As Featured on GSN: Government Security News
The following noteworthy identity management statement comes from the Cyberspace Policy Review issued last year by President Obama:
“Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.”
To be clear, I am an avid opponent of “anonymity for all” on the web. I do not think it is in our common interest to have anonymous communication in the public sector. I know that I will draw the ire of many who view the Internet as a constitutional right, but I persist with this view because the very nature of our constitution provides for the free and open exchange of ideas in the public forum. With this protection in place why would we need anonymity given the extreme handicap that it places on us in processing information?
Opinions or ideas or concepts only have value based on the reputation of its advocates. Therefore, identity is important in lending credence to one’s views. Do you have the appropriate domain of expertise to warrant someone paying attention to you at all? Clearly, identity is an important part of our human dialogue as it is the basis for our assessments on credibility and degrees of trust that we assign to our interactions. Why do we forego it on the internet?
What should be unacceptable is the idea of an overarching government taking control of this process. Our government should not be concerned with anyone’s identity in the public forum, but the public forum should. Anyone willing to stand up in the public square does so with the knowledge that he or she will be judged based on their credentials. In fact, it is their credentials that help to make their case. Picture Charles Manson in one corner talking about morality and then imagine the Dalai Lama on the next corner doing the same. Can you imagine a different perspective on the part of listeners based on knowing something about who each of these people are?
Identity is important! And what is more important is that people should require identity in order to process ideas, but know that identity does not need to be absolute. We do not need to know everything about the Dalai Lama in order to weigh his thoughts on compassion. We do not need to know where he banks, or even where he lives. We need only know those aspects that pertain to his opus in that area. The last thing we need is a government-sponsored “matrix” of identification with respect to ideas because, per the constitution, the government is the one entity that should not care. So how should identity be handled in the age of cloud computing?
Cloud of Identities
For cloud implementations to have any meaningful contribution to the advancement of intelligence identity has to be more than a username and authentication has to be more than a password. This includes all the extensions of that paradigm, including "n” factor authentication and certificate based tokens, where relying on systems to authenticate us is absolutely out of context with the 21st century demands. It's time for a whole new approach that will enable the application layer to then enable cloud computing.
Under the current regiment, around since the dawn of computers, a username is something that you make up. Given the standalone system-centric nature of early computers that was adequate, I suppose. You could have left the system up and open and anyone who walked up to it could operate it if they knew how, but if they didn’t know they could probably mess things up. So, access had to be restricted by having individual usernames. Then, to add another level of restriction to the process, they added passwords.
Note the use of the term restriction. That’s all that username/password allows for. It’s like a key to a car. It doesn’t identify you it just means that access will be restricted to those who can get their hands on the key, whether specifically authorized by the owner of the car or not. It is not the equivalent of identity, but the new world order requires identity. Now, let’s take a look at the concept of identity.
Law of Identity
We humans operate on identity. Without it not much would be possible. Life wouldn’t even be possible because identity is built into our biology. Newborns cannot survive if they don’t identify either with the birth mother – in the case of mammals – or specie-specific behaviors in other life forms. For humans, the process of identity starts before birth because an unborn child can feel and hear and even see a certain amount of light. After birth, a newborn must identify with its mother or perish (notwithstanding artificial means of sustainment offered by technology). At any rate, without a firm sense of identity and attachment it has been shown that infants don’t develop very well. As we grow we acquire greater and greater capabilities around identity. Who do we trust? How much will we share? What do we believe? What evidence do we require and how do we vet such evidence? An interesting note is that even with a lifelong engagement in the discipline of identification, we can still be fooled by cons and frauds. So identity is not an easy task at any point in the human experience. Still, we do a pretty good job and in the aggregate we have a pretty low risk as a result.
AI: Artificial Identity
What is the record of computers in identifying users? Not very impressive. Computers don’t identify people nor do they lend credence to information. Remember, they just allow anyone who has the right username/password to enter without any assessment of identity, and they pass along information without regard to context or social expectations. The internet is the same because anywhere you go; you simply have to have the right key for the door to walk in. The system doesn’t care who you are.
So how do we make this interaction more human? Is it possible to get away from the system-centric gateway approach and move to a more organic interactive identity structure? I think so and I think the key lies in opening the technology between users so that they can apply their identity talents to the interface.
