Government Security: Looking From the Inside Out

With a number of high-profile security hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.

In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.

Continue reading

The Insecurity Around Election Security

The delays and confusion over the Iowa Caucus results has once again brought election security into the national spotlight. Voting has increasingly moved to electronic means following the 2000 elections that put the fate of the election in the "hanging chads" of Florida. Electronic voting machines seek to remove human-error in the actual voting process as well as vote tallying. However, many voting precincts are using technology that is 10-20 years old, introducing problems around maintaining and securing the systems for today's use.

One surprising conclusion around election security is the critical role of a paper trail. Having a paper back-up to electronic voting proved to be important in Iowa and is making counties nationwide re-examine the role of paper in modern elections with the end goal of accuracy being more important than speed.

To modernize voting procedures, systems, and products, Congress has earmarked over $700 million to replace paperless voting machines with more secure digital options that offer a paper trail. While voting is handled at the state and local level, more support from the federal level comes with a new policy that ensures the FBI brief state election officials when local election infrastructure has been compromised. However, many argue this does not go far enough and that the FBI should loop in election officials if they discover breaches of private sector companies involved in providing election technology and support. Continue reading

National Cyber Security Awareness Month

Going into its (lucky) thirteenth year, the recognition of October as National Cyber Security Awareness Month (NCSAM) is becoming as integral to fall as football, sweaters, and pumpkin spice everything. Championed by the National Cyber Security Division (NCSD) of the Department of Homeland Security and the National Cyber Security Alliance, Cyber Security Awareness Month is an annual campaign to raise awareness about the importance of proper cyber behavior in our personal and professional lives.[Tweet "October is Cyber Security Awareness Month. #GovEventsBlog #NCSAM"]

In 2016, the NCSAM campaign saw over 151 million impressions of the hashtag #CyberAware, over 43,000 hits to NCSAM webpages, and more than 85 partners hosted NCSAM events. 2017 is shaping up to expand the reach of the program with five themed weeks of activity:

  • October 2-6 - Simple Steps to Online Safety
  • October 9-13 -Cyber Security in the Workplace is Everyone's Business
  • October 16-20 - Today's Predictions for Tomorrow's Internet
  • October 23-27 - The Internet Wants YOU: Consider a Career in Cyber Security
  • Week 5: October 30-31 - Protecting Critical Infrastructure from Cyber Threats

Continue reading

Hacking the Hackers

While we did not include cybersecurity in our list of key trends for 2017, it is a topic that we know will remain front and center in the government market. 2015 was a year that brought data breaches into the mainstream and the trend continued to escalate in 2016 with Government Technology declaring 2016 the Year of the Hack.

The security issues of the past year were more than just data breaches. The attacks were motivated far beyond black market payments for personal data. They were aimed at disrupting business and government alike--some were even declared acts of terrorism. What makes this even more challenging, is anyone with a mobile device and a bit of know-how can hack just about anything.[Tweet "Anyone with a mobile device and a bit of know-how can hack just about anything. #GovEventsBlog"] Continue reading