At the U.S. Patent and Trademark Office (USPTO), cybersecurity is at the forefront of mission goals that include transitioning to cloud systems, a new cyber training regimen for USPTO remote examiners, and a new insider threat program, and agency official said April 14.
During the FedInsider Technology Innovation: Guidelines for Government Modernization webinar on, USPTO CIO Jamie Holcombe spoke about the workforce training needed to prepare personnel for the constantly evolving cybersecurity threat.
“The USPTO has launched a new cybersecurity awareness training for all of our remote examiners and it has been great because what we did was we gamified what was previously just a PowerPoint slide session— very static, very boring,” said Holcombe. “When you gamify something, you engage them, you’re asking questions based on a video, and depending upon your answers, that’s the way the game goes and it was really engaging for people so much so that we’ve got great feedback,” he added.
Holcombe went on to say that the agency is starting an Insider Threat Program, and moving systems to the cloud, while implementing zero trust security architecture concepts to boost cybersecurity for the agency. He said USPTO wants personnel to embrace cybersecurity rather than be fearful of it, and ensure that personnel are aware of threats trying to “get you.”
Going forward, USPTO is building a new data center in Manassas, Va. to increase resiliency and back up the data center located in Alexandria, Va. USPTO also has plans to build a data center “west of the Mississippi” in the future, Holcombe said.
Gregory Crabb, CISO and vice president at the U.S. Postal Service (USPS), spoke during the same event about the cloud transition at the Postal Service, and how security is built into the foundation of that migration.
“Security is the foundation of all of the investments that we’re making from a cloud perspective. You can’t go to the cloud, unless you’ve got a secure foundation,” said Crabb.
The USPS CISO went on to say that incorporating security is an engagement, and that one must have the right foundations.
“As I talked to the my business colleagues, as well as my IT colleagues, we start with making sure that we understand what the business objectives are and determine the level of controls, sensitivity of the information, and, criticality, of the information that that system is going to hold so that we can determine, and make the right investment diverse pretty perspective for that particular cloud implementation, whether that’s a [Software as a service] solution or whether it’s an [Infrastructure as a service] solution, or what have you,” Crabb explained.