Though the U.S. Postal Service’s investment strategies have strengthened its cybersecurity practice, the agency must produce a solid operational cyber budget to adequately steer the program and fund annual expenses, according to the Office of Inspector General’s Semiannual Report to Congress released this week.
In 2015, the agency approved millions in investments for Cybersecurity Decision Analysis Reports I and II. The total approved investment amounts are not publicly available but the OIG said it comprises “a capital investment, deployment investment expenses, and first-year operating expenses.”
Though the Postal Service uses the DAR process to “approve, fund, and monitor” operating expenses for cybersecurity investments, the OIG said daily operational expenses necessary to support cyber efforts should be managed differently.
“We found that expenses associated with day-to-day operations to sustain ongoing cybersecurity operations, such as rent, software licenses and services, and employee and contractor support, should not be considered investments per Postal Service investment policy,” the OIG said.