Federal CIO Vivek Kundra has been charged with the Obama administration’s goals of increased governmental transparency and tighter security and oversight of Federal IT assets, and commented Tuesday that the Federal Information Security Management Act isn’t working as it was intended: to safeguard federal information systems, as evidenced by recent breaches at the FAA and the vendor that hosts USAjobs.gov.
In testimony before the House Committee on Oversight and Government Reform’s Subcommittee on Government Management, Organization and Procurement, he said that FISMA has raised governmental awareness of information security concerns, but suggested that at seven years old it has already outlived its usefulness: “The performance information currently collected under FISMA does not fully reflect the security posture of federal agencies,” he continued, “The processes used to collect the information are cumbersome, labor – intensive, and take time away from meaningful analysis. The federal community is focused on compliance, not outcomes.”
Kundra elaborated in a later interview, “We need to start changing the way we measure IT projects — not on an annual basis…We need to change the way we manage IT by changing the frequency of when we evaluate where we are. Moore’s Law states that processing speeds double every 18 months. But the average procurement takes 12 to 18 months.”