The Department of Homeland Security (DHS) is focused on modernizing its mindset to tackle a host of pressing issues including reducing its reliance on legacy systems, competing to attract cybersecurity talent, and combating supply chain threats, said DHS CIO John Zangardi today at the Billington Cybersecurity Summit.
“We’re in a very, very different world than we have been in the past,” said Zangardi. “I’ve been in government for a long time. We’re really good at routine. But cyber threats are asymmetrical. The adversary’s not thinking about routine, the adversary is thinking about how to do things differently.”
On the security front, Zangardi highlighted the importance of shifting the agency’s mindset through better cyber hygiene and user training. He noted that among the 30 million emails received by DHS from December 2017 through May 2018, only 10 employees clicked on malicious links or attachments, and no users were confirmed to be compromised. “If we catch you one too many times, you’re going to receive remedial training. At some point I have to take away your rights,” he said.
“The perspective is increasingly global, whether you’re thinking about it in terms of marketing or manufacturing,” he said, describing the greater reach of companies like Huawei, a China-based maker of communications equipment that has been accused by U.S. authorities of being a security threat.
Zangardi discussed the importance of securing supply chains to reduce DHS’ attack surface, and how his office is working with the National Programs and Protection Directorate to evaluate threats and make decisions on whether threats can be mitigated or need to be removed from the supply chain. “We have to be really good at supply chain risk management,” he emphasized.
“When I got to DHS, one of the things I realized is that we have to do network modernization,” said Zangardi. He described how DHS has plans to utilize the Enterprise Infrastructure Solutions (EIS) contract, including standing up an EIS program management office, meeting with vendors to discuss the contract, and budgeting for new networking equipment in fiscal year 2020 to align with the contract’s schedule. “We also need to move to the cloud, for a couple of different reasons. We want to get off old infrastructure, and we want to reduce costs,” he said.
Throughout his presentation, Zangardi noted the importance of finding talented individuals to help the department make progress on its list of priorities.
“I can’t compete with you,” Zangardi said, looking to the industry attendees in the audience, “but the consumer expectations are increasingly more challenging.” Among other initiatives to free up resources, Zangardi said DHS is working to speed up software acquisition.
He said the importance of agency’s mission and the quality of its work are major factors in retaining personnel. “The employee has to make a trade-off between compensation, quality of life and job satisfaction. I can’t compete on compensation, but I can offer a reasonable salary. I have to work on job satisfaction,” he said.
Zangardi also described how DHS is looking toward creating a system that focuses on strategic recruitment and allows for dynamic career paths, skills-based pay and continuous feedback on performance. “We’re trying to move this way in DHS but it’s a challenge when you’re dealing with a system that dates back to 1949,” he said.