The budget squeeze of the past several years is changing the way federal CIOs are assessing their choices in risk management. That was one recurring theme mentioned by several panelists during a CIO roundtable at the recent AFCEA Homeland Security conference.
“Trying to keep everything operating well every year [with] a constant 5 percent decline in your budget is tough,” said Charles Armstrong, assistant commissioner and CIO in the Office of Information and Technology at U.S. Customs and Border Protection.
Stephen Rice, assistant administrator for the Office of Information Technology at the Transportation Security Administration, agreed. He said the agency’s IT budget has been cut by $55 million over the past three years. That is changing the IT operating model he works with, where reducing costs may lead to “a little increased risk to the operation. … [It’s important] to understand what those risk parameters are,” Rice said.
The panelists agreed that regardless of tight budgets, cybersecurity is at the top of everyone’s list.
“This is Job No. 1 for all of us in this administration,” said Luke McCormack, the Department of Homeland Security CIO. “The White House chief of staff said a month and a half ago it would be the year of cyber, and boy, hasn’t it been … From the legislation that’s recently been enacted, the legislation [now] in play, all the various cyber events.”
He said DHS wants to be a model agency for cyber security, in part by being an early adopter of new security technologies “so that when we pass it on to other agencies, we’ve already shaken it out.”Adrian Gardner, CIO for the Federal Emergency Management Agency, said his priority this year from a security standpoint is “stabilizing the environment. This year we’re focusing on optimization.” He said the recognition that budgets will stay flat is leading his agency to work on ways to gain efficiencies within its current baseline.
“We’ve done a lot at [the Justice Department] in maintaining and strengthening our cyber program,” said Joseph Klimavicz, the DOJ CIO. The department has more than 200 IT programs, he said. “We’ve made specific investments in this area to implement best practices and secure [our] networks across the board. This is a program where you’re never done.
Standardization is one area that helps information sharing, said Kshemendra Paul, the DHS program manager, Information Sharing Environment. There’s “a very small set [of issues] that I talk to the Secretary about, and that’s one of them,” he said. A lot of work is going into identity management and access control for a single sign-on system that will work for DHS and all its partners at the federal, state and local levels, he said.