Reducing Technical Debt Supports Federal Cybersecurity Strategies
Air Force and CISA programs are securing critical data and IT infrastructures.

The Department of the Air Force and the Cybersecurity Infrastructure Security Agency (CISA) are implementing new programs and services to secure critical data, balancing targeted modernization strategies to upgrade aging IT infrastructures with new security approaches such as zero trust.
โOrganizations are often underfunded and understaffed when it comes to the to this aging IT infrastructure, so itโs hard to patch it, update it โ if itโs able to be patched and updated. Itโs hard to upgrade it because a lot of these organizations are running legacy systems. Itโs just hard to get on top of that vulnerability process,โ CISA Cybersecurity Advisor Jason Burt said during GovCIO Media & Researchโs CyberScape: Insider Threats event Thursday. โThe silver lining behind some of these ransomware attacks that weโve seen throughout the country is that [organizations] are starting to take more of a proactive approach.โ
Air Force CISO Aaron Bishop said one of the biggest challenges he faces is modernization and security at scale. The service has the largest footprint of facilities around the world in the Defense Department. To capture the value of zero trust, Bishop said heโs focused on interoperability to provide the right data at the right time. Effective and resilient communication is the crux of the push for interoperability.
โIโve got over 150 mini cities running around the globe that I have to worry about. And when I say mini cities, I mean everything about it. I run airports, housing, food, sewer, utilities, security, you name it, for these little cities all over the world. And for everything from information systems to operational technologies, I have to worry about not only the cybersecurity aspects of it, but modernization and upkeep. Then, more importantly, as we change from independent mechanical systems to highly connected data systems โฆ I have to do the upgrades in a very deliberate way,โ Bishop said.
To improve connectivity and speed up data processing, the Air Force is turning to software-defined wide-area network (SD-WAN), which offers increased data rates, reduced latency, anti-jam abilities, low probability of intercept or detection and scalability.
โThatโs the way weโre approaching it from a network SD-WAN perspective. From a data perspective, itโs more about where and what types of data do we need to collect, and where do we need to be able to move it again, to our own location, our purpose at a time and place of our choosing? Thatโs what weโre focused on from those parameters,โ Bishop added.
Additionally, Air Force CIO Lauren Knausenberger is spearheading the Race to the Cloud program, which prioritizes modernization, financial efficacy and improved visibility across the interoperability of all its missions, communities and bases in both air and space. This effort focuses on onboarding legacy systems to cloud instances to drive standardization, improve monitoring and align with the recently released Zero Trust Roadmap.
โThe ultimate goal is to get that data in a place and an understanding intact properly, so that we can go from any place we exist today to someplace we donโt know we need to be tomorrow, should we have to move our operations somewhere else. So thatโs the focus of Race to the Cloud regardless of which mission,โ Bishop said.
Agencies are developing similar new solutions and programs to take a proactive approach to cybersecurity and be more resilient and responsive to emerging threats.
CISA offers a range of services to help mature organizationsโ cyber postures, including its Known Exploited Vulnerabilities Catalog, cyber hygiene vulnerability scanning and NIST-based cybersecurity assessments. Burt said CISA takes a two-pronged approach to its services, focusing on strategic and tactical offerings.
โWe do NIST-based cybersecurity assessments โฆ where we break down an organizationโs cybersecurity program, go through a whole series of questions across all 10 domains of cybersecurity, and we provide them with a report with options for consideration based on the NIST Cybersecurity Framework best practices. So, thatโs really looking at it from a strategic level. From a tactical level, we have vulnerability management services. We also do penetration tests. โฆ We have a whole host of other services that we offer through our vulnerability management team in order to work with partners that may not have the budget to hire these third-party vendors to better sure up their cybersecurity,โ Burt said.
For fiscal year 2023, CISA will focus on four priority areas: water and wastewater K-12 education, health care and public health, and election security. To support these areas, the agency plans to increase collaboration with the private sector, especially as it defends against more formidable threat actors targeting election systems and critical infrastructure.
โWeโre taking baby steps toward that goal, but I definitely think weโre headed in the right direction,โ Burt said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Can No Longer Assume Superiority in Digital Warfare, Officials Warn
The DOD must make concerted efforts to address cyber vulnerabilities to maintain the tactical edge, military leaders said at HammerCon 2025.
4m read -
Tracking CIOs in Trump's Second Term
Stay informed on the latest shifts in federal technology leadership as new CIOs are appointed and President Trump's second term takes shape.
6m read -
Inside Oak Ridge National Labโs Pioneer Approach to AI
Energy Departmentโs Oak Ridge National Lab transforms AI vulnerabilities into strategic opportunities for national defense.
22m listen -
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AWS Summit: NIST Secures High-Performance Computing Against Evolving Threats
NISTโs Yang Guo reveals the broad attack surface of high-performance computing and explains developing guidance and future-proofing security strategies.
9m watch -
Trump Overhauls Federal Cybersecurity with New Executive Order
The new directive aims to strengthen digital defenses while rolling back "burdensome" software requirements and refocusing AI security.
3m read -
AWS Summit: Forging Successful Cloud Modernization Partnerships
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
24m watch Partner Content -
CISA's CVE Program and Why it Matters for Zero Trust
The vulnerability program provides the cybersecurity community visibility into software as part of a key pillar of CISA's zero trust model.
5m read -
Air Force, Coast Guard Talk Data Security Efforts for AI Development
The services' AI initiatives include efforts like creating clean training data, countering data poisoning and bridging siloed teams.
4m read -
DHS Secretary Urges Congress to Reauthorize CISA 2015
Federal leaders highlight CISA 2015's role in strengthening public-private partnerships and defending against evolving cyber threats.
3m read -
Rep. Gerry Connolly Leaves Lasting Mark on Federal Tech
Connolly's leadership in Congress significantly advanced government IT, emphasizing accountability, efficiency and a robust cybersecurity posture.
4m read -
Agencies Use AI to Boost Efficiency, Cybersecurity Under White House Mandates
DLA and GAO are investigating how AI can boost efficiency and bolster cybersecurity as agencies align with the president's tech directives.
3m read