Cyberattacks on internal users through phishing attacks or shadow IT are some of the most pervasive cyberthreats for government agencies. To combat this, agencies are working to change their culture to focus on security. Gary Washington, the chief information officer for the Department of Agriculture, is working to implement this mentality, which he says starts from the top down. Washington also leads the department’s cyber workforce efforts, trying to bolster the cybersecurity skills of his own employees. Washington sat down with Federal Times at the ACT-IAC Imagine Nation ELC 2019 conference, held in Philadelphia in October 2019, to discuss cybersecurity and emerging technology at USDA.
You’re known to be a champion of the cyber workforce. What are some of your plans in the next year to bolster that workforce?
OBVIOUSLY, WE WERE A part of a lot of reskilling efforts that the Office of Management and Budget is sponsoring through the Federal CIO Council, but we’re trying to broaden this mindset that cyber is everybody’s responsibility. And we’re being very strong in making sure that we practice the proper cyber principles on a daily basis, you know, in terms of protecting our data, making sure that we decrease, to the extent we can, the vulnerabilities we have, making sure all our systems are secure — those kinds of things. And we follow federal guidelines in terms of how it’s supposed to be implemented.
How do you make sure that people know that cybersecurity is everybody’s responsibility? How do you push that out?
WELL I THINK IT starts at the top. And our secretary, our deputy secretary — they’re very engaged in what we’re doing with cybersecurity across the department. We have an outstanding chief information security officer, Venice Goodwine, and she’s showed great leadership in revamping our cybersecurity program at USDA, across the department. Showing that is how we communicate constantly [about] what we’re doing, people taking their training, making sure that the agencies and mission areas help them take care of their systems, those kinds of things. So, different from workforce technology, using the CDM [Continuous Diagnostics and Mitigation], the continuous monitoring tools for the Department of Homeland Security and other vehicles. I think we’re making some great progress and making drastic improvements across USDA.
What, both in terms of cyber workforce and the work you do in general, do you think other agencies can take away from your agency?
I DON’T KNOW IF this is really a takeaway, I just think that what we needed to do was provide laser beam focus on what we are required to do and where we’re supposed to be implemented. And we don’t have a lot of tolerance in USDA for not following cybersecurity practices. When I became the CIO, only 71 percent of our systems had authorities to operate, and now we’ve got that up to 97 percent. Our vulnerabilities have been decreased significantly. There’s this all-hands-on-deck mentality now with cybersecurity across the department and it really came down to, at the department level, showing visible leadership in terms of making sure that we drove the charge to improve across the enterprise.
There’s been discussion about the use of “agile” development in federal government. In terms of software, where has USDA used this development process and how has it helped the agency?
OUR PROGRAM AREAS FOR years have been saying that they weren’t involved in the process. Well, with agile they must be in the process. So not only are we getting them involved, with agile and Human Centered Design, we’re showing them where they fit into a process and we’re delivering functionality every three to six months that they can use. And we build on that functionality. They see tangible progress in terms of development of systems, and they are part of that whole activity. So now it’s not so much are they involved or not; now the question is do they have the time to be involved? Because, as you can imagine, it will require somebody’s time — we’re doing something on their behalf, and they’re involved in testing and everything. So, it’s been great for us and we’re trying to expand.
We formed a group of business monetization offices and they take on enterprisewide projects in terms of agile development and project management. We have several mission areas that are taking it to the next level, like our farm production and conservation mission area with farmers.gov, and everything that they’ve done in our rural development program as well.
You’ve mentioned before that agile development allows you to deliver results every three to six months. Why is that time period important?
BECAUSE IT SHOWS THAT it, across USDA, is delivering business value. And it’s delivering something that we really need. It’s making our customers see that we’re delivering functionality to them. It’s extremely useful. Our secretary wants us to focus on delivering to our customers, being efficient and effective. The mantra at USDA is we want to be the best managed, the most efficient and effective department in the federal government, and through this agile process and focusing on our customers we’re able to do that.
Across the federal government there’s a push to increase the use of AI and machine learning. Where are you seeing opportunities in the next year to deploy these emerging technologies?
WELL, WE ARE DEPLOYING AI as we modernize our contact centers. We’re using a robotic process automation in HR, financial management. Some of our programs are using RPA. We’re going to use a chatbot, and not just at contact centers, but in our help desk, as well. So, we have an enterprise effort going on around implementing some of these tech solutions where they make sense across USDA.
There’s now a mandate from OMB that all agencies have to have a chief data officer. What has USDA’s experience with a CDO been and how has the role helped the agency?
WELL, THAT’S A GOOD question. And I know, right now, you’d get a different answer depending on who you asked. Ted [Kaouk], he’s responsible for crafting that data strategy. He runs it; he helps chair our data governance board. He is the leader for our data visualization activities. He works very closely with our mission areas, on making sure that they have dashboards and data visualization tools that they need and are standardized across the department. So, he is the owner of our data strategy and making sure it is implemented across USDA.
He’s going to be representing us at the Chief Data Officer council when they formalize that. He’s been instrumental in USDA in implementing the data portions of the evidence act. So, you know, we’re very proud of him. And he’s turned nothing into what, for where we are right now, is an extremely mature data program.
What is a project coming in the next year that you’re excited about?
I’M REALLY EXCITED ABOUT the functionality that we’re going to provide to our customers, to our stakeholders, people out in the field. We want to modernize acreage reporting this year, and I’m excited about that. I’m excited about working with the Department of Labor, with the Department of Homeland Security, with the State Department on modernizing the H-2A visa program. I’m very excited about the consolidations we have going on and making sure that we finish those this year. I think they’ll be tremendous opportunities for IT professionals. They’ll have a broader range of opportunities because they are actually working at the department, they’ll see everything, we’ll be standardized, and we’ll be able to coordinate better and collaborate better across department.
What does modernization of the H-2A look like?
THE INTENT IS TO … automate that process, which, right now, there’s paper involved in that. So, the focus for USDA is to make sure that our farmers have the tools they need. And when they engage the USDA, we want it to be the best experience that, when it comes to technology, they’ve ever had, and we want to improve the relationship with them.
Andrew Eversden covered all things defense technology for C4ISRNET. Beforehand, he reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.