IT Security and Management Ranked #1 in Government Performance Challenges

Each year, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) issues an annual report to highlight the top management and performance challenges shared among federal agencies. This year’s report is based on the study of 61 annual Top Management and Performance Challenges (TMPC) reports by agency Inspector Generals (IG) that were issued in 2017. CGIE sought to identify the most common and concerning challenges and draw parallels within that area of concern. Not surprising, IT woes ranked first among the seven recognized challenges:

• Information Technology Security and Management
• Performance Management and Accountability
• Human Capital Management
• Financial Management
• Procurement Management
• Facilities Maintenance
• Grant Management

The issues found under Information Technology Security and Management primarily revolved around two themes: protection of sensitive information from external and internal threats and modernizing IT infrastructure. The report provides a breakdown, with examples, of the issues surrounding this top challenge in the federal government:

Safeguarding Sensitive Data and Information Systems – multiple federal agencies continue to face vulnerabilities in information systems that secure sensitive data. Counterintuitively, the report also found that due to data’s classified or extremely sensitive nature, agencies were unable to exchange information on cybersecurity threats. Additionally, weaknesses were found at some agencies to detect and ease the effects of insider threats.

Examples:

• The SSA OIG reported critical deficiencies in the integrity and strength of the agency’s information systems that hold personal, classified data
• DOC and DOJ face challenges in exchanging information on internal and external stakeholders

IT Modernization – outdated IT systems cripple the reliability of IT infrastructures and hinder an agency’s ability to fulfill dire missions such as national security. The cost of maintaining legacy systems also slows the development of modernized systems.

Examples:

• The DHS OIG found that CBP is unable to effectively identify passengers of concern due to the slowed performance of its pre-screening system
• The DOJ Justice Security Operations Center, which provides consistent monitoring of internet gateways and incident response management, is plagued with systems past their acceptable lifetimes

Continuity of Operations – thoroughly developed and tested contingency plans are lacking at agencies, in case of a security or incident compromise. The report finds that the absence of such plans will cause the potential emergency to greatly impact the agency’s functions.

Example:

• DOS found that some of its IT contingency plans for various overseas posts did not meet guidelines and may cause a failure in IT functions should an incident occur

Building and Maintaining an IT Workforce – agencies are unable to attract and retain a skilled IT workforce, particularly within the cyber sector. A shortage of professionals will further put agencies at risk to identify and resolve a security attack.

Example:

• DOT has reported that the demand for cyber professionals within federal and private sectors outpaces supply by 40,000 jobs

The primary point of the CGIE report is to provide a streamlined view of the challenges across the federal government. However, the report is also hoping to serve lawmakers in determining how best to address these challenges in the foreseeable future. The council highlights that many of the challenges are a result of workforce and budgetary strains as well as an agency’s lack of performance-based metrics to evaluate operations.