Tag Archives: VA

Securing Our Healthcare Infrastructure

Posted on by

We don't typically think of healthcare as infrastructure, but the functioning of our healthcare facilities is just as essential as that of our roads and utilities. Because of this criticality, healthcare systems require 100% uptime, a necessity that is vulnerable to the reality of cyber threats.

According to the FBI's Internet Crime Report, the healthcare industry reported 444 cyber-related incidents in 2024, the most out of any critical infrastructure industry. Despite this reality, many hospitals and health systems feel unprepared to respond and recover from these threats. The Travelers Risk Index survey found that only 51% of healthcare respondents were confident their organizations have best practices in place to prevent or mitigate a cyber event. Key challenges driving this lack of confidence include: Continue reading

Goodbye RMF, Hello CSRMC

Posted on by

The Risk Management Framework (RMF) was introduced in 2022 to create a standardized way to measure and manage cybersecurity risk in the federal government. Modeled with standards including the Federal Information Security Modernization Act and NIST Special Publication 800-53, the RMF was a repeatable, structured method to manage cybersecurity risk and ensure compliance with federal standards. The RMF allowed agencies to identify, understand, prioritize, and reduce risks to their information systems and missions. It informed leaders of security risks, allowing them to make educated decisions about trade-offs between security and mission needs.

While it was designed to be more than a checklist, in practice the RMF had become just that. Rather than engaging with it dynamically, agencies employed highly manual processes that slowed the adoption of much-needed solutions. The process could not keep up with the quickly evolving threat landscape. Continue reading

How Cyber Basics Make a Big Impact

Posted on by

October is a fitting month for cybersecurity awareness. Phishing emails can be even more deceptive than a convincing costume and ransomware attacks can feel like a jump scare in a horror movie. Each year, the National Cybersecurity Alliance and the U.S. Department of Homeland Security spearhead an educational campaign to ensure everyone knows their role in protecting the vast amounts of online data we depend on for daily life.

The 2025 theme is "Stay Safe Online" with a focus on four key steps everyone can take to improve online safety:

  • Use strong passwords and a password manager
  • Turn on multifactor authentication
  • Recognize and report scams
  • Update your software

These tactics are important at a personal as well as enterprise level. Agencies across government have taken these best practices and implemented new security measures to protect data. Continue reading

Ready or Not CMMC is Here

Posted on by

Cybersecurity Maturity Model Certification (CMMC) sets security standards for contractors working with the Department of Defense (DoD) to ensure the data they interact with is protected. The standards have been in place since the introduction of the Defense Federal Acquisition Regulation (DFARS) in 2015, and now, 10 years later, a more formalized compliance process is being implemented.

Starting October 1, 2025, the CMMC clause will start to be used in DoD contracts. This clause requires contractors to align their security practices with the CMMC level required by the contract. While contractors have been required to meet rigorous security standards for some time, whether they did was determined primarily through self-attestation. This roll-out introduces the need for third-party validation of compliance claims, ensuring the security of the defense supply chain. Continue reading

Out-of-this-World Geospatial Benefits

Posted on by

The applications of geospatial data are expanding beyond its original use for mapping. With mandates for government agencies to become increasingly data-driven, the ability to tie location data into planning has become a valuable asset. Integrating geospatial data into planning and operations helps agencies meet broad goals of efficiency, transparency, and preparedness.

Government Efficiency

Utilizing geospatial technology in conjunction with Internet of Things (IoT) sensors and cameras, agencies can automate field inspections. This means capturing changes in infrastructure (a crack in a bridge support, a building constructed without a permit, a leak in a water line) and passing on important information to the people who inspect and fix these assets. While a traditional on-site inspection can take 30-50 minutes (not counting travel time), If the bulk of the assessment is completed before arriving onsite, inspectors can spend less time there, examining only the captured changes or most critical elements of the assessment. Continue reading