Gerald Caron, who previously served as CIO for the Office of Inspector General at the Department of Health and Human Services (HHS), stepped into a new position as CIO for the International Trade Administration (ITA) on Feb. 27, Caron told GovCIO Media & Research. The ITA CIO position had been vacant since Rona Bunn left for the private sector in January 2022.
During his tenure as HHS OIG CIO, Caron led multiple high-profile efforts to improve security across his division, including building out a zero trust architecture and improving data and identity management. Caron is an upcoming recipient of the Flywheel Award, presented during the CyberScape: Insider Threats event March 2.
For Caron, the key to security is understanding data so that users can securely complete their mission.
“Understanding where our data is, where our data is going. Because if that's what we're trying to protect, we’ve got to understand what normal looks like. That will allow us to later do micro-segmentation,” Caron said during GovCIO Media & Research’s Zero Trust event last year. “At the end of the day, we're protecting data. ... Data to the right people at the right time.”
Caron has also expressed the importance of authentication. He explained different methods of identity proofing lead to varying levels of risk.
"When I come up with my confidence score, how much I trust that common access card (CAC) or personal identity verification (PIV) card is going to probably have a lower risk than your username, password or some other methods of authentication,” Caron said at an August 2022 ATARC summit. “That will depend on what I'm going to allow you to do ... once you get to that authoritative identity, you can start to look at automation of the provisioning and deprovisioning.”
Zero trust has changed the role of the network to the “transporter,” moving identities from point A to point B, but there should be continuous authentication throughout that process, Caron added. Moving forward, he noted that organizations can no longer rely on an IT network as the “enforcer” of security.
“This is an architecture now, it's not the silos. We have to get away from the siloed things. Everybody and everything have to be integrated,” Caron said. “Take in all these factors and understand all this information, then bring it into this engine to create a confidence score in a dynamic fashion. It’s going to move because things change. ... We have to bring all this telemetry in, so it's important to do a lot of integration throughout this journey.”
In his new role, Caron faces an agency mission to improve information and communications technologies exports by strengthening the global competitiveness through industry analysis, trade policy development, trade promotion and addressing trade barriers.
ITA’s Office of the Chief Information Officer is responsible for IT management of the agency’s investments, systems, services and products. The CIO oversees policy, guidance and standard operating procedures required to manage this portfolio.