Federal CIO Suzette Kent said today at MeriTalk’s Cyber Security Brainstorm that the Federal government needs to possess a “never done” mindset when it comes to tackling persistent cyber threats and the related imperative to modernize Federal agency IT environments in order to address the threats.
Kent relayed progress in Federal IT modernization and cyber defense–including notable steps in the past 10 days–but outlined corresponding actions needed to continue to build on that work.
Kent referenced comments she made at a July 25 House Oversight and Government Reform (OGR) hearing, where she revealed that 37 of 52 tasks in the Report to the President on Federal IT Modernization had been completed, many ahead of schedule.
Kent said agencies are already “starting to see the benefits” of these accomplishments but called them just the “start of the work.”
“When we check off No. 52, we are not done,” she said. “That’s the start of a different set of activities.”
To that end, Kent called the Cybersecurity Risk Determination Report and Action Plan released in May “the most comprehensive review of Federal cybersecurity to date” and said that the administration is “embedding” the goals set out in the Risk Report in the President’s Management Agenda.
Kent revealed that the government has “moved the needle with multi-factor identification to near 90 percent across 90 agencies” and said that the Federal CIO Council has recently undertaken a zero-trust network pilot as another way to improve identity management and security.
She also noted that members of Congress share a “common expectation of urgency” with the administration when it comes to cybersecurity, based on the concerns raised at the OGR hearing. She hailed Vice President Pence’s comments on Tuesday at the Department of Homeland Security National Cybersecurity Summit, discussing the administration’s request of a record $15 billion in appropriations to fund cyber defense.
“I hope as you’re sitting here in this room that it is absolutely clear what a priority this is,” Kent said today.
She said agencies “continually see improvement of both visibility and risk through things like the FITARA scorecard” but urged the use of advanced tools to refine what agencies are evaluating.
“We need to continue to look at what we measure and automating some of those activities so that we’re measuring and we’re looking at results all the time, and we’re using data-driven inquiries to actually demonstrate those results,” she said.
Kent–a sailing enthusiast–expressed a forward-looking mindset in the face of mounting challenges. “Sometimes the things that we have to face feel like rough seas…but you still have to figure out what that path forward is,” she said.
But she expressed firm belief that agencies are “improving cyber posture with every single step” taken to sunset or modernize legacy systems that “don’t protect citizens’ data” and urged that this mindset needs to guide all future activities in Federal IT.
“Cybersecurity does have to underpin everything that we’re doing, from the acquisition side, all the way through operations, because the battle is continuous, and we always have to raise the bar,” she said.