CyberCast

The new year began with a new White House executive order on strengthening and promoting innovation in cybersecurity, building on previous efforts, like the National Cybersecurity Strategy, to enhance the security of the nation's digital infrastructure. Looking into 2025, Deputy Assistant Director of FBI's Cyber Division Cynthia Kaiser said her division plans to leverage emerging technology like artificial intelligence to thwart cyber adversaries and better detect threats around critical infrastructure, while aligning with federal policies and directives. Kaiser's division is also advancing patch management and other AI-enabled technology to boost resiliency. Kaiser highlighted some of the top exploited vulnerabilities FBI has seen over the recent years, the agency's special partnership with CISA as well as the importance of the "Secure by Design" model to counter cyber attacks. Be sure to follow our primary channel, GovCIO Media & Research podcasts, for all episodes.

CyberCast, along with GovCast and HealthCast, will now be published in the GovCIO Media & Research Podcasts feed. Subscribe and listen today on the podcast platform of your choice.

The Department of Education is kicking off the second phase of its zero trust strategy by focusing on security orchestration and automation response to stay ahead of the evolving threat landscape. Education CISO Steven Hernandez discusses how the agency is tailoring its cyber tools and technologies by automating manual processes and leveraging identity, access and credential management (ICAM) solutions to improve the user experience and further zero trust.

Federal agencies are modernizing their cybersecurity strategies as threats continue to evolve. Faced with the National Cybersecurity Strategy, zero-trust implementation and recruiting a cyber workforce, agencies are primed for a busy 2024 in cyber and IT. Managing Editor Ross Gianfortune and Staff Writer/Researchers Nikki Henderson Whitfield and Jordan McDonald break down some of the biggest developments ahead for federal IT and cyber leaders. Featured episodes include: 7:05: The National Cyber Strategy https://governmentciomedia.com/listen-open-source-software-national-security-priority 10:28 The 6 Core Principles Vital to Building a Robust Culture of Cyber Readiness https://governmentciomedia.com/listen-6-core-principles-vital-building-robust-culture-cyber-readiness 16:33 How the Pentagon Plans to Fill 30,000 Open Cyber Positions https://governmentciomedia.com/live-afcea-technet-cyber-how-pentagon-plans-fill-30000-open-cyber-positions 21:34 National Cyber Strategy Supports a More Resilient Water System https://governmentciomedia.com/listen-national-cyber-strategy-supports-more-resilient-water-system 17:15: FEMA is Leveraging AI to Secure Networks https://governmentciomedia.com/listen-fema-leveraging-ai-secure-networks This episode is sponsored by Zscaler.

The White House released its National Cybersecurity Strategy in March and is ending the year with the first permanent National Cyber Director in nearly a year. On CyberCast, we covered it all. Take a listen back to some of the highlighted interviews with federal IT leaders, officials and experts this year as CyberCast traveled to Hawaii, California and Maryland. Our team interviewed leaders from agencies including the Federal Emergency Management Agency, the Cybersecurity Infrastructure Security Agency, the Department of Veterans Affairs and the Environmental Protection Agency. On this year-end episode of CyberCast, Managing Editor Ross Gianfortune, and Staff Writer/Researchers Jayla Whitfield and Jordan McDonald reflect on the most memorable episodes and cybersecurity topics of 2023. Featured episodes include: 1:45: The National Cyber Strategy https://governmentciomedia.com/listen-open-source-software-national-security-priority 7:00 Where the White House Wants Agencies to Prioritize Cybersecurity Investments https://governmentciomedia.com/listen-where-white-house-wants-agencies-prioritize-cybersecurity-investments 12:45 How the Pentagon Plans to Fill 30,000 Open Cyber Positions https://governmentciomedia.com/live-afcea-technet-cyber-how-pentagon-plans-fill-30000-open-cyber-positions 17:15: The White House Wants to Fix the Cybersecurity Workforce https://governmentciomedia.com/listen-white-house-wants-fix-cybersecurity-workforce

