Twitter: @Kerry_Rea | LinkedIn: www.linkedin.com/in/kerryrea/
I am a business and marketing professional with an extensive background in company start-ups. I have 20+ years direct experience in the information technology, government, franchise, and construction industries. Having a passion for business, I love brainstorming, collaborating and strategizing on the best ways to achieve our clients' and partners' business objectives.
The annual Federal Information Security Modernization Act (FISMA) report was delivered to Congress in May and contained encouraging news. The report, tracking agencies' ability to meet the guidelines set forth in FISMA, showed that there were 8% fewer cybersecurity incidents across government in fiscal year 2019. Additionally, the report showed that 73 agencies meet the highest FISMA rating, up from 62 in 2018.
All of this improvement comes at a time when more attacks are being carried out against agencies and those attacks are becoming more and more sophisticated. The government's ability to stay ahead of the increasing attack vectors can be attributed to compliance with federal regulations and mandates including Continuous Diagnostics and Mitigation program and the National Cybersecurity Protection System.
Additionally, a focus on educating federal employees about spear phishing, the practice of sending emails that look like they are coming from a known or trusted sender to intice targeted individuals to reveal confidential information, has also paid off. The report showed that the U.S. Department of State, U.S. Department of Health and Human Services, and the U.S. Department of Commerce had the largest reduction in phishing-related security incidents via email. Fittingly, the Department of Education earned a proverbial gold star, reporting zero phishing incidents. They attributed this success to employing "increasingly complex phishing scenarios" to improve spam filtering and implementing anti-phishing policies with their email provider. Continue reading →
At the beginning of 2020, the idea that the vast majority of the federal workforce would be working from home seemed like a remote (pun intended) reality. However, due to shelter-in-place orders across the U.S. this spring, much of the public sector work was being done from kitchen tables, guest bedrooms, and home offices. This fast pivot to remote work left agencies scrambling to get devices to employees now separated from their desks, develop reliable and secure connections to enterprise systems and applications, and re-engineer decades-old processes to accommodate fully virtual teams. Some examples include:
The Department of Homeland Security (DHS) created a workaround to give employees access to systems when they could not use their PIV card. An alternative credential process was created in under a month, enabling DHS to issue credentials that included logical access tokens to give employees and contractors access to DHS networks only. Unlike a PIV card, this credentialing system doesn't have the employee or contractor's photo ID or allow physical access to a DHS building.
We've covered how government procurement is evolving to meet the way agencies implement and consume technology. From agencies' use of public cloud platforms to agile development methodologies, old acquisition methods are unable to keep up with the pace and process required by modernization and digital transformation goals across government. In fact, the Modernizing Government Technology (MGT) Act was implemented to allocate funds specifically for the update of legacy IT systems to help agencies improve service delivery to the public, secure sensitive data and systems, and increase efficiency. To meet these mandates, procurement processes and technology have to change to be more in tune with the digital transformations happening at the operational level.
State and local agencies are home to some of the most innovative ideas in government. Their use of artificial intelligence (AI) is no exception. Localities are embracing AI as a way to make sense of all the data they hold to better understand how citizens are using their services and where gaps may exist. A survey from the National Association of State Chief Information Officers (NASCIO) released in the fall of 2019 found that 32% of those surveyed "strongly agreed" that AI and related technologies can help them meet citizen demands and improve operations. Specifically, the survey found that nearly 50% of respondents planned to use AI as a way to shift workers away from rote tasks and toward high-value activities.
Taking a look around the country, we see some interesting applications of AI at the state and local level.
The Federal Risk and Automation Management Program, more widely known as FedRAMP, was put in place in 2011 to create a standardized approach to evaluating the security controls of cloud solutions for government use. For nearly a decade, FedRAMP has continually evolved to keep up with the growing availability of and demand for cloud solutions. In fact, the number of authorizations granted between 2016 and 2018 increased roughly 33% year over year.
With this in mind, the latest modernization of FedRAMP may be coming via the FedRAMP Authorization Act of 2019, which would expedite the approval process. Of particular interest is language in the bill that introduces the "presumption of adequacy." This means that once a cloud vendor is authorized through the FedRAMP process with one agency, it is cleared to work with other agencies under that initial authorization. The legislation also formalizes roles and responsibilities, designating the Office of Management and Budget as responsible for FedRAMP policy and making the General Services Administration in charge of day-to-day implementation. Finally, the bill stipulates metrics to track the implementation of the program.
Further influencing the demands on FedRAMP is the quick surge of support for flexible cloud solutions to enable telework environments amid the COVID-19 response. These developments may have a significant impact moving forward. While private industry is stepping up and offering technology for free to help secure public health and safety, the federal government must still look to FedRAMP guidance in utilizing cloud solutions. Today, more than ever, a quick and efficient approval process is essential.