- Obama military strategy too weak for future security, panel reports
- Sen. Tom Coburn vows to slow down budget-busting bills ahead of recess
- Obama fantasizes about more executive power, signs new order on federal contractors
- Clintons call Klein, Halper, Kessler ‘a Hat Trick of despicable actors’: report
- Boehner accuses Obama of ‘legacy of lawlessness’
- Pro-marijuana group claims responsibility for Brooklyn Bridge flag swap
- Young adults shun Obamacare mostly due to cost: survey
- Stabbing attack on transgender girl, 15, was ‘bias motivated,’ police say
- LGBT adults still lean overwhelmingly toward Democratic Party
- Lawmakers rattled by Syria genocide horrors, call on Obama to act
Federal IT chiefs slow to try out CyberScope
Many wary about monitoring system
Question of the Day
Fewer than one in five information technology chiefs in the federal government have tried CyberScope, a mandatory new system for reporting on information security in their agencies — and while those who have used the system praise it, most of the rest doubt the benefits, according to a survey to be published Monday.
The survey of the chief information officers (CIOs) from 34 Cabinet-level departments and other agencies was conducted on behalf of several computer security companies by MeriTalk — a firm that offers a social networking forum to government and private-sector executives working in government IT.
The survey found that 15 percent of CIOs had tried CyberScope, even though its use becomes mandatory on Nov. 15. Although who that had used the system rated it an “A” or “B” for performance, the large majority who hadn’t used it were doubtful of its purpose and suspicious of its effectiveness.
Nearly three quarters of this group — 72 percent — said they do not have a clear understanding of CyberScope’s mission and goals; more than two-thirds — 69 percent — were unsure the change would improve security; and more than half — 55 percent — said they feared the system would increase costs.
“It’s the ‘show me’ factor,” Ed White, director of business development for McAfee Inc., one of the survey’s sponsors, told The Washington Times. “You have a large subset of people who still aren’t sure.”
Cyberscope is the latest effort to improve the functioning of FISMA, as the 2002 Federal Information Security Management Act is known inside the Beltway. FISMA, which critics decry as a box-ticking exercise, requires federal CIOs to report on — and agency inspectors general to audit — dozens of security measures every year.
At a hearing last year of a Senate Homeland Security & Governmental Affairs subcommittee on federal financial management and government information, the panel’s chairman, Sen. Thomas Carper, Delaware Democrat, said that meeting FISMA requirements cost about $2.3 billion every year and that the federal government had spent more than $40 billion on implementing the law since it was enacted in 2002.
The administration’s information technology chief, Vivek Kundra, told the hearing that the paper-based reporting system agencies were using at that time was “laborious, time consuming and unsecured.”
“The criticism of FISMA was always that it was a paperwork exercise and [that the reports it produced were] obsolete almost as soon as [they are] complete,” Mr. White said.
CyberScope, which allows agencies to report through a secure online portal, would be “the performance-based solution to years of inefficient and unsecured collection of agency security data,” Mr. Kundra said during the hearing last year.
Cyberscope was “billed … as a silver bullet,” Mr. White said.
In reality, it was “not the panacea” but was a way to try to “push forward the idea that all agencies should move towards the implementation of continuous monitoring” of their computer security, he added.
In the future, he said, agencies would be able to automate the data-collection process for CyberScope. By moving toward more automated reporting, CyberScope potentially “will allow the departments and agencies to focus more on outcome-driven security metrics rather than [just] a compliance exercise,” he said.
Mr. White said the survey, which was conducted in July, may have “crossed paths” with a push from the Department of Homeland Security to educate officials about the system. “There was information [about CyberScope] available before, but it wasn’t overly clear,” he said. “Now they have started really pushing it.”
A Homeland Security spokeswoman declined to comment ahead of the report’s publication.
© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.
About the Author
TWT Video Picks
Both parties recognize the Democrats' scam
- Inside the Ring: Israel surprised by Hamas tunnel network
- Army's 3-D printed bombs to create 'a whole new universe' of lethal capabilities
- Chicken pox outbreak puts illegal immigrant facility on lockdown
- CRUZ: A tale of two hospitals: One in Israel, one in Gaza
- GOP leaders delay border bill, leave Obama in control
- Israel surprised by Hamas tunnel network
- Report: 40% of weapons sent to Afghanistan are unaccounted for
- CIA admits improperly hacking Senate computers in search of Bush-era information
- Colorado poll shows women tuning out Democrats' 'war on women' strategy
- 3 African leaders cancel trip to U.S. over Ebola outbreak; Obama still plans summit
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world