Cyber confusion holding up federal IT

Both Congress and the Department of Defense were in the news in recent weeks regarding their use of technology – namely, both groups' lack of knowledge and clear definition for cybersecurity and cloud technologies.

DOD needs handle on cloud definition
A release from the DOD Inspector General said that it does not have a clear definition of cloud computing services, nor does it have a complete list of cloud computing contracts.

"The agency found was that there was no central repository listing cloud services or even a definition for the cloud"

Originally, the Office of Inspector General set out to determine how the DOD was performing its cost-benefit analyses for cloud services, and if those services were able to achieve success. What the agency found was that there was no central repository listing cloud services, nor was there an office-wide definition for the cloud. This has dire implications for the DOD, as it has no way to accurately measure the budget or security impact of the DOD's cloud services.

Chief Information Officer of the DOD, Terry Halvorsen, has been mandated with either coming up with a definition for cloud services or embracing the National Institute of Standards and Technology's definition, as well as build that repository of services that use the cloud.

Lack of sight into cybersecurity
Meanwhile, FedScoop reported on a release from the Congressional Research Service on Congress's ability to identify and understand the cybersecurity workforce of the federal government. After the Department of Homeland Security and the DOD expressed an inability to both assess the size and strength of their cybersecurity capabilities and to attract talent, The Office of Personnel Management has been working to compile a dataset of federal cybersecurity talent, but progress has been slow going. Compounding this is the fact that the OPM is not required to disclose progress on the dataset to Congress.

This issue of oversight is troubling on a number of levels: If the DOD and the DHS can't track their own cybersecurity forces, it's almost impossible for those agencies to evaluate the efficacy of their security programs. Congress pushed legislation over the past two years to attract more cybersecurity talent to those agencies, FedScoop reported, but it is currently unable to determine what, if any, effect those policies have had.

"IT service management is rapidly becoming one of the most important challenges for agencies."

Agencies need to better manage their IT resources in the coming years, as tech teams build and government services grow increasingly digital. IT service management is rapidly becoming one of the most important challenges for agencies as they look to cloud integration in order to run more efficiently.

Groups like 18F could be a model for how federal IT should operate: A digital services agency that's part of the General Services Administration, 18F is run like a startup, and in the year that it has been working, it has specialized in small, rapid iteration: projects that won't be served by the typical way the government does business, according to FedTech.

Of course, agencies always have the option of working with a firm that has a focus in IT service management. Each organization has different needs and requirements for technology services, and contractors with a high level of experience with federal and other enterprise-scale management can provide agencies with the technology personnel that they need.