Cybersecurity remains a major concern for federal IT
Few aspects of the IT realm have caused the federal government more trouble than cybersecurity. Just this year alone, several different agencies have suffered data breaches as the result of successful cyberattacks. Most notably, hackers managed to gain access to both the State Department and White House.
In light of these shortcomings, U.S. Chief Information Officer Tony Scott recently declared cybersecurity to be the federal government's "most important mission" in the realm of IT, NextGov reported. In order to follow through with this priority, though, new approaches and resources will likely prove essential.
"Cybersecurity is key for restoring the public's confidence."
A top priority
Scott delivered his comments at the Brocade Federal Forum in Washington. He emphasized that only by improving federal agencies' cybersecurity can these organizations restore the public's confidence in the federal government.
This is an important point, one which often goes overlooked in discussions of federal cybersecurity. Government agencies, just like organizations throughout the private sector, are increasing their focus on digital services, from mobile apps to Web-based self-service and beyond. By moving in this direction, the government can improve and expand its offerings for constituents in a wide range of capacities.
However, this is only possible if citizens feel comfortable and confident that these digital services will keep their information safe. If the government continues to experience cyberattacks and fails to ward off these threats, then naturally citizens will think twice before using these resources, thereby undermining the government's progress in these areas. In light of this, it's not surprising that Scott sees cybersecurity as such a high-level focus area for federal IT efforts.
The importance of improved cybersecurity throughout the federal government is not limited solely to future digital endeavors – there are also more immediate consequences to be considered.
"The lawsuit contends that the federal government was negligent."
Notably, there are potential legal and financial implications. As a case in point, the largest federal employees union – the American Federation of Government Employees – recently filed a lawsuit in response to the data breach at the Office of Personnel Management. The lawsuit contends that the federal government was negligent, enabling the theft of sensitive records affecting as many as 18 million current and former government employees and contractors.
The lawsuit noted that the OPM had been aware of cybersecurity shortcoming for quite a while, yet obviously did not take sufficient steps to protect its systems from cyberattacks.
To this end, Scott argued in favor of a new approach to cybersecurity.
"Information security often is just a percentage of the IT budget," Scott said, according to the news source. "I think that's the wrong way to think. The right way is on a risk-based analysis – we've got threats, risks, and just like insurance, there has to be an equation when thinking about how much money we should spend on cybersecurity."
In addition to a recalibration of federal IT budgeting in regard to cybersecurity, Scott also argued that agencies will need to do more to share information with one another, according to NextGov.
"[Sharing information] about threats and actors, best practices in how to defend and remediate when these things occur . . . is a very important part of this agenda," Scott stated, the source reported.
Additionally, many government agencies will need to reevaluate their existing IT infrastructure in order to shore up cybersecurity. Obviously, this can be a difficult challenge. However, with the help of third-party cybersecurity consulting firms with experience in the public sector, agencies should be able to develop new policies and strategies that account for the evolving nature of today's cybersecurity landscape.