Private sector IT firms that supply Federal government agencies with advanced technologies acknowledged the minor trend toward better grades on the 13th edition of the FITARA Scorecard, but told MeriTalk they want to see the House Oversight and Reform Committee follow through on aims to align grading categories better with newer Federal tech policies that steer toward better cybersecurity and modernization of legacy systems.
At a Jan. 20 House Government Operations Subcommittee hearing to discuss the FITARA 13 results, key lawmakers from both sides of the aisle agreed they want to explore making big changes to grading categories on the scorecard, which since 2015 has been issued twice a year by House Oversight to rank major Federal agencies on progress toward IT-related goals.
Debate at the hearing surfaced a number of ideas about where to aim those efforts – with cybersecurity, replacement of aging networks, and improved citizen services results among the leaders. Subcommittee leaders and witnesses also talked about how that may be easier said than done, given the difficulty of accessing some of the data that would be needed to shed more light in those categories.
Here’s what several IT leaders had to say about the broader aims of the scorecard process and how it might change for the better.
“The hearing emphasized the need for changes to the scoring criteria for cybersecurity, including aligning metrics with the Executive Order on Cybersecurity, zero trust security migration, and supply chain risk management best practices,” said Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs at Zscaler.
Kovac also noted the swooning grades of many Federal agencies in the category of how well they are transitioning communications services contracts to the General Services Administration’s Enterprise Infrastructure Solutions (EIS) contract. “The numerous ‘F’ grades for EIS transition highlight where more progress can be made migrating to modern telecommunications infrastructure and cloud security services that support remote and hybrid work environments,” he said.
“While we see gradual progress on the FITARA scores over time (and some of them include items related to Cybersecurity) – there is still a lot of room for improvement,” said Mark Sincevich, Federal Director at Illumio.
“There should be a specific focus on Zero Trust and micro-segmentation built into the scores in the future, in line with the [Biden administration’s] Cybersecurity Executive Order (EO) to enhance agency congruency,” he said. “As efforts to modernize the process continue, we must measure progress against the EO’s priorities and mandates. This will further aid to prepare, and reduce the impact of future cyber threats.”
The Jan. 20 FITARA hearing “showed that cybersecurity remains top priority for Federal IT leaders,” said Matt Marsden, Vice President, Technical Account Management, Federal, at Tanium. “It’s encouraging to see cyber scores increase, on average, but more work needs to be done to fully improve the nation’s overall cyber posture, starting with how cyber scores are calculated.”
“The FITARA cyber scores are simply the agency’s FISMA score normalized on an ‘A’ through ‘F’ scale – measuring compliance, not actual security or risk,” Marsden said.
“Given the increased focus on cyber readiness across the federal government, agencies must move beyond compliance towards solutions and tools that leverage real-time, actionable data on the state of an endpoint to measure cyber readiness accurately and effectively,” he said. “If agencies don’t have comprehensive visibility and real-time monitoring over an asset’s health and performance, they cannot adapt quickly to critical events like the next major breach or vulnerability.”
“The hearing on the FITARA 13.0 scorecard emphasizes the critical importance of modernizing outdated legacy systems, as tech advancement and cybersecurity remain top priorities across the Federal government,” said Mike Wiseman, Vice President, Public Sector at Pure Storage.
“Agencies are trying to understand how to acquire, deploy, and sustain systems while building the strongest cyber defenses possible,” he said. “Although it can be difficult to comprehend and anticipate what data capabilities agencies will need down the line, some of the most beneficial solutions that offer flexibility and agility are as-a-service platforms. These systems allow IT leaders to leverage only the digital infrastructure they need at a given time while remaining adjustable and secure for the future.”
“By modernizing technologies, leaders can take an active role in prioritizing the digital shift, and now is the time to invest in solutions that maximize data security and advance agency missions,” Wiseman said.