The Sixth Sense
Heresy you say? People in an organic setting have an open environment. Why shouldn’t people in an online environment have an open setting? Remember, my position is that people are the engine of identity management rather than the system. But clearly, people need a sixth sense in order to work in this environment. Our standard five senses are not applicable. We need a virtual sense, maybe even more than one. The trick is to allow open interaction among people with respect to a group. There are things that we do online that are for public consumption and there are other things that have more restricted audiences.
In organic settings, we have ways to manipulate our environment to allow us to have varying degrees of privacy with respect to a given audience. In cyberspace we do not have this ability. What’s more, we do not have the ability to connect users and data in a manner that allows users to chain specific authorizations from one person to another in a manner that captures the scope and context of that authorization. Data has to have an identifiable source, be owned (private), or not owned (public), or specifically authorized (owned with digital rights assigned) in order to do what we need to transform our thinking about access control. Anything else makes the concept of cloud computing as simple as putting the infrastructure we’ve built over the last 40 years into a remote data center and paying for access to it. This only works for information you don’t really care about. For information you do care about, your cost (both direct and indirect through increased risk) will skyrocket just like the cost of health care has skyrocketed when we outsourced it to “managed care” providers 40-years ago. We need transparent principles of least access (POLA) built into applications and the user-data relationship at very granular levels. POLA simply stated gives access to only the resources needed to perform a particular task. While there are a few brave researchers testing the waters, there is precious little effort in the cloud initiatives toward this.
It is not enough to say that these are accepted limitations of cyber space or that we have a “right to annonymity” in cyber space. Just like the Y2K problem, they are limitations that we have created and we can create the remedies as well. We should all have the means to know with whom we are communicating in cyberspace and we should have the means to control the access that we authorize to our information based on that knowledge, whether it be an individual or a group or organizationl entity. We need to know how they know about us and what their social context is with respect to us. We don’t talk to total strangers on the street without applying at least some basic filters. Why should we do so in cyberspace?
Note the use of the term restriction. That’s all that username/password allows for. It’s like a key to a car. It doesn’t identify you it just means that access will be restricted to those who can get their hands on the key, whether specifically authorized by the owner of the car or not. It is not the equivalent of identity, but the new world order requires identity. Now, let’s take a look at the concept of identity.
Law of Identity
We humans operate on identity. Without it not much would be possible. Life wouldn’t even be possible because identity is built into our biology. Newborns cannot survive if they don’t identify either with the birth mother – in the case of mammals – or specie-specific behaviors in other life forms. For humans, the process of identity starts before birth because an unborn child can feel and hear and even see a certain amount of light. After birth, a newborn must identify with its mother or perish (notwithstanding artificial means of sustainment offered by technology). At any rate, without a firm sense of identity and attachment it has been shown that infants don’t develop very well. As we grow we acquire greater and greater capabilities around identity. Who do we trust? How much will we share? What do we believe? What evidence do we require and how do we vet such evidence? An interesting note is that even with a lifelong engagement in the discipline of identification, we can still be fooled by cons and frauds. So identity is not an easy task at any point in the human experience. Still, we do a pretty good job and in the aggregate we have a pretty low risk as a result.
AI: Artificial Identity
What is the record of computers in identifying users? Not very impressive. Computers don’t identify people nor do they lend credence to information. Remember, they just allow anyone who has the right username/password to enter without any assessment of identity, and they pass along information without regard to context or social expectations. The internet is the same because anywhere you go; you simply have to have the right key for the door to walk in. The system doesn’t care who you are.
So how do we make this interaction more human? Is it possible to get away from the system-centric gateway approach and move to a more organic interactive identity structure? I think so and I think the key lies in opening the technology between users so that they can apply their identity talents to the interface.
The Sixth Sense
Heresy you say? People in an organic setting have an open environment. Why shouldn’t people in an online environment have an open setting? Remember, my position is that people are the engine of identity management rather than the system. But clearly, people need a sixth sense in order to work in this environment. Our standard five senses are not applicable. We need a virtual sense, maybe even more than one. The trick is to allow open interaction among people with respect to a group. There are things that we do online that are for public consumption and there are other things that have more restricted audiences.
