Category Archives: Contributing Authors

GovEvents Blog Contributors

19 Actionable Steps to Protect Online Privacy – Part 2 of 4

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

what a VPN does for your online privacy

Online privacy is a topic that grows in importance every single year. With more and more web services, connected apps, and even home assistant devices that are gaining in popularity, it's now more crucial than ever to understand what the dangers to your online privacy are and how to protect it consciously.

This online privacy guide is all about that.

Here are 19 actionable steps to help you remain anonymous on the web and protect your online privacy. No sophisticated computer knowledge required. Continue reading

19 Actionable Steps to Protect Online Privacy – Part 1 of 4

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

Online privacy is a topic that grows in importance every single year. With more and more web services, connected apps, and even home assistant devices that are gaining in popularity, this online privacy guide is all about that.

Here are the first of 19 actionable steps to help you remain anonymous on the web and protect your online privacy.

No sophisticated computer knowledge required.

1. Use the privacy/incognito mode

All current versions of web browsers like Chrome, Firefox, Opera come with a privacy mode.

For example, in Chrome, if you press CMD+SHIFT+N (Mac) or CTRL+SHIFT+N (Win), you will open a new tab in privacy mode. In that mode, the browser doesn't store any data at all from the current session. This means no web history, no web cache, no cookies, nothing at all.

Use this mode whenever doing anything that you'd prefer remain private and not able to be retrieved at a later date on the device that you're using.

However! Let's make it clear that privacy modes don't make the connection more secure in any way. They just make it private in relation to your own device - meaning, they make it private on your end only.

(Privacy modes are also available in mobile browsers.) Continue reading

Opening Public Services to Artificial Intelligence Assistants

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

"Hey, Computer, how do I access my public services?"

Citizens will soon be able to ask their Intelligent Personal Assistants (IPA) this question through an Emerging Citizen Technology open-sourced pilot program. The purpose of the initiative is to guide dozens of federal programs make public service information available through automated, self-service platforms for the home and office such as Amazon Alexa, Google Assistant, Microsoft Cortana and Facebook Messenger.

Last week, participants from more than a dozen federal agencies, both in D.C. and virtually around the country, joined to create prototypes using open data for AI Personal Assistants like voice-activated assistants, chatbots, intelligent websites and automated call centers.

The teams worked side-by-side with Google, Amazon, Microsoft, Facebook, Oracle, MITRE and Dcode42 to collaborate on ways to help citizens get information they might need faster and more efficiently.

The U.S. Federal AI Personal Assistant Pilot, part of the new Emerging Citizen Technology Program, is combining the most advanced technology from U.S. businesses with existing data to make public services more accessible. Almost three dozen federal agencies stepped forward to participate in the pilot, along with U.S. businesses who are industry leaders, entrepreneurs and startups who have never worked with government before.

The hackathon far exceeded our intended outcomes, with more than a dozen proofs of concepts developed in D.C. and among teams in Chicago, San Francisco and other regional federal offices.

Here are a few examples of the prototypes that were created:

  • A tornado alert and information service from National Oceanic and Atmospheric Administration.
  • Career center resources for the American workforce from the Department of Labor.
  • A unified self-service chatbot for programs from nine different agencies, including U.S. Small Business Administration licenses, Internal Revenue Service tax credits, U.S. Forest Service park permits, and Department of Health and Human Services benefits.

We are planning a new event at the U.S. General Services Administration Central Office next month that will showcase proofs of concepts developed by federal agencies and U.S. businesses. We will also open a new roadmap and suite of shared resources for all public services to use to effectively and efficiently evaluate and pursue adoption of intelligent personal assistants.

GSA's Emerging Citizen Technology Program unites federal agencies across government through pilot programs and collaborative Communities to develop the shared resources needed to efficiently and compliantly adopt emerging technologies for which agencies identify business cases but no guidance or inadequate resources may exist, including Artificial Intelligence for Citizen Services, Blockchain, Virtual/Augmented Reality, and Social Technology.

