IT security top concern for fed CIOs

Chief information officers (CIOs) at U.S. government agencies say they have made progress on several key issues, including IT security and modernizing their IT infrastructure, but still face major challenges in security and other areas, according to a survey released Tuesday.

Government CIOs told interviewers sent by the Information Technology Association of America (ITAA) they've made progress in establishing IT security as a priority, expanding security awareness among staff and, in several cases, appointing a chief security officer, according to the survey. But IT security and privacy remain federal CIOs' top concerns, said Paul Wohlleben, a partner at Grant Thornton, which compiled the survey for ITAA.

"They want to move to a state where they're taking a view of their risk ... on an ongoing basis, supported by technology," Wohlleben said. "Today, you hear them talking about too much manual intervention. They want to see more tools emerge that they can hook onto their networks, onto their applications, that will perform the monitoring for them."

Federal CIOs want more mature IT security tools, Wohlleben said.

"We're talking about a vast space they have to protect, and some very sophisticated perpetrators," he added. "Some of the [security] technology is just now evolving."

While many CIOs reported making progress with IT security, fewer said they were moving forward with privacy initiatives, he said. While some high-profile agencies have addressed privacy issues, "privacy is a much less mature concern in government" than security, Wohlleben said.

The 16th annual ITAA survey of U.S. government CIOs included interviews with 36 CIOs or assistant CIOs and three government oversight officials between August and December 2005. As in past years, this year's survey focuses more on general trends than hard data points.

In addition to security concerns, federal CIOs also identified as key priorities standardizing and consolidating their IT infrastructure, improving project management, and examining ways to use managed services from outside vendors, according to the survey.

One general theme in the interviews was concern about executing long-term plans, Wohlleben said. While federal CIOs see themselves as agents of change in coming years, shifting priorities within government can make it difficult to carry through long-term IT plans, he said.

Several government IT projects, including a U.S. Federal Bureau of Investigation case management project, have not met deadlines in recent years. The four-year-old FBI Virtual Case File project was scrapped last March, but the FBI announced in June it had rolled pieces of the project into a new case management plan.

Many CIOs see execution as a concern especially when trying to carry out IT modernization plans, Wohlleben said.

"The real issue is executing those plans over a dynamic period of time," Wohlleben said. "Most of these systems, you don't implement in a week, you don't implement in a year. They're multiyear implementations in a political environment where laws are being changed, in a budgetary environment where budgets are being changed."