Putting a Value on Trust — Introducing Zero Trust Security Approaches

With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.

Continue reading

Security in the “New Normal”

With telework expected to stay long after the pandemic ebbs, government agencies are looking to shore up the remote work solutions they put in place to ensure on premise security measures extend to the dispersed workforce. Multi-cloud environments are the reality for almost every agency. The many applications needed for the diverse functions of an organization require multiple cloud solutions to provide the specific support needed.

A report from Meritalk, Multi-Cloud Defense: Redefining the Cyber Playbook, found that 83 percent of respondents are increasing multi-cloud adoption to support telework and mission needs related to COVID-19. However, 42 percent said their cyber strategies cannot keep up. One part of the challenge is creating a solution that can be applied to the wide variety of endpoint devices and meeting enterprise security requirements.

Continue reading

Artificial Intelligence Gains Energy

The development and use of Artificial Intelligence (AI) became official policy of the United States with the signing of an Executive Order in February. This order outlines and directs America's government-wide push to advance the use of AI through research and public/private partnerships. In the ensuing months, the Department of Energy has emerged as a leader in these efforts.

In September 2019, the DOE initiated the Artificial Intelligence and Technology Office (AITO) to help channel the department's vast resources across its national lab facilities. These efforts are paying off as DOE partners with Health and Human Services and Veterans Affairs as part of the COVID-19 Insights Partnership with the goal to increase data sharing and analysis in the fight against the spread of COVID-19. The DOE is also pressing ahead with private partnerships announcing the First Five Consortium with Microsoft, the Pacific Northwest National Laboratory, and the Defense Department's Joint Artificial Intelligence Center (JAIC). Together they will develop AI-based solutions for data-first responders.

Continue reading

Air Force announces new ways of learning digital skills, working on faster apps

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

 

Airmen may see faster apps and a new way to learn about cyber and coding in the near future, according to the Air Force's deputy chief information officer.

The Air Force is preparing to invest in what it's calling Digital U, an online schoolhouse similar to Udemy or Codecademy that will let airmen learn basic cyber skills or challenge themselves to learn coding languages.

"Digital U is embedded in every single mission area if you're an HR professional or a logistician," Bill Marion, Air Force deputy CIO told Federal News Network in an interview. "We wanted to break the norm and truly democratize the training. This is where online and live media training can help you get to scale."

Marion said with about 700,000 active, reserve and guard airmen, giving them all cyber training in a classroom is not feasible.

Digital U uses commercial technology to bring training to airmen.

The training will cover everything from basic cyber hygiene to something as complex as making codes. The Air Force plans to gamify the training process, allowing airmen to level up and earn badges, to incentivize them to continue learning.

"We want them to be able to do advanced analytics and write a basic algorithm that goes against a dataset that they may know natively," Marion said. "If I'm a flight line technician, the tools can help me with fuel flow. How much money can we save by saving 1% of fuel when we are the world's largest fuel consumer? We can make some very significant moves by an airman knowing how to write a basic query on a dataset."

Marion said the Air Force hopes to eventually recruit, retain and even incentivize airmen with bonuses through Digital U.

The online classes let airmen take education into their own hands and learn as much as they want, even taking steps to becoming a data scientist.

The Air Force plans to contract the program out using other transaction authority (OTA) -- an acquisition method geared toward fast procurement with nontraditional defense companies.

"It's not just a one-size-fits-all," Marion said. "There's differing vendors in this space that provide everything from much lower point, but every entry-level training, to some vendors with a little higher price point, but more advanced training. The OTA is allowing us to look at how much we throttle on the lower end, the upper end and in the middle so we can scale at the 700,000 airmen level. It will not be a one-vendor thing based on our market research. It will be an ecosystem of tools."

Making apps faster

While the Air Force is priming its airmen for more digital engagement, it's also trying to make their current experience with the digital world less of a pain.

Marion admitted the way the Air Force goes about cybersecurity is redundant and slow.

"We've layered so much security that the user experience is down," he said. "We need to get that down to the right number of layers. There is security there that should be baked in there, but we've done it three, four, five times. I joke that once I've scanned for a social security number; I don't need to scan another time, another time and another time in the same transaction and we are doing that in some cases."

The Air Force is looking at the apps that its airmen use and testing how long it takes to access apps, and how many clicks it takes to complete an action.

For example, Amazon has one-click buying, something customers find convenient -- and possibly dangerous. Some airmen are finding they need to click 48 times to complete an action. Marion is looking into both the access and clicks issue.

Outside of that, the Air Force is moving more toward a zero-trust model -- that's where an organization never trusts a device connecting to a network and always requires verification.

Marion said that involves the Air Force retooling its applications inside a native cloud environment.

"We've done that with a couple dozen applications, we've got a ways to go with others," Marion said.

The education, cybersecurity and ease of use are all part of the service's Digital Air Force plan it announced in August. The plan is supposed to unfetter the force from an industrialized way of thinking, open itself to faster networks, better weapons systems and make the service a more attractive employer.

 

View the full article by Scott Maucione at FederalNewsNetwork.com: https://federalnewsnetwork.com/air-force/2019/12/air-force-announces-new-ways-of-learning-digital-skills-working-on-faster-apps/?fbclid=IwAR0It1bj3v8GGBBGkgSSCvbJPlkIk1gU1QNutJJP8JIskdTEH_mpZzyeo5A

Mapping out Geospatial Uses

Geospatial, as a strict term, means data that is related to a location. In the government space, Geospatial has been used interchangeably with GIS - or Geographic Information Systems - which refers to technology that uses geospatial data. GIS has long been a key technology for the military and intelligence communities to help map out and gain visibility into areas for combat or missions. But as the availability of geographic data grows through the use of GPS applications, drones, and IoT technologies, the use of GIS is expanding across government.

GIS is a key tool in disaster response helping overlay available resources and assets onto maps of areas impacted by floods or fires. It can also be used to map in real time the location of hazards such as downed power lines.

GIS is also being used by law enforcement. In one case, a boy had gone missing, suspected to be abducted. The boy posted a photo to Instagram and the image, taken from what seemed to be an apartment window, included a sign on a bank across the street. An analyst looked up branch locations and cross-referenced the addresses with online maps, but could not get a location that seemed to be a possible match. When they took that data and loaded it into a GIS system that took a top-down look at locations they were able to pinpoint the location of the child.

Urban sprawl and growth is also being managed with GIS. The city of Durham, NC uses aerial imagery to get a better look at changes being done to properties that impact land use, water runoff, and drainage.

There are several upcoming events focused on GIS as well as others that include discussion of the application of geospatial technology. Continue reading