During a House Homeland Security Committee cybersecurity panel on July 25, 2018, Ari Schwartz focused his testimony on encouraging the Office of Management and Budget (OMB), along with the White House Chief of Staff and President Trump, to take the lead on holding federal agency heads responsible for improving their cybersecurity.
Mr. Schwartz said, Cabinet secretaries have known for years that their departments were vulnerable to criminal and nation-state hackers and often failing basic government security metrics. But that often wasn't enough to break through the deluge of other policy and operational concerns. To force the issue, Cabinet secretaries and agency chiefs must feel pressure from the OMB director and even from the president himself. "That means holding Cabinet-level meetings on cybersecurity and the president going around and asking each agency what they're doing, holding up the [Federal Information Security Management Act] report card from OMB and asking them: 'What are you doing to do more?'" according to NextGov on July 25, 2018.
Schwartz further recommended that agency cyber officials should report to agency secretaries or assistant secretaries instead of agency CIOs in a move to prioritize addressing cybersecurity risk, saying that private sector companies have already moved toward this, with company CISOs increasingly reporting to company CEOs instead of CIOs, according to Inside Cybersecurity on July 25, 2018.
In remarks to Washington Post on the uncertainty of holding federal leadership accountable based on the executive order, Schwartz said, "They made the claim that leadership was going to be held responsible. What does that mean? Do you give them more money? Do you fire people? What’s the date for holding people accountable?"