The Defense Department has one of the largest cyberattack surfaces in the entire federal government. And it’s Pentagon CISO and Deputy CIO Essye Miller’s job to ensure that the department has the policies, standards and procedures in place to prevent major breaches of its sprawling network.
Miller, who also served as CISO of the Army, took over as DOD CISO in December 2016. Since then, she’s overseen several major initiatives, including continuing development of the DOD Cyber Scorecard, moving securely to the cloud and recruiting qualified cybersecurity talent, a pain point that’s felt around the federal government.
FedScoop invited Miller to take part in its first FedScoop Q&A —a regular series of interviews with top federal IT executives that delve into the issues and topics they’re concerned with day in and day out. In this inaugural installment, Miller discusses her top priorities around improving cyber-hygiene departmentwide, the unknowns that keep her up at night and why cybersecurity isn’t an “IT thing.”
Editor’s note: The transcript has been edited for clarity and length.
FedScoop: Briefly, what do you find is the most critical part of your job right now?
Essye Miller: My top priority is ensuring cybersecurity is a consideration in every decision we make. Cyber-hygiene is fundamental to our daily business and will remain a focus at all levels of leadership within the Department of Defense. The risk management discussion is critical to assuring uninterrupted cyber support to warfighting operations. Leaders must be postured to make informed decisions with an awareness of real-time threats and vulnerabilities in mind. My job is to ensure the conversations are taking place.
Also critical are our efforts to increase collaboration across departments and agencies, creating opportunities and leveraging efficiencies across the federal government and our industry partners.
FS: Is there any topic in federal technology right now bigger than cybersecurity?
EM: We have to take a holistic approach to technology. Cybersecurity underpins everything from industrial control systems, embedded platform IT (which includes IT in anything electronic from automobiles to appliances), power generation and transmission systems. Unauthorized access, disclosure, destruction of IT and data could be as destructive as any kinetic attack.
FS: What challenges keep you up at night regarding cybersecurity?
EM: The daily demands are such that I sleep well at night. Actually, “the unknowns” are concerning at times. I have more questions than answers: Is there anything we’re missing that will result in mission failure? Can we capture indicators of compromise well enough in advance to take appropriate action? Are we utilizing our precious resources as efficiently and effectively as possible so that we achieve maximum results for the warfighter?
FS: How can the U.S. government do a better job protecting its systems and Americans’ information? What is needed?
EM: It is increasingly important that the government continues to leverage public-private partnerships to create innovative solutions to rapidly evolving challenges and priorities.
We have to establish a common cybersecurity approach that fosters information sharing and leverages resources across government. This includes fostering collaboration between government and the commercial sector to share intelligence.
Also, we must continue to increase the cybersecurity awareness of the general population, stressing the importance of hygiene, data protection and responsible use of social media.
FS: What isn’t talked about enough regarding cybersecurity?
EM: Cybersecurity is not an “IT thing” — it is ingrained in everything we do. We all have an obligation to be responsible cyber citizens.
That said, we don’t talk enough about raising the next generation of cybersecurity professionals. While, I am passionate about recruiting and retaining talented people within the cyber career field within the government, I am just as dedicated to shaping our future workforce. We can’t miss any opportunity to shape the cybersecurity habits of primary school children — habits that will follow them into their adult careers.
I also want young people interested in STEM-related careers to understand that government service is a great way to explore technological advances while serving our country.
FS: What advice do you have for others?
EM: Similar to the last question, we all have an important role to play in securing the networks, both at home and work. We, as professionals, have a responsibility to help educate our communities on safe cybersecurity practices.
While we continue to focus on increasing awareness, we have an opportunity to create diversity in the cybersecurity career field. We can’t forget the importance of encouraging underrepresented sectors of our population (females, minorities, etc.) to explore STEM-related careers.