With a 35 percent bump in cybersecurity funding in the President’s proposed FY17 budget, agencies will be able to grow their arsenal against cyber adversaries. So what’s on the wish lists of federal IT leaders? Everything from more robust training for federal employees to changing how government data is accessed.
A panel of federal IT leaders at this month’s Executive Leadership Forum: Mitigating Data Risks in a Virtual World, revealed some of those priorities. The event was held at McLean, Va.-based immixGroup, an Arrow company that helps technology companies do business with the government.
Here are four ways these leaders would direct their FY17 cyber funds:
- Get Out of the ‘60s
Most of the VA’s health care systems are based on a software development architecture from the late 60s, says Dr. Joseph Ronzio, deputy chief health technology officer at the Veterans Health Administration (VHA). The agency has been trying to modernize its systems internally for years. So it’s no surprise that Ronzio’s cyber wish list includes moving to newer technologies. One way VHA has been doing that is testing cutting-edge technology through the agency’s cloud-based test platform. It’s a shared risk model, where it may not be the vendor’s best and brightest idea yet, but VHA can help develop it. “You can show us how your product can help my aging systems,” says Ronzio. “We can actually leap frog ahead of where we’re at today and buy something truly early stage in its development.”
- Make Cybersecurity Part of Federal DNA
The biggest vulnerability in protecting government data and networks is the people working within the government, says Richard Young, chief information officer at the Foreign Agriculture Service for USDA. His cyber wish list includes going beyond traditional cyber training for employees and testing their real-time reactions to scripted cyber threats when they least expect them. He wants to engrave cybersecurity into the DNA of his workforce. “After the OPM breach, everyone was on full alert, but it’s now already starting to die down,” Young says. “I’m looking for creative ways to make it stay on the forefront of their minds.”
- Partner with the Right Talent
The government’s best change of tackling cybersecurity is looking at it as a partnership between program areas, business areas, and the CIO offices, says Chad Tompkins, data section chief of the Consumer Financial Protection Board. It also means hiring the right people because, “If you can’t secure the data or can’t understand where it’s going, who has it and what’s going on with it, then you’re flying with your pants down,” Tompkins says. His 20-person team includes two former chief enterprise architects and a person who ran a secured facility for the Department of Defense. “It’s not just a partnership in words, but in who you hire and how they’re trained and their expertise,” says Tompkins.
- Strengthen the Gates
Every time there’s a data breach, it makes it easier for adversaries to carry out the next data breach, says Sonny Bhagowalia, chief information officer for the Treasury Department. Many organizations use knowledge-based authentication to secure their networks, and the adversary collects loads of information with every breach. Bhagowalia says there needs to be a shift toward two-factor multi-factor authentication to better protect the networks. “We have to make access to data convenient, but with information from other breaches, adversaries are able to get certain things from our networks without ever entering the gates,” Bhagowalia says.
Lloyd McCoy Jr. is a Market Intelligence Consultant with immixGroup (an Arrow company), which helps technology companies do business with the government. He specializes in the Defense Department and cybersecurity. If you want to learn more you can email him or connect with him on LinkedIn.