WannaCry. Petya. Wikileaks. Cloudbleed. Hacks of presidential campaigns in France and the United States. Shadow Brokers. Equifax. Deloitte. Those are just some of the most significant cyberattacks of the last 12 months.
Private and public networks around the world are incessantly under cyber attack, and the threats continue to proliferate. Cyberattacks steal from the innocent, threaten our national security, and undermine faith in corporations, institutions, and government.
If it’s not obvious yet that cybersecurity is a major issue, you’re not paying attention. Accordingly, cybersecurity must be a priority for all levels of government, not to mention the private sector.
Yet much of the federal government’s networks remain vulnerable simply because of outdated and obsolete technology. This must change.
Fortunately, Congress and the administration are making progress on setting the right cybersecurity priorities and making a down payment on them.
The recent Senate passage of the $500 million Modernizing Government Technology (MGT) Act, as part of the National Defense Authorization Act, is a major step forward on that down payment. With a stand-alone version of the MGT already passed by the House, a conference committee hopefully can hammer out the differences between the two versions so that bill can be passed by both houses and signed by the president in short order.
The White House has exercised leadership in the cybersecurity arena as well, in May issuing its executive order on cybersecurity to make cyber training, shared services, and cloud computing priorities for federal agencies and departments. This policy direction is bearing fruit already. The American Technology Council, created by the president in May, has just issued a new report (pursuant to the EO) that outlines the state of federal IT and makes further recommendations for the government’s modernization efforts.
The ATC report calls for a modern federal IT architecture, where agencies are “able to maximize secure use of cloud computing [and] modernize government-hosted applications.”
By managing risk, identifying and eliminating barriers to cloud adoption, and consolidating and standardizing network management, agencies can greatly improve their security risk profile, the ATC advises.
The report also recommends updating acquisition methods to enable agencies to adopt commercial cloud products that meet government security standards, accelerate adoption of cloud-based applications, and provide centralized capabilities (known as “shared services”) to improve visibility and security.
The report states quite bluntly that in order to implement all the modernization efforts the report outlines, agencies need to “realign their IT resources appropriately using business-focused, data-driven analysis and technical evaluation.” The report advises agencies to consider pausing or halting procurement of legacy IT and “emphasize reprioritizing funds” and consider “’cut and invest’ strategies that reallocate funding from obsolete legacy IT systems to modern technologies, cloud solutions, and shared services, using agile development practices where appropriate.”
For the sake of our national security, it is imperative that these recommendations be heeded with the utmost seriousness and with all deliberate speed. As the report notes, adoption of its recommendations “will modernize the security and functionality of federal IT, allow the federal government to improve services delivery, and focus effort and resources on what is most important.”
With this direction from the White House, along with the funding from Congress, the federal government has the roadmap and the tools to get its cyber house in order. We in the private sector stand ready to help the federal government make its journey to the cloud secure and successful.
We cannot expect our networks to be secure when they run on obsolete technology. Very simply, a modern federal government IT is synonymous with cybersecurity. Just like the old song about love and marriage - you can’t have one without the other.
Christian Marrone, a former chief of staff to DHS Secretary Jeh Johnson and special assistant to Defense Secretary Robert Gates, is a senior fellow at George Washington University’s Center for Cyber & Homeland Security and a senior vice president at CSRA Inc.