The Food and Drug Administration has released an action plan to modernize FDA’s cybersecurity capabilities, build up its ability to safeguard sensitive data and improve situational awareness to reduce security risks.
The Cybersecurity Modernization Action Plan comes with six key objectives and aligns with the 2021 cybersecurity executive order and the Office of Management and Budget’s strategy to drive federal adoption of zero trust architecture, Vid Desai, chief information officer at FDA, and Craig Taylor, chief information security officer at the agency, wrote in an article published Thursday.
The first three objectives are establishing a zero trust approach to facilitate digital services and modernization initiatives; promoting software assurance best practices to include security measures at every phase of the development lifecycle; and enhancing interoperable and secure data exchange and collaboration across FDA and public health partners.
The action plan also seeks to advance the use of artificial intelligence and machine learning technologies to improve cyber detection and response capabilities; integrate counterintelligence and insider risk principles with zero trust model to enable an intelligence-driven approach; and prioritize and invest in FDA’s cybersecurity workforce.