CIOs Set New Goals

ith the Y2K crisis now just a memory, chief information officers are building on the skills they learned in dealing with it. Plus, they are seeking to fundamentally change the way their agencies do business.

Y2K was helpful in putting the spotlight on what a CIO can do, says John Gilligan, who holds that job at the Energy Department. "But when there's not an IT crisis, it's easy to forget the CIO."

It may be getting harder to ignore agencies' top technologists. By the end of this year the federal government will have spent just over $40 billion on information technology goods and services, and IT spending could increase by almost $2 billion in the fiscal 2001 budget. CIOs are helping set new priorities for how IT funds will be managed and spent in the wake of Y2K.

In a recent panel discussion, three departmental CIOs rated their top priorities for the year ahead. All three named computer security as one of their main concerns. Recent security threats such as the ILOVEYOU virus and the proliferation of hacking incidents makes security a high priority.

For Gilligan, information assurance begins with creating a consistent cybersecurity architecture that gives network managers a standard blueprint for cyberdefense. Energy is just wrapping up such an architecture. "We are upgrading our security policies and the oversight controls," Gilligan says.

The next step for Energy is a threat assessment, to be followed by a risk assessment. Program managers, Gilligan says, have to decide what level of risk they are willing to take once threats have been identified.

However, increased security measures raise costs and can degrade system performance. This means effective security depends on how involved management is in determining and accepting risk tradeoffs, Gilligan says.

Paul Brubaker, acting deputy CIO for the Defense Department, cites the number of fragmented networks and Internet backdoors that exist within government as information assurance problems.

Other top CIO concerns include doing business electronically and delivering services online. Brubaker says implementing e-business architectures could be difficult for agencies because they are not accustomed to doing business electronically. Joseph Leo, CIO for the Agriculture Department, says he fears that the needs of the new business world, where services are demanded 24 hours a day, seven days a week, may collide with the limitations of old agency information systems.

Even so, the CIOs are determined to buy smarter and manage investments better by implementing key provisions of the 1996 Clinger-Cohen Act.

Brubaker says that while Clinger-Cohen has been great for streamlining IT procurement, the role some agency CIOs play is not as robust as the act dictates. He says what's needed are more seats for CIOs at the executive table, coupled with increased budgetary control.

At Energy, Gilligan says his office is engaging in capital planning and investment reviews. Energy also plans to modernize key business systems in order to get rid of departmental stovepipes. With the federal IT workforce shrinking, CIOs say personnel issues are also coming to the fore as agencies seek to innovate. "If you look at the workforce that is available and the skills and abilities required for this Internet revolution, there is a tremendous skills gap," Leo says.

Going forward, the CIOs are looking to see what effects the transition to a new administration will have on IT management. "We're looking at how we can get a new administration to embrace the core concepts of more proactive IT management," Gilligan says.