How to Improve Security? Centralize IT Management, VA CIO Says

Government IT systems are at increased risk to inside and outside threats because departments lack centralized budget and operational authority over their IT systems, the Veterans Affairs Department’s CIO said today. “I’m disappointed that the government lags the private sector in cybersecurity by many years,” said Roger Baker, who has been in his current federal job less than two years.

Interconnected but decentralized networks are only as strong as their weakest link, he said, and without centralized IT control to enforce visibility and security measures, “we are going to remain completely open.”...

...Consolidating the IT budget under a single official rather than distributing it throughout various offices and agencies creates the ability to enforce enterprisewide policies and control IT programs. Baker said he has been able to save millions of dollars by ordering an end to hundreds of projects that were not performing — because he held the purse strings. 

Baker said he now has visibility into most of VA’s 300,000 desktop PCs and has established a departmental network control center — two major steps forward.
“But in 2007, I was a lot further along than that in a large private organization” because of the centralized authority, he added.