The annual Federal Information Security Modernization Act (FISMA) report was delivered to Congress in May and contained encouraging news. The report, tracking agencies' ability to meet the guidelines set forth in FISMA, showed that there were 8% fewer cybersecurity incidents across government in fiscal year 2019. Additionally, the report showed that 73 agencies meet the highest FISMA rating, up from 62 in 2018.
All of this improvement comes at a time when more attacks are being carried out against agencies and those attacks are becoming more and more sophisticated. The government's ability to stay ahead of the increasing attack vectors can be attributed to compliance with federal regulations and mandates including Continuous Diagnostics and Mitigation program and the National Cybersecurity Protection System.
Additionally, a focus on educating federal employees about spear phishing, the practice of sending emails that look like they are coming from a known or trusted sender to intice targeted individuals to reveal confidential information, has also paid off. The report showed that the U.S. Department of State, U.S. Department of Health and Human Services, and the U.S. Department of Commerce had the largest reduction in phishing-related security incidents via email. Fittingly, the Department of Education earned a proverbial gold star, reporting zero phishing incidents. They attributed this success to employing "increasingly complex phishing scenarios" to improve spam filtering and implementing anti-phishing policies with their email provider. Continue reading →
The Federal Risk and Automation Management Program, more widely known as FedRAMP, was put in place in 2011 to create a standardized approach to evaluating the security controls of cloud solutions for government use. For nearly a decade, FedRAMP has continually evolved to keep up with the growing availability of and demand for cloud solutions. In fact, the number of authorizations granted between 2016 and 2018 increased roughly 33% year over year.
With this in mind, the latest modernization of FedRAMP may be coming via the FedRAMP Authorization Act of 2019, which would expedite the approval process. Of particular interest is language in the bill that introduces the "presumption of adequacy." This means that once a cloud vendor is authorized through the FedRAMP process with one agency, it is cleared to work with other agencies under that initial authorization. The legislation also formalizes roles and responsibilities, designating the Office of Management and Budget as responsible for FedRAMP policy and making the General Services Administration in charge of day-to-day implementation. Finally, the bill stipulates metrics to track the implementation of the program.
Further influencing the demands on FedRAMP is the quick surge of support for flexible cloud solutions to enable telework environments amid the COVID-19 response. These developments may have a significant impact moving forward. While private industry is stepping up and offering technology for free to help secure public health and safety, the federal government must still look to FedRAMP guidance in utilizing cloud solutions. Today, more than ever, a quick and efficient approval process is essential.
From military missions to public safety applications to infrastructure inspections, drones have many applications across government. While the technology is ready for all of these applications (and more), there are complex regulatory and legal issues that are holding up their widespread use. These issues include airspace regulations (for the safety of manned and unmanned flights), privacy concerns (related to on-board cameras), and cybersecurity concerns.
While these issues are being discussed in the courts and across regulatory bodies, state and federal level agencies are taking steps to integrate drone usage into their processes. For federal agencies, drones are available on the GSA Schedule. State and local organizations are piloting a drone-as-a-service model that allows groups to use drones for specific-use cases without having to invest in the purchase and maintenance of the hardware.
There are a number of upcoming events that address both the technology and the policies that impact current and future drone usage. Continue reading →
The U.S. Department of the Treasury is the steward of U.S. economic and financial systems, and is responsible for maintaining the nation's financial infrastructure. This includes the production of currency, the disbursement of payments to the American public, revenue collection, and the borrowing of funds necessary to run the federal government. The most familiar agency within Treasury may also be the most dreaded, the Internal Revenue Service (IRS). With tax time approaching, we thought it was a good time to look at the challenges and focus of the Treasury.
Cybercrime - The Treasury has always been focused on preventing fraud related to currency and tax evasion, but much like the Department of Defense has recognized cyberspace as a new battlefield. Treasury is now focusing on the Internet as the primary stage for money-related crimes. The speed at which crimes are carried out online require new techniques and tools. The use of cryptocurrencies to mask criminal behavior is also a huge focus of the Treasury's investigative departments.
Cloud - Like the Intelligence community, Treasury is looking to develop a cloud solution that meets the unique security needs of its mission while delivering on the efficiencies of the on-demand nature of cloud. The Department is developing a proposal for "T-Cloud," an enterprise wide suite of cloud and professional services across multiple providers. The goal to is award this contract and get it implemented by 2022.
Citizen Experience - The IRS may be one of the most visible government agencies as citizens interact with them at least once a year. With their high touch with the public, the IRS has been a leader in redefining what customer service means in government. In fiscal 2018, 90% of customers were satisfied with their service via phone or a tax assistance center. This does not mean the work is done. A recent report gave the IRS a C+ on its use of language, saying the agency needs to make their web content more user-friendly using Plain Language
For those working at or supporting the Treasury, there are several upcoming events that can help bring these challenges and their solutions into focus.
With the government fiscal year starting in October, our Federal government gets a head start on their New Year's resolutions. As we launch into a new year--a new decade, even--we wanted to take a quick look at government technology priorities for 2020 and beyond.
Cybersecurity - In the past decade security has transitioned from a stand-alone technology that had to be added to planning and systems, to a utility-type service that is baked into every piece of technology deployed within government. This fall, Federal CIO, Suzette Kent shared her focus areas for the next year (and beyond) to include cross-agency information sharing, improved identity management, and increased workforce cybersecurity literacy.
Reskilling - The introduction of automation into administrative functions is driving a need for employees to be re-skilled. While machines are not taking over the jobs of humans, they are improving efficiency in many roles, freeing up time for people to take on more complex (and frankly, more interesting and more important) roles within an organization. Continue reading →