Balancing cybersecurity with modernization – as well as strategies that organically create that balance – are critical as Federal agencies work toward modernizing their IT infrastructures, said Jeanette Manfra, assistant director for the Cybersecurity and Infrastructure Security Agency (CISA), today.
In a keynote at today’s GovernmentCIO State of Cyber CXO Tech Forum, Manfra said that as much as she would like Federal agencies to decommission legacy systems and modernize their tech, agencies also must ensure security of new systems.
While security concerns may reduce the rate at which agencies can modernize, Manfra said that’s not the whole game. Policies, supply chain, and acquisition issues also can help prevent compromise and make cybersecurity and modernization more cohesive.
Manfra said that Federal initiatives are already in place to help strike the right balance. Those include Cloud Smart, which she said has helped enable Federal cloud adoption “in a smart way that balances the need for efficiency,” and FISMA (Federal Information Security Management Act), which Manfra called a “risk-based approach” to modernization through auditing processes.
But Manfra also said the Federal government should start to consider a community approach to create a more united IT modernization strategy.
“It’s … trying to get everybody to think about what do we really care about,” Manfra said. “What is really the high-value assets? How do we prioritize resources? How do we take actions to make ourselves overall more secure? And how do we become more flexible and resilient as a government?”
Even within agencies themselves, Manfra said she has encouraged a communal approach to seeking secure modernization solutions.
“It has to be a conversation between the security people, the engineers, and the mission people – the ones who actually are going to own that mission,” she said. “It can’t be security people trying to make decisions elsewhere, one part engineers developing the system, and then one side [with] the mission people. … We’re trying to get all of those folks together to have that conversation.”