Forced to do a ton more with a lot less, the federal government will invest billions over the next two fiscal years to upgrade the nation’s information systems using the low-cost, high-availability cloud-based applications used by its private sector brethren.
But even if this mandate delivers all the savings and efficiencies that Federal Chief Information Officer Vivek Kundra promises, a survey of 217 senior-level IT executives working at various federal agencies say the inherent security risks associated with this open and widely distributed data network could cost the government far more than it’s projected to save.
The study, conducted jointly by Traverse City, Mich. security researcher Ponemon Institute and CA, found that 79 percent of those surveyed predict that the increasingly reliance on collaboration tools will significantly increase the amount of unstructured and sensitive data that is not adequately protected or secured.
The IT honchos said new technologies such as virtualization, cloud computing, mobile devices and, especially, Web 2.0 tools such as social networking applications, blogs and wikis, create security concerns that might be acceptable for private sector companies but pose far greater complications and ramifications for national security and solvency.
This point was hammered home again this week in a security report by McAfee that documented an alarming increase in coordinated and politically motivated cyber attacks on government information systems in the U.S., Russia, Israel, France and China.
Since his appointment in May, Kundra and other federal IT experts have continually bemoaned the federal government’s outdated technologies and procurement rules. He’s especially put off by the fact that $19 billion—or 25 percent—of the $76 billion currently allocated for IT expenditures in the federal budget is destined for infrastructure improvements.
“Why should the government pay and build infrastructure that may be available for free?” he said shortly after his appointment. “In these tough economic times, the federal government must buy smarter.”
Prior to becoming the nation’s first Tech Czar, Kundra served as CTO for the District of Columbia where he made the decision to invest less than $500,000 to buy an Enterprise Google Apps license that purportedly saved the district more than $3.5 million in IT expenses in one year.
While those savings may have been appreciated at the local government levels, critics say the comparison falls apart on a federal or international level where data is exchanged between military leaders, the Treasury department, cabinet members and even President Obama in real-time around the clock.
Sixty-three percent of the survey respondents said the mobility of the government workforce would contribute to significant endpoint security risks because of the vast number of mobile devices used and their relative lack of security—a fact that’s not foreign to anyone using an iPhone, BlackBerry or Windows mobile device.
“Federal systems and networks are already being targeted by cyber criminals who recognize that government agencies can be treasure troves for valuable personally identifiable information,” Larry Ponemon, the Institute’s founder, said in the report. “In order to maintain the public trust, information security must be integral to any updates, and not an afterthought.”
Thirty-five of the government IT executives queried said their department’s networks had been hit by some type of cyber attack one or more times in the past year. Another 38 percent said they were “unsure” about whether an attack had occurred or not.
Web 2.0 applications such as social networking, instant messaging, blogs and wikis were cited by 52 percent of those surveyed as a serious threat to leak confidential information as well as provide an opening for malware and botnet attacks.