The federal government will invest nearly $100 million to modernize the cybersecurity operations of three agencies.
On Tuesday, the General Services Administration announced a trio of prizes under the Technology Modernization Fund that will pay for security upgrades to the U.S. Department of Agriculture’s backbone computer network, set up a security operations center multi-cloud at the Federal Trade Commission and modernize the department. of the Homeland Security Information Sharing Network.
In a statement, Federal Information Officer Clare Martorana said the rewards were part of the Biden administration’s plan to “aggressively invest in defenses and move from antiquated perimeter defenses to a security approach.” “zero trust” which confronts the capabilities and intent of our adversaries.
“These investments will implement strong multi-factor authentication, encrypt government data, rapidly detect and contain adversary activity, and continuously identify and remediate vulnerabilities,” Martorana continued.
Of the roughly $95 million distributed, more than two-thirds will go to upgrading USDA.net, which has faced “challenges meeting the program’s expanded throughput and security needs.” according to a project description for funding. The upgrades will enable faster enforcement of security policies for different software systems, provide a faster path to trusted Internet hotspots, reduce the number of USDA owned and operated networks from 17 to one and save an estimated $734 million through greater efficiency.
Another $26.9 will be used to develop a new information-sharing platform to replace work done by the DHS Homeland Security Information Network, which is used to share sensitive but unclassified data about ongoing threats between the federal government, state and local governments, the private sector and international partners. During the pandemic, the HSIN has been used extensively by the Cybersecurity and Infrastructure Security Agency, Center for Disease Control, Department of Health and Human Services, and other agencies to coordinate COVID response activities and the resulting strain. result exerted “unprecedented pressure on the DHS decade”. -old information-sharing network” that has struggled to handle increased usage.
According to the GSA, the new platform will be cloud-native, with the ability to augment computing resources for future emergencies and will include new security features that will make it easier to provide secure access to the workforce. growing distance from the federal government.
The FTC is also looking to leverage the cloud in its own $4 million funded project to implement a Security Operations Center as a service to protect consumer information, corporate documents and related data. to law enforcement. This would involve using a third-party cloud provider to host this data and the agency says this would “significantly” reduce the risk of ransomware and other forms of cyberattacks (ransomware actors rarely target federal agencies for various reasons, including because there’s almost no chance they’ll ever pay) and reduce the time employees spend on incident response. While the center reportedly focuses on protecting FTC information, Technology Modernization Fund officials may see greater potential for the idea, calling it “a repeatable foundation for future government-wide implementations of the SOC as than service”.
While the measures follow federal mandates for agencies to move their systems and data to the cloud and adopt a zero-trust architecture, they also come as cloud and managed service providers are increasingly targeted by states. -nations and criminal hacking groups precisely because they see the same trends.
Campaigns like Cloud Hopper enabled suspected Chinese hackers to steal massive troves of intellectual property, security clearance data and other sensitive records from Western companies by targeting the cloud providers that hosted their data. Although the federal government has its own dedicated verification process for cloud products through FedRAMP, officials warned that agencies that rely on commercial cloud providers may not be immune to these same threats.
“I think it’s really intuitive that [malicious hackers] We’ll follow our valuables to the new chests. Our future is in the cloud, adversaries see our data there, big cloud providers are going to be attractive targets,” said Rob Joyce, Director of NSA Cybersecurity Branch at RSA earlier this month. “This cloud adoption is growing exponentially: it’s in private industry, critical infrastructure, government – including intelligence committee – that we’ve now ranked commercial service provider clouds. So we also have skin in this game.”