A Look Back at the Decade: Government Tech Edition

With the closing of the decade, we thought it would be interesting to look back at the top technology headlines of 2009 and compare them to where the market is today.

Data on the Rise

Big news was the launch of data.gov in late May of 2009. The site was championed by the country's first Federal CTO, Vivek Kundra, as a way to enable citizens to access federal data. In addition to making the government more transparent, the hope was that private sector could use the massive amount of federal data in research and to create innovative programs and solutions. The site launched with 47 data sets and as of the last reporting (June 2017) it now holds approximately 200,000 datasets, representing about 10 million data resources. Beyond these numbers, data.gov's impact has been significant.

Thousands of programs can point to the site as the basis for their development. More importantly, it launched a new way of thinking in government. Agencies stopped being as territorial about their data and slowly but surely became more open to sharing it with one another and with the public as they saw what innovation can happen with simple access. In 2019, the vision of data.gov expanded with the Open, Public, Electronic and Necessary Government Data Act, requiring that nonsensitive government data be made available in machine-readable, open formats by default.

Cloud First to Cloud Smart

In 2009 the Obama administration established the Cloud-First mandate that changed the way agencies looked at acquiring and modernizing their systems. Each agency had to look first to a cloud solution to see if it fit their needs better than a traditional on-premise or hardware-based solution. Email and communication applications were some of the earliest systems moved to the cloud.

While there were many concerns about the security of cloud, acquisition processes proved to also be a huge stumbling block. Because of the consumption model of cloud, traditional procurement language and processes did not "fit" this new technology. The FAA was an early cloud adopter finding a way to acquire and manage cloud solutions for security, capacity, and application performance.

With minds open to cloud and administrative barriers removed, the government has moved from Cloud-First to Cloud-Smart, an evolution we've covered here on the blog.

Cybersecurity in Focus

President Obama issued a national cyber policy review in May 2009 that included 24 recommendations, including the need for a national cyber coordinator. Hiring for this position proved problematic and delayed the implementation of many of the recommendations by a year or more. Once the building blocks were in place, the government has spent the last 10 years getting organized around cyber defense and strengthening the nation's cybersecurity posture.

We've written here about the progress of the Continuous Diagnostic Mitigation (CDM) Program moving the government from identifying who and what was on their networks (and subsequently cleaning and tightening them up) to better reporting and proactivity related to cyber threats and incidents.

These are only three areas that have changed drastically in the last 10 years. There's also of course the rise of mobile and apps, the continued focus on improving government "customer" service, and the application of technology in the healthcare field. We'd love to hear your picks for the biggest tech or policy evolution over the last decade. Share your thoughts in the comments.

Air Force announces new ways of learning digital skills, working on faster apps

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

 

Airmen may see faster apps and a new way to learn about cyber and coding in the near future, according to the Air Force's deputy chief information officer.

The Air Force is preparing to invest in what it's calling Digital U, an online schoolhouse similar to Udemy or Codecademy that will let airmen learn basic cyber skills or challenge themselves to learn coding languages.

"Digital U is embedded in every single mission area if you're an HR professional or a logistician," Bill Marion, Air Force deputy CIO told Federal News Network in an interview. "We wanted to break the norm and truly democratize the training. This is where online and live media training can help you get to scale."

Marion said with about 700,000 active, reserve and guard airmen, giving them all cyber training in a classroom is not feasible.

Digital U uses commercial technology to bring training to airmen.

The training will cover everything from basic cyber hygiene to something as complex as making codes. The Air Force plans to gamify the training process, allowing airmen to level up and earn badges, to incentivize them to continue learning.

"We want them to be able to do advanced analytics and write a basic algorithm that goes against a dataset that they may know natively," Marion said. "If I'm a flight line technician, the tools can help me with fuel flow. How much money can we save by saving 1% of fuel when we are the world's largest fuel consumer? We can make some very significant moves by an airman knowing how to write a basic query on a dataset."

Marion said the Air Force hopes to eventually recruit, retain and even incentivize airmen with bonuses through Digital U.

The online classes let airmen take education into their own hands and learn as much as they want, even taking steps to becoming a data scientist.

The Air Force plans to contract the program out using other transaction authority (OTA) -- an acquisition method geared toward fast procurement with nontraditional defense companies.

"It's not just a one-size-fits-all," Marion said. "There's differing vendors in this space that provide everything from much lower point, but every entry-level training, to some vendors with a little higher price point, but more advanced training. The OTA is allowing us to look at how much we throttle on the lower end, the upper end and in the middle so we can scale at the 700,000 airmen level. It will not be a one-vendor thing based on our market research. It will be an ecosystem of tools."

Making apps faster

While the Air Force is priming its airmen for more digital engagement, it's also trying to make their current experience with the digital world less of a pain.

Marion admitted the way the Air Force goes about cybersecurity is redundant and slow.

