Defense, Intell Leaders Encourage Prioritizing Cybersecurity While Sunsetting Legacy Tech

Over the last few years, modernization in the federal government has shifted from a helpful yet optional initiative to a necessary and critical component of defense, intelligence and national security missions, among others.

As federal leaders adopt new technologies, methodologies and practices to stay ahead of the curve, they’re also discovering new challenges, information technology gaps and digital ecosystem needs to address.

One such challenge that has emerged in recent years is the decommissioning — sometimes referred to as “sunsetting” — of outdated legacy technologies and systems that are being replaced by new systems. 

“We focus a lot on fielding new technologies and not a lot on getting rid of old technologies that don’t work very well,” said Gary Buchanan, chief information security officer for the National Geospatial-Intelligence Agency, during a panel discussion at GovCon Wire’s Second Annual Defense and Intelligence: IT Modernization Forum.

Buchanan warned that during this interim period — in which old technologies are being shut down and new ones are being introduced — systems can be left more vulnerable to security threats, and organizations must use heightened cybersecurity practices in order to avoid attacks and smooth the transition.

“We have to have a plan to get rid of our old hardware, our old operating systems and old software. But in the case that you can’t get rid of it immediately, or while you’re working towards your plan and it remains vulnerable and exposed, we’ve got to do a better job of isolating that equipment and increasing the monitoring of it… knowing that it’s our weak underbelly,” shared Buchanan.

For the U.S. Marine Corps, leadership has already set a plan in place to cut IT redundancies, eliminate idle or unnecessary systems and better understand what is on its networks as it pursues more robust cybersecurity.

USMC’s Assistant Director and Deputy CIO of IC4, Renata Spinks, said the service branch’s network modernization plan outlines “how we divest of things that are on the network that either are no longer in use or no longer valid.” Spinks also explained that task forces are in place to ensure that this work is being done and the Marine Corps’ priorities, especially regarding cybersecurity — are being met.

Now, the Marine Corps is focused on learning from recent cyber attacks and major breaches, like Log4j, which have highlighted the urgent need for enhanced visibility into the service branch’s networks.

“Log4j really shook us a little more than SolarWinds,” Spinks said. “So as we focused on Log4j, we really had to look at the technology that we had in place for asset visibility.”

Spinks expressed the importance of not being “married to one vendor,” explaining that a wide base of industrial partners can help government agencies and military branches better understand their own priorities and carry them out in ways that are highly secure.

Ian Fowlie, chief of Enterprise Information Technology Engineering for the Defense Intelligence Agency, concurred with his fellow panelists, asserting that “mitigating cyber threats is a must-do” for the DIA, and that a multi-vendor approach will help the intelligence community achieve a more secure, “infrastructure agnostic” future as it moves to the cloud.

“We truly want to not be put in a position by our partners to have to rebuild applications and other capabilities over time, regardless of whether it’s on-prem or cloud,” Fowlie explained. 

“We’re looking for vendors to provide us the ability to leverage a truly infrastructure agnostic environment. And where industry can help us personally is with either containerization as we understand it today, or maybe some future next-gen capability, and how to best utilize that containerization so we can maximize the benefit of a multi-cloud environment from both an efficiency and an effectiveness perspective,” he added.

Learn more about IT modernization from a Department of Defense perspective during GovCon Wire’s 2023 DoD: Digital Modernization Forum on Jan. 12. Lisa Costa, chief technology and innovation officer for the U.S. Space Force, is slated to deliver a keynote address. Register here to save your spot today!

Video of the Day

GovCon Wire Logo

Sign Up Now! GovCon Wire provides you with Daily Updates and News Briefings about Cybersecurity

Related Articles