The Treasury Department is embracing technology diversity as one of the mechanisms in its cybersecurity fights against bad actors looking to attack the department’s supply chains.
“When it comes to the digital supply chain, we’re a little more complex in that resilience of what we do almost matters more than the confidentiality,” said Jeffery King, Treasury’s deputy chief information officer, on Sept. 6 at the Billington Cybersecurity Summit.
“When we look at the supply chain, we are looking at it from a resilience angle, and we are looking at it very much from a diversity mitigation strategy,” King said.
King talked the need for that type of resilience after giving an example of how the Internal Revenue Service (IRS) ran identification issues by only utilizing Equifax, the consumer credit reporting agency, as its sole identification method.
“That’s an example of where all of our supply chains have grown,” he said. “Now, when we look at identity verification … and what we do across the board, we have to embrace diversity and resilience and strategy getting down into the deeper part of it.”
As digital supply chains only grow in importance, King added that a give-and-take relationship with industry is key to procuring good code and products that will promote cybersecurity resiliency.
“I think there’s a give and take … don’t write crappy code, don’t ship crappy code, don’t be sloppy,” he advised. “Now, how do I check that? I can’t check-list my way out of it,” King said. “Yes, money does talk, procurement does talk, but it only goes so far.”
He also voiced in no uncertain terms the importance of mission at the Treasury Department, in particular with tax systems and revenue collection.
“If we don’t collect revenue, people don’t get paid, people don’t get benefits. If people don’t get benefits, they don’t get healthcare, and people die,” stated King.
“We are in a life or death situation. So we have to be mindful of that as we start looking at what what’s truly critical and what’s not,” he said.