Ever since the issuance of Executive Order 14028, issued in May 2021 to improve cybersecurity across the entire government by implementing a zero trust architecture, federal agencies have been hard at work to meet the requirement. Then, in October 2023 – less than 18 months later – a new executive order, 14110, was released on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” These are...

Agencies increasingly rely on Software-as-a-Service (SaaS) platforms such as Salesforce for mission-critical functions, which offers them numerous benefits including flexibility, reducing upfront IT resource costs and delegating upgrades and patches to the provider. Using Salesforce does not remove the agencies’ responsibility for cybersecurity, however, and SaaS applications face their own risks, including misconfigurations, poor access...

When FBI Director Christopher Wray speaks publicly about the cyberthreat posed by the Chinese government to U.S. critical infrastructure, it is past time to take the danger seriously. “The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to...

Government today faces a long list of imperatives in serving and defending its constituents while supporting and empowering its workforce. Constituents must trust that their need for essential services can be met with transparency, without sacrificing their privacy and security. Agencies and customers alike must feel safe from internal and external threats, including cyberattacks that could cripple infrastructure and disrupt vital services. Em...

There are plenty of benefits to innovative new technologies, from greater efficiency to cost savings to customer satisfaction. It is rare, however, for a new technology to truly replace existing IT – rather, it gets incorporated into or bolted onto current systems. This approach, along with the explosion of mobile devices and proliferation of software and SaaS applications, dramatically increases and clouds an Agency’s cyber footpr...

Government agencies at all levels face cyber threats at an increasing rate. Ransomware attacks alone increased by 70% year over year in 2023. Yet agencies are constrained by budget limitations and the shortage of cybersecurity professionals, leading to trying to manage from crisis to crisis and never catching up. Automating security workflows can help agencies get a handle on their challenges and prioritize their security needs, but it isn...

In today’s interconnected digital landscape, application programming interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between various applications and systems. However, with this increased connectivity comes heightened security risks, particularly concerning the protection of sensitive data in those APIs. One of the most notorious examples of API risk is the Cambridge Analytica scandal in the...

The continuous evolution of technology presents us with a dynamic landscape filled with both promise and challenges. As the internet gained widespread adoption, it revolutionized various aspects of our lives, introducing innovations such as online shopping and real-time news updates, alongside issues like spam, phishing, and malware. Traditionally, government entities have been cautious in adopting new technologies, often due to regulatory con...

States’ voter registration systems and voter access have undergone a host of changes over the past five years, thanks in large part to the Covid-19 pandemic. Many states expanded vote-by-mail options, stepped up automatic voter registration programs, or both. Cities took action, as well – Los Angeles, for instance, has overhauled its voting system infrastructure, using open source, the cloud, and cybersecurity partnerships to updat...