FEDTECH: Describe the decision to move from the agency’s original cloud strategy to the IC IT Enterprise Strategy. What’s been the impact of ICITE so far?
GUMTOW: Where we started was not where we ended up. You can’t have a one-size-fits-all solution for 17 agencies. What we’ve gotten to is a reference architecture. You can employ or build a solution set as long as it addresses the reference architecture and its requirements, so we can share easily, data is accessible, compute is available across the board, and things aren’t done in stovepipes. All these things work together so that you can have accessibility, interoperability, information sharing, no matter where you go.
We all were locked into workloads in the cloud — if it was technically feasible, put it in the cloud. What happened a lot was lift-and-shift, let’s just put it in there. You can spin it up really quickly. But it drove our cost model way up to the point where, if we stayed on that same trajectory, it’s unaffordable. Sometimes cloud is not technically feasible because it doesn’t support a geographic location that is austere, or it doesn’t provide mission functionality, and then what’s the business cost analysis? You have to look at all of this. It’s not a simple equation.
VIDEO: See how AI is going to impact federal cybersecurity.
FEDTECH: How big of a role is AI playing in the agency at the moment?
GUMTOW: The agency is dabbling in AI. I like to use the term “narrow AI,” meaning it’s useful for doing very narrow problem sets. There’s a lot more machine learning going on in narrow AI. What we believe about what artificial intelligence is, is probably a decade out. As I go around and talk to these vendors, there are a lot of questions: How do you get to that confidence model? What was the tradecraft? How did you do your data? What does your algorithm look like, and how did you test that? The human still needs to be part of that. I can’t go through the haystack because there’s just too much data in there. But if you give me just a pitchfork of that hay, then the human can say, OK, all the rest of this is just chaff or straw, and now I can use my analytic judgments and experience.
FEDTECH: What’s the biggest data security concern?
GUMTOW: It’s how you protect data. Insider threats, outside threats, nation-states, near-peer competitors — it doesn’t matter. The barrier to entry, that bar is very low. You have an access point to web, the internet and a computer. I know people who are learning that kind of tradecraft from watching YouTube videos.
And the threat factor is constantly shifting. How do you ensure the integrity of the data, the information that you’re getting? How do you ensure that it doesn’t go to the wrong people? How do we keep competitors from stealing information that we have intellectual property rights to, or basic research?
It allows them to leapfrog forward after having been further behind, and then how do we adjust again? Not only from a defensive mechanism, but how do we, from an industrial military perspective, build weapons to defeat something that was taken from us in the first place?
