The US government has long demonstrated a strong and ongoing commitment to building a modern, secure technology infrastructure. From the 2021 executive order urging federal agencies to move quickly toward secure cloud services, to the new government cybersecurity strategy unveiled earlier this month, to the joint CISA and NSA guidance on identity and access management, the US government sets high cybersecurity standards that, in turn, set models for private organizations.
I saw that up close when I worked as a cryptographic mathematician at the NSA from 1986 to 2000. Those days, our biggest concern was the security of email, and we were just starting to tackle the problem of securing the world wide web.
That sounds like ancient history compared to today’s challenges—and that’s the point. Cybersecurity is a game of cat-and-mouse. New technologies introduce new vulnerabilities that require new solutions that introduce new technologies. And then the cycle continues.
Every organization needs to account for that dynamic. But it’s particularly challenging for government agencies and their vendors to react quickly, given the realities and complications of procurement requirements and certifying that solutions meet operating standards.
There’s no one way to account for the brinksmanship of new challenges. But there are certain perspectives that government agencies can take that will help them remain agile and adapt to new challenges.
That’s why I’m looking forward to the “Taking the Right Steps to IT Modernization,” presented by SIRC in collaboration with ITPA NCC tomorrow. With so much changing so quickly—and with so much at risk—public sector agencies need to find a way to provide flexible security that works for today’s challenges and that can extend to future issues.
Context is constantly changing, so flexibility is of critical importance. For example, in identity and access management, organizations need to provide users with the right set of authentication options, implement good governance policies when deciding what given roles should have access to, and use new and emerging technologies like machine learning today to augment individual capabilities.
I’ll be discussing those best practices at the forum with other federal and industry speakers. Our panel, “Aligning Your Cyber Mission Goals,” will discuss how agencies and their technology providers can best work together to prepare government agencies and citizens for a secure cyber future.
The federal government is not unique in the push to replace outdated legacy systems to meet future needs more effectively, but it does face certain unique challenges. For example, the cloud imperative in government exists side-by-side with the need to maintain on-premises control over some highly secure environments; vendors need to understand this and be able to offer technology that specifically solves for such a seeming contradiction.
That’s just one example of why federal agencies are best served by technology providers who have a deep familiarity with the government’s unique needs, demonstrable experience meeting those needs, and technology solutions designed to address every agency’s mission. The panel discussion at the March 30 forum will highlight a mission-centric approach to how technology providers and agencies work toward IT modernization and cybersecurity goals.
Register for “Taking the Right Steps to IT Modernization,” and plan to join the panel “Aligning Your Cyber Mission Goals” with RSA.