Tag Archives: MD

The Changing Identity of Identity Management

Posted on by

A key element of the move to zero trust is the use of "strong multi-factor authentication (MFA) throughout their enterprise." While identity management has been indicated by many as the "low hanging fruit" of a zero-trust journey, it is by no means easy. In fact, recent guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) called it "notoriously difficult."

Key challenges to implementing MFA include:

  • Lack of standards - the CISA/NSA guidance pointed to confusion over MFA terminology and vague policy instructions as primary challenges to implementing more secure access. A joint committee of European Union (EU) and U.S. experts addressed this same issue in the Digital Identity Mapping Exercise Report, which aimed to define specific digital identity technical terminology. For example, the group found some definitions, such as "authoritative source" and "authentication factor," are identical between the U.S. and EU, whereas others, like "identity" and "signature," remain only partially matched.
  • Phishing - bad actors do not always hack the system; they hack the process, gaining entry through social-engineering tactics that grow more sophisticated by the day. The CISA/NSA report called on the vendor community to provide MFA services with additional investments and greater defenses against sophisticated attacks.
  • Rise of Generative AI - The Department of Homeland Security (DHS) is working to ensure technologies can determine if a submitted image is legitimate or a hacker's spoof. This "liveness detection" is needed to ensure that a submitted selfie is really a photo of a person, not a mask, photo of a photo, or other technique to try to get past the check.

Continue reading

Checking Up on Digital Health Solutions

Posted on by

The health industry has always leaned into emerging technologies to help it become more efficient and effective in delivering patient care. Like a doctor's stethoscope or an X-ray machine, today's digital solutions are part of a continuing evolution of medical tools that enhance and inform provider care. Of course, this use of technology must be thoughtful and careful not to replace doctors or their decisions with computer-generated suggestions.

The government's role of oversight into healthcare delivery is a careful balancing act of encouraging innovation while ensuring patient safety. From medical devices to artificial intelligence (AI), regulations are evolving to ensure healthcare gains efficiencies and insights from digital solutions while maintaining patient protections. In fact, the Food and Drug Administration recently created a new Digital Health Advisory Committee to help support the development of digital health technologies and their regulation. This committee will examine a wide variety of technologies and issues, including AI, cyber security, and equity in healthcare delivery. Continue reading

Department Spotlight: Veterans Affairs

Posted on by

Beyond its important mission of "caring for those who have served in our nation's military and for their families, caregivers, and survivors," the work of today's U.S. Department of Veterans Affairs (VA) is guided by a strategic plan that lays out agency goals to be achieved through 2028. The projects the VA initiates over the coming years will support the following goals:

  1. Consistently communicate with customers and partners to assess and maximize performance, evaluate needs, and build long-term relationships and trust
  2. Deliver timely, accessible, and high-quality benefits, care, and services
  3. Build and maintain trust through proven stewardship, transparency, and accountability
  4. Strive toward excellence in all business operations--including governance, systems, data, and management

Several recent programs illustrate the commitment that the VA has to meeting and exceeding these goals by 2028 and beyond. Continue reading

Understanding the State of State-Level IT

Posted on by

The National Association of State Chief Information Officers (NASCIO) annual member survey aimed to get a picture of what is currently happening in IT implementation at the state level. It focused on how states are funding their IT work and how they are implementing key technologies.

Show Me the Money

The survey found that state CIO offices have a median budget of $132 million, with high levels of federal funding resulting from the Coronavirus Aid, Relief and Economic Security Act, the American Rescue Plan, and the Infrastructure Investment and Jobs Act. But with the level of modernization needed to meet citizen expectations of digital government, that frequently is not enough.

States are increasingly moving to a "chargeback" model where IT funding comes from the business unit where it is used. For example, the Human Resources Department would be responsible for paying for the licenses and development costs of their HR information system, rather than that being seen as an overhead expense funded out of IT. This model allows CIOs to use more of their budget for large-scale IT modernization projects that stretch over many years and impact multiple departments. Continue reading

Charting a Course to Ensure Security in the Stars

Posted on by


Cybersecurity plans need to encompass physical and virtual assets located on earth as well as those orbiting the earth. The cyber universe extends into the actual universe with satellites, weapons systems, and exploratory vehicles and devices all connecting to terrestrial networks. Protecting those endpoints and the IT paths in between is critical. A Russian attack on the Viasat satellite constellation knocked out communications across Ukraine on the eve of an invasion and serves as a high-stakes example of how much we rely on space-based objects for basic communication.

The U.S. Space Force and NASA are working to harden and protect the IT between earth and space, but are facing the same issues as other agencies in terms of the cybersecurity skills gap. There simply are not enough trained people to complete all the work that needs to be done to secure the vast network these organizations oversee. To bridge this gap, space agencies are finding new ways to meet the cyber needs of the nation, and the universe. Continue reading