Government CIO survey: IT security is top concern

CIOs at U.S. government agencies say they’ve made progress on several key issues, including IT security and modernizing their IT infrastructure, but still face major challenges in security and other areas, according to a survey released last week.

Government CIOs told interviewers from the Information Technology Association of America (ITAA) that they’ve made progress in establishing IT security as a priority, expanding security awareness among staff and, in several cases, appointing a chief security officer. But IT security and privacy remain federal CIOs’ top concerns, says Paul Wohlleben, a partner at Grant Thornton, which compiled the 16th annual ITAA survey of U.S. government CIOs.

“They want to move to a state where they’re taking a view of their risk . . . on an ongoing basis, supported by technology,” Wohlleben says. “Today, you hear them talking about too much manual intervention. They want to see more tools emerge that they can hook onto their networks, onto their applications, that will perform the monitoring for them.”

Federal CIOs want more mature IT security tools, he adds.

“We’re talking about a vast space they have to protect, and some very sophisticated perpetrators,” he says. “Some of the [security] technology is just now evolving.”

Many CIOs reported making progress with IT security, but fewer said they were moving forward with privacy initiatives. Although some high-profile agencies have addressed privacy issues, “privacy is a much less mature concern in government” than security, Wohlleben says.

The survey includes interviews that were conducted between August and December 2005 with 36 CIOs or assistant CIOs and three government oversight officials. As in the past, this year’s survey focuses on general trends rather than hard data points.

In addition to security concerns, federal CIOs also identified as key priorities standardizing and consolidating their IT infrastructure, improving project management and examining ways to use managed services from outside vendors, according to the survey.

One general theme in the interviews was concern about executing long-term plans, Wohlleben says. Even though federal CIOs see themselves as agents of change in coming years, shifting priorities within government can make it difficult to carry through long-term IT plans, he adds.

Several government IT projects, including an FBI case-management project, have not met their deadlines in recent years. The 4-year-old FBI Virtual Case File project was scrapped last March, but the FBI announced in June it had rolled pieces of that project into a new case-management plan.

Many CIOs see execution as a concern, especially when they’re trying to carry out IT modernization plans, Wohlleben says.

“The real issue is executing those plans over a dynamic period of time,” he says. “Most of these systems, you don’t implement in a week, you don’t implement in a year. They’re multiyear implementations in a political environment where laws are being changed, in a budgetary environment where budgets are being changed.”