Around Town

The story behind DOT's cyber makeover

Shutterstock image: security sphere.

Richard McKinney says that when he came to the Transportation Department as CIO in May 2013, the agency's reputation for cybersecurity was dismal -- marked by insufficient staff, inconsistent tools and siloed visibility.

"If you're not doing well in cybersecurity, that's like the canary in the coal mine," McKinney told attendees at the Aug. 13 Federal Forum in Washington, D.C. "It's indicative of other things. It's indicative of infrastructure and governance. I don't know anyone who is doing IT very well and screwing up in cyber."

When McKinney arrived at DOT, Chief Information Security Officer Joe Albough had already engaged Mischel Kwon and Associates, a cyber services and strategy consultancy, to do an analysis of the department's cyber posture.

A few months later, Kwon came to a meeting with DOT leadership and went through the cyber analysis, McKinney said.

"It was a very sobering experience for all the operation administrators there," McKinney said. "You could hear a pin drop when she was done and the secretary said, 'Richard, we're going to fix this'"

To accomplish that task, one of the things McKinney needed was to understand why DOT was so far behind.

What he found, he said, was that users were one of the main roadblocks — they were reluctant to engage on the issue and felt that taking additional cyber measures was inconvenient. So McKinney made using cyber tools mandatory for his 400-person staff, an act of will that began to bring people on board.

Under McKinney, DOT was in the first wave of agencies implementing the Department of Homeland Security's continuous monitoring program.

"This quest to be bulletproof isn't the right way to approach cybersecurity," McKinney said. "The right way to approach cybersecurity is thinking about how quick you respond, how agile you are, how quick do you share information about incidents and penetrations. It's more about how you operate day to day to day."

About the Author

Colby Hochmuth is a former staff writer for FCW.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.