This episode we're diving into zero trust at the Defense Department. Specifically, how that is playing out for the Indo-Pacific region. We recently had the opportunity to connect with several leaders at the AFCEA TechNet Indo-Pacific conference in Honolulu where they shared with us how they're thinking about this quickly changing landscape and what it means for cybersecurity. This includes an update on DOD's review of submitted zero trust implementation plans, and also a peek at some of those plans at the Air Force and Indopacom. Featured interviews include: Randy Resnick, Director, Zero Trust Portfolio Management Office, DOD. https://governmentciomedia.com/dod-zero-trust-chief-were-start-multi-phased-journey Justin Stolpman, Director, Zero Trust Functional Management Office, Air Force. https://www.governmentciomedia.com/air-force-eyes-next-gen-gateways-amid-zero-trust-plan Paul Nicholson, Deputy CIO and Executive Director of Coalition Communications, Indopacom. https://governmentciomedia.com/look-zero-trust-theater-indopacom

FEMA is developing prototypes for AI use cases in cybersecurity implementation amid a White House artificial intelligence executive order that directs agencies to establish and maintain standards for safety and security of the technology. FEMA CISO Gregory Edwards discusses how the rapid pace of AI innovation is spurring partnerships across federal agencies to work together to leverage best practices for their missions. He also provides an update on the agency's zero trust journey, how his office is anticipating future of cybersecurity needs and how he's balancing that with modernization initiatives.

The Environmental Protection Agency is honing in on multiple pillars from the National Cybersecurity Strategy to secure critical infrastructure at its water and waste-water operations. The agency deems water security to be national security and is an area that needs critical attention. Efforts are underway to increase cyber awareness in the water sector and ensure systems remain resilient. EPA cybersecurity leaders Douglas Vick and David Travers break down what the threat is to the nation's water systems and how two programs are helping mitigate risks and ensure water services operate without disruption. Additionally, the officials highlight some of the new tools that are helping the agency boost overall cyber resiliency across its workforce.

The U.S. Digital Corps is bringing innovation to government by placing early-career technologists at agencies. Operated by the General Services Administration (GSA) Technology Transformation Services (TTS), the Corps' fellowship program gives individuals the chance to work on critical issues at the intersection of technology and public service. Digital Corps fellow Brittney Wright is on the cybersecurity track, assigned to the National Institutes of Health (NIH). Wright is passionate about cybersecurity and said she wants to provide hope to others that are looking to pivot into the field. She discussed her journey to cybersecurity and the ongoing talent gap that the government faces.

Bad actors accessing sensitive government data through vulnerable weak points is an ongoing concern for federal IT officials, who are making securing data a top priority amid digital modernization. Challenges in data security arise when you need to balance it with efficient data access while keeping threat actors out. In this episode, we break down some of the best practices in this area and feature insights from federal leaders at the departments of Veterans Affairs and Defense. Cited officials include: Army Cyber Command's Lt. Gen. Maria Barrett (https://governmentciomedia.com/live-afcea-technet-cyber-army-cyber-command-tackles-emerging-trends-cyber-workforce ) DOD Principal Director for Cybersecurity Mark Hakun (https://governmentciomedia.com/listen-dods-portfolio-management-office-accelerates-adoption-zero-trust ) VA Deputy CISO Jeff Spaeth (https://governmentciomedia.com/listen-look-inside-vas-zero-trust-first-cybersecurity-approach ) This episode is sponsored by Cohesity.

The U.S. Digital Corps is bringing innovation to agencies through early-career technologists. Operated by the General Services Administration (GSA) Technology Transformation Services (TTS), the Corps' fellowship program gives individuals the ability to find themselves working on critical issues at the intersection of technology and public service. Digital Corps fellow Jamila Crawford on the cybersecurity track in the program is assigned to the Cybersecurity & Infrastructure Security Agency (CISA). She discusses her work at CISA's Shared Services Division, her career and cybersecurity priorities in government.

