As the Federal Election Commission (FEC) dealt with oversight of a massive increase in campaign donations during a presidential election cycle, the agency at the same time struggled with its cybersecurity and the absence of a full-time CIO, the FEC’s Office of the Inspector General found in a report released November 13.
The report highlights the top management and performance challenges at the agency, with cybersecurity ranking high among OIG’s concerns. The report praises the FEC for its cybersecurity efforts and its collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), and notes that the FEC is moving to a more cloud-based environment.
However, FEC OIG recommended that the agency go further in ensuring security, and address the issues that CISA found in collaborative efforts.
“In large part, the agency has been reactive to cybersecurity concerns and we encourage the Commission to be proactive in establishing a cybersecurity framework and strengthen internal controls to mitigate external threats from entering the FEC’s network,” the report states.
One of the hurdles to better cybersecurity may be the lack of a dedicated CIO position – the role is currently jointly held by the Staff Director of the FEC. The agency indicated that it would be supportive of a dedicated CIO in 2019, but the joint CIO-Staff Director position is mainly used to compensate the Staff Director above the pay level mandated by law. Congress would need to make the change to increase the pay of the Staff Director before the FEC would make the CIO position independent. The FEC has similar pay limitations that make it difficult to fill the General Counsel position.
“Assigning acting personnel to two essential leadership positions on a long-term basis is not an efficient solution,” the report states.