Remote work, necessitated by the pandemic, accelerated many agencies' move to cloud computing. With remote and dispersed teams here to stay, cloud is a critical, if not primary, infrastructure for a number of organizations. With this wide reliance on cloud, the Cybersecurity and Infrastructure Security Agency (CISA) has been releasing Trusted Internet Connections 3.0 Use Cases, which give federal agencies guidance on applying network and multi-boundary security for remote users.
Similarly, the Defense Information Systems Agency (DISA) recently combined its Cloud Computing Program Office (CCPO) with its services directorate and ecosystem. This move, creating the Hosting and Compute Center (HaCC), recognizes the long-term reality of cloud and the role it plays in delivering services and powering everyday work for the agency. The HaCC will be "responsible for providing the warfighter with critical hosting and compute functions using modern data center and cloud capabilities." This functionality supports a number of Defense Department initiatives including Joint All Domain Command and Control.Continue reading →
The Department of Veterans Affairs (VA) is keenly focused on improving the healthcare and general services that support our military veterans. Incumbent on these improvements is the integration of leading edge technologies that digitize and automate processes for efficiency along with important security enhancements.
ONE: Implementation of Electronic Health Records
The Department's efforts to modernize the way they store and access records for the nine million veterans they care for into a comprehensive electronic system has been well documented. These efforts involve upgrading all 1200+ VA facilities' existing systems to ensure better continuity of care, and are currently focused on moving EHR data to a cloud system that will be interoperable with the Military Health System. The ultimate goal is to ensure service members can seamlessly and digitally transition from DOD to VA health care, instead of needing to carry around stacks of paper forms as is current practice.
Recent security breaches via software have made supply chain security a priority across government. No longer is it enough to build security into a solution; now every product that is part of that solution is being examined for its security and risk. In response, the Biden Administration issued a Cybersecurity Executive Order that aims to provide more control over the content of code that comes in contact with government systems and infrastructure.
With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.
The last year has brought about incredible change in the federal workforce, and it shows no sign of stopping. With a new Director for the Office of Personnel and Management (OPM) confirmed, the next several months will bring new energy and activity to formalizing and standardizing workplace policies, processes, and approaches for the "new normal" of a digital-first government.
The move to telework changed how many people view and even perform their jobs. Before the pandemic, telework was sporadically used throughout government and viewed pretty skeptically. Now that the genie is out of the bottle, it's clear that government can continue to function without people in office buildings from 9am-5pm. As in-person work starts to come back around, the new shift will be in defining and managing a hybrid workforce.