Department of Transportation (DoT) Secretary Pete Buttigieg always says that safety is the DoT’s “North Star.” According to the department’s top cyber and IT official, safety is no longer possible without cybersecurity.
DoT Chief Information Officer (CIO) Cordell Schachter said this week that it’s “now impossible to separate cybersecurity” from the department’s mission of safety.
“Our systems need to be available 24/7. People have to have high confidence in them. They need to operate with integrity and accuracy,” Schachter said during a GDIT webinar on May 2.
“And as the technology develops – which we know it will, and artificial intelligence is just one area like that – we have to fold that into an already high availability, high credibility environment so that both our staff as well as the people who count on us know that they can count on the work that we do,” he said.
The CIO said one of DoT’s biggest challenges when it comes to incorporating emerging technologies – like AI – is the department’s technical debt.
“With a large amount of technical debt, basically older systems, we can’t sufficiently secure them without extraordinary means,” Schachter said. “We want to be on our front foot, not on our back foot as we confront our adversaries who are increasingly nation states.”
“And the older systems, which were invented at a time when those types of threats didn’t exist, aren’t necessarily up to these new threats. So, we can put in new technologies to encapsulate them, almost spending again on the same old systems,” he said. “[But] those systems may not lend themselves to new features, may not lend themselves to new applications.”
“So, for that reason, as well as cybersecurity, it’s best to have a real serious plan to reduce our technical debt both to improve our security as well as make us ready for the next generation of technology,” Schachter said.
The DoT CIO emphasized that the Federal government should be a leader in emerging technologies like AI, but that it also has the responsibility to manage risks.
“We don’t necessarily want to rush these things to public availability just as soon as somebody has invented it without really putting up some guardrails to be sure that this new way of making a fire – which could have a lot of productive purposes – isn’t directed at us to start to burn our own houses down,” Schachter said.
He said that DoT’s strategy is to use sandboxes to test new technologies, so the department isn’t “susceptible to ill effects that we didn’t expect.” Schachter emphasized that the agency only releases technology from the lab when it’s both fit for purpose and fit for use.
“They’ll go through the same governance process that we use for all of our IT applications before making them live,” the CIO said. “It is a very deliberative way to do it, but unintended consequences in our environment could be loss of life and serious injuries.”