As federal agencies take on executive orders demanding upgrades in cybersecurity and customer service, these technology leaders can offer guidance and support.
Michael Hickey is an Associate Editor at Manifest.
Michael Hickey is an Associate Editor at Manifest.
The U.S. Food and Drug Administration recently released a cybersecurity modernization action plan, expressing an urgency to enhance defenses to mitigate growing threats that agencies have faced in the past few years. The FDA alone has reported a 457 percent increase in reconnaissance activities, denial of service, attempted exploitation and other cyber incidents against IT infrastructure during the pandemic.
The FDA said it needs to evolve to address these changing threats, and it will advance an agencywide approach to cybersecurity modernization. The new action plan will build on the FDA’s 2019 Technology Modernization Action Plan, its 2021 Data Modernization Action Plan and its 2022 Enterprise Modernization Action Plan.
“The FDA’s cybersecurity and technology modernization efforts are key to faster, more accurate, data-driven decisions to support our public health and regulatory mission,” says FDA CISO Craig Taylor. “By protecting and securing our information systems, we are better protecting and securing public health.”
Of course, the FDA isn’t the only federal agency under fire from bad actors. How can other agencies follow in the FDA’s footsteps? The organization’s modernization plan outlines key actions, such as establishing a zero-trust approach to security, leveraging artificial intelligence (AI) and machine learning (ML), and promoting software assurance best practices, as well as steps other agencies can take to modernize their IT systems.
Click the banner below to get Insider access to exclusive cybersecurity articles.
In its modernization plan, the FDA identified data and information protection as priority No. 1. It’s enhancing its cybersecurity protections by implementing a zero-trust security framework, along with secure cloud computing, multifactor authentication, encryption, threat detection and vulnerability management.
To ensure smooth adoption, the FDA’s Office of Digital Transformation developed a zero-trust implementation strategy. To make sure it stays on the right track, the FDA will measure its progress using a scorecard based on criteria defined in the Cybersecurity and Infrastructure Security Agency’s Zero Trust Maturity Model. That model identifies criteria for three levels of maturity: traditional, advanced and optimal.
At the final, optimal stage of the model, zero-trust maturity means:
LEARN MORE: GSA CIO David Shive talks shared services, zero trust and modernization.
The FDA also prioritized cybersecurity innovation and set up frameworks to identify and support the adoption of emerging technologies. The agency named ML, AI, data sharing, collaboration platforms and high-performance computing as innovative tools and technologies they’re looking to migrate toward in the near future.
“Our future vision is a highly skilled cyber workforce that leverages state-of-the-art technologies,” the FDA noted in a release on the new modernization plan.
Craig Taylor CISO, FDA
In addition to zero-trust adoption, the FDA’s main cybersecurity modernization initiatives include promoting software assurance best practices to include security at every stage of development.
“From the planning, development, testing, production and through retirement of our software solutions, the FDA utilizes advanced code analysis technology during development and continuous monitoring in production to assure our software solutions are secure,” Taylor says.
The FDA is poised to leverage AI/ML technologies to enhance cyber detection and response capabilities. Additionally, the agency looks to integrate counterintelligence and insider risk principles and prioritize and invest in the FDA’s cybersecurity workforce.
“The FDA identified cybersecurity workforce needs; expanded cyber mentorship, education and training for the workforce; recruited and hired cyber talent; and retained and developed highly skilled personnel,” Taylor says. “Partnering with the FDA Office of Talent Solutions, the Office of Digital Transformation established a category of retention incentive pay of 5 percent at one year, 7.5 percent at two years and 10 percent at three years for cybersecurity positions.”
Digital Workspace
2023 Federal Tech Trends: Client Virtualization Is Growing, But Is It Right for You?
Hardware
2023 Federal Tech Trends: Device Lifecycle Management Is Helping with Compliance
Visit Some Of Our Other Technology Websites:
Tap into practical IT advice from CDW experts.
Visit the Research Hub
Copyright © 2023 CDW LLC 200 N. Milwaukee Avenue, Vernon Hills, IL 60061
Do Not Sell My Personal Information