JCDC Partnerships International, which sits within CISA's cybersecurity division, works with 150 partners worldwide with the goal of sharing and exchanging critical information allowing the U.S. to respond to cyber threats faster, protect the country's critical infrastructure more effectively and relay that information to its international counterparts to do the same. Patricia Soler, Section Chief for JCDC Partnerships International at CISA, discusses the mechanisms that a fast-growing organization like CISA needs to have in place to process large volumes of information that can be shared with public and private sectors and its international partners. She also talks about CISA's ransomware notifications that alert organizations of a ransomware attack before the damage occurs.

The Department of Veterans Affairs is amid a cybersecurity modernization plan to put identity management and zero trust at the forefront of the biggest security threats facing technology teams. Jeff Spaeth, deputy CISO and executive director of information security operations at VA, is a bit of a boomerang. A veteran himself and longstanding cybersecurity professional, he returns to VA under a new cybersecurity modernization strategy. Spaeth discusses what this "Zero Trust First" strategy looks like, the key tools the agency employs to stay ahead of threats and where he sees emerging technologies impacting the space most. This episode is sponsored by CyberArk.

In its recently released National Intelligence Strategy, the Office of the Director of National Intelligence outlines the strategic direction for the Intelligence Community (IC) over the next four years. In it, Director of National Intelligence Avril Haines notes the dramatically changing environment in which the IC operates, including the IT environment. Innovation, information sharing and cyber workforce development are points of emphasis in the document, which reflects the input of officials from each of the 18 elements making up the IC.

The White House recently released it National Cyber Workforce and Education Strategy to enhance and unleash America's cyber talent. The plan addresses the workforce needs in the public and private sectors by introducing cybersecurity concepts throughout all levels of education. The document proposes making advanced occupational training in cyber more accessible and affordable. Agencies and industry partners have signed onto the document, which builds on longstanding White House workforce goals. Staff Writer Anastasia Obis and Managing Editor Ross Gianfortune discuss the document's points of emphasis, its goals and the cybersecurity workforce challenges which the White House looks to address with the plan.

Military cyber leaders repeatedly say zero trust is critical, essential and integral to the Defense Department's Joint All-Domain Command-and-Control (JADC2) concept. A zero trust approach to cybersecurity helps organizations improve data security, manage users on the network and facilitate data interoperability, all key components of JADC2. Enjoy this preview of our upcoming GovFocus, "Zero Trust Enabling the Future Joint Force," featuring leaders from U.S. Navy and industry. Register to watch at https://governmentciomedia.com/govfocus/zero-trust-enabling-future-joint-force

The Office of Management and Budget along with the Office of the National Cyber Director released a memo laying out cybersecurity investment areas that agencies will have to include as they make their budgetary decisions for the next fiscal year. We break down those investment areas, how it ties to the recently released National Cybersecurity Strategy and what to expect in the coming months.

Emerging technologies are proving to be very beneficial to the National Oceanic Atmospheric Administration when it comes to climate modeling, behavior analytics and its overall mission. Not only has automation technologies played a key role in NOAA's weather forecasting and environmental monitoring, but also machine learning has been a huge help in the areas of threat detection and vulnerability assessment. Longstanding cyber leader Chi Kang, deputy director for operations in NOAA's Cyber Security Division, highlights some of NOAA's cyber modernization goals for this year including how the agency is working to attract the best cyber talent and moving closer toward a zero-trust architecture.

Since 2018, the Department of Veterans Affairs has been on a journey to the cloud to streamline operations, drive down expenses, better protect data and improve business operations. The agency's Deputy Director of Infrastructure Operations Kendall Krebs explains how VA is looking to not only use cloud to improve the speed and quality of its application development, but also secure this digital environment — leveraging platforms like VA Platform One (VAPO) to speed authority to operate and trim application deployment cycles. Throughout this journey, culture change is key. Krebs dives into next steps and latest updates.

