on FISMA reporting for fiscal 2012, the administration estimates 95 percent success by the end of fiscal 2014. But as of the first quarter of fiscal 2013, only TIC consolidation was in the green, with an 84 percent completion rate. The strong authentication and continuous monitoring efforts both were in the red at 57 percent and 78 percent, respectively. The overall scores for the priorities actually dropped from 76.82 percent in the last quarter of fiscal 2012 to 75.87 percent in the first quarter of 2013, a drop ascribed in the report to “adjustments and improvements to measurement methodology.”
The effort to prioritize cybersecurity initiatives with milestones and deadlines is worthwhile. But considering how long the TIC, PIV and continuous monitoring initiatives have been in place, the race to the finish is looking more like a slog than a sprint.
Indiscriminate budget cuts are not going to help progress in an environment in which security officials have to run as fast as they can just to keep up. If Congress cannot match budget to operational priorities, don’t expect to see a lot of progress in the next two years.
Posted by William Jackson on Mar 07, 2013 at 9:39 AM