The Inspector General of the Small Business Administration (SBA) found that the agency’s IT leadership needs to address the Federal Information Technology Acquisition Reform Act (FITARA) and cybersecurity threats.
The IG released a report on the Most Serious Management and Performance Challenges Facing the Small Business Administration in Fiscal Year 2018, which included IT problems.
In order to address IT issues, SBA hired a deputy chief information officer (CIO) and nine other IT personnel. However, the agency still experiences growing cybersecurity threats. In 2016, SBA experienced a ransomware attack that hurt its ability to carry out its mission. The IG found that this incident proved that the IT team needs to increase its risk management procedures, ensure the continuous monitoring of networks, deploy effective incident response strategies, and create effective contingency plans.
The IG also found that the CIO’s office should initiate more strategies that align with FITARA, including human resource planning, investment oversight, and create an enterprise architecture agencywide.
The IG found “significant improvement” in SBA’s information security practices due to an IT control enhancement program that was started by SBA. However, vulnerabilities remain that require infrastructure investment. The IG recommended that the IT department focus on continuous monitoring of systems for security threats, risk management, and establishing a personally identifiable information data loss prevention program.
SBA CIO Maria Roat joined the agency in October 2016, and quickly started making changes to the IT infrastructure. Roat’s goals were to get on Microsoft Office 16 and Windows 10, get to four racks on the agency’s data center, and move from copper to fiber, migrate to the cloud, and get rid of desktop computers and acquire laptops.
“Burn the bridges behind you,” Roat said at Microsoft’s Government Cloud Forum on Oct. 17. “We have to shut stuff down and turn things off and there’s no going back.”