workflow resilience

Feds look to secure common workflows

As the saying goes in cybersecurity, it’s not a question of whether a network will be hacked, but when. For many agencies, that means the right approach to security is resiliency -- the ability to be able to rapidly respond to and recover from a hack, intrusion or attack. 

One way to increase resiliency is to focus more on shared networks and shared applications, U.S. CIO Tony Scott said.   

Agencies have many common functions and workflow processes, and there’s “no reason every agency has to run its own email system,” he told GCN after a Feb. 11 New America Foundation event on cybersecurity.

A better model would be one based on generalized workflows.  “Think about a world where you had some more generalized workflow engines -- cloud based -- that do the heavy lifting of the things that most agencies do. Then you can build on top of that generalized engine the very specific agency things that you need to do,” he explained.  “That’s the model that we’re going to try to move to,” Scott said,  adding that his office is currently trying to identify what the most common workflows might be and then find the pilot agencies to conduct the first tests.   

Systems built on common processes would also enable the retirement, replacement and modernization of legacy IT, as called for by the White House’s new Cybersecurity National Action Plan. Legacy systems suffer from a multitude of shortcomings, Scott said. They can be expensive to operate, they’re hard to secure and the talent to continue to operate them is not available.

Scott said one of the big challenges is determining exactly what should be used to replace legacy systems  -- noting that the right answer almost never is simply rewriting the old Cobol in a more modern language.

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected