The government is three weeks into fiscal 2020, and as Congress works to finalize the federal budget, the White House is locking down its cybersecurity priorities for the next year.
IT modernization will remain a major focus of the Trump administration’s tech agenda in 2020, and cybersecurity is going to factor into every one of those efforts, according to Federal Chief Information Officer Suzette Kent. Leaders are particularly interested in identity management strategies, enhanced security measures for citizen-facing services, and automated network monitoring for agency cyber shops, Kent said Thursday.
Agencies should also expect to see more concrete recommendations coming out of the Federal Acquisition Supply Chain Council, a newly formed organization within the Office of Management and Budget dedicated to keeping the government from buying compromised tech, she said.
“We actually have to treat our approach to cybersecurity like we [would] a battle,” Kent said at CyberScoop’s CyberTalks conference. “We have to meet our adversaries with the same preparation, the same level of coordination that we would in a [physical] battle.”
Over the next year, Kent said the White House plans to explore in a number of technologies and protocols for keeping unauthorized individuals out of government systems.
Specifically, leaders will push to expand the use of zero-trust architectures and digital identity management tools, she said. As agencies make more citizen services accessible on mobile devices, she added, they must also put in place more privacy protections and security controls. In 2020, the White House will work to enhance encryption mechanisms and behavioral analytics to ensure those services are only accessed their intended users, Kent said.
The administration will also continue pushing to bolster the government cybersecurity workforce, launching more cyber training programs and expanding partnerships with industry, she said. Kent noted federal leaders are also looking to stand up more continuous monitoring tools, which would free up current cyber personnel for more important tasks, she said.
In a separate speech, Federal Chief Information Security Officer Grant Schneider said the White House is also ramping up efforts to secure the government’s IT supply chain. Over the next year, leaders will work to build a framework for measuring the risks of different vendors and products, he said, and the Federal Acquisition Supply Chain Council is also ready to begin its work in earnest.
Created last year under the SECURE Technologies Act, the council is responsible for flagging potentially dubious vendors to the intelligence community, Pentagon and Homeland Security Department, whose leaders can then ban the rest of the government from doing business with those contractors. Historically, the government has been slow to cut ties with suspicious contractors, and the council is intended to accelerate that process, according to Schneider.
“We are at the point where we have tools, we have these mechanisms,” he said. Now, “we’ve got to actually implement them and make determinations and start building that muscle memory.”