What is the state of federal information security? That was the overarching question posed by Federal Computer Week last month during a roundtable discussion with seven experts from the public and private sectors.

FCW asked the experts about the federal government's cybersecurity priorities. Overall, they said that current information security policies put disproportionate emphasis on system security and not enough on network security. Furthermore, they said money for information security is the first to get squeezed when budgets are tight. One person suggested that federal officials set security standards for the software industry to follow. And nearly all agreed that officials at federal agencies need to use more automated methods and fewer manual means for managing information security.

Around the table were Kenneth Ammon, president and co-founder of NetSec Inc.; Bruce Brody, associate chief information officer for cybersecurity at the Energy Department; Bob Dix, staff director of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee; Dennis McCallam, technical fellow for Defense enterprise solutions at Northrop Grumman Information Technology; Edward Schwartz, senior architect at netForensics Inc.; David Thomason, director of security engineering at Sourcefire Inc.; and Amit Yoran, who at the time was director of the Homeland Security Department's National Cyber Security Division.

FCW's technology editor Rutrell Yasin and assistant editor Florence Olsen asked the questions. To read an uncondensed transcript of the discussion, go to FCW.com Download's Data Call at www.fcw.com/download.

From where you view information security, do you think the right priorities are being emphasized?

BRODY: It's kind of a complicated question from a government perspective because, in many cases, our priorities are ever changing. In addition, those priorities are married to a budget, and on top of that, they're driven by congressional legislation and the oversight community that we have to respond to.

So the question of whether or not we're focused on the right priorities changes almost from department to department and agency to agency. Generally, we're focused on fixing systems. However, there are certain infrastructurewide strengthenings that could occur if [CIOs] had the authority to effect infrastructure-level changes.