E-gov chief urges administration to offer incentives to CIOs
Bush administration officials must look for ways to prevent federal agencies' chief information officers from "burning out" as they work to improve cybersecurity and address a wide range of other technology issues, the Office of Management and Budget's (OMB) e-government administrator told a House panel on Tuesday.
"We're trying to drive an awful lot of transformation, and these have become some of the most stressful jobs," Mark Forman said during a House Government Reform subcommittee hearing on cybersecurity.
Forman said much of that stress stems from the sweeping management reforms that must be implemented in order to better protect agencies' information systems from cyberattack.
"I'm not quite sure yet how you keep people from burning out, although that is something we're going to have to start looking at more and more," he said.
Rep. Candice Miller, R-Mich., agreed, raising concerns that agencies may be losing a large amount of "institutional knowledge" as their CIOs leave through a "revolving door" for higher paying private-sector jobs.
Forman said the administration has asked Congress for a "performance fund" to give federal CIOs a greater incentive to remain on the job. "I think that will help a tremendous amount," he said.
The administration also is trying to "significantly empower" the CIOs to make a "business case" for how federal IT dollars should be spent, Forman said.
"What really is at the heart of getting the federal government more secure is what we're doing with the infrastructure, networks, telecommunications, the basic computing platforms that we're using," Forman said. "I think we're fine with resources. The challenge is that there is a lot of work, and it takes time."
Pointing to OMB's May 16 report to Congress on federal government information security reform, Forman said federal agencies have made progress in identifying and fixing longstanding problems. He noted that in fiscal 2002, for example, risk assessments had been performed on 65 percent of federal information systems, and 62 percent of federal systems had an "up-to-date security plan."
"But there's much work that remains before we can say IT systems are adequately secured in the federal government," Forman said, noting that more than half of the largest federal agencies have reported at least one "material weakness" related to information security.
Rep. Adam Putnam, R-Fla., chairman of the Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee, said lawmakers share a "bipartisan frustration" over the cybersecurity problems plaguing federal agencies.
"The weaknesses identified are weaknesses that would be significantly reduced if approved procedures and protocols or best practices were actually followed," Putnam said.
He noted, for example, that General Accounting Office audits have found that some federal information systems have never been tested in a production environment, and some agencies have failed to install patches on systems "for months after known vulnerabilities are identified."
"These rudimentary lapses are not acceptable," Putnam said. "While some progress is clearly being made at federal agencies, going from an 'F' to a 'D' isn't saying much."