Interior used the massive hack of feds data to shore up cyber

When the massive hack that impacted 22 million federal employees happened last year, the Interior Department’s role was swallowed up in the aftermath of the cyber attack.

But for Sylvia Burns, the Interior Department’s chief information officer, it was one of the worst and best times of her career.

Sylvia Burns is the Interior Department's chief information officer.
Sylvia Burns is the Interior Department’s chief information officer.

“In terms of how we responded to the situation, I’m very proud of my team and the how the department responded. We didn’t shirk our responsibility. I think we stood up and took an honest look at what was going on and we still are. Some of these things are hard and they can’t be solved overnight, and they require a lot of support because of the complexity and cost,” Burns said on Ask the CIO. “We spent a lot of time as this was happening and we became aware of it, we spent a good four or five months focused on remediation of where the problem was. Part of what we also did was we engaged the broader community, both the IT community as well as the mission.”

Earn 1 CPE credit and learn about the expansion of risk management in government with analysis from GAO and Justice OIG. Register now for the free webinar.

Interior’s role in the massive breach the Office of Personnel Management suffered last year was small but significant. DoI hosted the OPM personnel file database that hackers breached and resulted in 4.2 million former and current federal employees having their personal and private information stolen.

Advertisement

Burns said those post-breach discussion helped Interior deal with some longstanding cyber problems, such as implementing two-factor authentication using smart identity cards under Homeland Security Presidential Directive-12 for its network, remote access and for email.

“Those were hard decisions to make, but they weren’t just my decision alone. It was my decision that we absolutely needed to do it from a cybersecurity perspective, but I also have to think with the leadership of the department about mission impact. So even with the fact that these hard things happen and we have to do them, and they have mission impact, we go in with our eyes wide open and understand what the impacts are and deal with them separately,” she said. “The whole experience helped Interior and IT mature and actually become more close together, and for IT to be closer to the mission. Frankly, I think we couldn’t be talking about some of the things we are talking about now —which I can’t share with you because they are still being baked in the oven — but we couldn’t be even talking about some of those things had we not gone through that experience. While horrible, it also was extremely valuable to us.”

Despite these efforts, the Interior inspector general in August found major problems with the agency’s cybersecurity efforts. Auditors found Interior is relying on outdated cyber controls, instead of the latest ones from the National Institute of Standards and Technology.

Burns said she is taking DoI’s cyber problems seriously and is making progress, particularly with the Continuous Diagnostics and Mitigation (CDM) program run by the Homeland Security Department.

“We’ve put a ton of effort and attention on implementing the tools on DHS’ schedule, because they provide money for that,” she said. “It’s not just about the tools, but there is something here about the organization and getting them to care about cybersecurity. I feel like I’m a little bit of an evangelist in going and talking with the mission people and letting them understand what our situation is and let’s figure out game changers. We are in a very precarious situation in the broader environment with cybersecurity. How do we change the game so we can do our jobs and not be at the mercy of hackers out there? I think everybody is trying to figure that out. I’m trying to do that in a way that is very inclusive and collaborative with all the bureau IT leaders and their mission leadership as well for us to find things we can do differently.”

Along with cyber, Burns is looking to the cloud to do things differently.

She said Interior’s initial move to the cloud with email has been a positive experience, and now Burns is looking for other opportunities.

She said Interior will be taking mostly a hybrid approach to cloud — using both public and private cloud options.

“We don’t have to sustain an internal infrastructure for this. Think about how this would be in the past, we would have to get servers, get all the right software on it and get people to maintain all that stuff in our data center,” Burns said. “Whether or not if it would’ve worked just because I don’t think the federal government is on the cutting edge in being up on all of our skills in technology. In some cases, the private sector is better so why wouldn’t we consume it. It is better, faster, cheaper so we should consume it. We are and we are reaping the benefits.”

She said Interior no longer has to worry about whether email or any of the cloud-based systems are working, and IT personnel can focus on more complex challenges.

Burns said the cloud is impacting its mission on a large scale for the wildland firefighting effort. She said because firefighting is interagency, intragovernmental and international, Interior had to come up with a collaboration space using Google Apps for government.

“The minute they hit a scene or an incident, it doesn’t matter if you are a fed or local guy, you are supposed to be there as one team working on the fire, and they have IT systems that support that. IT doesn’t work as good because IT wants to recognize you as you belong to the Department of Interior or you are part of the state of California,” she said. “The wildland fire group a few years ago started a pilot with this thing they called FireNet, that used Google Apps for Government in the cloud. It was about creating a collaborative space for them to work seamlessly across differently organizations. We came in over the past two years, went out and went out and visited them and actually came up with this thing that we are doing now. We will be releasing it in larger chunks of the pilot and we are hoping to get hundreds, if not thousands, online from the wildland fire community.”

Additionally, Interior’s modernization efforts start with the question: “Is it viable for the cloud?”
Burns said tools such as learning management or case management or forms are in need of updates and the cloud will play a big role in those efforts.