Maria Roat: Agencies must keep emerging tech in mind as they modernize security
As federal agencies pursue long-term IT modernization, they must be mindful of the potential for emerging technologies like quantum computing to disrupt current security paradigms, Deputy Federal CIO Maria Roat said Tuesday.
Quantum computing will likely invalidate certain encryption methodologies in the next decade, and federal systems must evolve to support new ones, Roat said during the Billington Cybersecurity Summit.
Investing in modern zero-trust security architectures and flexible, scalable cloud-solutions has become even more important so agencies can configure their platforms to capitalize on emerging technologies down the line.
“Even as I’m modernizing some of our old systems, our legacy systems, I have to make sure that our current systems as well are keeping up,” Roat said.
The shift to telework has tested such systems, which have seen a “huge escalation” in cyberattacks across both the public and private sectors since the coronavirus pandemic began, she said.
But agencies have taken the time to mount defenses for blocking unwanted traffic and phishing emails, preventing successful cyberattacks in the last six to eight months.
“How the federal government operated around cybersecurity is really a testament to the maturity of the federal government around networking and its modernization over the last several years,” Roat said.
That’s not to say there haven’t been hiccups since the pandemic started.
Insider threats are a challenge as well, and federal employees have inadvertently or intentionally shared screenshots on social media of content that has even said, “Do not distribute. For official use only,” Roat said.
Agency CIOs must invest in training their workforce to avoid such mistakes, in addition to recognizing phishing emails and adapting to an evolving threat landscape that includes personal social media accounts, she said.
The CIO Council is helping train federal employees to identify cyberthreats first through its Federal Cyber Reskilling Academy and now the Federal Data Science Training Program.
Employees should notify their agency CISOs and communications departments when they see their agency’s brand misused or offering fake services, a problem on the rise during the pandemic, Roat said. Adversaries have been creating fake agency accounts on Twitter and Facebook.
“They were trying to confuse the federal government’s customers,” Roat said. “And this is where every employee in the federal government needs to be aware of that.”