Category Archives: Event News Articles

Event News Articles on GovEvents Blog includes editorials directly pertaining to Government & Military Event News.

Support for Zero Trust Transitions Continues to Grow

Posted on by

Passwords, encryption, firewalls, VPNs, and two-factor authentication were all novel approaches to securing information held in IT systems. In just three years, zero trust is emerging as the next key security practice to become "table stakes" for government systems. The move to zero trust is not without challenges, but agencies are finding support in newly created offices and cutting-edge technology for meeting the critical need to constantly authenticate and authorize users on a given system.

Top-Down Support

A number of formalized zero-trust programs, offices, and guidance have become part of the landscape of government to support the mandated journey to zero trust. The NIST Zero Trust Framework, the Federal Zero Trust Strategy, and Cybersecurity and Infrastructure Security Agency's (CISA) Zero Trust Maturity Model started agencies down the path. Recently, CISA opened the Zero Trust Initiative Office to help agencies move through their maturity model with training, resources, and opportunities to collaborate with peers. The office will set metrics and benchmarks to track agency progress toward zero-trust maturity and will provide a community of practice for agency zero-trust leaders to connect and share best practices. Continue reading

State and Local Governments Building Trust with Transparency

Posted on by

Citizens typically report more trust in state and local governments than in the federal government, but that does not mean that there is no work to be done on improving citizen experience and trust. A recent study found that about 45% of Americans have a less-than-favorable view of the trustworthiness of local governments. This number has become worse since 2017, when only 40% expressed a less than favorable outlook.

Key to building trust is transparency--showing the work being done, the reasons decisions were made, as well as the process for obtaining services from government. With more and more government services moving online, it would seem that this transparency would be easier than ever to provide, but in fact, the digitization of government can often have the opposite effect. Continue reading

A Cloudy Forecast for Government

Posted on by

The need for cloud computing has moved beyond simple cost-saving calculations. The elasticity and scalability of cloud meet the demands citizens have for digital services to be efficient and personalized. Cloud is also critical for AI adoption, providing the processing power needed to facilitate the training and use of AI models.

Government Moves to Mostly Cloudy

Based on these capabilities, the use of cloud is increasing. A recent Government Accountability Office (GAO) study found that the use of the Federal Risk and Authorization Management Program (FedRAMP) increased by about 60% between July 2019 and April 2023. Continue reading

The Changing Identity of Identity Management

Posted on by

A key element of the move to zero trust is the use of "strong multi-factor authentication (MFA) throughout their enterprise." While identity management has been indicated by many as the "low hanging fruit" of a zero-trust journey, it is by no means easy. In fact, recent guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) called it "notoriously difficult."

Key challenges to implementing MFA include:

  • Lack of standards - the CISA/NSA guidance pointed to confusion over MFA terminology and vague policy instructions as primary challenges to implementing more secure access. A joint committee of European Union (EU) and U.S. experts addressed this same issue in the Digital Identity Mapping Exercise Report, which aimed to define specific digital identity technical terminology. For example, the group found some definitions, such as "authoritative source" and "authentication factor," are identical between the U.S. and EU, whereas others, like "identity" and "signature," remain only partially matched.
  • Phishing - bad actors do not always hack the system; they hack the process, gaining entry through social-engineering tactics that grow more sophisticated by the day. The CISA/NSA report called on the vendor community to provide MFA services with additional investments and greater defenses against sophisticated attacks.
  • Rise of Generative AI - The Department of Homeland Security (DHS) is working to ensure technologies can determine if a submitted image is legitimate or a hacker's spoof. This "liveness detection" is needed to ensure that a submitted selfie is really a photo of a person, not a mask, photo of a photo, or other technique to try to get past the check.

Continue reading

No Degree? No Problem. The Changing Landscape for Government Job Seekers

Posted on by

There are nearly 200,000 job openings across the federal government. Within those openings, a large percentage are in the areas of Cybersecurity and Artificial Intelligence (AI). Building the workforce in these relatively new disciplines is forcing a new look at traditional requirements for careers in government.

The practice of skills-based hiring is gaining traction in government as a way to fill these important vacancies with a more diverse set of talent. Skill-based hiring involves looking beyond degrees and certifications and identifying candidates' skills that are applicable to the role. For example, a person may not have a computer science degree, but they have worked extensively with a key programming language or system in previous roles.

Uncovering Skills Not Experience

A candidate could have great experience. A four-year degree from a prestigious school. Past work with brand-name companies. But if you really dig in, you may find they don't actually possess the skills needed to get the job done. Continue reading