Supporting agile development to help the workforce operate mobile yet securely is a “critical” element to improving cyber hygiene, Department of Homeland Security Chief Information Officer Eric Hysen said in an exclusive live chat on Thursday. Homeland Security Today with an Editorial Board member and former DHS. CIO Luke McCormack.
“How do we adapt our governance processes in the department to not necessarily require but rather incentivize better software processes?” Hysen said.
DHS has “tested a number of things around agile governance” and is still talking about things like requirements, analysis, and getting approval to start development. “We know that’s not how modern software development works,” she said. “We still have more to do to think about how we modify that process, incentivize it, make it so easy to do it the right way with modern tools.”
Emerging technology, such as artificial intelligence and facial recognition, is “having a real impact across the department today,” and DHS is focused on understanding where technology is used across the department, then establishing and following best practices. throughout the department.
While AI-assisted decision-making for officers is “already real,” the CIO noted, DHS is also focusing on potential issues, such as algorithmic bias, as well as ensuring that emerging technology is also safe technology.
In April, the DHS announced that its first bug bounty program had concluded with more than 450 security researchers vetted identifying 122 vulnerabilities; Twenty-seven of them were determined to be critical. The Hack DHS program awarded a total of $125,600 to participants.
Hysen called Hack DHS “a great starting point capable of finding and remediating several critical vulnerabilities.”
“We need to rely on all techniques and approaches,” he added.
The department, along with other federal entities, has moved from the perception that “you will have a perfect defense system if we build our cyber walls high enough” to embodying the zero-trust model that does not replace elements of strong cyber defense. “but it is an important addition.”
Hysen said he was “surprised at how easy it was to incorporate components and systems,” while stressing the importance of agility. The capabilities offered to the DHS workforce on mobile devices “are directly related to security: the more we can enable the workforce, the less they will try to find workarounds.”
“There is a critical connection there,” the CIO emphasized.
Cyber hygiene work at DHS is “still evolving,” including testing to determine the best model to adopt and issuing a self-assessment to providers. Assessing these results will help guide the department to “better target areas where teams are going to dig deeper.”
“There is a lot of movement throughout the department,” Hysen said, adding that DHS wants to avoid duplication and be “on par” with CISA and White House direction.
A unique challenge for federal IT departments has been attracting the talent to execute on IT priorities, from technology modernization to cyber security, and the DHS Cyber Security Service recently stepped up to make big changes to the way we The department attracts, recruits, and retains cyber talent in the face of relentless competition from the private sector.
Hysen said the first employees were recently brought in through the system at CISA. DHS is also using other tools as it “works very hard to hire using that new system,” which is a reinvention of traditional civil service procedures, including candidates being screened on an assessment of their technology skills and career paths they offer. the same kind of flexibility and progression. one would see in a private technology company.
When asked what he would like to see from the department a year from now, Hysen said the department should have reached the point in supply chain security where “it should be clear to industry partners where we’re going.” and what they should do to come with us. The CTO community should lead the government in using AI technology, including facial recognition software, he said, and be “explicit” with the public about how this technology is used And the goal of supporting hybrid work dovetails with the quest to hire and keep the best talent in the department.
“I expect to have significantly fewer cyber vacancies across the department,” Hysen said.
State of Cyber and IT: DHS CIO Eric Hysen says IT’s mission is driven by increased collaboration and agility lessons