Securing the Machines that Drive our Democracy

The devices used in voting are relatively low-tech. In order to avoid cyber threats, even those that use a touch screen to capture votes are intentionally not connected to the internet. However, even this unconnected approach has security risks that need to be addressed so that these devices and the data they hold aren't tampered with. The states and localities that administer elections are continually focused on the full spectrum of security risks, putting processes and systems in place in advance of election day to ensure that voting is safe and secure.

Diversity is a Strength

The diversity of voting machines being used across the country reduces threat impacts. If there is an issue with a piece of software, it won't impact the entire national voting system, just particular machines. While software vulnerabilities are still huge problems, standardizing on one type of machine nationwide would mean one software bug could wipe out all electoral results. Continue reading

FITARA 18 Sees Agencies Move to the Head of the Class

FITARA

The latest Federal Information Technology Acquisition Reform Act (FITARA) scorecard, released in September, showed dramatic improvements in the progress agencies have made towards meeting IT modernization goals. The overall grades of 18 of the 24 tracked agencies increased, while grades for the remaining six agencies were unchanged. Per the scorecard,13 agencies now have an overall 'A,' 10 have a 'B,' and only one agency--the Energy Department--has a grade of 'C.' The Department of Health and Human Services and the Department of State showed the greatest improvements, with both agencies' grades moving from 'D's to 'A's.

The grading categories, unchanged from the previous report, measured agency CIO authority enhancements; CIO investment evaluation; cloud computing; modernizing government technology; cybersecurity; and progress transitioning from legacy contracts to the GSA's newer Enterprise Information Solutions (EIS) contract. Improvements in the categories of cloud computing, cybersecurity, and EIS transition contributed to higher scores. Continue reading

How Government is Acquiring AI

Just as cloud computing upended how government buys technology, agencies are now having to adapt to acquire fast-evolving artificial intelligence (AI) technology. AI is proving to be a key tool in helping government improve the efficiency and connection of its workforce and deliver improved service to citizens, but the promises of this new technology come with risks. To ensure AI solutions are secure and ethically designed, agencies are implementing a number of guardrails to ensure the safe and effective use of powerful technology.

How to Use AI

The Office of Management and Budget (OMB) developed a policy document to harness the benefits and mitigate the risks of AI for Federal agencies. This guidance provides details on how to use AI securely and effectively with a focus on five key areas: risk management, transparency, responsible innovation, workforce, and governance. Continue reading

Next Gen Tech Needs Next Gen Acquisition

The speed at which technology evolves presents many challenges for the federal government, the first being the actual acquisition of solutions. Government procurement processes and policies have had to adjust and evolve to enable agencies to buy and implement the emerging technologies that support their mission.

Utilizing Existing Platforms

The Federal Risk and Authorization Management Program (FedRAMP) may be the largest and most visible example of this evolution, allowing agencies to securely acquire cloud solutions. The program is being used as a platform to ensure that other transformative technologies, like the cloud, can securely make their way into government systems. The Emerging Technology Prioritization Framework provides guidance on how cloud service providers can request their emerging tech-powered products be prioritized and then implemented. The initial focus will be on artificial intelligence (AI) solutions, focusing on chat interfaces, code generators and debugging tools, image generators, and associated application program interfaces. Continue reading