The Marine Corps is on track to being one of the most distributed forces ever with significant command, control, communications, intelligence and cyber capabilities. A unified network with modernized network equipment is critical to operating in this environment. Cyber Technology Officer Shery Thomas discusses the Marine Crops' efforts to combine networks with multiple classification levels into a single enterprise, how the service plans to better secure its systems and bring those capabilities to the edge.

The ultimate goal of the Army's recently established Zero Trust Functional Management Office is to have a secure unified network that is defended by a fully implemented zero trust framework that will enable multi-domain operations and accomplish the Army's missions. Col. Michael Smith, director of this office, details next steps for zero trust implementation across the enterprise to get to the goal of full zero trust adoption for the Army by 2027.

The Pentagon has a cyber workforce problem: 30,000 cyber positions remain unfilled, but malicious cyber activity isn't slowing down. Defense cyber leaders warn future conflicts will combine kinetic and information warfare, elevating the importance of a robust cyber workforce. DOD Principal Director for Resources & Analysis Mark Gorak joins us live from AFCEA TechNet Cyber 2023 in Baltimore to discuss these challenges and his plans to address them.

Defense Department CIO John Sherman joins us live from TechNet Cyber 2023 in Baltimore, Maryland, to peel back the layers of the Joint Warfighting Cloud Capability (JWCC) and the department's zero trust strategy to show how they're informed by JADC2 priorities and contribute to better data transport and interoperability with coalition partners. Sherman also discusses how cloud initiatives at the military services will complement JWCC efforts.

Live from TechNet Cyber 2023 in Baltimore, Maryland, Defense Department Deputy CIO Lily Zeleke and Chief Software Officer Rob Vietmeyer discuss software factories, DevSecOps, zero trust and the Joint Warfighting Cloud Capability (JWCC). These IT modernization initiatives are transforming the department to be more tech-savvy as information dominance becomes critical to winning future conflicts.

Operating and hardening the Defense Department's networks is a highly complex undertaking. Training and retaining the workforce, keeping up with a constantly changing environment of technology and emerging capabilities and threats are continuous challenges not just for the Army, but also for all the services. Lt. Gen. Maria Barrett, commanding general of Army Cyber Command, discusses how Army Cyber forces are working globally to secure networks, responding to the needs of the warfighter and preparing for the future of cyber warfare.

The Defense Information Systems Agency (DISA) awarded a $7 million zero trust prototype, called Thunderdome, to Booz Allen Hamilton last year and recently completed the pilot. Cybersecurity & Analytics Director Brian Hermann discusses next steps for zero trust implementation across the Defense Department.

As security concerns grow, phishing attacks are threatening students and educators in schools across the country. The Cybersecurity Infrastructure Security Agency's new K-12 Report outlines what schools can do to better protect their systems from cyber intrusions and overall risks. The report highlights three key areas, including investing in security controls, addressing resource constraints and focusing on information sharing. CISA is also collaborating with the Department of Education to boost security in technologies schools depend on. Kelly Thiele, chief of phishing assessments at CISA, discusses more about this report, as well as how the agency's six core principles from its Cyber Essentials Guide provide simple, prioritized actions that other organizations can take to ensure their systems and workforce are cyber ready.

Faced with growing ransomware threats, phishing attempts and more, the Department of Veterans Affairs is reevaluating what it means to be "secure" in a hybrid environment. VA CISO Lynette Sherrill outlines the agency's cybersecurity strategy and emphasizes the importance of identity management through multi-factor authentication and least privileged access to secure critical IT systems and veteran data.

Upon the release of the White House's new National Cybersecurity Strategy, federal IT and cyber leaders reviewed current cyber risks and strategies at GovCIO Media & Research's first in-person event of the year, CyberScape: Insider Threats. Managing hybrid cloud security vulnerabilities, reducing technical debt, limiting the spread of shadow IT and securing open-source software were major talking points.

