Federal agencies face an immense challenge in updating aging IT and OT infrastructures that are susceptible to vulnerabilities and unable to deploy the newest and most effective cybersecurity strategies.
These hurdles and how to overcome them were highlighted in a recent GovCIO panel featuring Jason Burt, Regional Cybersecurity Advisor for the Cybersecurity and Infrastructure Security Agency (CISA), U.S. Air Force CISO Aaron Bishop, and Fortinet Federal CTO Felipe Fernandez. This session, part of the CyberScape: Insider Threats event held March 2, opened the agenda with a discussion of how federal agencies and the private sector can collaborate to better defend the nation’s networks, systems, and critical information assets.
Fernandez laid out the challenge simply, saying that aging federal IT infrastructure was built much like the initial World Wide Web—without cybersecurity in mind and lacking the ability to incorporate modern cyber capabilities, such as segmentation and identity-based access. Given the organic evolution of agency architectures, now federal agencies and their private sector partners must decide how best to modernize and secure aging networks and systems while minimizing the impact on missions and operations.
Jason Burt, who advises state and local governments as well as critical infrastructure providers in eight states in the Southeastern U.S., agreed that more collaboration with the private sector is key to advancing his agency’s strategic priorities. In GFY2023, CISA is focused on four sectors: election security, healthcare and public health, water and waste water, and K-12 education, in addition to continuing efforts defending against increasingly formidable threat actors and protecting critical infrastructure.
“Cyber is a team sport,” Burt said. “We all need to work together to get a holistic view of what’s going on.”
Aaron Bishop, who oversees U.S. Air Force and Space Force cybersecurity programs, added that communications and collaboration among government and defense contractors is an essential component to meeting their diverse and demanding service requirements. He noted that the 150 installations his organization supports worldwide operate like independent “mini cities” with vastly different missions, environments, and IT requirements. To address the broad scope of partners that work with the Air Force and Space Force, Bishop’s organization hosts weekly collaboration meetings—of up to 1,000 companies per week—as part of The Blue Cyber Initiative. This popular education series features videos and weekly Q&A sessions where federal contractors can ask questions and clarify how best to meet their data protection responsibilities.
Fernandez underscored Bishop’s point about communication. He said that collaboration is the key to every function, from forming strategic relationships with agency personnel to sharing vulnerability information to ensuring industry partners clearly understand the capabilities federal end users want at a tactical level. He added that Fortinet Federal meets regularly with agency professionals from CISA, NIST, and other government organizations to stay abreast of their modernization and cybersecurity challenges and objectives.
Bishop emphasized that consistent and reliable internal communications continue to be a priority for large, geographically dispersed federal organizations like the U.S. Air Force and Space Force. As part of their enterprise-wide CIO Strategic objectives, the services are emphasizing the importance of keeping risk management top of mind in decision-making and understanding the dependences and interconnected nature of their operating environments.
He added, “How do we standardize so that everyone making cybersecurity decisions is making them with evidence and that they understand the risks they are taking?”
With agency IT modernization at the forefront, Fernandez noted that agencies can begin to move away from cumbersome and expensive legacy infrastructures with newer delivery models that remove some of the significant barriers to IT modernization. Simplified and integrated cybersecurity and network modernization capabilities can be delivered as a platform, allowing large government enterprises to have more capabilities with fewer products to implement and maintain. For example, one integrated security platform suite provides the ability to quickly modernize WAN, LAN, cybersecurity intelligence, and zero-trust capabilities.
“We want to make sure there are zero excuses to not modernize, to not incorporate innovative cybersecurity solutions,” Fernandez concluded.
View the entire panel session on-demand here.
For more information on Fortinet Federal cybersecurity solutions, visit www.fortinetfederal.com.