The Trump administration’s fiscal 2020 IT security priorities will look familiar to anyone who has heard Suzette Kent speak over the past year: The Federal CIO detailed a long list — including cross-agency information sharing, improved identity management and increased workforce cybersecurity literacy — during a keynote Thursday at CyberTalks in Washington, D.C.
“Our challenge is not confined to a month,” she said, in an allusion to October’s designation as Cybersecurity Awareness Month, as well as the beginning of a new budget year. The White House is preparing to dig deeper in the coming months and years, she said, on issues that it has specifically addressed in executive orders and other moves.
Cybersecurity is a “high priority” that is “embedded” in all the administration’s IT modernization activities, she said. The continuing transition from legacy systems to the cloud guided by the Cloud Smart policy, for example, is at least partially about moving to an architecture with built-in security.
“Modern systems and modern design is more secure, because data is encrypted moving and at rest,” Kent said.
Other tasks on the 2020 “execution agenda” include:
- Federal identity and access management.
- “Key implementation actions” in the federal acquisition supply chain strategy.
- Enterprise cyber risk management and increased information sharing. This work, performed in partnership with the Department of Homeland Security, represents a way to “move from a reactive to a proactive position.”
- Continued talent building, through initiatives like the Federal Cyber Reskilling Academy and more. “I’ve said many times I don’t want to be fighting over the same one person — we need to build 10, 20, 50 capable people because we need them in all areas,” Kent said. She mentioned the importance of efforts to “boost hands-on skills” of cyber practitioners as well as increase the “overall literacy” of the entire government workforce.
- Automated continuous monitoring — “There are some special activities this year to leverage automation for continuous monitoring so that we can actually reduce some of the manual activities and leverage our very precious cyber workforce on the more complex and critical roles,” she said.
“There’s a lot happening,” Kent said in closing.