State and Local Governments Building Trust with Transparency

Citizens typically report more trust in state and local governments than in the federal government, but that does not mean that there is no work to be done on improving citizen experience and trust. A recent study found that about 45% of Americans have a less-than-favorable view of the trustworthiness of local governments. This number has become worse since 2017, when only 40% expressed a less than favorable outlook.

Key to building trust is transparency--showing the work being done, the reasons decisions were made, as well as the process for obtaining services from government. With more and more government services moving online, it would seem that this transparency would be easier than ever to provide, but in fact, the digitization of government can often have the opposite effect. Continue reading

A Cloudy Forecast for Government

The need for cloud computing has moved beyond simple cost-saving calculations. The elasticity and scalability of cloud meet the demands citizens have for digital services to be efficient and personalized. Cloud is also critical for AI adoption, providing the processing power needed to facilitate the training and use of AI models.

Government Moves to Mostly Cloudy

Based on these capabilities, the use of cloud is increasing. A recent Government Accountability Office (GAO) study found that the use of the Federal Risk and Authorization Management Program (FedRAMP) increased by about 60% between July 2019 and April 2023. Continue reading

The Changing Identity of Identity Management

A key element of the move to zero trust is the use of "strong multi-factor authentication (MFA) throughout their enterprise." While identity management has been indicated by many as the "low hanging fruit" of a zero-trust journey, it is by no means easy. In fact, recent guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) called it "notoriously difficult."

Key challenges to implementing MFA include:

  • Lack of standards - the CISA/NSA guidance pointed to confusion over MFA terminology and vague policy instructions as primary challenges to implementing more secure access. A joint committee of European Union (EU) and U.S. experts addressed this same issue in the Digital Identity Mapping Exercise Report, which aimed to define specific digital identity technical terminology. For example, the group found some definitions, such as "authoritative source" and "authentication factor," are identical between the U.S. and EU, whereas others, like "identity" and "signature," remain only partially matched.
  • Phishing - bad actors do not always hack the system; they hack the process, gaining entry through social-engineering tactics that grow more sophisticated by the day. The CISA/NSA report called on the vendor community to provide MFA services with additional investments and greater defenses against sophisticated attacks.
  • Rise of Generative AI - The Department of Homeland Security (DHS) is working to ensure technologies can determine if a submitted image is legitimate or a hacker's spoof. This "liveness detection" is needed to ensure that a submitted selfie is really a photo of a person, not a mask, photo of a photo, or other technique to try to get past the check.

Continue reading

No Degree? No Problem. The Changing Landscape for Government Job Seekers

There are nearly 200,000 job openings across the federal government. Within those openings, a large percentage are in the areas of Cybersecurity and Artificial Intelligence (AI). Building the workforce in these relatively new disciplines is forcing a new look at traditional requirements for careers in government.

The practice of skills-based hiring is gaining traction in government as a way to fill these important vacancies with a more diverse set of talent. Skill-based hiring involves looking beyond degrees and certifications and identifying candidates' skills that are applicable to the role. For example, a person may not have a computer science degree, but they have worked extensively with a key programming language or system in previous roles.

Uncovering Skills Not Experience

A candidate could have great experience. A four-year degree from a prestigious school. Past work with brand-name companies. But if you really dig in, you may find they don't actually possess the skills needed to get the job done. Continue reading

FITARA Goes to the Cloud, Grades Come Down to the Ground

The 17th edition of the Federal Information Technology Acquisition Reform Act (FITARA) scorecard featured a revamped list of measurements to illustrate federal agency progress against current modernization goals. This latest scorecard introduced two new categories - Cloud Computing and CIO Investment Evaluation - while dropping the measurement of compliance with data center modernization, something all agencies have completed.

This reshuffling of measurement criteria resulted in lower grades for 11 agencies. Twelve agencies saw their grades unchanged. The Department of Defense (DoD) was the sole group earning a higher grade, rising from a C to a B. These drops are not necessarily a concerning indicator, but rather a re-baselining of where agencies stand in terms of modern digital government goals. Continue reading