In organic settings, we have ways to manipulate our environment to allow us to have varying degrees of privacy with respect to a given audience. In cyberspace we do not have this ability. What’s more, we do not have the ability to connect users and data in a manner that allows users to chain specific authorizations from one person to another in a manner that captures the scope and context of that authorization. Data has to have an identifiable source, be owned (private), or not owned (public), or specifically authorized (owned with digital rights assigned) in order to do what we need to transform our thinking about access control. Anything else makes the concept of cloud computing as simple as putting the infrastructure we’ve built over the last 40 years into a remote data center and paying for access to it. This only works for information you don’t really care about. For information you do care about, your cost (both direct and indirect through increased risk) will skyrocket just like the cost of health care has skyrocketed when we outsourced it to “managed care” providers 40-years ago. We need transparent principles of least access (POLA) built into applications and the user-data relationship at very granular levels. POLA simply stated gives access to only the resources needed to perform a particular task. While there are a few brave researchers testing the waters, there is precious little effort in the cloud initiatives toward this.
It is not enough to say that these are accepted limitations of cyber space or that we have a “right to annonymity” in cyber space. Just like the Y2K problem, they are limitations that we have created and we can create the remedies as well. We should all have the means to know with whom we are communicating in cyberspace and we should have the means to control the access that we authorize to our information based on that knowledge, whether it be an individual or a group or organizationl entity. We need to know how they know about us and what their social context is with respect to us. We don’t talk to total strangers on the street without applying at least some basic filters. Why should we do so in cyberspace?Related Blog Posts
Cybersecurity, Federal Government, Market Intelligence, State & Local Government
The 2024 United States presidential election is rapidly approaching, and state and local governments are focusing their efforts on bolstering election security and ensuring the proper safeguards are in place.
Yvonne Maffia
Cloud Computing, Cybersecurity, Market Intelligence
Originally passed in 2014, the Federal Information Technology Acquisition Reform Act (FITARA) was designed to improve the management of all-things-IT across federal agencies. It essentially realigned how the government purchases and updates its technology, with an aim at grading agencies based on their ability to adhere to and improve on the following categories:
Susanna Patten
Cloud Computing, Cybersecurity, Education, Market Intelligence, State & Local Government, Technology
The annual EDUCAUSE conference highlighted higher education technology trends, goals, challenges, and how to identify a way ahead for higher education institutions to be successful in today’s modern world.
Yvonne Maffia
Cybersecurity, Education, Federal Government, Market Intelligence, Technology
Over the last few months, there have been several recent cybersecurity initiatives at the federal level, aimed at bridging gaps in K-12 cybersecurity policy and strategy.
Yvonne Maffia
Cloud Computing, Cybersecurity, Market Intelligence
The Air Force hosts an annual summit known as Department of the Air Force Information Technology and Cyberpower (DAFITC) in Montgomery, Alabama, right next to Maxwell Air Force Base. It’s an opportunity for Guardians, Airmen, academics, and IT industry to come together to discuss pain point remedies and high-level plans and strategies. It is also an opportunity for branch heads to strike deals that lead to the adoption of modern and effective systems, meant to enable air superiority. Ms.
Kevin Shaker
Cybersecurity, Internet of Things, IT Infrastructure, Market Intelligence
IoT and Its Impact on Infrastructure and Governance
The Internet of Things (IoT) revolutionizes how governments, organizations, and citizens interact with the physical world. This wave of interconnected devices promises a transformative infrastructure and governmental operations shift. However as the reach of IoT grows, the implications — especially related to security — become even more profound.
Dawit Blackwell
Cybersecurity, Federal Government, Market Intelligence, Technology
The Department of Navy (DON) recently held its annual WEST Conference, this year with a strong emphasis on cybersecurity. The conference brought together key decision-makers from the Navy, Marine Corps, and Coast Guard, along with experts from various industries and government officials. The discussions were broad-ranging, covering topics related to naval warfare, technology, innovation, and cybersecurity.
