This week’s NVTC member guest blog is by Telos Corporation CEO and Chairman and NVTC Board Member John B. Wood. Telos Corporation is an information technology leader that offers solutions to empower and protect the world’s most security-conscious enterprises.
With the May 11 signing of the “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” our nation took a major step forward in improving our overall cyber posture.
As I said in the hours after the President signed the order, even the most rigorous processes for managing modern cyber threats require a foundation of modern technology. That’s why I was encouraged to see that the executive order specifically instructed federal agencies to show preference in their procurement for shared IT services, including the cloud. A growing number of federal agencies have realized that the cloud offers them secure and cost-efficient computing capabilities, but many others have been hesitant to make the move. This executive order provides the needed boost for all agencies to look towards the cloud.
With this executive order and the latest version of the Modernizing Government Technology Act (MGT) legislation moving through Congress, I believe we have reached a tipping point where the federal government will have the White House support and the financial means to truly tackle IT modernization and make it a top area of focus for every agency. In unveiling the order, the White House also showed vision by saying that planned federal IT modernization will include transitioning agencies to one or more consolidated networks, with the goal being to view “our IT as one federal enterprise network.”
Another very interesting aspect of the order, which I was likewise encouraged to see, was the direction for all federal agencies to immediately begin to use the NIST Cybersecurity Framework (CSF) to manage their cybersecurity risk. At Telos, we have long advocated for a common language when it comes to cybersecurity so stakeholders in all areas of the organization can communicate about cyber risk, which ultimately leads to more informed decisions about what security investments need to be made. The CSF is a powerful framework for enabling improved risk management throughout the government enterprise. Replacing outdated legacy systems, and making adoption of the framework more efficient with automation, will only strengthen our government’s cybersecurity defenses.
In the near-term, I will be paying close attention as agencies work to provide their own 90-day plans for implementing the NIST CSF, as required by this executive order.
Locally, this order should be welcome news to the vast number of technology and cybersecurity companies in Northern Virginia who work with the federal government. For those of us in this field, the executive order is exactly the type of nudge that federal agencies have needed to make the necessary improvements to their IT infrastructure and cybersecurity posture. However, for this executive order to truly deliver value, it will be contingent upon industry and government working together. I have no doubt that industry will step up to ensure success.
Overall, the cybersecurity executive order constitutes a long-overdue move by the federal government to take the steps necessary to better protect its networks and data. Moreover, the order sends a powerful message that our nation’s cyber defenses must continuously be monitored, evaluated and improved, and that this effort will be a key priority for this administration over the coming months and years.