“The release of the National Cybersecurity Strategy was a strong first step towards implementing a whole of government approach to addressing cyberthreats. This GAO report confirms that the plan embodies many critical characteristics needed to align and harmonize our federal agencies’ policies including purpose and scope, risk assessments, implementation guidance, and organizational roles, responsibilities, and coordination.
“However, the Strategy lacks performance and cost metrics fundamental to improving information sharing, modernizing federal agency defenses, and managing expenditures. Without them, federal agencies are incapable of measuring their own success or failure.
“That is why I have championed the last 17 FITARA Scorecards which use objective standards to grade agencies’ implementation of key IT provisions. Its success has created a litany of new, flexible IT modernization funds, bolstered cybersecurity defenses, and resulted in almost $30 billion worth of savings.
“As an advocate of quantitative assessments, I urge the ONCD to continue working towards developing outcome-oriented and cost-related metrics to better gauge operation results, manage outlay estimates, and inform and support future budget submission.”