FDA Outlines Future Tech Priorities

The Food and Drug Administration (FDA) is driving a continuous planning model for quantum computing, building out its zero-trust architecture and modernizing data sharing to bolster the agency’s tech capabilities and remain competitive in the future tech landscape, FDA leaders said during the agency’s Scientific Computing Days last month in Silver Spring, Maryland.

“These are very significant shifts that are happening within our environment that are going to change the way we do business and how we need to approach the mission that we are a part of,” Desai told GovCIO Media & Research during the event. “We need to start thinking about and planning now, because in the next five years, they’re going to become real.”

FDA’s IT strategic plan, which received its inaugural refresh earlier this year, provides guardrails for the agency’s modernization initiatives.

Quantum Computing’s Role in Research

Quantum computing is aiding the FDA and its research partners in biomedical research efforts. The Cleveland Clinic is using quantum technologies to amplify areas in research.

Dr. Lara Jehi, chief research information officer at the Cleveland Clinic, said during the event that she and her team are looking to use quantum computing to predict protein structure, a key factor in determining how drugs and diseases interact with the human body.

Researchers have used traditional computational methods to predict protein structures, including AI and machine learning; however, these methods are reliant on datasets to make predictions and are only able to recognize proteins they’ve been trained on.

The power of quantum computing would provide simulations of how these proteins interact with human bodies and diseases with more accuracy. Currently, it’s impossible for a classical computer to perform this type of simulation.

The research team applied a mix of quantum and classical computing methods to test its ability to predict a fragment of a Zika virus protein. The hybrid framework outperformed previous classical methods.

“We’re turning to quantum computing to see if we can get that efficiency and accuracy that we need [to] speak about the optimization piece next,” said Jehi. “Our researchers have gone as far as they can go — applying AI methods, classical machine learning, foundational models — and we’re not getting where we want to be.”

Bolstering Zero-Trust Architecture

Implementing a zero-trust architecture remains a top priority for the FDA. Leah Buckley, FDA’s counterintelligence and insider threat director, highlighted a 750% increase in cyberattack attempts on the agency, roughly 15-20 billion attempts per month.

“They’re getting more sophisticated. Our mission is only growing, and we as an agency have to protect all of that, protect our reputation as an agency and protect the data,” said Buckley.

The FDA follows the zero-trust model put forth by the Cybersecurity and Infrastructure Security Agency (CISA). Deputy CISO for Cybersecurity Capabilities, Risk Management and Compliance within FDA’s Office of Information Security Lewis Watson said the agency has added two sub-pillars based on CISA’s model to “maximize effectiveness.” The FDA established a cyber-AI defense team to counter threats associated with adversarial AI and the CI cyber-recon hunt team.

“At FDA we have an intelligence driven cybersecurity program, and we emphasize [a cyber-centered] workforce as part of zero trust, and this is the most important aspect,” said Watson. “We’re very fortunate at FDA to have a highly talented, gifted cybersecurity workforce that has truly enabled our progress across the board in terms of zero trust.”

Watson added that the FDA also leveraging phishing resistant multi-factor authentication (MFA) for public-facing sites and systems to further safeguard systems. The MFA technology will use endpoint detection and response capabilities powered by machine learning.

“[This technology] will rapidly identify and protect against certain types of malicious account activity. For example, lateral movement and attempts to establish persistent access within our environment. This capability gives us the edge to prevent that before it becomes a significant cybersecurity issue,” said Watson.

Currently, the agency has 45 systems and applications that each require a separate set of credentials to log in. To improve employee experience, Watson and his team are working on a proof of concept that would offer users simplicity when logging into multiple systems. Users will be provided with a single access point for all applications and use one account per user to access all authorized applications.

“With this approach, there’s a number of benefits. First and foremost is enhanced user experience,” said Watson. “[It’s] a lot easier to keep track of one set of account using a MFA than multiple accounts at the same time.”

Modernizing Data Sharing

Over the past two decades, FDA has used the electronic gateway submission (ESG) to accept electronic regulatory submissions. Through a web-based portal or a system-to-system application, thousands of documents are uploaded and automatically sent to the appropriate office. By FY25 the agency aims to modernize ESG with cloud-based architecture to create NextGen ESG.

Jessica Bernhardt, IT program manager at FDA’s Office of Digital Transformation (ODT), said the agency is looking to improve three areas with NextGen ESG: usability, scalability and availability. The modernization will improve the user interface and ensure stable operation during emergencies.

“We want to improve the usability of ESG, providing a modern use and user interface, increasing the submission bandwidth,” said Bernhardt. “We want to make the submission to NextGen ESG highly scalable and available, so that way we can quickly respond to any kind of public health emergencies.”

The legacy ESG only allows for submissions up to 100 gigabytes and takes roughly 9 hours to upload. Account creation for the legacy platform takes anywhere from 20 to 40 days and requires manual intervention for password resets.

Bernhardt said the NextGen ESG in development will be able to outpace the legacy application. Submissions through NextGen ESG will take less than 3 hours to upload and can be up to a terabyte in size. The use of enterprise-wide identity, credential, access and management (ICAM) will allow users to reset their own passwords. This will leave more time for FDA IT professionals to focus on areas that were previously limited in resources.

Following the success of the proof of concept, Bernhardt’s team has spent this year in the developing and planning stages. NextGen ESG is currently in the last phase of user acceptance testing and is slated to be live in Q2 of FY25. Legacy ESG will be retired at that time, and the second release is planned for later in FY25 will future updates in FY26 and beyond.

“We are not band-aiding legacy systems. We are completely retiring them. We’re modernizing both the business process as well as the technical capabilities,” said Bernhardt.