Kundra picks up cybersecurity mantle

The Obama administration’s plans to review government cybersecurity gained a new champion with the appointment of Vivek Kundra as federal chief information officer.

The Office of Management and Budget last week released an annual report on agencies’ implementation of the Federal Information Security Management Act (FISMA) and said OMB will will assess the metrics agencies report to show their compliance with that law. OMB also said it might develop new metrics to improve information security.

Kundra, also serving as OMB administrator for e-government and information technology, picked up the charge immediately. On the day he was appointed, he told reporters that the government needs to shed the mentality that reports and processes are the most important aspects of cybersecurity. Instead, he said, the focus needs to be on the fundamental security of “what I call the engine for the modern economy when it comes to cyber infrastructure.”

FISMA's critics have argued that agencies' compliance with the law can too easily become a matter of filling out the paperwork to document rote compliance rather than implementing effective security measures.

The government needs to think through cybersecurity in a broader context, Kundra said. The administration needs to consider how the government self-organizes, especially given that much of the government's processes and data flows through private infrastructure as well as the government.

It is important, he said, “that we look at these reports and think of them beyond just the federal government.”