"The cyberstats are obviously classified because we're dealing with very, very sensitive information," said Kundra, during a Feb. 25 panel discussion with other federal CIOs reported by Federal News Radio. "The first one we did was with the Department of Education. We had great outcomes. The cyberstats are actually leading to very, very concrete actions and outcomes."
Cyberstat sessions are based on the Office of Management and Budget’s techstat session used to improve problematic IT systems. Techstats are concentrated management reviews of IT systems that are considered high risk because of cost and schedule overruns and/or poor performance.
Kundra told the CIO panel that OMB had also directed federal agencies to invest in continuous monitoring tools for cybersecurity. He said that the FY 2012 budget is seeking $450 million to develop blue and red teams to attack government IT systems to find vulnerabilities before they are exploited by bad guys.
Richard Spires, the CIO at the Department of Homeland Security, told the panel that continuous monitoring is one piece of the larger reform puzzle. He cautioned that agencies need to simplify the underlying architecture of IT systems in order to implement successful continuous monitoring.