If you ask federal CIOs about their top challenge and priority, you’ll likely hear the same answer: cybersecurity.
For most CIOs, cybersecurity programs and investments surpass other priority areas, such as modernization and innovation or cloud computing and mobility, according to this year’s TechAmerica Federal CIO and CISO Survey. Cybersecurity is also a top challenge, and the survey highlights those pain points:
• Integrating security into the entire systems development life cycle so that issues are addressed upfront and during development, not merely after the fact
• Improving how security is integrated into operations
• Having the appropriate resources, given transition from compliance to continuous monitoring
• Spending less time complying with regulations and completing assessments while devoting more energy to mitigating threats
• Having real-time continuous diagnostics and mitigation tools to facilitate business decision-making
The annual report released Thursday is based on responses from 59 professionals, including CIOs, chief information security officers, information resource management officials, oversight groups and congressional staff. Grant Thornton sponsored and led the survey, which was expanded this year to include CISOs.
Of those surveyed, 87 percent said that their organizations have increased spending on cybersecurity. The president’s fiscal 2015 budget proposal would provide $13 billion to improve cybersecurity and expand continuous diagnostic technologies to mitigate threats nationwide, according to the report.
Last fiscal year, the federal government’s largest agencies reported spending more than $10 billion on information security activities to prevent malicious cyber activity; detect, analyze and mitigate intrusions; and shape the cybersecurity environment.
The last includes spending for workforce development, information security and assurance research and development and standards development and propagation, according to the 2013 Federal Information Security Management Act report to Congress. Overall, most of the government’s information security funding —about $4 billion— is dedicated to funding these areas.
It’s no surprise that agencies are investing heavily in these areas, considering the fact that many successful cyber threats start with employees clicking on malicious links and either knowingly or unknowingly engaging in risky cyber behavior that puts their agencies at risk.
CIOs say they plan to use the Department of Homeland Security’s $6 billion continuous monitoring contract vehicle to buy tools and services for detecting unauthorized hardware and software applications running on their networks, missing patches on their systems and IT assets are not properly configured.
The president’s budget proposal includes $143.5 million for DHS Continuous Diagnostics and Mitigation program. The goal is to conduct billions of automated security scans across civilian networks every 24 to 72 hours.
CIOs are anticipating the Big Data problem that will arise as they collect more security data. “The key will be to sift through this data and present actionable information to the right people at the right time,” according to the TechAmerica survey.
Read the full survey here.