Mittal Desai

Federal Energy Regulatory Commission Sets its Eyes on Data Protection

Under its previous CISO, the agency was looking to automation and advanced security tools to help.
Mittal Desai
CISO, Federal Energy Regulatory Commission

Mittal Desai is currently the deputy chief information security officer of the Federal Deposit Insurance Corporation. At the time of GovernmentCIO Media's interview with Desai, he was the CISO of the Federal Energy Regulatory Commission. His remarks reflect his time with FERC, which ended this summer. 

Big data may be a hot buzzword in government right now, but understanding that data as it sits in an IT infrastructure, and securing that data from leaks, is crucial — and that’s what the Federal Energy Regulatory Commission is prioritizing.

“We are looking at how we can better identify correlation of data,” said Mittal Desai, the former chief information security officer of FERC. As CISO, he was responsible for developing and executing a cybersecurity strategy for the agency, and his approach was to take a look at all the datasets within the agency’s infrastructure and assess how to identify risk and protect its systems.  

Then, Desai was looking to adopt advanced tools to support the agency’s Security Operations Center services, like automation.

“As a small agency with limited amounts of resources, how do we automate more controls that can protect our mission critical systems and data?” Desai said.

But FERC’s biggest security challenge under Desai was data protection and data governance, so the agency started a project called Information Governance to explore the lifecycle of data, from how it’s created to how it’s stored and disseminated.

This was a “big change management effort within the agency,” Desai said, which required training staff to handle data in a different way, executing controls to protect that data, and identifying all the types of data employees in the agency use on a daily.

At the time of GovernmentCIO Media's interview with Desai, he was pleased with this initiative, and said the project has given FERC the ability to better understand the data in its infrastructure. In fact, the agency already developed policy and processes around it and are looking at automated security controls to better protect the data.