View original post on DigitalGov

Time to Get Serious About Federal Government Cybersecurity

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

It is generally accepted that, as the National Institute for Standards and Technology points out, cybersecurity threats exploit the increased complexity and connectivity of our critical infrastructure systems and can potentially place the nation's security, economy, and public safety and health at risk. Like financial and reputational risk, cybersecurity risk affects the bottom line of both companies and nation-states. It can drive up costs and impact revenue. It can harm the ability to innovate and to gain and maintain customers, as well as make it difficult to meet the needs of citizens.

To address these risks, President Obama issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," on Feb. 12, 2013. According to the Department of Homeland Security, this executive order directed the executive branch to do five things: develop a technology-neutral voluntary cybersecurity framework; promote and incentivize the adoption of cybersecurity practices; increase the volume, timeliness, and quality of cyber threat information sharing; incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure; and explore the use of existing regulation to promote cybersecurity.

Almost exactly one year later, a cyber intrusion began at the United States Office of Personal Management. This intrusion went undetected for 13 months. As the Wall Street Journal, U.S. News & World Report and other media reports noted, this intrusion was described by Federal officials as among the largest breaches of government data in the history of the United States. Information targeted in the breach included personally identifiable information, such as Social Security numbers, as well as names, dates, places of birth, and addresses. The hack even involved the theft of detailed security clearance-related background information, including more than 5.6 million sets of fingerprints.

Clearly, EO 13636 was insufficient to prevent a major cybersecurity event.

Less than a month ago, President Trump signed a new executive order, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure," designed to protect American innovation and values. This new executive order, which reflects considerable analysis, opens with four findings: that the executive branch has for too long accepted antiquated and difficult-to-defend IT; that effective risk management involves more than just protecting IT and data currently in place; that known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies; and that effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy, and human resources.

The executive order goes on to explicitly hold agency heads accountable to the president for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data. It also mandates the use of the rigorous and recently revised Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology that EO 13636 deemed voluntary.

Will this new executive order make a difference? The answer may rest in the implementation and enforcement of the order. With parallel progress in both pattern recognition algorithms and microelectronic technology, machine learning and artificial intelligence can likely already bridge the gap between the enormous volume of government intelligence data and people capable of analyzing it, as Jason Matheny, Director of the Intelligence Advance Research Project Agency, has forecast. IBM's Watson, for example, can understand all forms of data, interact naturally with people, and learn and reason at scale. Accordingly, the compromise of even sensitive but unclassified information when analyzed by sophisticated means could enable perpetrators to "connect the dots" and jeopardize national security.

In this environment, will "mistakes" or negligence leading to compromised information be tolerated or will they be dealt with severely? Will agency heads be held accountable or will they get a pass? Will "antiquated and difficult-to-defend IT" be tolerated or will rigorous processes and modern applications, like layered security, limitations within network security, encryption of data at rest and in motion, and policy engines used in conjunction with access restriction and auditing software be mandated, implemented, and audited?

The answers will be revealed over the next weeks and months.

The challenge is clear--a well-thought-out and rigorous policy for Federal government cybersecurity is in place, now it must be implemented and enforced. Time is not on our side; the next hack or the next serious incident due to the negligence of a government employee or contractor could happen tomorrow or the next day. It is time to get serious about Federal government cybersecurity.

View original post on MeriTalk

Trump signs cyber EO promoting IT modernization, shared services

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

Agencies should no longer be on an island when it comes to cybersecurity. The White House is requiring agencies to take an enterprise approach to cyber risk assessment and mitigation, and stop protecting their networks and data as if their efforts don't impact their fellow departments.

President Donald Trump signed the much anticipated and long-waited executive order refocusing the federal cybersecurity efforts around three broad categories:

  • Protecting federal networks
  • Protecting critical infrastructure
  • Securing the nation through deterrence, international cooperation and the workforce.

Continue reading