Federal cyber officials from the Office of Management and Budget (OMB), National Institute of Standards and Technology (NIST), and the Cybersecurity of Infrastructure Security Agency (CISA) highlighted today that IT modernization and implementing OMB’s guidance are some of their biggest priorities.
To accomplish those priorities, CISA Assistant Director Jeanette Manfra, Federal CISO Grant Schneider, and NIST Chief Cybersecurity Advisor Donna Dodson illustrated at CISA’s Cybersecurity Summit today that their agendas are dovetailing their mission and initiatives.
Manfra said that collectively, the three officials’ agencies are “very focused on operational implementation guidance, following OMB policies and its standard setting. We’re looking to continue to prioritize the scarce resources that any Federal agencies have. We’re seeking to understand what enterprise risk looks like.”
Future priorities for the three agencies include “driving toward a more secure Federal architecture,” which include initiatives like “IT modernization, modernizing security processes, establishing a Federal baseline for cybersecurity, as well as long-term … thinking about what’s most appropriate to centralize, providing security to … agencies, as well as working with the Hill and others to ensure that you can have the resources they need.”
“We have to get out of our legacy environment that we have,” Schneider added. “When we do that, we have to look for new ways to deliver those services. What are the new technologies we have? We don’t want to build the next decade’s legacy systems tomorrow. We instead want to move to shared services and try to get agencies out of the business of doing things that they need not be in the business of and are part of their core mission, and those provided as a service in some way, shape, or form.”
Part of that IT modernization is in getting research, development, and NIST standards prepared for future technologies, such as AI and automation, internet of things devices, and zero-trust networking, Dodson said.
“We have the Cybersecurity Framework and Risk Management Framework – bringing those together, continuing, as always, to focus on that risk posture with high-value assets,” she added. “We are also working to set the stage for tomorrow with our work in research and development activities in the NIST cybersecurity program.”
Although IT modernization is critical for these leaders, that also means working on supply chain risk management and security, the officials added.
A final priority that the officials briefly touched upon, but still stressed, is to address the workforce and talent gap in the Federal cybersecurity agencies.