Aug 21 2015

Is the Government Focusing Too Much on Cyber?

Agencies could allocate too many resources and neglect critical areas because of OPM breach.

Government officials prioritized cybersecurity long before the breach at the Office of Personnel Management, but the attack that affected more than 21 million people created a fresh example of the dangers federal networks face.

The expected reaction, of course, is for agencies to pour more resources into security efforts to avoid future incidents and the unwanted attention they bring. That approach, though, could be a double-edged sword: Yes, agencies will likely become more secure, but at what cost to other aspects of their mission?

Federal technology is, in many ways, a zero-sum game. With capped resources, both in terms of money and manpower, technology must balance the multiple responsibilities it holds. When an incident like the breach at OPM occurs, it can throw that balance further out of whack.

“In many departments, federal leaders don’t have a good picture of their portfolio to correctly prioritize the things that are important to them and the department’s leadership,” says John Saaty, who co-founded Arlington, Va.-based Decision Lens with his brother Dan. “It is possible that they are over-indexing cyber right now that could hurt other areas of technology.”

As the Federal Information Technology Acquisition Reform Act (FITARA) begins to be implemented, department CIOs will have more power over technology purchasing and priorities. The bill aims to empower CIOs more than ever before, but may also increase the number of people and projects pulling on them for resources.

Helping agencies and other large organizations maintain that balance is John and Dan’s mission. They developed software that is based on the Analytic Hierarchy Process (AHP) that their father, Thomas, a mathematics professor at the University of Pittsburgh, former State Department researcher and noted author, developed in the 1960s to help the government negotiate nuclear arms agreements with Russia.

In its simplest form, the technology assists leaders of any organization, although decentralized operations like federal agencies tend to benefit most, in aligning priorities with strategic goals and resources. The government has used it for strategic budgeting and capital asset planning, among many other uses, which incorporates both quantitative and qualitative data to provide a model for how decisions affect one another.

“Agencies can put all their resources to one area like security, but then there will be nothing left to serve their mission,” Dan says. “You need to focus on broader capabilities.”

John pointed to the recent attention the Agriculture Department received for its broadband program that helps bring high-speed Internet to rural areas. While not part of USDA’s core mission, the broadband program has become a vital resource for the nation’s farmers to stay connected to the latest technology. It’s also an example of the type of program that could find itself neglected in an unbalanced environment.

Without insight into the balance of these priorities, CIOs make decisions with little or no knowledge of projects’ relationship to one another.

The goal for Decision Lens is to provide this visibility and present CIOs a way to give their decisions more credence. The priorities and strategic objectives put into the calculation can act as a guidepost to distribute resources so the agency is meeting its larger goals.

The brothers point to the Navy Installations Command, a customer that once had an employee managing 88 separate spreadsheets focused on resources and operations. Now, how in the world is someone expected to make sense of that?

“In the past, it was the squeaky wheel getting what they wanted,” Dan says. “With this method, CIOs can better gauge what areas have seen too much or too little investment and take a broader approach, instead of succumbing to the pressure of those that were the loudest.”

Now, with the changes coming with FITARA, departments have a chance to reset priorities under the new CIO authorities. At least then, if they invest heavily in cyber, they know what will suffer as a consequence.