Drawing on her experience as a CTO in the private sector, Assistant National Cyber Director for Technology Security Anjana Rajan centered national discussions around open-source software security against the backdrop of the Russia-Ukraine war. Rajan identified risk drivers and solutions for bringing cybersecurity to the forefront of IT per the Biden administration's new National Cybersecurity Strategy during the closing fireside chat of GovCIO Media & Research's CyberScape: Insider Threats event.

The Enduring Security Framework, a public-private partnership with NSA as its executive secretariat, released a new product examining the benefits, security risks, deployment, and benefits of 5G network slicing. Based on the previously published work "Potential threat vectors to 5G infrastructure," the new document provides an executive overview of the risks involved with deploying network slicing, including potential management strategies. Learn about the Enduring Security Framework, the work they do, and their assessment of the threats to a network slice and the 5G infrastructure as a whole.

With a challenging maritime computing environment, the Coast Guard supports several missions for the departments of Defense and Homeland Security. Assistant Commandant for C4 & IT Rear Adm. Christopher Bartz discusses his workforce, cybersecurity and tech priorities, including how he's approaching the service's own take on interconnected data systems akin to DOD's JADC2 as well as a new software factory.

CISA's Joint Cyber Defense Collaborative (JCDC) announced a 2023 planning agenda to stay ahead of persistent cybersecurity threats to federal agencies, such as supply chain risk and open-source software. Learn why these threats are so high profile and how federal agencies across defense, health and civilian sectors are working together to share critical information about cybersecurity risks and incidents. Don't miss a fascinating tangent where we decide which superhero represents which federal agency.

As the Coast Guard prepares to launch its first software factory later this year, Deputy CIO Brian Campo discusses how his prior experience as CTO for the Department of Homeland Security prepared him to lead the Coast Guard into a more cybersecure future with zero trust, a continuous authorization to operate (cATO) approach and a strong foundation in data management strategies.

Cybersecurity will always be a critical issue. In 2022 federal agencies developed targeted strategies and frameworks to stay ahead of the evolving threat landscape. Our hosts reflect on the top news and trends of last year, including new zero trust strategies out of the departments of Defense and Veterans Affairs, evolving tech and cyber workforce frameworks, plans to combat ransomware and more. Plus we discuss how these efforts will pave the way for progress in 2023.

The Vulnerability Disclosure Program (VDP) is the youngest directorate within the Defense Department (DOD) Cyber Crime Center. Established in 2016, it's the sole focal point for receiving all vulnerability reporting at the agency, and it is uniquely positioned as it engages private-sector white hat researchers to support its mission. In January 2021, it expanded its scope from only public-facing websites to all publicly accessible DOD information systems. VDP Director Melissa Vice briefs how the program engages the security research community to strengthen network defenses, highlights the recent year-long pilot program for the Defense Industrial Base, and talks through her priorities for the coming year.

Global dependence on technology blurs the lines between national and cybersecurity, elevating the importance that consistent collaboration and information-sharing has in the industry. ODNI Director of Cyber Threat Intelligence Integration Center Laura Galante discusses the prevalence of disinformation and how the rapidly shifting cyber landscape impacts the intelligence community.

Identity management is a key factor to creating a robust cybersecurity strategy. GSA's newly published Privileged Identity Playbook helps federal agencies implement and manage a privileged user management function as part of an overall ICAM program. GSA's Identity Assurance and Trusted Access Division Director Key Myers and CISA IT Specialist Ross Foard discuss the playbook's implications and best practices around identity management. Privileged Identity Playbook: https://playbooks.idmanagement.gov/playbooks/pam/ CDM Program Information: www.cisa.gov/cdm

The CyberCast Ransomware Miniseries comes to a close with advice from CISA, which serves as the federal hub for cyber training, awareness and resources for industry and federal agencies. CISA National Risk Management Center Assistant Director Mona Harrington discusses trends such as triple extortion and ransomware-as-a-service and how strategies such as network segmentation and cyber incident reporting can help.

