The Cybersecurity and Infrastructure Security Agency (CISA) is undergoing a large-scale modernization process with plans to migrate the majority of its legacy IT systems to a brand-new “greenfield solution” later this year, according to CISA Chief Information Officer (CIO) Robert (Bob) Costello.
The CIO explained that CISA has been building its own environment to migrate all of its legacy IT and mission systems over the past two years, and said the agency officially kicked off this migration process “earlier this year.”
“We’ll be the only Federal civilian executive branch agency not using Active Directory when we’re done, and we should be largely done by the end of September,” Costello said on Thursday at the CyberScape Summit hosted by GovCIO Media & Research.
Costello explained that CISA wants to show the way as it advises the rest of the Federal government and state, local, tribal, and territorial governments on how to operate. He also said the migration will help CISA to achieve continued modernization efforts related to zero trust.
“What we’re trying to make CISA is an example of how you can do this so that we’re not just telling others how to do it, we’re actually implementing it ourselves,” Costello said.
“I think our zero trust journey at CISA is complex because we have a mission side … and those are the groups that work across government or with the private and public sector to advise them on how to implement cybersecurity solutions,” he said. “So, my office will be migrating about 10,000 people over the next few months that we’re moving to a solution that really hits all five pillars of zero trust.”
This shift of thousands of users will be “a pretty rough migration,” Costello said, because the agency is coming from systems that “in some cases maybe don’t need a lot of the zero trust guidance.”
Nevertheless, he said that CISA is migrating to a greenfield solution, “which is pretty rare in government.” What that means is that CISA is migrating to a completely new environment with no legacy code, which Costello said the agency is “really proud of.”
“It’s been a big change over the last two and a half years. But I think you’re going to see some big muscle movements from us in the next 30, 60, 90 days to really change how CISA operates its IT,” Costello said.