FDA Charts Future of Zero Trust in New Cyber Plan

The Food and Drug Administration (FDA) is prioritizing zero trust as it moves from a network-centric environment to a data-centric one, officials said at FDA’s Digital Transformation Symposium last week.

“FDA cybersecurity is a team sport it’s going to take everyone to make sure that we can keep this agency safe,” FDA Chief Information Security Officer Craig Taylor said at the event. “We must be vigilant.”

The FDA is a prime target for cybercrime and cyber espionage due to its abundance of intellectual property and sensitive data that interest cyber criminals, according to Taylor. The agency has outlined six strategic goals in its IT strategy, with a comprehensive focus on cybersecurity.

The goals include:

1. Create a shared OneFDA Ecosystem
2. Strengthen IT Infrastructure
3. Modernize Enterprise Services and Capabilities
4. Share Data for Mission Outcomes
5. Adopt AI and Mission-Driven Innovations
6. Cultivate Talent and Leadership

“I can tell you cybersecurity touches all six of those,” Taylor said. “But I’m going to highlight three things: If you look at number two, strengthen IT infrastructure, you’ll see implement zero trust. Number three you’ll see modernize all cybersecurity defenses. And then if you look at the fourth one, you will see, enhance our secure data exchange.”

The agency is honing in zero trust as it transitions from a network-centric environment to a data-centric one as part of its zero-trust cyber street network defense implementation plan.

“We have a global mission and it’s very, very important that our inspectors going overseas to the 150 countries that they have visibility and understanding of what those real threats are to the agency,” Taylor said.

Taylor emphasized the necessity for the agency to adopt a proactive approach to ensure safety throughout FDA. But challenges arise around accelerated IT modernization.

“Many of our business processes in particular are kind of still stuck in the paper base. And part of what we’re trying to do with the global IT strategy is speed up the rate of innovation and adoption of innovations, and reduce the latency that exists between the rate at which innovative approaches are adopted in industry,” Desai said at the event.

For Desai, collaboration will be essential to fulfill cybersecurity and innovation goals over the next fiscal year.

“One of the things that I’m really interested in [is] what’s happening with other key stakeholders, other sponsors and folks like that — what are they focusing on from a science perspective? What innovations are they most interested in? What innovations are they pursuing from a technology perspective? And I think that helps us kind of fine tune our approaches, and selection of what we do and what we don’t do,” Desai said.

Taylor said cybersecurity should be seamless across the agency. “Here at FDA, we define cybersecurity as the right people having the right access and the right resources at the right time,” he said.