Mobile devices have become a prime target for malicious actors and ICE is using zero trust to significantly improve threat detection and data protection. In this episode, ICE CISO Rob Thorne also highlights the importance of applying zero trust principles to enterprise mobility and how cyber hygiene activities are helping to propel the agency on its path to zero trust. This episode is sponsored by DataDog.

The Army has been testing an application that would let its soldiers and civilian employees access the Army's network through their personal devices. It is ready to scale up from under a thousand users to almost 20,000 employees. Lt. Gen. John Morrison, Army deputy chief of staff, G-6, provides more details on lessons learned from the program's pilot, associated cybersecurity concerns, and how zero trust principles play a crucial role in securing data access. Morrison also touches on the Army's new Google Workspace partnership and laying the foundation for DevSecOps.

Hybrid cloud creates new efficiencies but can also cause new cybersecurity risks. The Defense Information Systems Agency (DISA), which helps lead cloud modernization for the Defense Department, needs strong partnerships with cloud vendors to maintain a strong security posture. Strategies such as "environment as code," DevSecOps and zero trust can help improve user experience while limiting vulnerabilities and strengthening overall cybersecurity. This episode is sponsored by ThunderCat and Dell Technologies.

GovCIO Media & Research has had a busy two weeks, hosting back to back CyberScape events on zero trust and data and automation security. Join deputy editor Kate Macri and staff writer/ researcher Sarah Sybert for a CyberScape double album, where they unpack the top takeaways from the sessions.

ICE is turning to its Homeland Security Investigations Cyber Crimes Center for assistance when it comes to getting a handle on the recent spike in ransomware, cyber fraud and other malicious attacks. ICE Division Chief of the HSI Cyber Crimes Center Matt Swenson also talks about a new cyber intelligence initiative that is providing ICE with a better way to make use of data and enhance the investigation process.

Federal agencies are accelerating cyber programs and initiatives to stay up to speed with the quickly changing landscape. Deputy Editor Kate Macri and Staff Writer Sarah Sybert unpack top takeaways from the summer, including upcoming cybersecurity workforce strategies, DOD's new five-year zero trust strategy and new directives around supply chain security.

The Defense Department's second iteration of CMMC will soon be released with a focus on cyber hygiene and cybersecurity basics. DOD's CMMC lead, Stacy Bostjanick, discusses the importance of the guidelines and DOD's cyber expectations for the Defense Industrial Base — live from the Billington Cybersecurity Summit.

Federal cyber leaders want more women in cyber and national security roles, but many women don't know where to start. CYBERCOM Commander Col. Candice Frost discusses the importance of mentorship and offers practical advice for closing the cybersecurity workforce shortage and bringing more women into those roles.

Retirement plan data is vulnerable to a variety of threats, including malware, ransomware, phishing, spoofing, business email compromise, social engineering, account takeover and privilege abuse, making it a critical priority to protect. Department of Labor Acting Assistant Secretary for Employee Benefits Security Ali Khawar discusses how new cybersecurity guidance over the past year has helped keep information secure.

The Defense Department's 5G-to-Next G Initiative will help strengthen networks and pave the way for 5G implementation to securely operate at the edge. The "Operate Through" portion of the initiative is leveraging infrastructure already in place for enhanced communication while preventing adversaries from obtaining sensitive mission details — with the millimeter wave spectrum playing a key part in this effort. Director of the Operate Through 5G Initiative Dan Massey provides more details about how this new program is taking DOD's network security to the next level.

The FBI has been keeping tabs on the evolution of ransomware, and in recent years ransomware attempts and incidents have risen significantly in both sophistication and severity. The latest in this ransomware miniseries talks to FBI's Cyber Section Chief Bryan Smith on how the agency's investigation and mitigation tactics have advanced alongside these cyber crimes — including best practices to make your organization resilient amid growing threats.