Toan Le
Cybersecurity, Market Intelligence, State & Local Government
2022 was a noteworthy year for the technology sector, particularly as it relates to cybersecurity. The post-pandemic era of modernization exposed the fragility of U.S. public sector technology infrastructure and systems, widening attack surfaces and posing additional challenges for state, local and education leaders. We have witnessed the whole gamut of continually evolving security threats, ranging from election security breaches, nation-state actors, threats to critical infrastructure, ransomware attacks, hacktivism and more.
Yvonne Maffia
Cloud Computing, Cybersecurity, Education, Federal Government, IT Infrastructure, State & Local Government, Technology
The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.
Ransomware attacks on US government organizations cost $18.9bn in 2020.
Asad Zaman
Cloud Computing, Cybersecurity, Federal Government, State & Local Government, Technology, Tips and How-Tos
TD Synnex Public Sector’s Chief Cybersecurity Technologist, Don Maclean sat down with Mark Guntrip, Senior Director of Security Strategy at Menlo Security, to discuss one of the latest emergent security threats.
James Hofsiss
Cybersecurity, Market Intelligence, Technology
“We must find fresh ways to connect forces, allies, and partners that provide an effective response to the challenge of a highly contested environment not seen in the last 20 years. Given the challenges we face today and in the future, we simply have no choice but to become more interoperable,” said General CQ Brown JR., U.S. Air Force Chief.
Toan Le
Cybersecurity
Cybersecurity Maturity Model Certification (CMMC) 2.0 is here. If your company is not prepared, the time to get ready is now, or your company may risk losing business with the Department of Defense (DoD).
The CMMC program requires cyber protection standards for companies in the Defense Industrial Base (DIB) and aims to protect sensitive unclassified information that the DoD shares with contractors and subcontractors.
Don Maclean
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos
Every year, there are more and more security breaches, and it gets harder and harder to spot them. According to a leading cybersecurity vendor1, it takes almost seven months for organizations to find breaches, which gives malicious attackers plenty of time to get what they want.
Most often, system misconfigurations like default settings or credentials leave the door wide open for exploitation, resulting in these breaches. As organizations grow, this problem only gets worse because quick changes frequently result in skipped steps.
Heather Sweet
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos, Training
Security is paramount in the digital age, especially when it comes to keeping networks secure. Having network security monitoring services stand between your organization and malicious attackers is crucial. Still, the volume of alerts and issues that come with them can easily overwhelm your team.
The volume of these alerts is rising every year too. According to a report by TrendMicro, 54% of teams surveyed felt like they were drowning in alerts, and 27% said they spent most of their time dealing with false positives.
Heather Sweet
Application Lifecycle, Cybersecurity, DevSecOps
Implementing zero trust may seem daunting, but it is also an opportunity to integrate more secure coding practices into your software applications from the start. Zero-trust security assumes that all traffic on your internal network is potentially malicious. Consequently, it requires taking measures to:
Don Maclean
Cybersecurity, Federal Government
The rise in a remote workforce and use of cloud-enabled business applications equates to the browser essentially becoming our office, providing access to all necessary tools, data, and communications. Threat actors understand this paradigm shift and are now utilizing Highly Evasive Adaptive Threats (HEAT) to initiate ransomware, extortion ware, and other endpoint intrusions.
HEAT attacks are the next generation of cyber threats.
Menlo Security
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos
The digital landscape evolves fast, and attackers are even faster. New ways to attack systems and organizations appear every day, and traditional methods are starting to fall behind the times.
Highly Evasive Adaptive Threats (HEAT) are the newest step in the digital world for malicious attackers. These attacks are unlike anything security experts have seen before and lead to some of the most devastating breaches ever seen.
In this article, we’ll explain how HEAT attacks impact companies worldwide and how Menlo Security’s Isolation Core can help protect your organization.
Heather Sweet
Big Data & Analytics, Cybersecurity, Market Intelligence
In a recent webinar produced by Federal News Network, the Director of the Environmental Protection Agency (EPA)’s Office of Information Security and Privacy, Tonya Manning, detailed the state of the agency’s zero trust and data handling postures, as well as its latest priorities. We’ll spotlight several takeaways and look at what’s to likely come down the pike for the EPA in the coming months and years.
