Agility has been a key attribute for success over the past year and a half. Everyone had to quickly adapt in their personal and professional lives to do things in new ways to keep business and society running. Even the great bureaucracy of government found itself pivoting and quickly changing "how it's always been done" to meet the needs of the day. This should not end with the return to what feels like pre-pandemic normal. In the form of Agile methodology, Agility will play a huge role in the government's ability to continue the fast-forwarded digital push as a result of the pandemic.
Just as government pushed agencies to try Cloud with the "Cloud First" initiative, some are suggesting the same approach for Agile. An "Agile-First" evolution would have a huge impact on IT modernization efforts, accelerating the move from legacy processes and technology to a modern digital approach. The response to COVID-19 showed that the government can move quickly in changing how they do work (across all areas of government). An Agile-first "mandate" could institutionalize that speed and make it the rule rather than the exception.
With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.
With a number of high-profilesecurity hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.
In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.
The latest Federal IT Acquisition Reform Act (FITARA) scorecard showed that all agencies still have passing grades when it comes to meeting federal goals for IT management and reporting, but there was some backsliding in the latest report.
Health and Human Services, Labor, and the Veterans Administration improved their overall scores, while five agencies -- Commerce, Small Business Administration, The General Services Administration, Social Security Administration, and U.S. Agency for International Aid - all dropped. A positive among the scores was that every agency received at least one A for the first time in the scorecard's history.
The battles of tomorrow will likely not be fought on the ground, they will take place in cyberspace as nation-states and rogue actors alike look to interrupt the everyday functions of a country via high-tech attacks. Recently we saw theRussian hack of software, designed (ironically) to help organizations monitor network problems and anomalies, which has the government and private companies scrambling to determine what data was compromised. With cyberspace being the new battlefield, data and data management have quickly become a strategic asset in the DoD arsenal.
Last fall, the DOD released the Department's Data Strategy. An overarching guidance on how they will manage, secure, and use data. This document supports theDOD's transition to "a data-centric organization that uses data at speed and scale for operational advantage and increased efficiency." The Data Strategy includes 7 goals, nicknamed VAULTIS, to becoming data-centric: