For the second year in a row Federal CIOs identified information security as their top challenge in the 2008 Information Technology Association of America's annual survey. In this survey, entitled Transforming I.T. to Support the Mission, Federal CIOs identified seven key facets of the information security challenges they face every day. The facets are: nature of threats, organization and culture, government wide coordination, operational control, technology, speed of change and compliance.

Today, as threats to our nation's infrastructure increase, so does our dependence on a secure infrastructure. While at the same time, fluctuations in the supply and demand for oil and gas is causing GSA as well as other Federal agencies to accelerate telework adoption. Telework and its associated work patterns and proliferation of devices means our infrastructure is becoming more decentralized. As I look out into the future, I often wonder whether the single factor and multifactor authentication mechanisms we use today are enough to ensure a secure infrastructure without losing productivity. So, how do we ensure a secure infrastructure while faced with equally important public policy, agency mission and information resource management issues?

The good news is that the private sector continues to innovate in areas that will allow us to increase security in a decentralized infrastructure while maintaining productivity. The Usable Security program at the Palo Alto Research Center is an example of the type of innovation taking place in the private sector. In its report entitled In Search of Usable Security, Five Lessons from the Field the PARC team was able to implement a private key infrastructure (PKI) with high marks for usability and user satisfaction that reduced the time to by a factor of two.

I'm optimistic that ongoing work in the private sector and at organizations like PARC can help Federal CIOs address our security challenges so we can increase security while maintaining productivity in tomorrow's decentralized infrastructure.