When it comes to cybersecurity, U.S. Chief Information Officer Tony Scott believes it’s not enough just to share information — federal officials have to regard it as “a shared responsibility.” And he wants agencies to start sharing their cyber systems to help narrow security disparities within the federal government.
“There’s nothing you can do at an enterprise scale, or certainly at the scale of the federal government or even more broadly as a nation, that doesn’t have a bunch of dependencies,” Scott said Tuesday at FedScoop’s FedTalks. “You need partners and you need environment where people can both share information but also share learnings and work together.”
Since executing a federal cybersecurity “sprint” this summer focused on better use of two-factor authentication employing personal identification verification cards — he said they made “remarkable progress in that short a period of time” — Scott and his team have turned their focus to long-term cyber strategy and, in large part, a cultural change to improve cyber hygiene in federal government.
In addition to the obvious modernization of legacy systems and stronger cyber recruitment efforts needed in federal government that he’s talked about before, Scott told the FedTalks crowd gathered at the Andrew Mellon Auditorium in Washington, D.C., that he envisioned a federal IT model in which the cybersecurity is not siloed at the agency level, with far fewer security systems shared between multiple agencies.
“We have a culture of every agency doing 100 percent of its own work most of the time, absent of a few shared services,” he said. “And not just at the agency level, but sometimes well below that there’s tons and tons and tons of uniqueness.”
But as security becomes a “much more intense activity and a much more critical factor in how we do our business,” Scott said, “we can’t rely on every single agency having [enough] resources and access to all of the technology that’s needed to really do your job in this space.”
No, Scott doesn’t envision a single cyber system for all of the government. But, “I don’t think we need hundreds and hundreds and hundreds of individual” security systems either, he said.
The federal IT community, and the general technology industry, is at a critical inflection point, Scott said, which is “exciting and exhilarating” but will likely come with some bumps.
Scott, though, stood confident in the federal government’s ability to thrive in the changing times if it can be flexible and promote an economy of sharing, closing by asking government and industry for more of the same help they’ve given him over the past year.
“Over the next year what I hope for is … the sharing of information and knowledge and lessons learned, whether it’s cyber or whether it’s this broader transformation effort that we’re on,” he said. “I need, your help, the country needs your help, and we need each other’s help in order to make this effective.”
Read the rest of our 2015 FedTalks coverage:
Watch our TV coverage of FedTalks 2015: