The Emerging Use of Blockchain in Government

Blockchain is a complex technology that aims to streamline repetitive, data-intensive tasks. It has become more than a hot buzzword in government IT circles, it is already being put into practice.

One way to think of blockchain is as a database that is jointly managed by a distributed set of participants. Adding data requires the "sign off" of everyone in the chain, verifying that the transaction is legitimate. Because of this interconnectedness, it is inherently secure. Every piece is linked to another, changing one piece will impact the rest of the chain (just like that one bulb going out on your Christmas lights) alerting all owners to an issue.

Government agencies are drawn to the security and transparency provided by blockchain to improve the efficiency and stability of processes requiring strict audit trails. NIST has provided guidance to help educate as well as encourage organizations to begin trying out blockchain approaches. Continue reading

The Shared Responsibility of Cybersecurity

Every October, the cybersecurity community comes together to highlight how each of us plays a role in the security of not just our own online identities, but of cyberspace as a whole. This year, National Cyber Security Awareness Month, organized by the Department of Homeland Security, is celebrating its 15th anniversary. This month is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online while increasing the resiliency of the Nation during cyber-threats.

The theme for 2018 is "Cybersecurity is our shared responsibility, and we all must work together to improve our Nation's cybersecurity." This focus on responsibility, both individual and organizational, is critical for a population becoming more and more dependent on Internet connectivity. A recent study found that while government tends to have better cyber hygiene than most industry sectors, overall, we are not doing all we can to secure our networks and all of the devices that connect to them. Only 50 percent of respondents said they were running authenticated scans and were able to patch vulnerabilities within a week of detection. Almost half use dedicated workstations and networks for administrative activities, but over 40 percent do not use multifactor authentication or don't require unique passwords for each system. Continue reading

Biometrics is Finding its Identity in Government IT

Biometrics is the use of an individual's unique physical and behavioral characteristics, typically used for identification and access control. Fingerprinting, the oldest form of biometrics, can be used for much more than identifying criminals. Fingerprint sensors have long been in use to allow individuals to login to their laptops, control physical access to buildings, track attendance of employees, and much more. Today, the focus is on improving facial recognition both for access to systems and facilities and as part of national security practices.

Facial recognition holds promise for accurately identifying who should and should not be in a specific place - whether that is a physical location like a building or an airport, or a virtual one like a set of classified files. However, the technology is not as reliable as the market requires. The impact of false positives and missed identities are measurably bigger when you are talking about identifying someone on a terror watch list rather than simply being locked out of your cell phone. There is considerable work being done to close the gaps between the promise of facial recognition and the reality of today's technology.

In a world where we are conducting more and more business online, biometric identification seems like a no-brainer for increasing the security of accessing personal data. But there is a privacy concern. Using biometrics means that organizations have access to very personal credentials and a recent ruling showed that the FBI does not need to disclose what biometric data it has on citizens. Continue reading

The Possibilities for Big Data

Big Data continues to dominate headlines across almost every industry. With a projected 40% growth in data generated each year, every industry is looking for ways to use this growing resource to make more informed decisions. The possibilities for Big Data are extensive, but we want to highlight some major trends impacting the ways people use Big Data to gain actionable insights.[Tweet "The possibilities for Big Data are extensive #GovEventsBlog"] Continue reading

Your Privacy and the iPhone–What You Need to Know

Cybersecurity practices, privacy policies, intelligence community best practices are all hot event topics on These topics are also garnering intense media focus with the ongoing battle between the Justice Department and Apple to provide access to data on the phone of the main suspect in the mass shooting in San Bernardino, CA. While the back and forth between the FBI and Apple has been well documented in the media, it is a complex issue in terms of what it really means for us as citizens and government professionals.[Tweet "Your Privacy and the iPhone -- what it really means for us. #GovEventsBlog"]

The background: Following the San Bernardino shooting, the FBI realized there may be critical evidence on the shooter's iPhone, which they have been unable to access.  The FBI hopes this information will shine a light on the motivation and any terrorist ties.

The reason the FBI cannot get into the phone without Apple's help comes down to one setting that anyone can turn on or off in seconds. Within Settings, users enter their passcode to lock the phone. Once that's done, a screen appears with the option to "Erase Data. Erase all data on this iPhone after 10 failed passcode attempts."  This makes traditional hacking attempts useless. However, the shooter had an older version iPhone and iOS, which, according to the FBI, means Apple has the ability to override this erase feature and access this phone. Newer phones, and those that have updated iOS, would not be accessible as this 'loophole' was eliminated as part of a 2014 operating system update. Continue reading