In today’s interconnected digital landscape, application programming interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between various applications and systems. However, with this increased connectivity comes heightened security risks, particularly concerning the protection of sensitive data in those APIs. One of the most notorious examples of API risk is the Cambridge Analytica scandal in the...

Mobile devices are a way of life today – including for government agencies. They are ubiquitous, and many agencies have embraced a bring-your-own-device (BYOD) policy that allows employees to use their own. But they have become a rapidly growing target for bad actors – so much so that BYOD could mean “bring your own danger.” For example, in February, SC Magazine reported a phishing campaign targeting the Federal Communi...

The long-term effects of the pandemic continue to push agencies to accelerate IT modernization and move from owning their own on-site data centers to hybrid and multi-cloud architectures. The pandemic spurred greater customer demand for digital services, while employees adapted quickly to working from home. These trends, in turn, heightened the stakes for cybersecurity that protects the endpoints and strengthens data security – part of t...

Cyberattacks against organizations are now often using what might be considered a “bank shot” – planting malicious code in software components before they are used in products. When coders draw upon software libraries, whether open source or proprietary, to build new applications, they unwittingly include the malware. This is a less conspicuous method that threatens the software supply chain and harms organizations’ wil...

The Office of Management and Budget issued its guidance in January on meeting the requirements for agency networks to implement a zero trust architecture strategy. The purpose of the mandate is to defend against sophisticated penetrations by adversaries, whether nation-states or criminals, and it emphasized that identity management and access controls are key components. Taken together, identity and access controls mean that privileged access...

A year ago this April 15th, the world watched in horror as fire raged at Notre Dame Cathedral in Paris. When the soaring spire atop the cathedral tipped and then collapsed into the flames, fears grew at whether Notre Dame could survive. Thankfully, the efforts and strategic thinking of the brave women and men of the Paris fire brigade, which kept the fire from overtaking the church’s two towers, enabled the main structure to be saved, al...

The global supply chain provides the opportunity for significant benefits to government, including lower costs, interoperability, rapid innovation, and a variety of product features and options. However, this also enables opportunities for adversaries to affect the management and operations of government agencies, resulting in risks such as counterfeit parts, unauthorized production, tampering, theft, or insertion of malicious software, as wel...

Our nation’s preparedness against chemical, biological, radiological, nuclear and explosive threats (CBRNE) hinges on improved threat awareness, advanced surveillance and detection, and responsive countermeasures. This video webinar will explore awareness, prevention, preparedness and response to CBRNE and how agencies are working together for the protection of life, health, property and commerce. Learning Objectives Define the strategie...

The mission of the Transportation Security Administration is a weighty one: in the wake of September 11, the agency was created to protect the nation’s transportation systems, ensuring freedom of movement for people and commerce while providing the most effective transportation security in the most efficient way as a high performing counter-terrorism organization. Since 2014, TSA’s Office of the Chief Risk Officer has been implemen...

Cyber Resilience: Leveraging Real-Time Analytics and Continuous Monitoring The administration underscored the importance of combating sophisticated or advanced cyber intruders by establishing FISMA priorities, #1 of which is continuous monitoring. The proposed federal IT budget for 2014 devotes more than $13 billion to cybersecurity programs, with $300 million in new funding for continuous monitoring as mandated by OMB and FISMA reporting requ...