We recently sat down with Mav Turner, director of product strategy at SolarWinds, to talk about how federal government agencies are managing the vast array of cyber security threats targeted at them. One of the agencies that came up in conversation was the Department of Health and Human Services (HHS).
Since the resignation of its previous CIO late in 2015, the role of acting CIO has been filled by Beth Anne Killoran, who serves as Deputy Assistant Secretary for Information Technology at the agency. In the past 4 months Killoran has made some impressive strides in addressing some of the IT and cyber security challenges the agency has been grappling with for some time.
While there are likely major changes ahead for the agency in IT leadership with the introduction of a bill recently to separate the CIO and CISO roles, Killoran is moving forward bringing fresh IT talent to the agency and addressing cyber threats and risk head on. For this reason we’ve chosen Killoran as one of FTI’s 5 CIOs to watch in 2016.
Name: Beth Anne Killoran
Title: Acting CIO, Department of Health and Human Services
CIO Since: Acting CIO since December 2015
IT Budget: $2.4 billion
Reasons to Pay Attention to Killoran:
Flexible Hiring Procedures and Attracting New IT Talent:
Killoran is leading the battle cry for more flexible hiring procedures, including direct hire authority and a rotating employment option to entice IT talent to join the federal work force. With the vacancy rate for IT jobs at HHS approaching 40 percent and an aging workforce, Killoran is attacking this problem head on.
In February at the Association for Federal Information Resources Management’s Women in Technology discussion in Washington, Killoran explained how the Office of Personnel Management is working with agencies like HHS to hire and retain young IT talent. Killoran called out the lengthy hiring processes as one obstacle to attracting talented IT professionals and she’s championing job rotation to improve new graduate employee retention and build the next generation of federal IT workers.
Addressing IT Risk Head-on
With so many threats to both government infrastructure and health data records, HHS needs to be on top of its game when it comes to network and data security. Because of its vast storage of personal health information (PHI), which has recently become the highest prize for cyber criminals, as well as research data relating to vaccines, cures, and biological warfare, the agency overall and its centers and institutes have become the high profile targets for data thieves. While all parts of the HHS are subject to attack – with over 26,000 attacks affecting the agency in a 30-month period – different groups experience different types of attacks. For example, the Centers for Disease Control (CDC) and National Institutes of Health are primarily targeted by malware, where as the Centers for Medicare and Medicaid (CMS) are affected more by unauthorized access attempts.
HHS has become an earlier adopter of the EINSTEIN system, developed by the Department of Homeland Security, to detect and block cyber threats, and is implementing a sophisticated Continuous Diagnostics and Monitoring (CDM) program.
In a recent interview, Killoran shared that aggregating incident data from the centers and institutes that are part of the agency, as well as data from HHS networks, was part of the agency’s new cyber strategy. In doing so, she and her cyber team have an holistic view of the threat landscape facing the entire organization and are able to use resources to prioritize those threats.
How do you know what alerts are ones you should pay attention to, and which ones are noise? Check out this short video from cybersecurity leader, SolarWinds