William McCormick
Tommy Gardner, chief technology officer for HP Federal and a key member of Executive Mosaic’s GovCon Expert program, recently spoke with ExecutiveBiz regarding the challenges that U.S. government agencies are facing to implement latest trends in technology such as AI and machine learning as well as 5G, cloud and many others.
In addition, GovCon Expert Tommy Gardner also discussed the implementation of zero-trust technology and challenges cyber hygiene, which includes data security initiatives to develop federal federal networks and platforms during the latest Executive Spotlight interview.
“We follow the Zero Trust philosophy and we believe in it. We’re happy that the government is picking up the ball and joining us. The fact is that if you’re going to have true cybersecurity in all systems across the country, it must be a joint effort between government, industry and academia. It’s going to be hard enough to win the global cyber fight, we need to work together as a team.”
You can read the full Executive Spotlight interview with GovCon Expert Tommy Gardner below:
ExecutiveBiz: With federal agencies working to implement the latest trends in technology such as AI, 5G, cloud and many others, what are your thoughts on the success and challenges that government agencies are dealing with to stay ahead of innovation to establish the U.S. as THE global leader?
“I think the federal government is waking up to zero-trust principals that are referenced in the NIST speaker publication 800-213. I think that’s a very positive thing and we’ve been fortunate that zero-trust has been a part of our DNA and company culture, specifically in our hardware since 2004.
Honestly, the term ‘zero-trust’ wasn’t even a part of the conversation until 2009 when Forrester developed and popularized the concept. People have understood the principal better and that it’s not a perimeter you’re trying to protect. You’re trying to protect the whole system.
Much of it is dependent on the size of the parameters, which is important because that’s where you can detect things coming into the sector and the trick is just to check everything with a trust basis within your system, both hardware and software controls.
All of that is important and it’s been a focus point for many years before it was specifically called ‘zero-trust. Over the years, we have improved our trusted compute module using the trusted computing group principles. We’ve been leaders in that organization, which is one way to implement zero trust in the hardware.
We follow the Zero Trust philosophy and we believe in it. We’re happy that the government is picking up the ball and joining us. The fact is that if you’re going to have true cybersecurity in all systems across the country, it must be a joint effort between government, industry and academia. It’s going to be hard enough to win the global cyber fight, we need to work together as a team.”
ExecutiveBiz: With zero-trust technology becoming a major focal point moving forward, what can you tell us about the difficulties of implementing zero-trust architectures and focusing on data security?
“I applauded the current administration for the executive order on cybersecurity from May 12, 2021 and putting the focus where it belongs in terms of stopping ransomware attacks. The improvements in key areas are being made by our leaders in government as a whole.
They may not be cyber experts. They may not be truly computer savvy, but they’re coming up to speed and they’re learning. CIOs are aware of what they need to know and they’re asking about zero-trust architecture, identity management, artificial intelligence and machine learning and technologies coming next, like quantum information science.
They are planning ahead to ensure their budget is prepared two years before the need. The budget process demands that. Whenever the next big thing hits the federal landscape, the government leaders will need the funding set aside.
The good news is the current administration has a keen focus on cybersecurity and have already taken and made significant efforts from the top. It’s done a great job thus far with the set of cyber principles provided from the previous administration.
The fact is that you don’t just throw away good ideas because it’s a new administration. The best leaders will take the good ideas and make them better. That’s what we’re doing right now and it’s really encouraging.
Cybersecurity is something that everyone agrees is important and there’s great collaboration between both sides of the aisle on Capitol Hill. The technological work from quantum computing to AI and machine learning as well as the realms of cyber and network protection is so critical to protect industry and the population.
I do have some concerns as well, we’re all questioning some aspect of this challenge. You need to look at cybersecurity as a cost center. If there’s going to be some emphasis on how much protection we can afford. We’ve invested billions in this arena, yet the advanced persistent threat is investing just as much, if not more. That is the primary reason why working together is necessary.
We’ve entered into talks about using virtual machines and other algorithms designed to protect against zero-day attacks. ‘How do you use these tools? Will somebody figure out a way around them?’ To date, we’ve had billions of cyber attacks thwarted.
If we don’t keep investing, somebody will discover a way around our protections. It’s a continuous cycle of investing and a continuous need for improvement. You can’t stop and pat yourself on the back, because you’ll stop improving and others are going to surpass your cyber protection of products very quickly.
When we detect attacks or malware, we want to broadcast that out to the rest of our community. We want to help each other stay clean and ensure that our products are good and evolving. For the greater interest of the U.S. global competition, we all need to be on the same page.”
ExecutiveBiz: What do you see as the most critical challenges facing those in the federal sector as cybersecurity continues to rise in importance and cyber hygiene becomes a necessity for all companies and even more critical at the national security level?
“There is a whole facet of cybersecurity and defense. It’s a sports analogy that the best defense is a good offense. If you’re continuously moving and constantly learning and researching, that’s very offensive minded. Offensive cyber is something the administration is aware of today.
If companies are being damaged from their intellectual properties being stolen or Ransomware is attacking hospitals, you may need the government to go on the offensive against some of these actors just to establish the cost and consequences of attacking a U.S. company. There’s definitely going to be a cost if you’re putting people’s lives at risk.
In the world of operational technology (OT) and information technology (IT), those two concepts are merging and a big part of that is internet protocols being common attack targets. These factors are quite common these days. As we look at OT attacks and the size of the physical world, there is a lot more risk and potential loss of life, which is the highest priority that we defend against.
Data is the blood of the new economy and it must be transmitted, protected, encrypted. Data at risk needs to have identifiers that can be used. The right people understand that’s important for privacy as it is for cybersecurity principals. We have Affinity Groups at HP that are made up of experts in the field, who get together routinely in their areas to discuss interest areas and drive collaboration across the company.
They’re collaborating internally and helping each other, but in an informal way. It’s not a structured program, it’s a group of like-minded experts. We combined our privacy group of experts with our cyber experts. They both benefited because they both were looking at a similar problem, but from different aspects.
They realize that if you can do cybersecurity well, you can likely do privacy standards just as well, if not better. It’s actually very easy to collaborate and work together across different business groups in our company.”
ExecutiveBiz: What can you tell us about the challenges facing federal networks and platforms as data security initiatives impact the best business practices in our industry and across other areas like the U.S. military and government agencies?
“I am a member of the U.S. Council on Competitiveness. I look at technologies coming down the pike and there are a lot of very, very interesting things coming. For instance, quantum information science is exciting. I’m interested in things like quantum key distribution, quantum memory or a quantum true random number generator.
Cryptography is dependent on having a random number generator. If you’re using pseudo random number generators, there’s risk. Advances in neuromorphic computing are ongoing today.
Some former HP Labs workers went off and formed companies that are taking the ability to utilize AI and machine learning, including deep learning to do the mathematics much faster, which is also a lot more energy efficient.
That’s a very interesting area for us, because we are committed to sustainability. We’re committed to longer battery life on our computers as well as the ability to reduce energy consumption. Neuro morphic chips could be an answer. The idea for that comes out of HP Labs from a few years back, but these new companies have really improved upon the early work.
The quantum true random number generator could make a big difference in our ability to protect our data. As we look at more and more of these research investments, I think they’re starting to pay off and we’ll have this research transformed into products before too long.
There’s still a lot of work to be done and that’s good news for all of us. That means there are new opportunities and things to improve upon. It’s exciting to watch technology evolve.”
