IT modernization is one of the foremost initiatives across the federal government, and cybersecurity is proving to be a key component in that initiative.
“Every modernization element is a chance to bring along the best tools in cybersecurity,” said Federal Chief Information Officer Suzette Kent, speaking at the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Summit. “We inherently pick up components that improve our overall security profile."
Following on from CISA’s formation by law in November of last year, several federal agencies have stood up their own cybersecurity offices and coordination centers, from the Department of Energy’s Cybersecurity, Energy Security, and Emergency Response Office to the National Security Agency’s Cybersecurity Directorate, which officially stands up on October 1.
“Building strong” is the best way to build for the future, emphasized Anne Neuberger, the director of NSA’s Cybersecurity Directorate. Neuberger began her career developing code in the financial sector and recalled when the focus was on releasing code quickly, rather than releasing secure code. Thankfully, she said, she has seen the focus shift towards security in recent years.
In the next 60 days, Neuberger’s plan for the NSA is to “come together” around IT modernization. She plans to examine pilot programs and rapidly scale them, focusing on not just modernization, but on transformation. The United States’ nuclear command and control system is one system that will figure heavily into this transformation initiative. The technology for nuclear command and control has to remain functional and secure for decades, Neuberger said, even “as computing evolves.”
IT modernization and transformation hinge upon interagency collaboration and cooperation, CISA Assistant Director for Cybersecurity Jeanette Manfra said, noting a visible uptick in the level of support between agencies. When it comes to national security, DHS and FBI “are BFFs,” she joked.
Tonya Ugoretz, the deputy assistant director for the FBI’s Cybersecurity Division, agreed. Her division thinks about its role in “a constellation of entities” she said, which “requires a blend of mission, authorities, and capabilities” to tackle emerging challenges in cybersecurity. Increased sustained collaboration is the next step.
“You have to build those trust relationships,” she said, to create a foundation for cooperation. The FBI and Department of Justice’s recent investigations and indictments into attackers have been part of a whole of government defensive effort, she stressed, and the FBI will need partners to bring a full range of defensive tools against cyber threats.
Kent mentioned the new trusted internet connection (TIC) policy as one area where collaboration fostered modernization. The previous policy had not been updated since 2007, she said, and so part of her office’s goal was to implement methods for evaluation so the policy would not grow stale again.
TIC 3.0 represents “an agile approach to policy development,” said Jack Wimer, deputy chief information officer and chief information security officer for the Department of Defense. He recognized the collaboration between Kent’s office and DHS as essential to that approach and an example for how agencies can cooperate going forward.
The Department of Homeland Security’s input was also crucial to ensuring the policy was optimal for both the current and future environment “Don’t be afraid to ask, ‘can we do it better?’” Kent recommended, both for IT transformation across the federal government and as career advice to those in the IT sector. For Kent, that question created pathways to better methods and products throughout her career.