Feds look to secure common workflows
- By Mark Pomerleau
- Feb 16, 2016
As the saying goes in cybersecurity, it’s not a question of whether a network will be hacked, but when. For many agencies, that means the right approach to security is resiliency -- the ability to be able to rapidly respond to and recover from a hack, intrusion or attack.
One way to increase resiliency is to focus more on shared networks and shared applications, U.S. CIO Tony Scott said.
Agencies have many common functions and workflow processes, and there’s “no reason every agency has to run its own email system,” he told GCN after a Feb. 11 New America Foundation event on cybersecurity.
A better model would be one based on generalized workflows. “Think about a world where you had some more generalized workflow engines -- cloud based -- that do the heavy lifting of the things that most agencies do. Then you can build on top of that generalized engine the very specific agency things that you need to do,” he explained. “That’s the model that we’re going to try to move to,” Scott said, adding that his office is currently trying to identify what the most common workflows might be and then find the pilot agencies to conduct the first tests.
Systems built on common processes would also enable the retirement, replacement and modernization of legacy IT, as called for by the White House’s new Cybersecurity National Action Plan. Legacy systems suffer from a multitude of shortcomings, Scott said. They can be expensive to operate, they’re hard to secure and the talent to continue to operate them is not available.
Scott said one of the big challenges is determining exactly what should be used to replace legacy systems -- noting that the right answer almost never is simply rewriting the old Cobol in a more modern language.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.