Zero Trust Architecture
Susanna Patten
Cloud Computing, Cybersecurity, Technology, Tips and How-Tos
The term "Integrated Management Workplace System" (IWMS) was first used by Gartner in 2004 to refer to a program that could manage and integrate all business and workplace requirements into a single, centralized solution. Since then, a number of solutions have emerged with the aim of bringing together various operational and organizational areas that had previously tended to operate in isolation from one another.
Heather Sweet
Cybersecurity, Federal Government, State & Local Government
This is the second post in the Threat-Based Methodology series. The first post introduced Threat-Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. That post concluded with a list of the top seven controls based on their Protection Value. This post will explore CM-6 in greater depth and explain how Devo supports the ability to meet this control.
John Allison
Cloud Computing, Cybersecurity, Technology
The development world has changed, and organizations are still adapting to developing in the cloud. Cloud native technology and containers are now at the forefront of software development, meaning that software no longer exists and operates locally. However, despite these quick advancements, cloud native application security still lags behind.
This article will cover how you should approach cloud native application security and why Snyk is the best solution for your needs.
Adam Fyffe
Cybersecurity, Education, Federal Government, State & Local Government
This three-part blog series will explore threat-based methodology and how it benefits every company with a network. The series leverages the analysis presented by the Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO) in conjunction with the National Institute of Standards and Technology (NIST).
John Allison
Cybersecurity, Federal Government, IT Infrastructure, Market Intelligence
The heightened threat of retaliatory cyberattacks by Russia against critical U.S. IT infrastructure is prompting federal investments in cybersecurity to strengthen its cyber defense posture. The ongoing conflict in the region and the increased targeting of critical infrastructure assets will cause federal agencies to look for ways to strengthen their cybersecurity posture and redefine requirements that address cyber breaches that may occur during the coming months and years as well as drive investments into Zero Trust related tools and threat intelligence.
Dawit Blackwell
Cloud Computing, Cybersecurity, Federal Government, IT Perspective
Over the last few years, the federal government has begun to embrace a zero trust approach as the new cybersecurity standard for agencies. Utilizing the latest solutions and best practices, the hope is to bolster federal cybersecurity and create a robust and resilient IT infrastructure that can protect and secure networks from attacks and breaches.
Kevin Tierney
Cloud Computing, Cybersecurity, IT Perspective, Technology
Last January, the Office of Management and Budget (OMB) released M-22-09, a memorandum that set forth the federal government strategy on zero trust adoption, in an effort to reinforce the security and protection of government agencies’ critical systems, networks, and IT infrastructures.
David Presgraves
Application Lifecycle, Cloud Computing, Cybersecurity, DevSecOps, Market Intelligence
"We are making progress. This really is not just about technology. This is about changing our processes changing our approach to delivering and operating technology to IT systems and our cyber mechanical warfare systems as we move forward," said Robert Vietmeyer, DoD Director for Cloud and Software Modernization.
Toan Le
Application Lifecycle, Big Data & Analytics, Cloud Computing, Cybersecurity, DevSecOps, IT Infrastructure
For the second year in a row, Gartner named IBM a Leader in Gartner Magic Quadrant for 2021 Cloud Database Management Systems based on its Ability to Execute and Completeness of Vision. With emergence of a single cloud DBMS market, We believe our portfolio of feature-rich, enterprise-tested offerings, bold acquisitions, and partnerships enable our clients to address the unique needs of their business, respond to the growing volume, velocity and variety of today’s data and drive more accurate data driven decisions.
Holly Vatter
Application Lifecycle, Big Data & Analytics, Cloud Computing, Cybersecurity, DevSecOps, IT Infrastructure
This week's roundup of the latest news and insights gathered from IBM's Government Research Institute thought leaders:
Michael J. Keegan
Cloud, Cloud Computing, Cybersecurity, Federal Government, Technology
As organizations adapt to hybrid work and more and more cloud services are deployed, new service entities that collaborate and exchange data without human interaction, such as virtual machines and containers, are proliferating. The growth of these service accounts and identities and their increasing volumes of permissions, privileges, and entitlements expose organizations to new attack vectors.
Kevin Tierney
Cybersecurity
Threat Intelligence Report Shows Massive Uptick in DDoS Attacks
NETSCOUT recently released its semi-annual Threat Intelligence Report with deep insights into the notably distributed denial-of-service (DDoS) and cyber activity during the second half of 2021. The report contains troves of valuable information about the ongoing threat posed to organizations across the public and private sectors, including government agencies and other public sector organizations.
