State Department Cyber Priorities

Billington CyberSecurity Virtual Roundtable | FedCiv Perspectives: State Department Cyber Priorities | February 16th at 12:30pm ET | Virtual Fireside with Dr. Kelly Fletcher, Chief Information Officer, U.S. Department of State | Moderator Dave Levy: VP; U.S. Government, Nonprofit, and Healthcare; AWS

Webinar Featuring Dr. Kelly Fletcher,
Chief Information Officer, U.S. Department of State

On 16 February 2023, Billington CyberSecurity hosted a webinar conversation between AWS’ Dave Levy and Dr. Kelly Fletcher, the State Department’s Chief Information Officer (CIO). Dave is VP US Federal Government, Nonprofit, & Global Healthcare, WWPS at Amazon Web Services.

Dr. Fletcher discussed her relatively new role as State’s CIO (having moved from DOD’s CIO office in October 2022), how it stacked up to her previous role in DOD, new initiatives State is doing to move to Zero Trust while better empowering its mission, and her organization’s top priorities over the next three years.

Embracing Her New Role

Since taking on her new assignment, Dr. Fletcher has been impressed with her organization’s talent, tech-savviness, operational support mindset, and passion for State’s mission. She has spent much of her time better understanding her new organization, which has a workforce of roughly 140,000, focused largely on its 250 overseas posts, works and learning about its mission to promote democracy worldwide. She also loves the Department’s sense of adventure and passion for what it does. Dr. Fletcher also has come to understand that State’s mission makes it a big target and one of the most probed and attacked entities in the world.

DOD versus State

Dr. Fletcher sees a host of similarities and differences in her current leadership role from the one she had at DOD. Both organizations have the same technical focus and are dealing with largely the same issues to move towards zero trust such as identity management, software as a service, and pushing for more mobility. Obviously, they both require frequent communication amongst a group of responsible parties all working together to accomplish singular goals. While at DOD, her CIO office was in constant partnership with DISA and Cyber Command, at State, her organization must work closely with Diplomatic Security who has the responsibility to ensure the department’s security worldwide.

State Department Cyber Priorities; Billington CyberSecurity Webinar; Dr. Kelly Fletcher, CIO, U.S. State Department; Dave Levy, VP, WWPS, Amazon Web Services

Perhaps the biggest difference between her roles has been focus. While DOD focus is primarily supporting the warfighter at the edge and on advancing their capabilities, State’s focus is on driving diplomacy with technology; an effort that requires smooth, well-running and well-supported networks. She recognized early on that her job at State required more of an operational focus as her team was directly responsible for ensuring that State’s networks were functional and resilient 24 hours seven days a week. “I have gotten used to phone calls at all hours,” she said, but “normally just to tell me what is going on due to my incredibly competent staff taking care of what needs to get done.” She also highlighted that State’s foreign mission has moved it to create separate networks to get the job done. She is spending time now trying to understand these networks, see how they could be incorporated into the enterprise, or at the very least, find ways to provide more visibility of their operations to Diplomatic Security.

Her Priorities for the Coming Year

Beyond gaining a better understanding of her organization, Dr. Fletcher’s primary goals this year are to find ways to reduce administrative friction, get early wins in improving employee use of IT, and gaining increasing trust with her organization and with her staff. She highlighted that most of what she is focused on is implementing things already well underway before her arrival; a testament to the talent and commitment by her team.

In terms of some early wins, Dr. Fletcher highlighted a couple of key focus areas. First, she is committed to finding ways for State Department employees to continue to work from home, believing that the Covid pandemic has set new realities in work-home dynamics. She also highlighted finalizing State’s primary IT services and support contract—the EVOLVE contract—which is already on the street and with State already having received bids. Dr. Fletcher highlighted, again, the importance of ensuring how IT supports State’s foreign mission and why completing this contract is so important in getting this done.

She highlighted two more short term goals for her organization– the “Tech for Life” initiative and moving State to a wi-fi enabled organization—explaining how both are essential ingredients towards moving State to zero-trust. The “Tech for Life” program is designed to provide a laptop and a phone to foreign service officers which keep moving with them from post to post as opposed to having to re-provision new devices with every move. She sees the program’s success ultimately not only cutting costs, but also making it easier and faster to get these officers up and running moving from post to post and where her centralized teams can keep the technology updated with standard multi-factor authentication and user policies. Enabling wi-fi throughout State’s overseas posts will increase user accessibility while improving overall transparency throughout State’s network infrastructure. While there remain a host of challenges completing both programs, Fletcher emphasized how each of them can make people more productive and closer to recognizing zero-trust by providing better windows into catching the adversary earlier and more often with standardized machines and processes.

Working with the new State Cyber Ambassador

Dr. Fletcher admits that people may be somewhat confused as to how her role differs from State’s first Cyber Ambassador, Nate Fick. For her, it is simple. Her role is to ensure that State has a provisioned and resilient network available to support its work while Fick’s role is to promote State’s mission via cyber diplomacy to include pushing for worldwide cyber norms of behavior and building stronger cyber partnerships. “We have fundamentally different missions, but it is nice to have him around”, she said. Fletcher highlighted the luxury of having a smart cyber tactician to help her better think through her decision-making process and to provide guidance. One of her first acts was to introduce herself to Fick and the two have developed a powerful partnership communicating often.

State Cyber in Today’s Chaotic World

With the Ukraine war and nearly everyone on high alert to more aggressive cyber malfeasance, Dr. Fletcher was proud of her team’s efforts particularly as it applies to Ukraine. She pointed out that State has raised its support to the Ukrainian Government to include providing them ground communication support and more tactical IT and cyber support during the conflict. She emphasized that the year has crystallized the reality both for her and her team that the cyber adversary continues to be more capable; a reality that has helped promote her own mission to get the Department to embrace a more advanced cybersecurity culture. She highlighted that within the past year alone, State’s adoption of multifactor authentication has exploded from being used on 20% of its networks to over 80%. Her team has also started to leverage the Cybersecurity scorecard system; a process whereby department leaders are graded and compared on how their elements’ are doing in regards to network security. She believes the results are more fulsome engagements—both from understanding what is working and what is not, which leads to broader adoptions of doing the right things over time. Overall, these efforts are getting the entire organization to recognize the fact that adversaries, even though they might gain access, will ultimately be found more quickly with less impact due to greater transparency, greater knowledge of what is supposed to be happening, and smarter automation overall.

How Can the Private Sector Help?

Tactically, Dr. Fletcher was quick to point out that many private sector efforts are already well underway in helping State improve its cyber efforts. For example, she noted the multiple proposals the Department has already received on its Evolve Contract. She also highlights that many existing company partners are finding ways to engage with her teams in making what they have provided even better both in terms of making State employees smarter on how to use them, and making changes that strengthen the program’s overall capabilities. Vendors are genuinely interested in making sure that State is getting the most out of what it already has. Most readily, Dr. Fletcher is interested in finding ways to bring in private sector talent and to allow her talent to work for the private sector in swaps that she believes are beneficial to everyone. “Imagine having an opportunity as a private sector employee to see the world, learn about State’s mission, and find ways to take back to its private sector job with these cool mission opportunities.” She believes that bouncing back and forth will benefit everyone.

To view the entire webinar, please click here.