A silver lining to the OPM breach – more federal focus on security
The breach of the Office of Personnel Management (OPM) in June has dominated headlines this summer, and for good reason. The OPM breach was devastating for the government and illustrated that not all government agencies are prepared to defend their networks from attack, identify breaches in a timely manner and work to resolve them effectively.
There are a few reasons why the OPM breach had such an impact. As we discussed in previous posts, OPM effectively serves as the HR department for the entire government. It is privy to very sensitive information about every past, current, and – thanks to handling many background checks – future government employees.
Then there’s the scope of the breach, which encompassed more than 22 million compromised records, when I last checked.
Finally, there’s the cost. The federal government is still recovering from sequestration and a significant budget shortfall. Now they’re facing another one as the threat of a government shutdown looms in Congress. This breach cost money. It cost money to fix, and it will cost money to offer federal employees credit monitoring services to help assuage some of the fallout and damage.
With all of these negatives, it’s hard to believe that anything positive could have come out of the situation. However, Federal News Radio has some data that could prove otherwise.
Each year for the past four years, Federal News Radio has surveyed federal CIOs for two weeks in September. This year, their survey was conducted anonymously online, and taken by, “168 federal CIOs, deputy CIOs and senior IT managers…” And the results of survey show a potential silver lining in the wake of the OPM data breach – awareness.
Here is what Federal news Radio reporter, Jason Miller, wrote about the results:
“In our 2014 survey, CIOs rated cyber an 8.56 out 10. Compare that to this year when CIOs rated cyber 9.91 out of 10 with the next highest rated priority, improving your agency’s management of large IT projects, receiving a 7.71 out of 10. Just for more comparison, in the 2013 survey CIOs said cybersecurity ranked 6.57 out of 10 and the next closest priority, moving back office IT systems to the cloud, received a ranking of 5.87 out of 10.”
Granted, these numbers only reflect the opinions of 168 IT professionals and decision makers within federal agencies, but they’re still quite telling. Security is now, hands down, one of the largest priorities for IT departments within the federal government. And the timing of this survey most certainly has to be taken into account – just a few short months after one of the highest profile breaches rocked the government.
Although it’s little consolation to the government employees and applicants that may have had some of their most sensitive information exposed to bad actors from across the globe, the OPM breach has elicited some positive change in the government.
Cyber security is top of mind and increasingly the top priority for IT departments that have other large mandates and priorities they’re juggling. And with budgets most likely remaining tight and the threat of sequestration once again looming on the horizon, it’s almost guaranteed that security investments that ensure the safety of sensitive government data will avoid the chopping block when agency budgets need to be trimmed.