Thomas Bienkowski
Cloud Computing, Cybersecurity, Federal Government
The Department of Defense (DoD) is taking major steps to boost cloud performance, with the promise of a tangible, positive impact on military missions throughout the world. Specifically, the Joint Warfighter Cloud Capability (JWCC) contract is replacing the Joint Enterprise Defense Infrastructure (JEDI) initiative, which was intended to establish enterprise-class cloud capabilities for the military community.
Carolyn Ford
Application Lifecycle, Cybersecurity, DevSecOps, Federal Government, IT Perspective, Technology
On the Tech Transforms podcast, sponsored by Dynatrace, we have talked to some of the most prominent influencers shaping critical government technology decisions. From supply chain to machine learning, this podcast explores the way technology advancement intersects with human needs.
In March 2022, we sat down with these government technology visionaries:
Carolyn Ford
Cybersecurity, Federal Government, State & Local Government, Tips and How-Tos
The Ukraine-Russia conflict began when the Russian military invaded Ukraine on February 24.
Yet the cybersecurity and cyber warfare elements of this conflict began before initial combat action. Ukraine was hit with numerous cyberattacks against its government and banking systems in the lead-up to the conflict, with experts blaming Russia for the cyberattacks. And within the first 48 hours, multiple U.S. agencies noted that cyberattacks from suspected hackers in Russia increased by over 800%.
Ron Iasaacson
Cloud Computing, Cybersecurity, DevSecOps, Market Intelligence
"Zero Trust is a cybersecurity strategy and framework that embeds IT security mechanisms throughout an architecture that generate metadata used to secure, manage, and monitor every device user, application, and network transaction at the perimeter and within every network enclave."
From the Department of Defense (DoD) Zero Trust Reference Architecture v1.0
Toan Le
Cloud Computing, Cybersecurity, Federal Government
There has been an increased focus among U.S. government agencies on adapting to modern IT environments and enhancing cybersecurity solutions. This increased focus on security government networks, data, and critical infrastructure is a result of ongoing digital transformation initiatives that are resulting in more mission-critical connected systems and more data for agencies to secure. It’s also a result of the increased number of cyberattacks and more sophisticated cyber-criminals that are targeting our nation’s networks.
Kevin Tierney
Cloud Computing, Cybersecurity, Market Intelligence, State & Local Government
If you have been looking for the right time to sell your technology product or service to the state, local and education (SLED) market, now is the time to act. With thirty-six states beginning their fiscal year on July 1st, now is the time to position yourself to take advantage of a confluence of once-in-a-lifetime conditions that have left the SLED market booming with opportunity. Here are some of the factors driving that opportunity:
New Leadership
Yvonne Maffia
Cybersecurity, Federal Government, Market Intelligence, News
Federal Pain Points and IT Requirements
The latest Federal Information Technology Acquisition Reform Act (FITARA) Scorecard, released in December 2021, highlights how federal agencies are faring across several areas related to IT modernization. The full breakdown from the scorecard is available here. These scorecards are useful to identify where government agencies are struggling and where they are doing well. Consequently, technology vendors and channel partners can use them as a guide for identifying what solutions their customers need.
Dawit Blackwell
Analytics & Data Science, Big Data & Analytics, Cloud Computing, Cybersecurity, Market Intelligence
The COVID-19 pandemic has spurned greater demand for health information technology (IT) by demonstrating the importance of having robust medical research, health surveillance and healthcare systems capable of rapidly responding to new and developing situations, something which requires strong IT investment in big data, cybersecurity and cloud. In addition, both the pandemic and emerging technologies have led to numerous changes within the healthcare industry, such as telehealth expansion and increased use of wearables, which necessitate robust health IT solutions.
Gabriel Zighelboim
Cybersecurity
Zero Trust is a concept gaining significant attention across the federal landscape. The idea isn’t new, and yet the notion of "never trust, always verify" is appearing more and more in memos, solicitations and other federal government announcements. For example, the Office of Management and Budget (OMB) released memo M-22-09, "Moving the U.S. Government Toward Zero Trust Cybersecurity Principles," in late January 2022.
