Suzette Kent on how IT modernization is really a cybersecurity play
There’s always a cybersecurity angle, and federal CIO Suzette Kent found hers during a keynote at CyberTalks.
Kent, whose tenure has thus far been defined largely by the administration’s IT modernization goals as set out by the President’s Management Agenda (PMA) and the attendant cross-agency priority (CAP) goals, pivoted a bit to talk about cybersecurity on Thursday morning. Her thesis? IT modernization is critical to security.
“It’s a little bit of a chicken and egg kind of discussion,” she said. Cybersecurity is about a lot of things, one crucial (if relatively mundane) way an agency can get to a more secure future is by updating its IT foundations, she said.
“Part of the reason I’m so passionate about modernization and driving it quickly is the way that we become more secure, the way that we protect our infrastructure, is to have more of an infrastructure and to not be looking at things that were designed so many years ago that the concepts — some of the basic concepts of blocking and tackling — wasn’t even envisioned.”
“As we modernize the systems, many of the security capabilities are built in,” she added, citing the example of pushing agencies to cloud email services where they can better protect against phishing.
But IT modernization isn’t the only piece of the PMA that has a close tie with cybersecurity. Another pillar of the plan, one concerned with better data stewardship, also requires strong protections.
“Part of how we serve citizens is to protect their data,” Kent said.
The good news for security, Kent said, is that agencies are working on IT modernization, and being measured in their progress through the CAP goals’ quarterly action plans. “We are making real progress,” Kent said.