Is IoT a Superhero or Villain?

The Internet of Things (IoT) is made up of webcams, sensors, thermostats, microphones, speakers, cars, and even stuffed animals. All of these connected devices can help individuals and organizations stay connected across geographic distances, keeping tabs on and managing assets from miles away. The data they collect can be combined with other data sets to create actionable advice for better management and service.

This holds incredible promise for local governments and federal agencies charged with maintaining safe operating fleets and facilities. There's also the application for improving the routing of field technicians as well as traffic flow in general. But, as every superhero knows, with great power comes great responsibility.

As with any technology, IoT standards need to be developed for effective and safe use as well as to enable interoperability. NIST has been working on defining standards and recently released Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, but no federal agency is currently claiming jurisdiction over IoT policy and rule-making. In this vacuum, the legislative branch is getting involved. This past November, the House passed the SMART IoT Act that tasks the Department of Commerce with studying the current U.S. IoT industry. A Senate bill was introduced to manage what types of IoT devices the government can purchase, ensuring that all IoT tech in government is patchable and has changeable passwords. Finally, states are even weighing in on the proper use of IoT in government. California passed the first IoT cybersecurity law, making device manufacturers ensure their devices have "reasonable" security features. Continue reading

The Face in the Machine: Facial Recognition Application in Government

When your grandma is using her face to unlock her iPhone, you know a technology has gone mainstream. Facial Recognition "is a biometric software application capable of uniquely identifying or verifying a person by comparing and analyzing patterns based on the person's facial contours." In the last four years, there has been a jump in the use of the technology as vendors have begun to use convolutional neural networks (CNN), a deep learning methodology and algorithms, for model training. A National Institute of Standards and Technology test of vendors in 2018 showed a 95% reduction in error rate compared to a similar test completed in 2014. Applications of facial recognition in government include security (access to devices, data, and physical locations), law enforcement (matching video footage of a crime to a database of suspects), and identity verification for travel.

While the technology has come a long way, many argue it still has a way to go before it can be used widely in areas as critical as criminal justice and security. There are calls for regulation by the FTC and other federal entities. While there are accuracy benchmarks that vendors must pass to be used in government, in many cases, the groups used in benchmarks are not as diverse as those that the system will interact with once fielded. Regulation proponents argue that much of the facial recognition technology was designed with the majority of subjects being white males. When the system faces (pun intended) women with dark skin, the accuracy they promise plummets significantly.

With these challenges both in technology and policy, there are a number of events to help sort out the next steps in introducing facial recognition. Continue reading

CDM Hits Phase Three: Determining What is Happening on the Network

The Continuous Diagnostics and Mitigation (CDM) program, led by the Department of Homeland Security, was designed to fortify the cybersecurity of government networks and systems with capabilities and tools that identify risks on an ongoing basis, prioritize these risks based on potential impacts, and enable personnel to mitigate the most significant problems first. The program was rolled out in phases with phases one and two pretty much complete across government.

Now that agencies know what and who is on their network, they need to move onto phase three - what is happening on the network. This involves installing and managing the network and perimeter security measures. Given that the perimeter now includes mobile devices, securing those devices and the way they access the network is critical to meeting CDM goals. Currently,agencies are mapping out mobile connections at the agency level, and the networks with which agencies are regularly interacting.

Continue reading

FedRAMP’s Ongoing Evolution

The Federal Risk and Automation Management Program, commonly known as FedRAMP, was introduced in 2010 and signed into policy at the end of 2011 as a "standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services." In plain English, it provides a baseline for agencies to determine if a cloud solution is secure enough for them to use. Vendors get FedRAMP certified as a way to prove their solution is ready to plug and play into federal systems.

In recent years, cloud has moved from a curiosity for most agencies to a key part of IT infrastructure. With this change in cloud acceptance and use, FedRAMP has also started to evolve to meet today's needs. Last summer, Rep. Gerry Connolly introduced the FedRAMP Reform Act of 2018 as a more stringent enforcement of the use of FedRAMP guidance. Continue reading

Events On-Demand

We're living in an on-demand world - streaming video, same day delivery, peer-to-peer sharing, and more - and events have also adapted to consumer desire for content where and when they want it.

On-demand events tend to be in a webinar format - an educational, one directional presentation. While these events may lack the networking component of live (and even some live streamed) events, they are a great option for learning and training, providing just-in-time information. Continue reading