OMB in Dark About Security Spending

Maybe it's old age or maybe because the holidays are just around the corner, but I don't want to beat up the White House Office of Management and Budget too badly for not knowing how much it's spending on IT security.

However Vivek Kundra, the new Federal CIO, is letting loose with both barrels. Kundra said he was "shocked to learn that the OMB does not collect agency-specific IT security expenditures".

Earlier this year, IT Business Edge reported that the GAO gave the OMB a scathing report regarding security controls.

The problem here, as Kundra explains, is that no one knows what security costs, the value of its cyber security investment or even how one agency does compared with another. Now, if this was a corporation and the finance department could not explain where the money was going, those people would all be let go.

This has upset some on Capital Hill. Sen. Tom Carper, D-Del., who chairs the Senate Federal Services and International Security Committee, has called the OMB's actions "simply unacceptable."

Kundra announced in June that the federal procurement system needs an overhaul. He is taking steps to allow federal agencies to quickly buy systems by proposing a storefront to improve the procurement process.

It's easy to say it is the government and with $40 billion being spent on the Federal Information Security Management Act of 2002 (FISMA), it's easy to drop a few things here or there. Obviously, I couldn't disagree more.

At a time when cyber threats are out of control, we need to understand how we can efficiently and cost-effectively come up with viable solutions. I think once the OMB gets this under control, it will find out two things: One, throwing money at a problem won't always fix it, and two, solutions probably have been paid for many times over.