VA CISO: Federal Agencies Must Include Cybersecurity in Tech Modernization Contracts

The Department of Veterans Affairs’s deputy chief information security officer said cyber resilience should be one of the priorities federal agencies consider when modernizing systems.

Speaking at a Center for Strategic and International Studies-hosted event, Amber Pearson shared that several agencies still use outdated systems and need to look at which areas should be prioritized when it comes to modernization. Pearson also said innovative technologies also come with vulnerabilities that malign actors could exploit, therefore making it essential for the VA and other agencies to partner with other organizations to combat threats.

The deputy CISO noted that in addition to partnerships, changes must be made to the Federal Acquisition Regulation to ensure that technology vendors will provide secure-by-design solutions, Nextgov/FCW reported Tuesday.

The Cybersecurity and Infrastructure Security Agency is also advocating for the secure-by-design concept to ensure that vulnerabilities will be addressed proactively. As part of its efforts, CISA issued a request for information in December soliciting insights about implementing security early in the software design lifecycle, integrating cybersecurity into computer science education and facilitating efforts to address recurring vulnerabilities.

Jen Easterly, director of CISA and a 2024 Wash100 awardee, said the secure-by-design guidance must cover a broad range and must meet the national cybersecurity strategy’s call to shift cybersecurity responsibility from customers to providers.