workflow resilience

Feds look to secure common workflows

As the saying goes in cybersecurity, it’s not a question of whether a network will be hacked, but when. For many agencies, that means the right approach to security is resiliency -- the ability to be able to rapidly respond to and recover from a hack, intrusion or attack. 

One way to increase resiliency is to focus more on shared networks and shared applications, U.S. CIO Tony Scott said.   

Agencies have many common functions and workflow processes, and there’s “no reason every agency has to run its own email system,” he told GCN after a Feb. 11 New America Foundation event on cybersecurity.

A better model would be one based on generalized workflows.  “Think about a world where you had some more generalized workflow engines -- cloud based -- that do the heavy lifting of the things that most agencies do. Then you can build on top of that generalized engine the very specific agency things that you need to do,” he explained.  “That’s the model that we’re going to try to move to,” Scott said,  adding that his office is currently trying to identify what the most common workflows might be and then find the pilot agencies to conduct the first tests.   

Systems built on common processes would also enable the retirement, replacement and modernization of legacy IT, as called for by the White House’s new Cybersecurity National Action Plan. Legacy systems suffer from a multitude of shortcomings, Scott said. They can be expensive to operate, they’re hard to secure and the talent to continue to operate them is not available.

Scott said one of the big challenges is determining exactly what should be used to replace legacy systems  -- noting that the right answer almost never is simply rewriting the old Cobol in a more modern language.

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected