Dave Nyczepir
Agencies should spend their limited cybersecurity funds better by prioritizing tools that address the most pressing threats, a bipartisan pair of senators says.
Rob Portman, R-Ohio, and Gary Peters, D-Mich., introduced the Risk-Informed Spending for Cybersecurity (RISC) Act on Thursday, in response to a 2019 report revealing most agencies lack comprehensive cyber risk frameworks.
The Office of Management and Budget would be required to develop a risk-based budgeting model that agencies must use because, while some quantify their cyber risk, the practice isn’t mandatory.
“Too often, insufficient information about threats and their associated risks inhibits [agencies’] ability to make the best, most informed decisions,” Portman said in the announcement. “It is crucial that federal agencies know the return on investment for each cybersecurity capability acquired and whether those capabilities address existing security vulnerabilities.”
Inspectors general found seven of eight agencies reviewed failed to properly protect…