New Fed CIO Will Hold Second Job in OMBKundra Will Report to OMB's Deputy Director Vivek Kundra, tapped Thursday as the nation's first federal chief information officer, will have a second day job, that of administrator of e-government and IT in the White House Office of Management and Budget.
Established with enactment of the E-Government Act of 2002, the e-administrator's post often referred to as the de facto federal CIO had only two people serve in the job: Mark Forman and Karen Evans. Though Kundra can drop the "de facto" from his job title, he nonetheless will not report to President Obama, but to the OMB deputy director for management. As e-administrator, he heads the Federal CIO Council.
Why the two roles? "The president wanted to give the CIO the ability to reach across agencies and departments," Tom Gavin, OMB deputy associate director for strategic planning and communications, told GovInfoSecurity.com. "The position is not just e-government services. We're trying to change the dynamic, to interact with the public sector, and not just make sure information is available electronically. Fundamentally, we're looking at how technology serves the American people."
And, when it comes to safeguarding federal IT systems, Kundra said he'll look at information security not just in the government but across the nation. In a briefing Thursday for reporters, Kundra said he has been working closely with National Security Agency cybersecurity expert Melissa Hathaway, who's been conducting a 60-day review of existing policies and programs aimed at securing government information systems and the nation's critical IT infrastructure.
"Because, if you think about it, a large percentage of the global infrastructure does not belong to the federal government when it comes to cybersecurity," Kundra said. "And, we need to ensure that the public and the private sectors are fully engaged when we think of information security."
Kundra joined the growing caravan of public officials lining up to seek new ways to measure information security. A consensus is building in Washington to find new metrics to truly determine if IT systems are secure, and not just whether the right boxes were checked off in a compliance form. "Frankly," he said, "we need to move away from focusing purely on reports and processes."
The government relies heavily on scorecards and Government Accountability Office and inspectors general's audits to determine whether agency comply with defined information security processes. In some ways, this approach was born by the heavily business-oriented tenets of the only president to hold an MBA, George W. Bush.
But Kundra's remarks Thursday, as well as previous ones he has made, suggest the new administration seeks to change the IT culture in government, away from one emphasizing process to one highlighting innovation. In response to a question that the new administration seems to forget that the Bush administration "did anything around cybersecurity and e-government," the federal CIO said he'll look at the Bush administration's accomplishments, but implied the old regime was reluctant to exploit newer technologies widely.
A product of his generation, the 34-year-old Kundra specifically cited cloud computing, in which users access applications over the Internet. That, he said, could save taxpayers millions upon millions of dollars in licensing fees and other costs. In a video recorded earlier this year and posted on Change.com, the Obama's transition team website, Kundra said:
"When you look at how we lower the cost of government operations, a federal government (IT) budget of $70 billion, representing approximately 20 percent of the tech economy, why is it that we can't innovate and find better ways of bringing services, lowering the cost of government operations and driving transparency? And, those are the things you're going to see in this administration."