Officials from the Cybersecurity and Infrastructure Security Agency, Defense Department and other organizations in and out of government joined GovCIO Media & Research for the CyberScape Summit in Reston, Virginia on March 7. During the full day in-person event, IT leaders discussed identity management, collaboration and the future of cybersecurity in a constantly evolving landscape.
The Department of the Navy (DON) has personnel in a variety of domains, which makes moving data securely an exceptionally important task. DON CIO Jane Rathbun said that the tactical edge is just as important as more conventional environments and that cybersecurity in the entire domain is critical.
“Our first and foremost goal is to securely move information from anywhere to anywhere,” Rathbun said. “That means at the tactical edge, where the warfighter needs to decide, orient, decide and act. So, we want to make sure that the data that they’re getting is trustworthy and useful.”
Agencies require flexibility to store and access data. Hybrid cloud solutions have given government more options to meet mission-specific needs, but leaders from across the government IT landscape said that there is a need to balance hybrid cloud cybersecurity needs with accessibility needs.
“It’s really important to have things like rights and access management, all those sort of play into security versus interoperability. But what I’d say is that it’s that balance. You want to do both without hindering the customer experience when you deliver a service,” Vincent Sritapan, Section Chief, Cybersecurity Shared Service Office at the Cybersecurity and Infrastructure Security Agency Vincent Sritapan said. “If it’s anywhere hybrid, then they shouldn’t know what’s behind the scenes, right? It should just work seamlessly.”
A year after its initial release, the National Cybersecurity Strategy is being updated often and agencies will be able to see the latest incarnation of the strategy soon. Office of the National Cyber Director Assistant Director Phil Stupak said that the plan is a living document that will continue to evolve with the changing threats and methods of countering cyber criminals.
“Each implementation plan, every year is a way for people to influence and think about what we did accomplish that year in order to make cyberspace more defensible, and resilient,” Stupak said.
Since the White House’s 2021 cybersecurity executive order, zero-trust initiatives have swept across government. The Defense Department’s Zero Trust Portfolio Management Office Director Randy Resnick said his office has successfully evaluated 39 implementation plans from DOD since October 2023 and, after engaging with all the components, has approved each one.
“They have the strategy, they have the plan, they have schedules. It’s understandable and was accepted by our team and that’s what we’re going to start tracking,” said Resnick. “It’s not a one-and-done. In October, we’re going to have a version 2.0 of the implementation plan. I’m seeing an iterative refinement of more detail, with more definition of exactly what’s going to be implemented in order to achieve target zero trust.”
Defense leaders outlined the needs for industry and government to meet in the middle to innovate and future-proof cybersecurity. Air Force Deputy Principal Cyber Advisor Lt. Col. Andrew Wonpat noted that his experience in industry and government has allowed him the perspective to see how everyone can help one another to fulfilling the mission.
“Help us to understand and qualify the people that you have on the team that are contributing to your solution that meets our challenges,” he said. “Help us understand [why your solution] is not an incremental improvement [to what we are already doing] and you’re actually moving in addressing our challenges in a more meaningful way.”
During another panel, Thomas Schankweiler, director of cybersecurity operations at the Centers for Medicare and Medicaid Services, said there are many threats from cyber criminals in the agency’s claims data. He noted that his agency has been working with industry as partners to further secure data.
“We’ve been working with our vendor communities for nearly 10 years and started talking about the idea of being able to find that needle in the haystack, being able to model data so we can start to see the anomaly detections,” said Schankweiler. “I’m happy to say that because we’ve been putting all those requirements out from our vendor communities, I think are well positioned to be ready for where we are with our AI community.”
