Inglis: First rule of cyber education is budget accountability
The newly appointed cyber director has been setting priorities and carving out turf for his office to cover. With that will likely come some scrutiny of how the government spends resources on cyber.
Cyber budget accountability -- knowing not just what was spent, but how -- is key to workforce education on cyber, according to the national cyber director.
Chris Inglis said part of his office’s responsibility is accounting for “cyber dollars: the purpose for which they're spent, to track those, to see whether the execution matched the aspiration.” But that also extends to making sure what is spent on cyber is appropriate, he said.
“I think that we can also use that and intend to use that within the executive branch to first make sure that ...we've got the right strategy, that we've got the right execution of those dollars,” Inglis said during the Sept. 14 Intelligence and National Security Summit hosted by AFCEA International and the Intelligence National Security Alliance.
That money spans technology needs, training, and getting the doctrine right, Inglis said. Within the executive branch, he suggested, it could lead to “some degree of coherence” and “better connect the CISOs, to the CFOs, to the accountable parties, the agency heads, the department heads.”
The newly appointed cyber director has been setting priorities and carving out turf for his office to cover, including high-level oversight of the implementation of cyberspace tools and software adjustments. With that will likely come some scrutiny of how the government spends resources on cyber, he suggested.
Inglis said budget examination and reporting could help reduce confusion in cyber spending, such as possibly using funds from the wrong account.
“Well, I got the cyber dollars for purpose X, but that's the same as the IT account,” Inglis said. “And so if I need more bandwidth, I can take some of those dollars and spend it over here. That's not the same. And that's not appropriate if we're trying to figure out how to build-in resilience and robustness.” He added that the example wasn’t something he’s observed but is something to look for.
The idea is that with more budget scrutiny, and accountability, cyber missions will be able to take off faster because risks will be better understood.
“We need to invest in cyber so that we can actually enable the mission, not hold it back,” he said. “I think that that education is perhaps the first and foremost education to be had about cyber.”
Then Inglis said, “We can't take risk in one place and expect someone in another place to simply be the mitigator of risks they didn't understand was taken in the first place.”