Agencies are challenged to move more and more services online, become more transparent, and leverage new streams of data from the Internet of Things (IoT) for better decision making, all while securing the systems and the data they hold. If that is not challenging enough, cyber threats against all of these efforts are continually evolving. A series of strategies and ongoing guidance are helping agencies prioritize work and budget requests to make the most impactful investments in their cybersecurity infrastructure.
The National Cybersecurity Strategy (NCS) provides broad guidance to help position the United States to build a digital ecosystem that is more easily and inherently defensible, resilient, and aligned with its values. Efforts to do so are organized around five pillars:
1) Defend Critical Infrastructure
2) Disrupt and Dismantle Threat Actors
3) Shape Market Forces to Drive Security and Resilience
Digital twins are virtual, 3D representations of buildings, neighborhoods, or products built with real-world data collected from internet-of-things (IoT) devices like sensors, video cameras, and other enterprise data applications. These twins allow researchers, planners, and policymakers to experiment with changes to the object or environment to see if the desired results of that change are achieved. Applications include infrastructure improvement, sustainability planning, emergency response preparedness, and research and development. IoT in government is being driven by the results digital twins can achieve. One report showed that cities can expect to save $280 billion by 2030 with the deployment and use of digital twins.Continue reading →
With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.
The use of Internet of Things (IoT) to manage infrastructure and services is not a new concept, but response to the new normal of pandemic life, natural disasters, and the implementation of 5G networks all could accelerate the implementation of IoT solutions.
Stay-at-home orders, social distancing measures, and backlogged inspection schedules all combine to make a great case for implementing sensors and other IoT devices as part of infrastructure management. With technology providing data on the status of equipment, facilities, and general infrastructure like roads and bridges, the need to deploy inspectors to the field can be minimized. In the short term, this reduces potential points of exposure for inspectors and field staff. Longer term, it adds a new "colleague" to field management teams. IoT can handle routine, low risk monitoring, freeing up humans to focus on more complex or higher priority tasks and activities.
This spring, the concept of supply chains became a household discussion as families searched high and low for household staples like toilet paper, flour, and hand soap. However, supply chain for government is more complex than the supply and demand driven model for consumer goods. Government supply chains involve monitoring for security and foreign involvement. This means knowing where all parts of a solution were manufactured, programmed, and assembled.
Gregory C. Wilshusen, director of information security issues at the U.S. Government Accountability Office, noted that "supply chains can be long, complex, and globally distributed and can consist of multiple outsourcing tiers. As a result, agencies may have little visibility into, understanding of, or control over how the technology that they acquire is developed, integrated, and deployed."
This lack of visibility is due in part to incomplete vendor reporting. Not only do vendors have to manage all the pieces of their solution, but they themselves may be managed by multiple organizations in an agency. Reporting happens through numerous tools and is siloed, making it difficult to get a full picture of the chain that led to the delivery of a solution to a government agency.