VA leveraging cyber innovation on multiple fronts, CISO says
Despite a rash of recent leadership changes that have included the departures of its secretary and CIO, the Department of Veterans Affairs is exploring a series of innovation projects to help drive stronger cybersecurity operations.
Following the agency’s completion of its 35-action cybersecurity strategy in December, officials started looking to tackle a range of new technology projects to continue to strengthen its cyber posture, VA CISO Dominic Cussatt said Tuesday at the Security Through Innovation Summit presented by McAfee and produced by FedScoop and CyberScoop.
That includes exploring the use of solutions like predictive analytics, machine learning and other emerging technologies.
Cussatt said the agency is leveraging big data analytics through what he called a “cyber reconnaissance” managed service to help track potential threats across VA’s IT enterprise.
“The technology we have enables VA to use a high-performance computing capability construct to make objective, data-driven decisions quickly, effectively and accurately related to our program,” he said.
The agency is also planning to release 100 new mobile and web-based applications over the next 18 months to assist veterans through its Lighthouse Lab program.
Debuted in March, Lighthouse is VA’s application programming interface management site, providing software developers access to the agency’s data troves to help foster new innovative products for veterans.
Cussatt said that though developers will build their own apps, VA will craft cybersecurity policies and terms of service to guide them through development.
“Lighthouse is a prime example of integrating security into IT modernization,” he said. “It’s going to provide a lot of user capability right down to the veteran.”
In addition to incorporating the Department of Homeland Security’s Continuous Diagnostics and Mitigation program into its cybersecurity protections, Cussatt said VA is also looking at machine learning applications to reveal cyber vulnerabilities on its network, including from its inventory of medical devices.
As for future operations, the CISO said that VA has implemented both the cybersecurity and risk management frameworks designed by the National Institute of Standards and Technology and will position its security operations centers on an intelligence-driven model.
“Operationalization of threat intel and the use of intelligence data affects everything that we do,” Cussatt said. “The development of a threat intelligence platform will enable an organization to ingest and correlate intelligence and provide an understanding of context [of what] may threaten an organization’s business environment.”