Connect with us

Hi, what are you looking for?



Cybersecurity, Compliance Slowing U.S. Government’s Digital Transformation

Complex Compliance Requirements are Delaying U.S. Government’s Digital Transformation, Study Shows

Complex Compliance Requirements are Delaying U.S. Government’s Digital Transformation, Study Shows

With trust in the U.S. government at an all-time low (the Pew Research Center says that only 3% of Americans trust Washington to do the right thing ‘just about always’), the suggestion is that a new ‘moonshot moment’ is necessary for government. A new report (PDF) says that moment is possible with digital transformation.

Success, however, is dependent on three requirements: federal agencies must create a culture of innovation; must prioritize the citizen experience; and must implement an integrated approach to digital transformation.

Consulting firm ICF employed Wakefield Research to survey 500 federal employees to understand the opportunities and obstacles for federal digital transformation. The prize, says ICF, is reigniting citizen trust and satisfaction in government, regardless of the administration. Cybersecurity and compliance issues are among the greatest of the obstacles, with user satisfaction an additional problem.

Eighty-nine percent of the respondents said that security and privacy requirements significantly delay technological innovation. More than half of the respondents admitted to experiencing a cybersecurity incident after implementing a new digital initiative, while almost half of those said that the incident delayed future innovation.

The federal IT procurement process is also an inhibitor, with 91% of respondents saying it needs to be completely overhauled. More than 30% go so far as to recognize benefits in using unauthorized technologies that have not been officially sanctioned by the IT department. 

ICF believes that the combination of security/compliance concerns and strict procurement policy is inhibiting the creativity of federal agencies. “Creating a culture of innovation,” says the report, “requires encouraging staff within agencies to think outside the box and empowering them to follow through on new ideas by providing targeted support.”

Advertisement. Scroll to continue reading.

Baris Yener, an SVP at ICF, told SecurityWeek, “Compliance has become an overly-complex aspect of security in the government. This is due primarily to the fact that the public sector thinks of security as an afterthought, something that is tacked on to existing processes, rather than building solutions with a security-first mindset. Compliance will remain a hindrance,” he added, “until the government and its agencies embrace a shift in thinking that prioritizes an integrated approach to creating tools and services. Once that shift takes place, and stakeholders from across departments are brought together, compliance will be simpler.”

In the meantime, he does not believe that empowering creativity will necessarily lead to an unacceptable expansion of shadow IT within federal agencies.

“By embracing outside-the-box thinking, and fostering a culture that encourages creativity,” he said, “those staff members will instead raise their hand to offer new solutions, rather than turn to shadow IT. Creative thinking needs to be nurtured and rewarded. If there’s anything we know about the nature of cybersecurity today, it’s that the threat landscape is constantly changing. Feds with a different perspective will be critical to navigating uncharted territory.”

Essential to the moonshot moment of digital transformation is user engagement with the outcome. Ninety-seven percent of the survey respondents say that government agencies now have a greater responsibility than ever to provide the digital tools and services that will make a positive difference in citizens’ lives. But 80% also said that government is prioritizing perfecting the technology over the citizen experience. 

The extent to which regulations affect new digital technology can be seen by 44% of respondents claiming that compliance is the biggest priority when implementing a new digital technology, with 36% saying that speed of implementation is the prime priority. User adoption of that technology ranks second to last (30%), worsened only by the ability to measure its success (23%). 

With such driving principles, ICF sees little chance of government maximizing the potential for engaging the trust of citizens. Federal staff accept the problem, with 92% suggesting that improving usability of the technology should be prioritized over technology development. “Instead of looking to the private sector primarily for technology solutions,” suggests ICF, “federal leaders must implement user research and feedback loops that are designed to create and improve digital services.”

This may seem a little surprising, since the issue of usability is understood and being tackled by new technologies in the private sector. The big development is the increasing use of artificial intelligence — for example in reducing user friction in access control. However, Yener does not believe that such solutions can simply be transposed to the federal sector. 

“For example,” he told SecurityWeek, “when implementing new technologies like AI, the government needs to consider how to identify and document the standardization of those technologies, along with how it will be used within all agencies. Private sector by comparison has the freedom and flexibility to implement whatever would be beneficial to the business, with minimal standardization required or concern for other companies in their industry.”

If project funding is available, the biggest obstacles to new digital developments are security concerns (41%), outdated policies (28%), skilled staff shortages (27%), complexity (22%), and lack of time (22%). Other obstacles include poor inter-office communication, difficulty in procuring services, and lack of support from senior management.

“To develop an integrated approach to digital transformation,” says the report, “agencies should build a multidisciplinary team that executes technology implementation and prioritizes user adoption. Leaders need to ensure that every department — including common omissions like HR — is represented to better understand the needs of the entire organization as it works to apply digital transformation.” Successful digital transformation, it adds, “will position the federal government to
launch its next moonshot: digital transformation that reignites citizen trust and satisfaction in the government — regardless of the administration.”

Related: Federal Agencies Respond to 2017 Cybersecurity Executive Order 

Related: Surviving Your Digital Transformation 

Related: Compliance is Not Synonymous With Security 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...