The State Department Bureau of Intelligence and Research (INR) released a cybersecurity strategy Monday meant to address what the bureau’s chief called “technical debt” and to create a more proactive culture when it comes to finding and fixing vulnerabilities.
The strategy document focuses on what INR is doing to “strengthen the security of the department’s top secret computing environment and improve how we manage cyber risk.”
A key element of the strategy involves migrating to the cloud. The strategy document emphasizes the need to prioritize and leverage new technologies and “establish modern IT infrastructure, software, hardware, and systems.” The strategy also focuses on the need to deploy “real-time threat based security functions.”
Assistant Secretary of State for Intelligence and Research Brett Holmgren began his tenure at State in September and immediately focused on upgrading INR’s cybersecurity posture. A longtime intelligence and national security official who served on the National Security Council staff as senior director for intelligence programs in the Obama White House, Holmgren more recently was vice president for technology risk management at Capital One Financial where he spent three years.
The strategy document focuses on making INR staff more accountable for managing cyber risk, recruiting and retaining a workforce with strong cybersecurity skills and working more closely with larger agencies such as the Department of Homeland Security.
Holmgren said in an interview Friday that working with better resourced agencies will help the relatively small 400-person INR staff create a cybersecurity culture that is appropriate for the high volume of top-secret information the bureau handles.
“We are responsible for ensuring the confidentiality, integrity and availability of all of our top secret information with the entire department,” said Holmgren. “This is a comprehensive approach to shifting from a reactive cybersecurity posture to a proactive one where we’re constantly hunting for potential threats in our environment rather than just waiting for alerts to fire and then we’re investigating.”