Advertisement

State Department cyber strategy emphasizes proactively hunting for threats

The State Department Bureau of Intelligence and Research released a cybersecurity strategy to create a more proactive culture when it comes to finding and fixing vulnerabilities.
The US Department of State building is seen in Washington, DC, on July 22, 2019. (Photo by Alastair Pike / AFP)

The State Department Bureau of Intelligence and Research (INR) released a cybersecurity strategy Monday meant to address what the bureau’s chief called “technical debt” and to create a more proactive culture when it comes to finding and fixing vulnerabilities.

The strategy document focuses on what INR is doing to “strengthen the security of the department’s top secret computing environment and improve how we manage cyber risk.”

A key element of the strategy involves migrating to the cloud. The strategy document emphasizes the need to prioritize and leverage new technologies and “establish modern IT infrastructure, software, hardware, and systems.” The strategy also focuses on the need to deploy “real-time threat based security functions.”

“This is a comprehensive approach to shifting from a reactive cybersecurity posture to a proactive one where we’re constantly hunting for potential threats in our environment rather than just waiting for alerts to fire and then we’re investigating.”

Brett holmgren, assistant secretary of state
Advertisement

Assistant Secretary of State for Intelligence and Research Brett Holmgren began his tenure at State in September and immediately focused on upgrading INR’s cybersecurity posture. A longtime intelligence and national security official who served on the National Security Council staff as senior director for intelligence programs in the Obama White House, Holmgren more recently was vice president for technology risk management at Capital One Financial where he spent three years.

The strategy document focuses on making INR staff more accountable for managing cyber risk, recruiting and retaining a workforce with strong cybersecurity skills and working more closely with larger agencies such as the Department of Homeland Security.

Holmgren said in an interview Friday that working with better resourced agencies will help the relatively small 400-person INR staff create a cybersecurity culture that is appropriate for the high volume of top-secret information the bureau handles.

“We are responsible for ensuring the confidentiality, integrity and availability of all of our top secret information with the entire department,” said Holmgren. “This is a comprehensive approach to shifting from a reactive cybersecurity posture to a proactive one where we’re constantly hunting for potential threats in our environment rather than just waiting for alerts to fire and then we’re investigating.”

Suzanne Smalley

Written by Suzanne Smalley

Suzanne joined CyberScoop from Inside Higher Ed, where she covered educational technology and from Yahoo News, where she worked as an investigative reporter. Prior to Yahoo News, Suzanne worked as a consultant to the economist Raj Chetty as he launched his Harvard-based research institute Opportunity Insights. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and covered two presidential campaigns for Newsweek. She holds a masters in journalism from Northwestern and a BA from Georgetown. A Miami native, Suzanne lives in upper Northwest Washington with her family.

Latest Podcasts