Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

Prioritizing Cybersecurity Eases Modernization

Government IT managers should consider four points for a smooth modernization journey.
By Dave Mihelcic
When it comes to IT modernization, agencies often set their sights on adopting next-generation technology, but cybersecurity must be a priority. Credit: PIRO4D/Pixabay
When it comes to IT modernization, agencies often set their sights on adopting next-generation technology, but cybersecurity must be a priority. Credit: PIRO4D/Pixabay

More than a year has passed since the Modernizing Government Technology (MGT) Act was signed into law, cementing the establishment of a capital fund for agencies to support their special IT projects. The MGT Act prompted defense and intelligence agencies to accelerate the replacement of legacy systems with innovative and automated technologies, especially as they explore new ways to mitigate security risks like those experienced all too often by their private sector counterparts.

When it comes to IT modernization, agencies often set their sights on adopting next-generation technology, spanning from drones to emerging Internet of Things devices. However, to operate these sophisticated forms of automated technology successfully, agencies must prioritize security.

For agencies in the early stages of their modernization journey, security is critical as automated systems significantly reduce errors that can lead to a data breach. Automating response actions also can increase the chance of identifying, intercepting and defeating attacks in real time without increasing workloads.

In fact, IT managers across the public sector cite security as one of their biggest concerns. But let’s be honest, who can blame them? Some of the federal government’s largest cyber attacks have resulted in loss of time and resources and years of cleanup. With highly sensitive data of employees, citizens and our national security at stake, the federal government simply cannot afford to overlook its cyber posture.

To prepare for IT automation and establish proper security protocols, federal IT managers should consider these four main points:

  • Procurement: Consider what security certifications and accreditations will be needed, as defense agencies can be slow to adopt new technologies and systems. For example, some agencies limit the deployment of specific tools and even scripting capabilities on networks, making it more difficult not only to deploy automation tools, but also to utilize them in an agile fashion to continuously extend network automation capabilities.  These kinds of issues should be addressed before procurements are executed to avoid costly delays or wasted funds.
  • Collaboration: Focus on greater collaboration across agencies to identify the framework and architecture to adopt. Getting the entire IT department onboard with decisions to make changes will make the deployment and execution easier.
  • Deployment: Work toward a staged deployment of capabilities over time—start with adopting automation capabilities of basic administrative tasks, building out additional automation as they gain experience and move to event-driven automation as the agency IT departments gain experience. This will ensure that basic security measures aren’t overlooked and that the IT staff feels comfortable with handling the changes being made to better automate the system.
  • Talent: Increase salaries to remain competitive with the private sector, especially when competing for a limited talent pool that knows how to automate properly. Recruiting top technical talent is a difficult problem and unfortunately results in skills gaps among both the private and public sectors. To better streamline the process of hiring the best candidates, request the authority to hire directly. This should alleviate a few steps in the tedious hiring process, especially for critical IT positions, and hopefully keep more qualified candidates interested in pursuing work in the public sector versus the private sector.

The main goal of an automated government requires it to act, not just detect and alert. Legacy systems without open, standards-based management interfaces are challenging to automate and there is a concerning lack of organic experience with modern automation frameworks and the ability to program within these. By focusing on assessing and fixing key technical challenges, government agencies will see an easy path to automation and an increased level of security within IT operations.

Dave Mihelcic is the Federal Chief Technology & Strategy Officer, Juniper Networks

 

Enjoying The Cyber Edge?
The Cyber Edge is part of SIGNAL Magazine. Subscribe or join AFCEA to receive SIGNAL and its award winning news.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA

Related Cyber Content