Insight by Booz Allen Hamilton

Women of Washington: Cybersecurity in government

Technology will continue to transform and agencies have to ensure their systems are up-to-date to protect sensitive and personal information from evolving cyber threats. On this episode of Women of Washington, host Gigi Schumm spoke with three female executives on how their agencies are working on ways to defend their systems and how they can work together.

The guests include Marti Eckert, chief information security officer at the Social Security Administration, Betsy Kulick, deputy program manager for the Continuous Diagnostics and Mitigation (CDM) program at the Department of Homeland Security and Marcie Nagel, principal at Booz Allen Hamilton.

Understanding potential threats is the first step in terms of protection.

Government agencies and those associated with them and U.S. citizens have to stay one step ahead of the groups, nation-states, “hacktivists,” and others that are consistently working on new ways to immobilize the federal government or steal private information.

Eckert said the techniques used by these groups are being modified or upgraded just as often as new programs are being developed to combat them.

“Our programs will also [have to] evolve to meet those new threats. But, we see that continued evolution and maturation of that threat environment,” Eckert said.

The Social Security Administration is responsible for the personal information of millions of Americans – and that is not a responsibility Eckert takes lightly.

To combat attackers who wish to steal that information, the agency’s cybersecurity program needs to be comprehensive, integrated and holistically robust. Ekert said one of the main issues the agency faces when it comes to the protection of that sensitive information is the old software of some of the legacy systems.

One solution on the surface is to upgrade to more modern technology, or to build cybersecurity programs to include protection of these existing systems.

The CDM program, a major component of the Department of Homeland Security’s Computer Emergency Readiness Team, was put in place to do just that.

Kulick has been involved in the program from the beginning, and said its main goal is to help agencies meet their obligations in terms of security. The program works both with individual agencies and groups of agencies (called Information Security Continuous Monitoring) to help government employees and contractors understand the same language and the same picture.

“As we know, agencies are very complex. They have different missions and those were some of the things holding them back,” Kulick said. “But on the positive side we’ve gotten tools for the cyber hygiene part of CDM out to all of the … agencies.”

She said almost all of the agencies (about 13) included are up to date – but you can’t protect what you don’t know about.

Alongside open cyber threats, the agencies also have to deal with internal and external shadow IT. In other words, technology developed behind-the-scenes and without leadership approval. Not always a bad thing necessarily, however, it does take a toll on asset management.

Once these threats are weeded out and as technology continues to evolve in both directions, agencies need to find the proper balance between convenience and security for their stakeholders and their information.

Booz Allen’s Nagel said that once the government builds a strong system across the agencies, the threat would become less.

“Once we build common capability across, then we can work toward automation of cyber operations to help with some of the workforce limitations that we have, [such as] automation of instant response, minimizing the time to detect respond and mitigate and then, eventually, we will get to a position where we can achieve that ongoing assessment and authorization where there [are] no more 3-ring binders,” she said.

The next horizon is the continuous monitoring inside civilian agencies.

 

Host

Gigi Schumm, Host of Women of Washington, Federal News Radio

Gigi Schumm is host of Women of Washington on FederalNewsRadio.com and 1500 AM. Women of Washington is a weekly radio program that features interviews with Washington D.C.’s ambitious and influential female executives – role models for the next generation Washington leader. Every week, Schumm interviews the most accomplished women in Washington, who share their life lessons and secrets to success.

 

Panelists

Marti Eckert, Chief Information Security Officer, Social Security Administration

Marti Eckert is the Chief Information Security Officer (CISO) at the Social Security Administration (SSA), where she is responsible for the Agency’s Cyber Security Program, ensuring the protection of the Agency’s vast information technology resources.  A career federal employee, Marti has held various Information Technology executive positions at Social Security.  She led the implementation of Social Security’s Business Services On-line suite of Internet applications which employers use to interact with Social Security.  In 2006, she became the Deputy Associate Commissioner for the Office of Systems Electronic Services where she continued to lead the implementation of Social Security services on the Internet.  In 2008, Marti made the switch from software development to hardware operations when she became the Assistant Associate Commissioner for Enterprise Information Technology Operations and Security where she was responsible for running Social Security’s day to day systems operations.  Before becoming the SSA CISO in 2013, Marti was the Deputy Associate Commissioner for Telecommunications and Systems Operations.  Marti holds a B.A. degree in political science from the University of Dayton and an M.B.A. degree from Loyola University.

 

Betsy Kulick, Deputy Program Manager, Continuous Diagnostics and Mitigation Program, Department of Homeland Security

Betsy Kulick is the Deputy Program Manager for the Department of Homeland Security (DHS) program for Continuous Diagnostics and Mitigation (CDM). As the Deputy Program Manager, she is responsible for managing the CDM program, which provides risk-based, cost-effective cybersecurity capabilities to participating federal civilian government agencies. Through acquisition contracting vehicles, it provides technical tools and services to increase network sensor coverage, automate the collection of security data, and prioritize risk alerts. Betsy was engaged with the program from its inception, helping shape the program approach and delivery to the 23 civilian Federal Chief Financial Officer (CFO) Act agencies, as well as to 45+ non-CFO Act agencies. Betsy has been supporting DHS since its establishment, having served as the Information System Security Officer for several early DHS networks, one of which connected the Federal government with private infrastructure entities. Betsy holds a B.A. degree in political science from Pomona College in Claremont, CA, a Master’s in International Affairs from Columbia University in New York City and is a Certified Information Systems Security Professional.

 

Marcie Nagel, Principal, Booz Allen Hamilton

Marcie Nagel has 17 years of experience across the information assurance and cyber security fields, leading cyber innovations within the Federal and Defense mission spaces.

At Booz Allen, Marcie leads a team of 170 geographically dispersed cyber security experts, engineers and support staff. They deliver cyber security capabilities to 80% of the .gov enterprise environment, bringing enhanced protection to four million endpoints around the globe.

Prior to joining Booz Allen, Marcie served as the VP of Cyber Security Programs for VariQ Corporation. While at VariQ, Marcie was responsible for building a Cyber practice that delivered end-to-end security solutions, and cyber thought leadership to several Federal agencies.

While in the Federal service, Marcie drove security innovations for FBI’s Office of Special Technologies. She also served active duty in the US Air Force where she led Information Assurance Programs within the Air Force Pentagon Communications Agency and overseas.

Marcie holds an MS in Information Assurance from Norwich University. In addition, Marcie holds CISSP and PMP certifications.