EPA wants to build cybersecurity-aware culture along with IT modernization

Where IT modernization is concerned, the Environmental Protection Agency’s information leader said, “everything is fair game.”

As EPA CIO Vaughn Noga said, historically the agency has evaluated IT systems and applications continuously, rather than just when something becomes obsolete. He said his organization is routinely looking for more efficient and cost-effective solutions.

“We’ve been fairly successful. I think one of our one of our biggest challenges, quite frankly, is our desire to evolve is faster...

READ MORE

Where IT modernization is concerned, the Environmental Protection Agency’s information leader said, “everything is fair game.”

As EPA CIO Vaughn Noga said, historically the agency has evaluated IT systems and applications continuously, rather than just when something becomes obsolete. He said his organization is routinely looking for more efficient and cost-effective solutions.

“We’ve been fairly successful. I think one of our one of our biggest challenges, quite frankly, is our desire to evolve is faster than our resources can support both in funding and in people,” Noga said on Federal Monthly Insights – Digital Modernization: Enterprise Modernization.

Nevertheless, he stayed positive about this challenge, adding that in his view it reveals a dedicated workforce. Several years ago, Noga and his team established a set of “wildly important goals” which he said have strengthened since the pandemic. The first goal was to create a cybersecurity-aware culture and reduce barriers to fielding and operating new applications and systems.

“And it’s a long way of saying we need to make it easier for our state agency stakeholders. We need to focus on how do we field systems, how do we take them through the [extract, transform, load] process?” he said on Federal Drive with Tom Temin. “And quite frankly, we need to reduce the barrier and the burden on our stakeholders, so they can they can be productive much quicker.”

The CIO’s office is also ensuring that data is accessible and driving decision-making – that means using data that as close to 100% digital as possible. To this end, EPA last year looked at all information collection requests and identified opportunities to move paperless activities to digital, Noga said.

This enables work from anywhere or anytime, which he said became more important over the last year and revealed an opportunity to rethink business processes.

“I think it’s one of the things that we tend to overlook when we’re [in] normal operations is the business process,” he said. “But when you change the way you conduct business, it gives you an opportunity to actually re-address those and relook at your business processes to rethink them.”

Noga said it is easy to fall victim to “shiny object syndrome” and let the discovery or availability of new technologies drive modernization. However, he said, his predecessor, was skilled at engaging senior leadership during the application review process.

“So when someone identifies a need or an opportunity to develop an application, before they go off and develop it, they submit it for review and the senior IT leaders look at it,” he said. “They may comment to it. They may say, ‘Hey, that sounds like a great idea, I want to be part of this effort.’ And from there, you really look at what are the internal technologies you currently have that could support that before you go off and look for new technologies.”

One caveat for EPA is that Noga’s office is tied to systems operated by regulated industries or by states, which collect data on emissions and related matters – data that is then sent to the agency. So if EPA wants to modernize its technology beyond what those reporting parties are using, that is where the Central Data Exchange comes into play. EPA began an initiative called CDX Reimagined so that regulated entities can do business with the agency more easily.

Overall, Noga said EPA wants to create a cybersecurity-aware culture, and that requires a fair amount of educating the workforce about what to look for in the systems, which they put in place to protect against malicious actors.

“And part and parcel of that is working with them to understand what their role is in protecting the IT systems and the data and the assets of the EPA,” he said.

Related Stories

    (Staff Sgt. Chris Drzazgowski/U.S. Air Force via AP)FILE - In this April 24, 2019, file photo released by the U.S. Air Force, an F-35A Lightning II fighter jet prepares to taxi and take off from Al-Dhafra Air Base in the United Arab Emirates, on April 24, 2019. The United States called Bahrain and the United Arab Emirates

    Part 1: Air Force determining if managed services can help consolidate data across bases

    Read more

    Digital modernization never finished for DISA, but chasing trends isn’t the answer

    Read more