"The regulatory requirements for DIACAP/FISMA 805, etc., are catered more towards systems and software and not updated to reflect the innovation of other companies when it comes to selling software as a service and cloud computing, making it very difficult for an organization to be successful in partnering with the government," Barr says. "Some time should be taken to revisit these regulatory requirements."
Sharing Barr's concern about FISMA is Krag Brotby, a security architect who has worked for Xerox, TransactPlus (a JP Morgan subsidiary) and the Singapore government. He says FISMA compliance is in a dismal state of affairs in critical agencies, and a lack of training is part of the problem.
"FISMA compliance remains poor in some of the critical agencies and, coupled with substandard personnel proficiency, would seem to pose an unreasonable level of risk to the country," he says. "Pushing ahead with training and certification of government security personnel should take priority as well as mandating FISMA compliance."
3. Demand better security training
Brotby's concerns highlight another weakness on the minds of many security professionals -- training, or the lack of it. Brotby has encountered what he calls a "significant percentage of IA (information assurance) practitioners and managers in the government and armed forces" that haven't been adequately trained to provide a reasonable level of security.
Barr listed education as one of his big concerns, and hopes the Obama Administration will push for security to be emphasized from middle school to college and beyond.
"From the perspective of what is taught in college to what is taught down at the middle school to high school level, in my opinion we don't have a lot of programs that teach individuals the history of security and what we should be doing to better protect ourselves," he says.
Since kids are increasingly learning via computers and the Internet, an education on the dangers of cyberspace and ways to secure oneself should be a natural part of the lesson plan, he says.
4. Build a great cyber wall (against China and others)
Another item of concern for security pros is the increased level of cyber espionage between companies and countries -- most notably activity from China. Barr wants the Obama Administration to revisit requirements for restricting US companies with a presence in China and other countries.