Susanna Patten
Cybersecurity
In view of current events, the Cybersecurity Infrastructure Security Agency (CISA) has noted the increased likelihood of a cybersecurity breach. Their recommendations, listed below, speak mainly to the basics of cybersecurity: foundational practices and technology that protect every enterprise, in both the public and private sector. Below are the key elements (full details are here Shields Up | CISA):
Don Maclean
Cybersecurity
In a Department of Defense (DoD) Town Hall held on February 10, led by David McKeown, DoD’s Senior Information Security Officer and Deputy CISO, we heard some news about CMMC. Defense contractors holding Controlled Unclassified Information (CUI) will need a third-party assessment to obtain certification.
Don Maclean
Cloud Computing, Cybersecurity, Market Intelligence, State & Local Government
On December 8, 2021, the National Association of State Chief Information Officers (NASCIO) released its 2022 annual top 10 priorities list identifying the most pressing technology and policy issues that state CIOs are prioritizing for the upcoming year.
Yvonne Maffia
Cybersecurity, IT Infrastructure, State & Local Government
Adhering closely to the U.S. federal government’s top legislative priorities for 2022, state chief information officers (CIO’s) have once again ranked cybersecurity as their top priority for 2022, following an already established decade-long trend in this direction.
Yvonne Maffia
Business Applications, Cloud Computing, Cybersecurity, Market Intelligence
Recent signals by the U.S. federal government suggest that customer experience (CX), primarily citizen-facing services will receive attention and investment from funding sources like the Technology Modernization Fund (TMF). The initial $311 million awarded by the TMF primarily went to projects focused on cybersecurity in keeping with stated priorities and the prevalence of cybersecurity threats. From the beginning, however, TMF has emphasized CX projects that focus on how taxpayers engage with government services in secure digital environments.
Dawit Blackwell
Big Data & Analytics, Cybersecurity, Market Intelligence
President Joe Biden signed the National Defense Authorization Act (NDAA) for fiscal year 2022 (FY22) into law on December 27, 2021. It authorizes $770 billion in defense spending which is a 5% increase over last year. This marks 61 consecutive years that a bill received bipartisan support from congress (a display of agreement that has become increasingly rare for DC politics).
Toan Le
Big Data & Analytics, Cloud Computing, Cybersecurity
With another busy year behind us, it’s time to look ahead to fiscal year (FY) 2022. The official information technology (IT) budget request is $97B, a 4% increase over FY21, which would be a new record. Of course, those numbers undercount all the IT spending that goes unreported. Furthermore, remaining provisions in the American Rescue Plan, the Technology Modernization Fund and IT provisions in the Infrastructure Bill will represent additional pockets of opportunity worth billions for channel partners and technology vendors.
Lloyd McCoy
Cybersecurity
There are a variety of excellent reasons to use containers. They're more agile and consume fewer resources than virtual machines. They provide more flexibility and security than running applications directly on the OS. They are easy to orchestrate at massive scale using platforms like Kubernetes.
DLT Solutions
Cybersecurity
This time last year, the CrowdStrike Falcon OverWatch™ reported on mounting cyber threats facing organizations as they raced to adopt work-from-home practices and adapt to constraints imposed by the rapidly escalating COVID-19 crisis. Unfortunately, the 12 months that followed have offered little in the way of reprieve for defenders. The past year has been marked by some of the most significant and widespread cyberattacks the world has seen.
DLT Solutions
Cybersecurity
Zero Trust is an approach to network security which assumes that just because something is on your network, doesn’t necessarily mean it is trustworthy. Zero Trust allows organizations to apply security controls to network traffic within the perimeter, not just at the edge.
DLT Solutions
Cybersecurity
Current IT modernization initiatives are challenging federal agencies to implement significant changes to their infrastructure at a breakneck pace. As they look to keep pace with an increasingly sophisticated cyber threat environment and accommodate workflows shifting to the cloud, the federal government is looking to zero trust as a solution. Zero trust is a security model that maintains secure access to data and applications based on dynamic security policies reacting to access request specifics, as opposed to the network from where access originates.
Asad Zaman