A report with information from all of the agencies’ risk management reports will be sent to President Donald Trump to review by Oct. 8, even though the government still lacks a Federal CIO.
Barry West, senior adviser and senior accountable official for risk management at the Department of Homeland Security, said that the goals of the Cyber Executive Order in May could still be met without a Federal CIO.
“We have great leadership in place that are filling those voids,” West said at MeriTalk’s Cyber Security Brainstorm on Sept. 20 in Washington, D.C. “I think some of the traction can keep moving without a Federal CIO or CISO.”
West said that the bottom line of the Cyber Executive Order was that the president would provide his leadership team with the modernization tools they need to succeed and hold the leadership accountable.
Trump has focused on cybersecurity and IT modernization at the beginning of the administration. Jared Kushner, Trump’s son-in-law, started the American Technology Council, which is pulling together best practices and advice from industry leaders.
The Cyber Executive Order tasked Reed Cordish, special assistant to the president for intragovernmental and technology initiatives, with coordinating a report to the president from the secretary of Homeland Security, the secretary of Commerce, and the director of the Office of Management and Budget, regarding modernization of IT.
Chris Liddell, director of strategic initiatives at the White House, is in charge of with coming up with strategies for modernizing government technology, which has been pushed by the Trump administration with its support of Rep. Will Hurd’s Modernizing Government Technology Act. The Trump administration plans to document the Federal government’s legacy systems and prioritize the most vulnerable networks.
“We continue to just add layers and layers of security tools,” West said. “We’ve got to look at that from a cost effective standpoint.”
West said that budget issues continue to be a problem for Federal cybersecurity even after the Modernizing Government Technology Act passed the Senate on Sept. 18.
“We’re hoping to see funding from that, that will be part of that Cyber Executive Order,” West said.
West said that the Equifax breach was a security “wake-up call” for industry and that the government is shifting the accountability from technology leaders to agency heads to combat these types of hacks.
“Let’s not pin all this on the CISO and the CIO,” West said. “This is a business issue.”
As the senior accountable official for risk management, West briefs the secretary of Homeland Security on cybersecurity issues, since the Cyber Executive Order requires all agency heads to be in the know about what’s going on their networks. West also coordinates with the National Security Council, the White House, and the National Protection and Programs Directorate on cyber issues.
“I think we’re making headway. I really do,” West said. “It’s taking a lot of blood, sweat, and tears.”