Tag Archives: Government Resources

Building the Workforce to Build AI in Government

Posted on by

Implementing artificial intelligence (AI) is a focus of agencies across government. Quickly moving from pilot projects to use in mission-facing work, the technology is ready, but the workforce may not be. The success of AI in the public sector depends on people--a workforce that understands how to apply AI responsibly, govern it effectively, and integrate it into mission-critical work. As agencies confront talent shortages, evolving skill requirements, and growing competition from the private sector, building that workforce has become one of the most urgent challenges facing government leaders.

In this post, we'll take a look at three ideas for developing the workforce required to build, and responsibly use, AI at scale. Continue reading

Government-Wide Technology Funding and Measurement in Flux

Posted on by

For more than a decade, the Federal Information Technology Acquisition Reform Act (FITARA) and the Technology Modernization Fund (TMF) have served as twin pillars of accountability and investment. Together, they helped move federal IT away from fragmented decision-making and aging systems toward a more strategic, enterprise-focused approach.

However, both programs are in a sort of holding pattern while Congress decides on 2026 funding, and while it re-examines how best to measure the agency IT modernization process against the quickly evolving tech environment and ongoing changes in the current administration's goals. Continue reading

Exploring the State of State and Local Cyber Resources

Posted on by

State and local organizations are highly targeted by cyber criminals due to the value of the data they hold and the criticality of the systems they operate. In 2024, there were over 40,000 potential cyber attacks targeting state, local, and tribal governments. Despite this very real threat, these same organizations are largely underfunded and understaffed when it comes to cyber protection.

The federal government has looked to fill this gap between risk and preparedness. The State and Local Cybersecurity Grant Program (SLCGP) was established under the Infrastructure Investment and Jobs Act of 2021, providing (when combined with the Tribal Cybersecurity Grant Program) $1 billion in funding available over four years for state, local, tribal, and territorial cybersecurity efforts. This program ended at the close of the 2025 government fiscal year but received a short-term extension under the stopgap funding agreement that reopened the government in November 2025. Continue reading

Tracking the Rollout of CMMC

Posted on by

The Cybersecurity Maturity Model Certification (CMMC) is a framework that requires companies contracting with the Department of Defense (DoD) to meet security standards based on the sensitivity of the data they manage. These standards, based on the National Institute of Standards and Technology's (NIST) SP 800-171 standard, have been in place for eight years, but CMMC further formalizes compliance.

As of November 10, 2025, Defense agencies now require at least a Level 1 certification to award any new contract. To meet this requirement, companies must self-certify that they comply with 15 controls--specified by 800-171--that cover basic cyber hygiene. Next November 10 (in 2026), DoD will require that Level 2 status for contracts dealing with Controlled Unclassified Information (CUI), which currently can be self-assessed, be verified through a third-party assessment of compliance with all 110 controls in the NIST standard. Then in 2027, contracting officers can start requiring those seeking Level 3 certification to undergo an assessment by the Defense Industrial Base Cybersecurity Assessment Center. A Level 3 requirement would apply to technology dealing with highly sensitive data or systems, where a breach could have far-reaching impact. Continue reading

Securing Our Healthcare Infrastructure

Posted on by

We don't typically think of healthcare as infrastructure, but the functioning of our healthcare facilities is just as essential as that of our roads and utilities. Because of this criticality, healthcare systems require 100% uptime, a necessity that is vulnerable to the reality of cyber threats.

According to the FBI's Internet Crime Report, the healthcare industry reported 444 cyber-related incidents in 2024, the most out of any critical infrastructure industry. Despite this reality, many hospitals and health systems feel unprepared to respond and recover from these threats. The Travelers Risk Index survey found that only 51% of healthcare respondents were confident their organizations have best practices in place to prevent or mitigate a cyber event. Key challenges driving this lack of confidence include: Continue reading