Implementations and pilots of blockchain continue across government. The benefits of blockchain, including decentralization, immutability, security, and transparency, are appealing in government as they relate directly to mandates around security, privacy, and data openness. It is these needs that will drive further acceptance and use of blockchain.
As this article points out, innovation is not found in just one technology alone - it is a combination of inventions that when used together toward a specific goal create a new way of doing something. The example cited is the airplane. Human flight was made possible by the desire to travel faster and the combination of technologies and discoveries such as the gasoline engine and aerodynamics. Similarly, the goal of peer-to-peer transactions powered by blockchain will be achieved when the technology is combined with other innovations and processes. Some early successes fueling the wide application of blockchain include:
The phrase "Supply Chain" may make you immediately think of retail giants like Amazon and Walmart or manufacturers like GM and John Deere, but government is highly reliant on security supply chains. A supply chain is the network of all the people, organizations, resources, activities and technology involved in the creation and sale of a product. It encompasses the delivery of source materials from the supplier to the manufacturer, to its eventual delivery to the end user. In government, supply chains have come front and center with the Trump administration's rulings banning government use of products from certain Chinese manufacturers citing security concerns that products could contain ways for the Chinese to spy on the U.S. Companies selling technology to the government have to be able to trace the source of all elements of their products to ensure nothing originated with the banned distributors.
Being able to do this requires a mature supply chain process and solution. Interagency committees have been established to determine best practices in securing increasingly complex supply chains. Understanding supply chains is an expensive undertaking and one survey found that small and mid-sized businesses are opting out, counting on the fact that they will not be the ones called out to defend their supply chain to government. This mentality may not be an option for long.
DoD is getting more and more prescriptive in their security and supply chain guidance, adding the review of contractor purchasing systems as part of bid reviews. GSA has also explored banning the use of refurbished IT, since that includes products where a supply chain cannot be re-created.
The rules and regulations around supply chains can seem just as complex as the chains themselves. Luckily, it's a topic of discussion at a number of upcoming events.
It is called the Internet of Things (IoT) - plural - for a reason. IoT encompasses everything from traditional IT devices like laptops and phones to next-generation technologies like virtual assistants (Alexa, Google Home) to previously unconnected technologies like TVs to everyday utilities like HVAC systems and even refrigerators. With this wide range of things, agencies are finding it difficult to catalog every IoT device, making the creation of policies and processes even more challenging.
Shadow IoT--connected devices that aren't managed or monitored by an organization's IT resources--is a real concern for IT teams. In one study, 90% of organizations found IoT devices they were not aware of using their network. These devices can include fitness trackers, digital assistants, and smart televisions. Once these devices are identified, huge security challenges still remain as many of them were not designed with security in mind. There is also such a wide range of devices and manufacturers that policies cannot be applied consistently across all of the different products and systems.
Even known IoT devices can provide security challenges and concerns. Historically, systems running building automation - lights, elevators, sprinkler systems, HVAC - were separate from the IT systems. Today, these Industrial Internet of Things (IIoT) regularly connect to external networks and introduce risk back into the agency networks. As a workaround, a survey of IoT leaders found that 45% of respondents said they were deploying IoT devices on a dedicated network. Continue reading
Robotic Process Automation (RPA). It may sound like a premise to a movie where robots take over the world, but it's very real and it's helping organizations realize modernization goals. Despite the name, RPA has nothing to do with robots. It is about software that uses artificial intelligence (AI) to automate high-volume, repetitive tasks. This can include queries, calculations, and maintenance of records and transactions.
In government, RPA is already being implemented in a wide variety of applications.
- Inspections - As agencies look to modernize the way they perform inspections of the water we drink, the roads we travel, and the buildings we travel to, they are using RPA to move off paper-dependent processes.
- Claims review -- RPA is built into an intake tool used by the Centers for Medicare and Medicaid that ingests records, automating the process and identifying potential problems.
- Procurement - RPA is being used to automate and streamline the close-out process of government contracts, freeing up staff to work on actual programs, rather than spending time documenting that work.
- IT asset management - Managing IT assets is a combination of automated and manual tasks. The introduction of RPA greatly reduces the need for manual intervention when it comes to enforcing governance and process, freeing up staff to work on mission-focused projects rather than tracking the technology used on those projects.
The Department of Homeland Security's Continuous Diagnostic Mitigation Program (CDM) was developed as a guideline process for agencies to fortify their ongoing cybersecurity plans and tactics. Agencies have worked through the stages of the program, first identifying what and who is on their network and then looking at what is happening on the network - really identifying the who, what, when, and where. Today, the focus is to put all that information to work in developing plans that address the "how" of secure networks including:
- Reduce agency threat surface
- Increase visibility into the federal cybersecurity posture
- Improve federal cybersecurity response capabilities
- Streamline Federal Information Security Modernization Act (FISMA) reporting
According to a recent survey, in the seven years since its inception, the CDM program has met its mission of making government IT systems more secure. But this success does not mean the work is done. Legislation has been introduced that will make CDM permanent and expand its reach to meet the ongoing cyber threats that face government agencies. Moving forward, the CDM will help agencies focus on taking what has traditionally been a piecemeal approach to cybersecurity and creating a more integrated approach that ties to the an overall cyber strategy.