"We've layered so much security that the user experience is down," he said. "We need to get that down to the right number of layers. There is security there that should be baked in there, but we've done it three, four, five times. I joke that once I've scanned for a social security number; I don't need to scan another time, another time and another time in the same transaction and we are doing that in some cases."

The Air Force is looking at the apps that its airmen use and testing how long it takes to access apps, and how many clicks it takes to complete an action.

For example, Amazon has one-click buying, something customers find convenient -- and possibly dangerous. Some airmen are finding they need to click 48 times to complete an action. Marion is looking into both the access and clicks issue.

Outside of that, the Air Force is moving more toward a zero-trust model -- that's where an organization never trusts a device connecting to a network and always requires verification.

Marion said that involves the Air Force retooling its applications inside a native cloud environment.

"We've done that with a couple dozen applications, we've got a ways to go with others," Marion said.

The education, cybersecurity and ease of use are all part of the service's Digital Air Force plan it announced in August. The plan is supposed to unfetter the force from an industrialized way of thinking, open itself to faster networks, better weapons systems and make the service a more attractive employer.

 

View the full article by Scott Maucione at FederalNewsNetwork.com: https://federalnewsnetwork.com/air-force/2019/12/air-force-announces-new-ways-of-learning-digital-skills-working-on-faster-apps/?fbclid=IwAR0It1bj3v8GGBBGkgSSCvbJPlkIk1gU1QNutJJP8JIskdTEH_mpZzyeo5A

There is No Single Way to IoT

It is called the Internet of Things (IoT) - plural - for a reason. IoT encompasses everything from traditional IT devices like laptops and phones to next-generation technologies like virtual assistants (Alexa, Google Home) to previously unconnected technologies like TVs to everyday utilities like HVAC systems and even refrigerators. With this wide range of things, agencies are finding it difficult to catalog every IoT device, making the creation of policies and processes even more challenging.

Shadow IoT--connected devices that aren't managed or monitored by an organization's IT resources--is a real concern for IT teams. In one study, 90% of organizations found IoT devices they were not aware of using their network. These devices can include fitness trackers, digital assistants, and smart televisions. Once these devices are identified, huge security challenges still remain as many of them were not designed with security in mind. There is also such a wide range of devices and manufacturers that policies cannot be applied consistently across all of the different products and systems.

Even known IoT devices can provide security challenges and concerns. Historically, systems running building automation - lights, elevators, sprinkler systems, HVAC - were separate from the IT systems. Today, these Industrial Internet of Things (IIoT) regularly connect to external networks and introduce risk back into the agency networks. As a workaround, a survey of IoT leaders found that 45% of respondents said they were deploying IoT devices on a dedicated network. Continue reading

CDM – Concentrating on the How of Cybersecurity

The Department of Homeland Security's Continuous Diagnostic Mitigation Program (CDM) was developed as a guideline process for agencies to fortify their ongoing cybersecurity plans and tactics. Agencies have worked through the stages of the program, first identifying what and who is on their network and then looking at what is happening on the network - really identifying the who, what, when, and where. Today, the focus is to put all that information to work in developing plans that address the "how" of secure networks including:

  • Reduce agency threat surface
  • Increase visibility into the federal cybersecurity posture
  • Improve federal cybersecurity response capabilities
  • Streamline Federal Information Security Modernization Act (FISMA) reporting

According to a recent survey, in the seven years since its inception, the CDM program has met its mission of making government IT systems more secure. But this success does not mean the work is done. Legislation has been introduced that will make CDM permanent and expand its reach to meet the ongoing cyber threats that face government agencies. Moving forward, the CDM will help agencies focus on taking what has traditionally been a piecemeal approach to cybersecurity and creating a more integrated approach that ties to the an overall cyber strategy.

Continue reading

Growing Our Cloud Smarts

The move to cloud computing in government has changed from a focus on Cloud First to Cloud Smart. The initial push to cloud encouraged agencies to look at cloud options when adding or updating technology but provided no direct guidance. This "Cloud First" push provided a way to educate agencies on what cloud is and why it is a viable option for deploying applications to the government workforce. This education worked, making even the most security-conscious agencies comfortable with moving data and applications to the cloud to gain new efficiencies in time and budget.

The Cloud Smart policy, a logical evolution of Cloud First, was introduced last year and provides more guidance surrounding security, procurement, and workforce skills to foster cloud adoption and implementation. While the value cloud can provide is widely accepted, procurement of cloud remains a stumbling block to wider, easier cloud adoption. The shift in spending from capital funds to operating funds and the fluidity of the fees based on need and usage require different language and structure in contracts. Security also continues to be a focus, creating new "shared responsibility" language in cloud agreements and plans.

To help you get smarter on how to be cloud smart, we've compiled a list of upcoming events that cover the areas related to a successful cloud deployment.

Continue reading