Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

❮   Back to News

October 30, 2020

The Federal CISO Wraps Up Cybersecurity Awareness Month

By Camilo Sandoval, Federal Chief Information Security Officer

Tags:

Tags: Cybersecurity; 2020

This year has brought cybersecurity to the forefront of everyone’s mind. As a community, we had to come together and found ourselves thrust into an environment facing challenges which not only affected our agencies, but our community as a whole. We pivoted to an increased telework environment - some of us were ready, while others had additional work to do. As a community, we’ve made significant strides – but our work isn’t done.

Today, more than ever, data is part of everything we do. And because of this, it is key that that data is protected. I am happy to report that agencies have made substantial progress in how they protect the public’s data. In the past year, steps have been taken to close the gap on priority Administration cybersecurity targets, like the adoption of a coordinated vulnerability disclosure (CVD) approach. By a systematic adoption of a CVD, the Federal government improved its cyber defenses and government transparency. As we build on these efforts, the Federal government can enhance information sharing regarding the good-faith security research. We continue to find opportunities for improving how agencies communicate about reported vulnerabilities to each other and to those security researchers making the effort to inform us about risks to our information systems.

Building on the President’s Management Agenda, the Federal IT community had a number of successes in the past couple of years. Notable accomplishments include:

  • 100% of Agencies have the capability to check outbound communication traffic in order to detect potential unauthorized exfiltration;
  • 47% increase in Agencies’ ability to remotely wipe contents from stolen or lost mobile devices and use central and dynamic controlled monitoring; and
  • 40% increase in Cloud email usage.

I challenge you to continue to think through the value, objectives, and overall impact services, like Cloud, have in supporting our capabilities to serve the American public. It’s important to remember that these services enable us to connect far more reliably and consistently than ever before. I ask that you keep that in mind when looking at other capabilities that can improve stability, sustainability, access, and of course – security. When thinking about Cloud services and Cloud security, Supply Chain Risk Management is certainly a topic that comes to mind. The ability to widely assess supply chain risk across the enterprise and evaluate covered articles for potential removal and exclusion from Federal systems, is a wholistic government management approach. With the release of the Federal Acquisition Security Council (FASC) Interim Final Rule, the Interagency Council is building on its risk evaluation of covered articles that pose a significant risk to the Federal enterprise. There is more to come in the new year on the FASC efforts!

Emerging technology continues to challenge how we do business – from the daily tasks to the big picture. Artificial Intelligence (AI) is one tool that continues to transform how we do business in many similar ways with how Cloud has impacted our day-to-day operations. These new emerging technologies bring exciting opportunity and with it, increased risk. Below are a few things we are working on to shape those ideas and ways we can implement AI safely, securely, and with the same impact that Cloud continues to bring our workforce today.

Cybersecurity plays an active and focused role in driving conversations to strengthen and protect our Nation’s AI efforts. That includes Agency-focused AI efforts needed to fulfill their missions by:

  • Research Support: supporting and conducting AI research and development
  • Standards Development: actively engaging in AI standards development
  • Procurement & Delivery: procuring and deploying standards-based products and services
  • Policy & Regulation: developing and implementing supportive policies, including regulatory policies where needed

Want to get more involved and learn more about what we’re doing with AI? Visit the https://www.whitehouse.gov/ai/ for more information.

As the Federal CISO Council actively looks towards the future, I encourage you to take a moment and celebrate the achievements of this year. Please remain cyber-smart when working at home, on travel, or in the office. For more information on Cybersecurity Awareness Month and what’s next, please visit https://www.cisa.gov/national-cyber-security-awareness-month.

❮   Back to News