CyberEye

Blog archive
Exhausted runners after a race

Can federal cybersecurity survive the sequester?

An optimistic scorecard estimates that federal agencies will meet 95 percent of the administration’s high-priority cybersecurity goals by the end of fiscal 2014, but agencies still have a strong climb remaining in the face of increasing budget uncertainties.

Although the current budget sequester might not have a big impact on recent initiatives to secure critical infrastructure, where the government is playing an advisory role, cybersecurity operations within agencies are likely to take their share of the hit from the across-the-board cuts. How big those cuts will be remains to be seen, but when agencies are struggling just to keep up with a growing surge of cyber threats, it will not be easy to actually make improvements.

The Cross-Agency Priorities are an attempt to bring some order to federal cybersecurity efforts, incorporating milestones into Federal Information Security Management Act reporting metrics and identifying officials to be held accountable. The goals are strong authentication (the use of PIV Cards for physical and logical access control), the Trusted Internet Connections (TIC) program, and continuous monitoring of IT systems. Agency officials will work with interagency groups that include the President’s Management Council, the Performance Improvement Council and the Federal CIO Council.

Based on FISMA reporting for fiscal 2012, the administration estimates 95 percent success by the end of fiscal 2014. But as of the first quarter of fiscal 2013, only TIC consolidation was in the green, with an 84 percent completion rate. The strong authentication and continuous monitoring efforts both were in the red at 57 percent and 78 percent, respectively. The overall scores for the priorities actually dropped from 76.82 percent in the last quarter of fiscal 2012 to 75.87 percent in the first quarter of 2013, a drop ascribed in the report to “adjustments and improvements to measurement methodology.”

The effort to prioritize cybersecurity initiatives with milestones and deadlines is worthwhile. But considering how long the TIC, PIV and continuous monitoring initiatives have been in place, the race to the finish is looking more like a slog than a sprint.

Indiscriminate budget cuts are not going to help progress in an environment in which security officials have to run as fast as they can just to keep up. If Congress cannot match budget to operational priorities, don’t expect to see a lot of progress in the next two years.

Posted by William Jackson on Mar 07, 2013 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.