We have heard a lot about CISA since its inception, less than three years ago. One of its top leaders characterizes CISA’s role as a “risk adviser” for federal agencies.
“We’ve seen a tremendous increase in critical vulnerabilities across federal networks and national stakeholder networks,” said Michael Duffy, Acting Associate Director for the Cybersecurity and Infrastructure Security Agency on Federal Monthly Insights – Network Transformation and Modernization (via EIS).
With foreign actors, be they government-sponsored...
With foreign actors, be they government-sponsored or government-approved (by the turning of a blind eye), protecting an agency’s assets has grown increasingly more challenging.
“For CISA to really be in a position to affect the change that’s needed for network modernization and for network security, greater insight into what’s happening on the network is truly critical,” Duffy said.
Duffy points to “tremendous advances,” over the past couple of years and looks to current leadership to empower agencies to go even further and advance “those efforts to gain even greater insights into what’s happening.”
“That’s the challenge that we’re in right now,” said Duffy, on Federal Drive with Tom Temin. “That’s where things like the administration’s Cyber Executive order come into play, providing CISA both the authority to take certain actions and gain certain visibility. But as a service provider, providing that level of capability to agencies so that we, as one cohesive unit, can tackle these really challenging cyber issues together.”
Since March 2020, successfully equipping remote workers and adapting to the pandemic, have been met head on by the federal government.
“Agencies have been planning for network modernization and secure cloud migration efforts for a number of years and I think that got us ahead of the curve to some degree, but no one anticipated everything happening at once,” Duffy said.
The results of that overnight change for workers, that lasted for months and continues, have meant most people don’t think things will return to what they once were, where everyone was at the office five days a week.
“I think we look at it in three ways. The first is on the agency user. Second on operations, you mentioned the ad hoc approach of, ‘We got through it. We got it done. Now, what’s next.’ And the third important piece of this is that network management, that network modernization shift that we’re experiencing right now,” Duffy said.
GSA, of course, is handling the EIS contracts, running into the tens of billions of dollars, over the next decade and a half.
“This is where CISA and GSA really have found an important partnership in how we advance the next steps when it comes to secure cloud adoption or network modernization,” Duffy said. “These things always have a contract in procurement, vendor security component, that we’ve seen the need to strategically align, and the Trusted Internet Connections program, our continuous diagnostics and mitigation program and really the shared services that that CISA is now offering to federal agencies.”
As the federal government’s transformation and modernization move forward, some see a sort of “interplay of clouds, data centers and users” that make things much more complicated.
“The government’s, and really OMB’s, push for data center modernization, optimization is simplicity, which is often the best approach we can take for effective cybersecurity,” Duffy said.