|
By Mark Henricks
In April CIOZone reported
on Federal CIO Vivek Kundra’s deadline of Nov. 15 for all federal agencies to
begin filing real-time information security reports via a new online reporting
tool, CyberScope. But as recently as July, according to a new study,
85 percent of federal CIOs and CISOs had yet to use CyberScope, casting doubt
on the likelihood of achieving that deadline.
The look at compliance with the White House’s guidelines for
implementing the Federal Information Security Act (FISMA) was underwritten by
government IT network operator MeriTalk along with ArcSight, Brocade, Guidance
Software, McAfee, immixGroup and Netezza. The study, "FISMA's Facelift: In
the Eye of the Beholder?” is based on an online survey of 34 Federal CIOs and
CISOs performed in July 2010.
The biggest finding was that, as of July, just 15 percent of
the federal IT executives surveyed had used CyberScope. That by itself calls
into doubt the chances of making the deadline for all federal agencies to
submit real-time information security data using the online reporting portal.
Other findings suggest that CyberScope may have a bright
future. For instance, all of the relatively small number of federal IT
executives who had used the online reporting tool gave it an “A” or “B” grade.
However, those who have not used it are not as positive. In
fact, 69 percent of the executives who have not used the tool are unsure if the
new approach will result in more secure Federal networks, according to the
survey.
One obstacle may be knowing what is involved in using
CyberScope. Ninety percent of the executives who had not yet tried said they
didn’t have a clear understanding of the submission requirements. And 72
percent of them assert that they do not have a clear understanding of its
mission and goals.
Including those who had used the system, 55 percent weren’t
sure the new submission process would improve security oversight. An even
larger number -- 69 percent -- weren’t positive it would result in more secure
Federal networks
A prime objective of CyberScope is to save money. The
federal government spends some $2.3 billion a year on compliance. Much of that
outlay is consumed producing paper reports that are costly and often outdated
as soon as they are submitted. Yet 55 percent of federal IT executives surveyed
said that changing their procedures in order to use CyberScope will increase
rather than decrease the cost of submitting security information.
The study authors offered some specific recommendations for
improving CyberScope compliance. Specifically, they said the White House Office
of Management and Budget needed to boost communication, particularly with
regard to clarifying the submission requirements. Agencies also needed to have
access to training in using the new reporting protocol.
Finally, the authors
said OMB should promote successful early-adopter case studies to encourage the
85 percent of federal IT executives who had not yet used the tool to give it a
try.
Only registered users can write comments.
Please login or register. |
