The annual Federal Information Security Modernization Act (FISMA) report was delivered to Congress in May and contained encouraging news. The report, tracking agencies' ability to meet the guidelines set forth in FISMA, showed that there were 8% fewer cybersecurity incidents across government in fiscal year 2019. Additionally, the report showed that 73 agencies meet the highest FISMA rating, up from 62 in 2018.
All of this improvement comes at a time when more attacks are being carried out against agencies and those attacks are becoming more and more sophisticated. The government's ability to stay ahead of the increasing attack vectors can be attributed to compliance with federal regulations and mandates including Continuous Diagnostics and Mitigation program and the National Cybersecurity Protection System.
Additionally, a focus on educating federal employees about spear phishing, the practice of sending emails that look like they are coming from a known or trusted sender to intice targeted individuals to reveal confidential information, has also paid off. The report showed that the U.S. Department of State, U.S. Department of Health and Human Services, and the U.S. Department of Commerce had the largest reduction in phishing-related security incidents via email. Fittingly, the Department of Education earned a proverbial gold star, reporting zero phishing incidents. They attributed this success to employing "increasingly complex phishing scenarios" to improve spam filtering and implementing anti-phishing policies with their email provider. Continue reading →
At the beginning of 2020, the idea that the vast majority of the federal workforce would be working from home seemed like a remote (pun intended) reality. However, due to shelter-in-place orders across the U.S. this spring, much of the public sector work was being done from kitchen tables, guest bedrooms, and home offices. This fast pivot to remote work left agencies scrambling to get devices to employees now separated from their desks, develop reliable and secure connections to enterprise systems and applications, and re-engineer decades-old processes to accommodate fully virtual teams. Some examples include:
The Department of Homeland Security (DHS) created a workaround to give employees access to systems when they could not use their PIV card. An alternative credential process was created in under a month, enabling DHS to issue credentials that included logical access tokens to give employees and contractors access to DHS networks only. Unlike a PIV card, this credentialing system doesn't have the employee or contractor's photo ID or allow physical access to a DHS building.
From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:
Originally posted on GovExec.com
The Office of Personnel Management has asked federal agencies to consider allowing employees in Washington, D.C., to telework early next week during President Obama's summit with African leaders, which is expected to cause major traffic headaches in the city.
OPM "strongly recommends" that agencies consider telework on Aug. 4-6, "to keep the government operating normally while helping to minimize traffic congestion" during the event. Traffic is expected to be particularly bad on Aug. 5 and Aug. 6 due to road closures, the agency said in a memo to chief human capital officers.
Federal agencies can hone their mobility strategies. Mobility today is a critical factor in enabling effective government, from the Defense Department to the Census Bureau. Whether used to support telework policies or facilitate emerging applications in the field, mobile devices allow agencies to work smarter and more efficiently.
But successful mobility initiatives require planning and a thorough understanding of the technologies and processes required to maintain a secure, productive mobile workforce. By some measures, 90 percent of federal workers use mobile devices in their jobs, but a mere 11 percent of those devices are considered secure.
More than 163,000 people - the vast majority of them federal employees - teleworked at least one day during Mobile Work Exchange's fourth annual Telework Work, easily surpassing last year's then-record participation of 136,000.
For the second straight year, Telework Week, held March 3-7, received an influx of federal teleworkers following a late winter storm, but its continued popularity signals the growing influence of the mobile employee in the federal workplace, according to Mobile Work Exchange Cindy Auten.
As evidence, she referenced Telework Week's first official year, which drew 39,000 pledges, and it's unofficial, more humble beginnings that saw just a few thousand teleworkers in government.