Goal 3: Advance Data and Information Security Protections
- Message from the Chief Information Officer
- Public Health and IT Environment
- IT Strategic Plan Goal and Objective Overview
- Goal 1: Modernize and Innovate
- Goal 2: Enhance Data Capabilities and Services
- Goal 3: Advance Data and Information Security Protections
- Goal 4: Develop CDC’s IT Workforce of the Future
- Goal 5: Enhance IT Investment Management and Governance
- IT Strategic Plan in Action
Data and information are the bedrock of CDC’s public health mission. Data come into the agency from surveillance systems around the country and world. CDC scientists and epidemiologists collect, analyze, combine, and share data to keep the American public healthy and safe. The agency recognizes the risks associated with operating a large, global information technology enterprise and must strengthen processes, procedures, and tools to ensure the prevention, detection, and correction of potential incidents. The cyber threat landscape is constantly evolving—today’s new cutting-edge safeguards can be turned into tomorrow’s vulnerability overnight. The advancing sophistication and increasing regularity of significant cybersecurity events require intense focus on digital security. In such a landscape, CDC’s capabilities must also evolve. Safeguards must be more innovative, detection of risks more sophisticated, and responses swifter.
Objective 3.1: Improve data sharing security by automatically protecting data at rest, in motion, or in use.
As cybersecurity threats continue to evolve, CDC must maintain a secure operating environment that prevents unauthorized access to sensitive public health information or the potential loss of data and information that could result in damage to CDC’s reputation, financial liability, or otherwise impede the public health mission. From an IT perspective, advanced protections must be applied across three key junctures: data at rest, data in motion and data in use. Engineering and implementation of enhanced Information Protection (IP) technologies will improve CDC’s ability to apply automated protective measures at the network perimeter and/or on computing and storage devices using specific attributes such as data origin, current storage location destination, and access permissions. Data loss protection and other security automation efforts improve customer experience and adherence to IT security and compliance policies. To stay ahead of emerging threats, CDC must continue development of monitoring and data loss protection capabilities that neutralize security and privacy risks and threats before they can impact agency IT environments, data, or operations.
Objective 3.2: Advance threat monitoring and response capabilities to predict, prevent, and respond to threats and vulnerabilities.
Outcome and Mission Impact:
Implementing a next generation cybersecurity program to protect personal health information and other data against hacking, misuse, or identity theft will support the key CDC priority of protecting the public health and business data upon which our mission relies. Protecting the data to which the CDC is entrusted will further allow us to protect our reputation as the world’s premier public health agency and deliver the technology needs of the mission.
The Office of the Chief Information Officer is part of CDC’s Office of the Chief Operating Officer.