In the view of the Telecommunications Industry Association (TIA - www.tiaonline.org), a large challenge for reform in the acquisition process will be to ensure that cybersecurity concerns are fully appreciated and understood throughout that process. This will require adequate workforce training across the Federal government, and TIA believes that end-user education is also a crucial aspect to improving cyber threat ecosystem response capabilities, as many cyber vulnerabilities are already known and related attacks are relatively easily preventable. Numerous efforts exist across sectors to inform end users of proper steps to take to ensure that proper cyber “hygiene.” For example, TIA supports that network operators and service providers generally educate the customers on important steps that should be taken, from the use of adequate passwords to encryption of data. TIA notes its supports providing federal Chief Information Officers (CIOs) with increased authority over IT expenditures, which we believe is consistent Clinger-Cohen Act. However, concentrating budget authority with department level CIOs can also limit innovation and needed flexibility at operational level where much of the IT purchasing occurs, and can slow the acquisition process. Agency CIOs should be trained to develop enhanced acquisition skills that also encourage the consideration of necessary cyber security concerns.
TIA urges OMB to include a new section in its guidance addressing cybersecurity in relevant training for Federal employees. While it has been suggested in a related effort to improve Federal acquisition per EO 13636 that there be a focus on requiring more from industry relative to cybersecurity in certain types of acquisition, TIA strongly urges that OMB's focus should instead be to ensure accountability for those making acquisition decisions. While industry has a role in increasing education on ways to improve resiliency to cyber-based vulnerabilities, the role of the Federal workforce training process is also very important and OMB's guidance should reflect this reality.
In the view of the Telecommunications Industry Association (TIA - www.tiaonline.org), a large challenge for reform in the acquisition process will be to ensure that cybersecurity concerns are fully appreciated and understood throughout that process. This will require adequate workforce training across the Federal government, and TIA believes that end-user education is also a crucial aspect to improving cyber threat ecosystem response capabilities, as many cyber vulnerabilities are already known and related attacks are relatively easily preventable. Numerous efforts exist across sectors to inform end users of proper steps to take to ensure that proper cyber “hygiene.” For example, TIA supports that network operators and service providers generally educate the customers on important steps that should be taken, from the use of adequate passwords to encryption of data. TIA notes its supports providing federal Chief Information Officers (CIOs) with increased authority over IT expenditures, which we believe is consistent Clinger-Cohen Act. However, concentrating budget authority with department level CIOs can also limit innovation and needed flexibility at operational level where much of the IT purchasing occurs, and can slow the acquisition process. Agency CIOs should be trained to develop enhanced acquisition skills that also encourage the consideration of necessary cyber security concerns.
TIA urges OMB to include a new section in its guidance addressing cybersecurity in relevant training for Federal employees. While it has been suggested in a related effort to improve Federal acquisition per EO 13636 that there be a focus on requiring more from industry relative to cybersecurity in certain types of acquisition, TIA strongly urges that OMB's focus should instead be to ensure accountability for those making acquisition decisions. While industry has a role in increasing education on ways to improve resiliency to cyber-based vulnerabilities, the role of the Federal workforce training process is also very important and OMB's guidance should reflect this reality.