Federal Cyber News from the IRS, Veterans Affairs, and the Nation’s CISO

Government Technology Insider curates news about a variety of topics related to the IT challenges facing government agencies. In this roundup on cybersecurity, we learn that the Internal Revenue Service has issued a request for proposal for artificial intelligence capabilities to bolster its security efforts. Other news includes a discussion on how consolidation can improve both cybersecurity and workflow, a look at a new federal CISO handbook that has been created by the councils of Chief Information Security Officers (CISO) and Chief Information Officers (CIO) to train federal cybersecurity professionals, and AppGuard’s take on why preventing cyber attacks needs to remain the number one priority for federal agencies. Read the news here:

IRS Wants Artificial Intelligence to Guard Taxpayer Data

Ask federal prognosticators what technology is going to fix all the government’s problems, and most often you’ll hear, “artificial intelligence.” The Internal Revenue Service is so curious about whether that is true, it has issued a request for information looking for AI and machine learning cloud cybersecurity solutions for its internal systems. The agency is looking for more than just a threat intelligence platform, however. According to the request, the ideal software “automatically and continuously learns the environment,” “triages alerts to reduce false positives,” “identifies previously unknown threats,” and analyzes all that data to provide actionable context for security officials. The agency wants all this with an “intuitive and flexible” user interface. Read the story on NextGov here.

How to Improve Cybersecurity and Workflow by Consolidating Systems

Cyber risks transform so rapidly that many antiquated agency systems cannot keep up to create effective security. While many agencies are focusing on upgrading their existing systems, innovative agencies have concentrated on building new programs and IT solutions to combat modern-day threats. CyberChat Host Sean Kelley, former chief information security officer at the Environmental Protection Agency, and guest Dr. Paul Tibbits, deputy chief information officer for the Veterans Affairs Department and program executive officer for the Financial Management Business Transformation (FMBT) discuss how FMBT will implement federal best practices in finance and acquisition by replacing old systems with a new one. Eventually, all financial management systems will fall under one umbrella and all data will live in one location. Read the article here.

New federal CISO Handbook Offers ‘One-Stop Shop’ for Cyber Executives

Capitalizing on the recent Administration call to develop a pipeline of cybersecurity talent, the Chief Information Security Officers (CISO) and Chief Information Officers (CIO) councils have crafted a new volume of information that agencies can use to “upskill” and train cybersecurity professionals. The CISO Handbook compiles core elements of the government’s approaches to cybersecurity and risk management, including the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity, into a compendium of institutional knowledge to train potential executives. According to Emery Csulak, CISO at the Centers for Medicare & Medicaid Services, in a statement, “Breaking the complex conversation of the CISO role and risk management into consumable pieces can only help the community succeed in bringing new talent onboard and meeting our mission needs.” Read the article here.

Preventing Cyber Attacks Should Still Be the Number One Objective For Federal Agencies

In recent years preventing cyber-attacks seems to have fallen out of vogue, says Mike Fumai, President and Chief Operating Officer at AppGuard in a recent CSO opinion piece. Fumai contends that it’s become standard practice to buy in to the philosophy that “a pound of detection and reaction is worth more than an ounce of prevention.” But many have commented the detection and reaction model (often referred to as security whack-a-mole), is not only ineffective in terms of protecting information security and network integrity, but it also wastes resources for the IT/Sec-Ops teams that could be put to better use in meeting an agencies’ mission. For the federal government, data breaches aren’t just an internal problem, for example, because even minor breaches could involve HIPAA, FISMA, PCI, or other data protection standards violations. Read the article here.