Will bigger fed IT budgets boost security? Maybe not, says report
As the White House asks Congress for nearly $80 billion to support federal information technology in fiscal year 2016, a new report suggests that more spending may not equal more security.
An analysis this month from the International Association of Information Technology Asset Managers Inc. asserted that better management of IT inventory, software licensing and system upgrades within federal agencies — the sort of work its members do — could not only save money but also improve security.
“Federal IT chiefs often cite inadequate funding as the biggest inhibitor to progress, but a thorough investigation of the overall federal government IT sector reveals that cost savings and IT security would be increased by a comprehensive [IT asset management] program at the national government level in the U.S.,” the report said.
Barbara Rembiesa, the group’s CEO, said in an emailed statement that her group was uniquely positioned to point out this issue.
“Every serious-minded corporation already takes [IT asset management] seriously. The point of the report is that it’s high time for the federal government to do the same. There is no defense that can be made of wasting half of every dollar the federal government spends on IT/IT Security,” she said.
In the last year, the federal government has experienced a number of embarrassing breaches, including hacks of U.S. Central Command‘s social media accounts, U.S. Postal Service personnel information and a White House unclassified network.
Meanwhile, the report said, the federal government spends six times more per employee on IT compared to the private industry — an average of $36,000 per employee last year versus nearly $5,000 per private sector worker. The higher federal figure, though, includes spending on major public-facing networks, like the Department of Education’s systems that track hundreds of billions of dollars in student grants and loans.
The industry group analysis also collected findings from various inspector general reports that found shortcomings in their departments’ IT systems. In particular, the group cited a report on the Education Department that detected “longstanding weaknesses” in its systems that had been cited in previous years.
The report said better asset management could allow administrators to have a firmer grasp on what’s in their inventory — and how it’s being used. It also would allow administrators to jettison unnecessary assets.
“[S]pending greater and greater sums without proper [IT asset management] controls in place is a prescription for more breaches, risks posed by unauthorized devices, increases in lost and stolen hard drives, and major vulnerabilities created by outdated and/or ‘unpatched’ software,” according to the report.
However, the Office of Management and Budget touted the Obama administration’s efforts to root out waste in federal IT.
“Alongside an Executive Order directing agencies to establish controls and oversight so the Federal Government isn’t paying for unused or underutilized IT equipment, tools like PortfolioStat have eliminated duplication while saving billions in taxpayer dollars,” an OMB official said via email. “The report in question uses misleading math to portray an inaccurate picture. We have more work to do, and we will continue to drive efficiencies, make smart investments in Federal IT, and maximize taxpayer resources.”