The Government Accountability Office (GAO) is taking steps to use cloud-based services and implement automated processes into its capabilities that the government watchdog uses to assess Federal agencies’ operations, a GAO official said on March 18.
Dave Hinchman, GAO’s director of IT and cybersecurity, said the organization is taking steps to integrate cloud technology and more automation to improve its workload efficiency and combat exposures to cybersecurity threats.
“This is looking at proactive cybersecurity tools that can track anomalies that are spotted in the network, as well as blocking malicious attacks, which every Federal agency deals with,” Hinchman said during GovExec’s Streamlining Security, Operations, and Compliance: Automation Strategies for Federal Agencies webinar.
Daren Presbitero, a cyber security advisor at ThunderCat Technologies, said this type of automation is essential to overcome the burden of information processing placed on human employees at agencies. He emphasized that automated processes can help work through the volume of security issues an agency faces.
“We don’t have enough human capital to throw at the problem anymore,” Presbitero said.
While GAO engages in its own automation and cloud integration process, Hinchman recommended that other agencies do the same, and advocated a “start small” approach.
“Find something that doesn’t have a big impact on the organization, get it in place, get the case out, make sure it’s working, and slowly, incrementally, roll this out throughout the organization,” Hinchman advised.
Navid Wlotzka, Federal principal solutions engineer at software company Tines, agreed with Hinchman on the need to slowly integrate automation into agency workflows. He said a “crawl-walk-run” approach is the best way to gradually bring automation into an agency.
“It’s starting with low lying processes that are easy to automate and that don’t have a huge impact on other systems within the agency and slowly introducing automation within the agency,” Wlotzka said.
Hinchman also recommended agencies develop plans to educate employees on the anticipated impact of automation and to get to know industry partners that provide services.
“That means sitting down with vendors, making sure that you are really going to develop partnerships with these industry folks, and make sure that they understand what it is that you want,” Hinchman said.
Presbitero echoed Hinchman’s ideas and focused on the impact of automating services on agency workforces – and the resulting culture shift that automation will bring.
“Put together a plan that involves training and involves all the different stakeholders really focusing on the people and culture side more than anything else,” Presbitero said. “I think you can see some success when you do it that way.”
Hinchman also pointed agency leaders to GAO’s cybersecurity program audit guide to ensure automation efforts are aligned with GAO standards and best practices to effectively implement automation efforts.
“Sit down with that, look through the things that we would look at if we were coming to audit your cybersecurity program, and use these talking points as questions”, Hinchman said.
