In the last few weeks, whenever someone mentions the government, it has probably been in relation to cybersecurity. While things haven’t been looking very good in the wake of a data breach affecting millions of employee records stored by the Office of Personnel Management, federal CIOs are trying to change the tune. Many agencies have been trying to improve their cybersecurity efforts for some time now, but outdated requirements and insufficient funding have hampered their attempts. Now, however, change is coming as the deadline to implement the federal IT acquisition reform act draws near.
Government agencies have until mid-August to submit their action plans with the Office of Management and Budget and lay out the steps they will take to comply with the FITARA. A major part of the action plans involves CIOs explaining how they plan to deal with future cybersecurity issues.
“While there’s nothing specific in FITARA about cybersecurity, this is going to be one of the great benefits of FITARA: a greatly improved cybersecurity posture,” said federal CIO Tony Scott during a speech at an event for the association for enterprise information. “The very first thing in cybersecurity is understanding what’s of value and being very clear about that … Once you understand what’s of value and you figure out a management strategy of how to protect it, that’s the beginning step in having an effective cyber strategy.”
Accountability is the name of the game
Provisions included within the legislation require agency CIOs to have an understanding of all of the projects being implemented at component agencies and bureaus. FITARA also gives CIOs the authority to govern those projects, as well as the responsibility to ensure all the systems involved are protected. According to Scott, the bill clearly states that agency CIOs are responsible for the entirety of their IT environments and will be held accountable if anything were to go wrong.
During Scott’s speech, he emphasized the need to implement more advanced security tools across government agencies, as well as curb issues like shadow IT. The point of FITARA, Scott said, is to expose those kinds of problems and discover who is responsible quickly so action can be taken to make networks and systems more secure.
“Part of this reform that we’re going through is cleaning up decades of neglect, omission, not seeing the issues, not funding things that need to be repaired,” said Scott. “We have to be very careful of being overly critical of those that are here to help and here to fix because those very people are going to uncover a ton of issues.”
One of the major parts of the legislation’s reform involves creating partnerships between executives in all of the departments across the agency. CIOs, CFOs, acquisition officers, human capital officers and program managers are being encouraged to work together in creating budgets and making policy decisions. There are hardly any processes or critical functions that don’t involve technology these days;, the more integral cooperation and knowledge sharing within the agency becomes, the better protected organizations will find themselves.