An enterprise cybersecurity strategy for federal critical infrastructure modernization

摘要

Federal systems are constantly faced with risks due to the ever-evolving cyber threat landscape. Cyber threats can cause anything from degradation of system functionality to data theft. Depending on the criticality of the Federal system, a cyber-event could be catastrophic, causing a significant financial loss to the Federal government, potentially impacting the privacy or safety of the American public, thus being categorized as Critical Infrastructure. In the past year, modernization of Federal systems has gained much attention. In 2017, The Executive Office of President finalized a report on the Federal IT Modernization [1], as well as the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure [2]. In many cases, Federal Critical Infrastructure may often be comprised of legacy systems, which consist of aging technologies, program languages or hardware. The cost of the sustainment and operation of legacy assets will continue to increase over time and become more difficult to protect, as outdated technologies become obsolete or unsupported. The existence of legacy technology may also limit the ability of the adoption of new capabilities. To address these issues, Federal agencies must incrementally reduce the usage of legacy assets through modernization. The Modernizing Government Technology Act of 2017 or MGT Act was passed by the House of Representatives on May 17, 2017, and was recently passed into law on December 12, 2017. The MGT Act of 2017 is a bipartisan effort, which calls for agencies to modernize their aging systems. The MGT Act builds upon the Federal IT Acquisition Reform Act (FITARA), creating the FITARA scorecard, a grading system used to monitor the modernization efforts of Federal agencies and empower CIOs to take action. The score is calculated based on CIO performance, risk management, data center optimization and other factors. In the latest FITARA Scorecard released in November of 2017, both the DOD and DOT scored an F+. The FITARA Scorecard presents insight into the current state of modernization of Federal systems; however, the scoring system may not fully encompass the considerations needed to address the challenges faced by Critical Infrastructure, such as the National Airspace System.