5 New Year's Cyber Resolutions for Federal Agencies

From securing the cloud to unwrapping new architecture compliance requirements, 2011 was a busy year for the tech public sector. In the New Year's spirit of renewal and rededication, here are five resolutions federal agencies should make. 1. Leverage IT to meet budget requirements The government fiscal landscape changed radically in the last year with budget cuts across the majority of federal agencies. The Obama's Administration fiscal 2012 budget proposal calls for a five-year discretionary spending freeze along with $33 billion in additional cuts. Yet, there is a reason why federal IT spending to commercial contractors is expected to grow five percent annually. Dashboards, information collection systems, computing and business analysis programs will be key tools for agencies to meet increasingly demanding mission requirements with shrinking budgets in 2012. Needless to say, adoption will not move forward without security protocols and safeguards. 2. Secure the cloud Steven Van Roekel may be the new Federal CIO, but Vivek Kundra's "cloud-first" legacy will carry on into 2012. Over the long term, the cloud will save agencies some of the cost of purchasing, designing and installing IT infrastructures. According to a Brookings Institute study, the cloud could help agencies save up to 50 percent in IT costs. However, satisfying mission-critical government system requirements and truly securing public, community, and private clouds will be a major undertaking for agencies in 2012. It will require targeted investments, strong project management, systems engineering, and hard-to-find expertise. The move to the cloud is happening--Renub Research estimates the federal IT budget devoted to cloud computing spending to reach nearly $1 billion by 2014--and agencies should resolve to lead rather than trail the pack. 3. Move toward a secure mobile workplace As tablets and smartphones take hold in our personal lives, the benefits of a mobile workforce have become apparent across the federal government and in particular to agencies like the Federal Emergency Management Agency (FEMA) and the United States Census Bureau. The 2011 5.8 magnitude D.C. earthquake also underscored the need for agencies to develop reliable remote access policies and solutions for continuity of operations. Agencies will need to adapt to working with new protocols and technologies that enable remote collaboration. In establishing remote access frameworks, agencies should resolve to: build management support, define essentials to demonstrating ROI, measure productivity, and supply secure, and affordable telework technology. While supporting a large number of mobile devices is not without a fair share of challenges, a Bring Your Own Device (BYOD) policy could increase employee satisfaction, provide technical advances and lower costs. BYOD is not without its challenges, but several organizations are running pilots to work through those challenges sooner rather than later. 4. Continuously monitor cyber defenses In 2012, government agencies will not only battle rogue individuals trying to "brute force" a firewall password or hack into a single perimeter system, but a long-term sustained attack by organized cyber criminals. With advanced persistent threats becoming more and more sophisticated, government agencies should resolve to continuously monitor, track, and analyze cyber attacks with proactive training engagements including frequent penetration testing and simulated cyber and social engineering attacks. 5. Bridge disparate systems One of the challenges of the nation's cyber defense is that agencies rely heavily on disparate networks and systems, which in turn increases their vulnerability. As federal CIOs look to consolidate and bridge disparate systems in 2012, it will be important not to overlook the human factor. Coordinating a wide array of stakeholders involved in the process will require well-defined policies and programs and collaboration. Daniel Barber serves as Program Director for the Homeland Security Group within Dynamics Research Corporation (DRC). In his role, Mr. Barber works closely with some of the largest government agencies to implement information security strategies and policies that align with the mission goals of the federal government. The views expressed by our guest bloggers are their own and do not necessarily reflect the views of AFCEA International or SIGNAL Magazine.