Information Systems and Cybersecurity – Annual Report 2022
The Judiciary is committed to maintaining secure, robust, and flexible technology systems that meet the changing needs of judges, court staff, and the public.
Improving IT Security
Cybersecurity was a major focus for both the courts and the Administrative Office of the U.S. Courts (AO) in 2022. The Judiciary is making significant strides in improving IT security across the court system through its IT Security Task Force and the work of committees of the Judicial Conference of the United States.
The Judicial Conference’s Committee on Information Technology endorsed a multi-year IT modernization and cybersecurity strategy for the Judiciary. The goal is a security-first enterprise that uses secure, modern, standardized technologies to meet rapidly changing needs. Key initiatives that were under consideration include the following:
- Implementing Zero Trust Architecture: Zero trust architecture requires users to continuously verify their identity before being granted access to an organization’s network, systems, and data. It also applies to maintaining access. Related objectives include modernizing the Judiciary’s legacy identity management system, transitioning to a cloud virtual private network, and broadening asset discovery.
- Expansion of Multifactor Authentication: Multifactor authentication requires users to confirm their identities before gaining access to a network, system, or data, using multiple pieces of evidence. Such evidence could include something only the user knows, such as a username and password, and something a user possesses, such as a security token.
- Insight Program: The program helps courts anticipate issues and better manage their IT infrastructure and assets. It provides several cybersecurity tools to enable uniform, layered security protection of IT assets and data Judiciary-wide, including periodic vulnerability scanning and patch management for the timely identification and remediation of system weaknesses, web-based user threat protection from malicious websites, centralized log management of all security events, and consistent management of all mobile devices.
- Unified Communications and Collaboration: The COVID-19 pandemic significantly changed the way the Judiciary conducts some proceedings and the ways it communicates and collaborates. The goal of the initiative is to evaluate current requirements and systems, identify gaps, and prepare plans to reduce costs.
The IT Security Task Force, established in 2021 by Judge Roslynn R. Mauskopf, the AO Director, is working to improve the Judiciary’s security posture in light of internal assessments and those made by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The group was charged with making recommendations to ensure the judicial branch’s alignment with industry and government IT security best practices. The task force includes members of Judicial Conference committees on the Budget, Court Administration and Case Management, Criminal Law, Defender Services, IT, Judicial Resources, and Judicial Security as well as other judges and court staff.