Skip to Main Content

5 Takeaways from Federal Cybersecurity Leaders

CyberScape: Insider Threats Event at the Archer Hotel in Tysons, VA

Federal cyber leaders from the White House, NASA and the departments of Defense, State, Homeland Security, Health and Human Services and Veterans Affairs attended CyberScape: Insider Threats to discuss the impact of the newly released National Cybersecurity Strategy, securing data in hybrid cloud environments, improvements to the user experience, limiting the growth of shadow IT and more.

CyberScape: Insider Threats Event at the Archer Hotel in Tysons, VA
Takeaway #1

White House releases National Cyber Strategy

Anjana Rajan, Assistant National Cyber Director for Technology Security, The White House

Open-source software and offensive cyber tactics played a role in the Russia-Ukraine war, which contributed to the development of the new National Cybersecurity Strategy released March 2.

One of the goals of the strategy is to create a sense of urgency around cybersecurity and incentivize long-term investment in strong cybersecurity practices, according to Assistant National Cyber Director for Technology Security Anjana Rajan.

Anjana Rajan, Assistant National Cyber Director for Technology Security, The White House
Takeaway #2

Cybersecurity is a team sport.

Department of State Director of Strategy, Planning, and Budget Kenneth Rogers speaks at the CyberScape Insider Threats event.

“Cybersecurity is everybody’s job” and needs to be both “a top-down and bottom-up thing,” said Department of State Director of Strategy, Planning, and Budget Kenneth Rogers.

Industry and federal agencies need open-source software to maintain competitiveness but software developers need to be held accountable for poorly developed code that results in security breaches, said White House’s Rajan.

Department of State Director of Strategy, Planning, and Budget Kenneth Rogers speaks at the CyberScape Insider Threats event.
Takeaway #3

The threats are real and now.

Stacy Bostjanick quote: "You also have to have controls to protect that data now. Do you put that in the hands of the cloud services provider to protect for you, or do you do that on your own? That’s something we’ve got to look into."

Stacy Bostjanick with the Defense Department discussed how the Defense Industrial Base (DIB) needs to do more to protect sensitive government data in hybrid cloud environments. Bostjanick leads implementation of the Defense Department’s Cybersecurity Maturity Model Certification (CMMC), which evaluates DIB companies’ cybersecurity practices to ensure compliance with DOD requirements.

CISA Cybersecurity Advisor Jason Burt said more collaboration is key to advance strategic priorities for fiscal year 2023 and defend against more formidable threat actors, especially with regard to election security and protecting critical infrastructure.

Stacy Bostjanick quote: "You also have to have controls to protect that data now. Do you put that in the hands of the cloud services provider to protect for you, or do you do that on your own? That’s something we’ve got to look into."
Takeaway #4

Agencies harness cloud to advance data sharing.

Reducing Technical Debt for Stronger Cyber Defenses with Zero Trust panel

The “Race to the Cloud” program aims to get data to the right place at the right time so the Air Force can “go from any place we exist today to someplace we don’t know we need to be tomorrow,” said Department of the Air Force CISO Aaron Bishop.

NASA uses the cloud to share data beyond the agency’s walls, but adversaries can use that to their advantage to take time and resources away from agency personnel. “We have about 60 petabytes of data that’s in the cloud today that we make open and available to the public for free,” said NASA Cloud Computing Program Manager Joe Foster. “We do have state actors that go into NASA’s public data repos and try to download the entire thing every day, and we have to go in and throttle them.”

Reducing Technical Debt for Stronger Cyber Defenses with Zero Trust panel
Takeaway #5

Handling cyber threats furthers the mission.

DISA HaCC Technical Director Korie Seville

Joe Foster at NASA highlighted two National Institute of Standards & Technology (NIST) programs his agency uses to secure hybrid cloud environments: the NIST Risk Management Framework and Open-Source Control Assessment Language (OSCAL). “We’re going to bake in all the compliance checks as part of the Rev 5 transition by using OSCAL so it will no longer be a PDF system security plan, but will actually give people a Gitlab area [to] go write your controls in this OSCAL markup language,” Foster said.

DISA focuses on building automation into cloud applications to prevent shadow IT and move at the speed of mission. “War doesn’t have a time zone, so we have to make our applications available and configurable anytime,” DISA HaCC Technical Director Korie Seville said.

DISA HaCC Technical Director Korie Seville

Become a Sponsor

Connecting Industry Professionals with Federal C-Suite Executives at the right time, in the right place.

Advertise With Us