Former senior federal officials recommended the Office of Management and Budget appoint an enterprise risk officer to address growing cyberthreats to both government and industry, in a report issued Tuesday.
An OMB enterprise risk officer could spearhead efforts to quantify threats to data, information technology and intellectual property, according to the American Council for Technology and Industry Advisory Council.
In its first report on critical issues ahead of the 2020 presidential election, ACT-IAC recommends the enterprise risk officer address threats nationwide, not just within federal agencies. In the private sector, the top risk-management official is sometimes called a chief risk officer or CRO.
“This strategy will provide risk management for a whole-of-nation perspective, looking at both physical and cyber risks to our government and critical infrastructure industries,” reads the report. “It will provide a mechanism for taking action to mitigate risks arising from overlap and duplication and uncoordinated silos, which create vulnerabilities and gaps, especially in the supply chain.”
Government has been too reliant on overseas suppliers for personal protection equipment (PPE) in responding to the pandemic, but an enterprise risk officer could coordinate the supply chain by inventorying supplies and medical devices, according to the report.
Outcome offices, acceleration strategy
Aside from making IT infrastructure more risk tolerant, ACT-IAC made three recommendations for making government more agile.
The report suggests that government make “outcome measure” data available by having agency deputy secretaries appoint temporary leaders to head up outcome offices that disband once their objectives are met. Outcome leaders would align resources, build partnerships, develop plans and reporting, and work together across agencies.
The government can make itself more agile by having the President’s Management Council create and oversee an acceleration strategy, according to ACT-IAC.
Such a strategy would outline the roles of chief information officers, chief technology officers, chief information security officers, chief experience officers, and business leaders. The strategy would also serve as an operational framework for U.S. Digital Service, the General Services Administration’s Technology Transformation Services, agency innovation centers, the Office of Personnel Management Lab, and Office of Federal Procurement Policy, according to the report.
ACT-IAC recommends the government establish a new workforce and leadership model that focuses on attracting and retaining employees capable of identifying emerging technologies, acquiring them faster and using them to drive agency change.
The four recommendations were not only for unelected officials but Congress and advisors. OMB did not respond to a request for comment on whether legislation would be needed before it could act on ACT-IAC’s recommendations.