Tag Archives: cybersecurity

CDM – Concentrating on the How of Cybersecurity

Posted on by

The Department of Homeland Security's Continuous Diagnostic Mitigation Program (CDM) was developed as a guideline process for agencies to fortify their ongoing cybersecurity plans and tactics. Agencies have worked through the stages of the program, first identifying what and who is on their network and then looking at what is happening on the network - really identifying the who, what, when, and where. Today, the focus is to put all that information to work in developing plans that address the "how" of secure networks including:

  • Reduce agency threat surface
  • Increase visibility into the federal cybersecurity posture
  • Improve federal cybersecurity response capabilities
  • Streamline Federal Information Security Modernization Act (FISMA) reporting

According to a recent survey, in the seven years since its inception, the CDM program has met its mission of making government IT systems more secure. But this success does not mean the work is done. Legislation has been introduced that will make CDM permanent and expand its reach to meet the ongoing cyber threats that face government agencies. Moving forward, the CDM will help agencies focus on taking what has traditionally been a piecemeal approach to cybersecurity and creating a more integrated approach that ties to the an overall cyber strategy.

Continue reading

Growing Our Cloud Smarts

Posted on by

The move to cloud computing in government has changed from a focus on Cloud First to Cloud Smart. The initial push to cloud encouraged agencies to look at cloud options when adding or updating technology but provided no direct guidance. This "Cloud First" push provided a way to educate agencies on what cloud is and why it is a viable option for deploying applications to the government workforce. This education worked, making even the most security-conscious agencies comfortable with moving data and applications to the cloud to gain new efficiencies in time and budget.

The Cloud Smart policy, a logical evolution of Cloud First, was introduced last year and provides more guidance surrounding security, procurement, and workforce skills to foster cloud adoption and implementation. While the value cloud can provide is widely accepted, procurement of cloud remains a stumbling block to wider, easier cloud adoption. The shift in spending from capital funds to operating funds and the fluidity of the fees based on need and usage require different language and structure in contracts. Security also continues to be a focus, creating new "shared responsibility" language in cloud agreements and plans.

To help you get smarter on how to be cloud smart, we've compiled a list of upcoming events that cover the areas related to a successful cloud deployment.

Continue reading

Facing the Cybersecurity Threat Head On

Posted on by

In October, ghosts and goblins come to life as decorations on front lawns and as candy-seeking children knocking on our doors. But stepping away from the frivolity of Halloween, October has also become a time for us to reflect on the real threats we face year-round when it comes to our data, identity privacy and online security.

National Cybersecurity Awareness Month (NCSAM), spearheaded by the Department of Homeland Security (DHS), is a "collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online." This year's theme is Own IT. Secure IT. Protect IT. Programs around the country will address topics including citizen privacy, securing consumer devices, and eCommerce security.

More than IT professionals talking to one another, NCSAM aims to reach out to the public to emphasize personal accountability and educate people about the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. The NCSAM website has some handy guides that can be shared to educate people on these actionable steps.

Continue reading

FITARA 8.0 – No News is Good News

Posted on by

In place since 2014, the Federal Information Technology Acquisition Reform Act (FITARA) has aimed to provide guidance and checkpoints for agencies' modernization efforts. Over the years, the compliance status of the agencies has had its ups and downs.

The latest report card, issued in June 2019 showed fairly steady performance when it comes to meeting FITARA goals and mandates. This 8.0 report card was the first to include a cybersecurity score that focused on FISMA (Federal Information Security Modernization Act) compliance. This report also took out the score for Data Center Optimization Initiative (DCOI) as the majority of agencies are holding steady on that score and/or it is complicated by technology interdependencies.

Continue reading

Department Spotlight: The Department of Energy

Posted on by

The mission of the Department of Energy (DOE) is "to ensure America's security and prosperity by addressing its energy, environmental, and nuclear challenges through transformative science and technology solutions." Technology plays a huge role in both the research surrounding and protection of energy resources.

The DOE may lead the government in their use of supercomputer technology. In fact, supercomputering is one of the key focus areas in the agency's budget. This spring the DOE issued a contract that will allow them to build the world's most powerful computer with a performance greater than 1.5 exaflops. Supercomputers, like the one being built, provide researchers with the needed speed and scale to conduct scientific modeling and simulations as well as utilize AI and analytics for activities as diverse as manufacturing and public health.

Of course, the security of the data running through these supercomputers, as well as the national power grid itself is of paramount focus for the DOE. To support these growing needs, the DOE is looking to blockchain as a way to secure energy delivery and more.

We've pulled together a list of upcoming events that will help the DOE, as well as the companies that serve it, better understand the technologies that can ensure our energy supply remains secure and efficient.

Continue reading