Remote work, necessitated by the pandemic, accelerated many agencies' move to cloud computing. With remote and dispersed teams here to stay, cloud is a critical, if not primary, infrastructure for a number of organizations. With this wide reliance on cloud, the Cybersecurity and Infrastructure Security Agency (CISA) has been releasing Trusted Internet Connections 3.0 Use Cases, which give federal agencies guidance on applying network and multi-boundary security for remote users.
Similarly, the Defense Information Systems Agency (DISA) recently combined its Cloud Computing Program Office (CCPO) with its services directorate and ecosystem. This move, creating the Hosting and Compute Center (HaCC), recognizes the long-term reality of cloud and the role it plays in delivering services and powering everyday work for the agency. The HaCC will be "responsible for providing the warfighter with critical hosting and compute functions using modern data center and cloud capabilities." This functionality supports a number of Defense Department initiatives including Joint All Domain Command and Control.Continue reading →
The Department of Veterans Affairs (VA) is keenly focused on improving the healthcare and general services that support our military veterans. Incumbent on these improvements is the integration of leading edge technologies that digitize and automate processes for efficiency along with important security enhancements.
ONE: Implementation of Electronic Health Records
The Department's efforts to modernize the way they store and access records for the nine million veterans they care for into a comprehensive electronic system has been well documented. These efforts involve upgrading all 1200+ VA facilities' existing systems to ensure better continuity of care, and are currently focused on moving EHR data to a cloud system that will be interoperable with the Military Health System. The ultimate goal is to ensure service members can seamlessly and digitally transition from DOD to VA health care, instead of needing to carry around stacks of paper forms as is current practice.
The Biden Administration recently issued its request for 2022 spending. This practice is really more of a policy effort than actual budgeting, but serves to illustrate administration priorities to inform agencies as to what is likely to get approved in the final budget. The 2022 budget request has a number of IT-specific priorities, starting with the funding of the Technology Modernization Fund (TMF) at another $500 million for fiscal 2022. This would be in addition to the $1 billion that was invested as part of the American Rescue Plan Act--money that helped support the ongoing effort to digitize government services and operations.
The $58.4 billion in IT spending includes marked increases in the IT budgets of the Treasury Department, Department of Veterans Affairs, and the Department of Homeland Security. NASA and the Department of Commerce had small reductions to its IT budgets.
Agility has been a key attribute for success over the past year and a half. Everyone had to quickly adapt in their personal and professional lives to do things in new ways to keep business and society running. Even the great bureaucracy of government found itself pivoting and quickly changing "how it's always been done" to meet the needs of the day. This should not end with the return to what feels like pre-pandemic normal. In the form of Agile methodology, Agility will play a huge role in the government's ability to continue the fast-forwarded digital push as a result of the pandemic.
Just as government pushed agencies to try Cloud with the "Cloud First" initiative, some are suggesting the same approach for Agile. An "Agile-First" evolution would have a huge impact on IT modernization efforts, accelerating the move from legacy processes and technology to a modern digital approach. The response to COVID-19 showed that the government can move quickly in changing how they do work (across all areas of government). An Agile-first "mandate" could institutionalize that speed and make it the rule rather than the exception.
With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.