SolarWinds Hack Prompts Agencies to Hone in on Data Management

SolarWinds Hack Prompts Agencies to Hone in on Data Management

NASA, State Department and USPTO leadership are approaching technology with consideration of preventing a major security breach.

Leaders from NASA, the Department of State, and the Patent and Trademark Office are driving data efforts and governance on the heels of the SolarWinds breach to further ensure security of their data.

Gerald Caron, director of enterprise network management at the Department of State, advocated for zero trust security measures. 

“We have to bake our security in at the beginning, not wait and bolt it on after. We also have to shift our culture as a government more toward effectiveness as opposed to compliance,” Caron said at an ACT-IAC community of interest meeting this month.

Ron Thompson, associate CIO for transformation and data and chief data officer at NASA, noted that there has to be a balance between security and modernization. 

“We need to lean forward with how we approach security,” he said. “SolarWinds is only the surface of that example.”

Thompson noted that he has worked to transform how NASA evaluates and secures its data. 

“We have to do this in a mindful way that isn’t an afterthought,” he added. NASA will leverage a “security up front” mentality, where the agency will leverage an interconnected model to promote secure data sharing. 

Thomas Beach, interim chief data officer at USPTO, added that he has worked to be an “amplifier for security,” referencing the Commerce Data Governance Board, which helps facilitate multi-bureau collaboration. 

“The [SolarWinds hack] woke up the organization in the sense that we need to be mindful. It’s also a bidirectional effort to see how we can enhance security, such as at the data level or system level. This takes more than just one office to do,” Beach said. 

Thompson noted that the Federal Data Strategy will help NASA identify strategic assets and data sets, as well as help define the agency’s inventory. The strategy will also enable the agency to be more agile in its mission. 

Thompson referenced NASA's Perseverance rover, which landed on Mars earlier this year. The rover’s aeroshell will host the Mars Entry, Descent and Landing Instrumentation 2 (MEDLI2), which will collect data about the environment. The MEDLI2 data will help improve the designs of entry systems for future robotic and crewed Mars missions.

“We want to preserve our authoritative data source, but also help connect and share information for better decision making through a visual data layer,” he said. 

The key to data management is proper data categorization, as well as analyzing data flow. In protecting the data, agencies have to “understand the data, where it is and where it’s going,” Caron said. Adding to the data challenges, agencies label data differently, which has complicated data sharing; however, Caron noted agencies must be judicious to maintain security measures. 

Machine learning and artificial intelligence also drive digital modernization strategies by tagging data, accessing data and processing data, through robotic process automation, which will automate manual tasks, Thompson said. 

Beach added that the National Institute of Standards and Technology has created an ethical framework to gauge data that trains AI models and algorithms. 

“We have to look at our standards. Is there such a thing as a standardized data set to train AI?” Beach asked. 

NIST will work to develop a risk management framework, standardize data sets for AI training, partner with research institutes that test AI measurement standards and develop data sharing best practices.

Within USPTO, Beach has investigated the applied use of intelligence to predict documents in terms of classification levels. “We’re looking at ways to do the allustrious low-hanging fruit to know who is where at any given moment,” he added. “We have a metered approach to AI.”

“The veracity of data and the trust of data quality has been something we’ve been working on in the federal data council. We have to ensure that data is the authoritative view of what we do. This is something we’re working on, not only within our individual silos, but across the digital ecosystem of government,” Thompson added.

Standard