Information Systems and Cybersecurity – Annual Report 2023
The Judiciary is committed to maintaining secure, robust, and flexible technology systems that meet the changing needs of judges, court staff, and the public.
Securing and Modernizing the Judiciary’s IT Infrastructure
In line with a multi-year strategy to modernize and secure the Judiciary’s IT infrastructure, the Administrative Office of the U.S. Courts (AO) worked on four key priorities in 2023: zero trust architecture, multi-factor authentication, DevSecOps for secure software development, and workforce development.
Zero Trust Architecture (ZTA): The AO brought together stakeholders throughout the court system to work on ZTA, an information security model that requires verification for every user and device that attempts to access an organization’s network and technology resources and allows such access only to authorized people and devices. The Court IT Operations Working Group developed a ZTA strategy document that aligns with the Judiciary IT Modernization and Cybersecurity Strategy and the principles of the executive branch’s national cybersecurity orders and models.
Expansion of Multi-Factor Authentication: A key requirement of ZTA is multi-factor authentication (MFA), which makes it more difficult for adversaries to gain access to critical Judiciary resources even if passwords are compromised. MFA requires users to confirm their identities before gaining access to a network, system, or data, using multiple pieces of evidence, such as usernames, passwords, and security tokens. Most courts have implemented at least one form of MFA, and all courts worked throughout 2023 to achieve the goal. MFA is also planned for publicly accessed systems, such as eVoucher, Public Access to Electronic Court Records (PACER), and the financial disclosure system.
DevSecOps for Software Development: DevSecOps is IT industry shorthand for the practice of close collaboration among developers, security specialists, and operations staff to ensure new systems are both efficient and secure. The Judiciary is implementing DevSecOps in its modernization efforts, which aligns with the executive branch’s goal of improved software security governmentwide. Adopting DevSecOps addresses significant vulnerabilities in software that malicious actors could exploit and helps the Judiciary incorporate security into all software from the ground up.
Workforce Development: The Judiciary’s IT Modernization and Cybersecurity Strategy requires a skilled and trained workforce. AO staff are working on an analysis of the Judiciary’s IT staffing needs.
The Judiciary IT Security Task Force Report
Created by the AO Director in 2021, the Judiciary IT Security Task Force submitted its final report in October 2023. Among its recommendations were:
- Maximize the use of government-furnished equipment while limiting the risks associated with use of personally owned devices to access non-public Judiciary networks and systems.
- Prioritize data classification following courts’ efforts to better categorize their data.
- Develop a standard, enterprise solution for onboarding student volunteers that includes appropriate controls for authorized access.
- Conduct IT strategic workforce planning assessments to identify technical tasks and critical skills performed at courts, federal defender organizations, and probation and pretrial services offices.
The task force was established to improve the Judiciary’s security posture in light of internal assessments and those made by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The group was charged with making recommendations to ensure the judicial branch’s alignment with industry and government IT security best practices. The task force included members of Judicial Conference committees on the Budget, Court Administration and Case Management, Criminal Law, Defender Services, IT, Judicial Resources, and Judicial Security as well as other judges and court staff. Many of its recommendations align with efforts of the executive branch and the Judiciary’s IT Modernization and Cybersecurity Strategy.
Federal Defender IT Modernization
An effort was underway in 2023 to modernize federal defender IT and cybersecurity operations. The expansive plan includes efforts to improve network security to protect client, witness, and court data against potential threats and vulnerabilities; to use cloud services to optimize resource use in a secure manner; to implement secure collaboration services so staff can seamlessly and securely collaborate with outside parties, protect client confidentiality, and maintain data integrity; and to modernize national infrastructure to align with ZTA.