The Department of Homeland Security is taking a page out of the Defense Department’s playbook, developing policy to move its offices and agencies to the Microsoft Windows 10 operating environment.
The move will be part of the department’s latest cyber sprint to “make sure that we’re moving quickly and expeditiously to upgrading to current operating systems across the [department],” CIO John Zangardi said Tuesday at the AFCEA DC Cybersecurity Technology Summit.
“I have my team developing a Windows 10 policy,” he said. “In general, the thrust of DHS was ‘Let’s get to Windows 10.’ But it’s more complicated than that. We have to look at what version of Windows 10 are we going to go to? What’s our policy as we move forward in the future in terms of upgrading? What STIGs are we going to apply? What are our testing procedures across the whole organization? There’s a scheduling aspect, there’s a cost aspect, and there’s a security aspect that has to be taken into account as we move forward on this next cyber sprint.”
By moving the entire department to a single, contemporary operating system, it mitigates cybersecurity risks inherent in older system through better patching and brings streamlined operational efficiency across the agency.
Zangardi, who spent decades within the Defense Department before his move to DHS, is no stranger to a massive, departmentwide transition to Windows 10. He held several key leadership roles at the Pentagon before coming to DHS, including most recently as acting DOD CIO, in which he oversaw the department’s roll out of the popular Microsoft operating system, which was mandated in February 2016.
Therefore, he knows how important it is for the entire department — DHS oversees a diverse collection of large offices, directorates and component agencies — to be on the same page. Despite the requirement that all DOD offices and agencies transition to Windows 10 by January 2017, many still haven’t.
“Let me be clear: We are moving to Windows 10, we are moving there aggressively now,” Zangardi said. “But I want to make sure that we’re moving there in a very unified fashion that takes into account the intricacies of how the vendor is rolling out a version of Windows 10.”
This sprint to move to a departmentwide OS baseline will be DHS’s fourth in recent years. The first launched in the wake of the breaches at the Office of Personnel Management, which then U.S. CIO Tony Scott ordered to be conducted governmentwide. After that, Zangardi said, DHS developed cyber sprints around Federal Information Security Management Act compliance and public key infrastructure (PKI) use.
“Do you really know what you have on the network today? Do you really know who’s probably stolen your ID and is using it as a front?” he said. “Those risks are out there, and we have to be ever-vigilant…to stop them early and stop them soon.”