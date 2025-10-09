As cyberattacks ramp up and challenge the continuity of government operations, federal agencies are shifting their cybersecurity strategies toward operational resilience.

The goal? Develop a proactive approach that ensures mission-critical functions can withstand and recover from digital disruption.

Federal Chief Information Security Officer Michael Duffy has announced plans to hold a tabletop exercise on operational resiliency with other CISOs throughout the federal government. The Office of Management and Budget and Cybersecurity and Infrastructure Security Agency will partner to coordinate the exercise.

“Convening all department-level chief information security officers to have that frank conversation through a tabletop exercise … that’ll make a difference,” Duffy said during the recent Billington Cyber Summit. “That’ll help me better understand where we need to shape the policy perspectives, the changes in the mechanisms that we have as an interagency for the foreseeable future.”

Visibility critical factor in ensuring resilience

Agencies have moved to adopt zero trust architectures and continuous monitoring techniques to protect their core digital services and operations.

Jason Warfield, head of solutions and adoption engineering at Cisco ThousandEyes, said continuous monitoring is critical to how agencies architect their digital environments.

“Continuous monitoring provides confidence that the services that are being developed and made available are not just up and running, but they’re performant,” Warfield said during Federal News Network’s Cyber Leaders Exchange 2025.

“It’s not just about the performance of that actual service or application. It’s really what we refer to as the ecosystem that needs to work together to make sure that those services are being delivered consistently. They’re delivered at a high level, and the experience accessing those services are what’s expected.”

Tracking services, analyzing behaviors

Agencies are also increasingly relying on cloud services and third-party software. Federal officials are working to streamline security authorization processes for cloud technologies to take advantage of fast-moving digital services and improve security.

OMB has also been advancing software supply chain security standards to ensure agencies aren’t relying on products with built-in vulnerabilities.

“As these services are being built and developed, it’s essential to make sure that you’re constantly testing the performance of those prior to them being rolled out into a production environment,” Warfield said.

“It’s important to have visibility, to be able to discern between: Is this an unexpected but nontargeted issue that’s impacting a service, or is this an actual attack? Having the visibility in real time to be able to understand what is preventing a service from being made available, and being able to quickly identify, is this a security related threat, or is this something that’s just an unfortunate issue that’s impacting that service at a point in time? Because the response to those is going to be very different.”

AI, automation also critical to resilience

Artificial intelligence and automation are also increasingly central to cybersecurity defenses. Warfield said he’s seeing AI used across the lifecycle, including “on the front end, from the initial onboarding, deployment, configuration of the platform to day-to-day operations.”

Agencies have begun to use AI to more quickly identify potential cybersecurity threats or service issues. And Warfield said it’s also used to “translate things that can be very complex and technical into plain language that can be understood by a very broad group of people who can then either take the appropriate actions themselves or route those actions to the individuals or groups that need to respond.”

What’s more, he pointed out, more often those responses are also being automated, he said. “That’s powered by really a combination of AI as well as automation, where if there’s things that have a predictable response, we’re seeing our customers essentially automate those and have the technology actually drive those, unless there’s a specific need for an individual to get involved in that process.”

