When the White House issued Executive Order 14028, “Improving the Nation's Cybersecurity” in May 2021, it established the framework for the Office of Management and Budget’s January 2022 memorandum directing all agencies to implement a Federal Zero Trust Strategy. The Department of Defense has now released its own Zero Trust Strategy and Roadmap, which spells out its four high-level, integrated strategic goals in achieving ze...

Much of cybersecurity is focused on protecting users’ identities and personal information. This approach has numerous benefits, not just for the individual users but for the systems with which they interact – it protects people from malicious activities such as identity theft, while it also cuts down on bad actors stealing credentials to enter IT systems and wreak havoc, from ransomware to data exfiltration. The National Institute...

Government agencies below the federal level – whether state, local, tribal, or territorial (SLTT) – face the same cyber threats as their national counterparts, but without the same level of resources dedicated to their protection. To help address this problem, in September the Department of Homeland Security announced two new grant programs specifically to boost cybersecurity for SLTT agencies, and published the Notice of Funding O...

One of the major challenges for IT administrators and staff during the recent pandemic was the explosion of the network as working from home became the norm. Agencies that didn’t already have a good handle on the number of devices connected to their networks or how those devices were configured found themselves overwhelmed by the vast expansion of their vulnerable attack surface. Since that time, the attack surface has continued to expan...

As agencies pursue their zero trust goals in line with Executive Order 14028, “Improving the Nation’s Cybersecurity,” and the Office of Management and Budget’s memorandum setting a Federal Zero Trust Strategy, it is easy to focus on technology solutions. But that overlooks something fundamental about both the challenge and the purpose of moving to zero trust – the human beings that actually will use the redesigned...

In today’s digital world, IT modernization and cybersecurity are intertwined with delivering a vast range of state services to residents. According to the National Association of State CIOs, these were the top two concerns facing state governments in 2022. They are two reasons why the state of Florida in 2020 created the Florida Digital Service (FDS), to partner with all state agencies to deliver services. In a state that often faces nat...

Federal agencies have taken the lead in the public sector’s adoption of cloud computing. It has provided many benefits, including flexibility for applications, cost savings as legacy systems have been phased out, and empowering customers in their interactions with agencies – but it also has opened new methods for cyberattacks, such as corrupting elements of the software supply chain. As a result, data protection is more important t...

The COVID-19 pandemic forced public sector agencies across the country to rely on their IT to deliver services to customers. The “forced evolution” of systems can be seen as a long-term benefit, but it also amplified the vulnerability of communities to potentially serious cyberattacks. For instance, the threat of ransomware continues to grow as cyber criminals target managed service providers, the cloud, and the software supply cha...

Securing Your Networks From IPv6 Threats The explosion of Internet-connected devices – from mobile communications to the Internet of Things – demonstrates the need for the quantum increase in available IP addresses created by moving to IPv6. This webinar, the second of four sessions, addresses the unique strengths and security challenges of IPv6. The shift to IPv6 means that end-to-end encryption is built into devices and systems,...

Federal agencies are taking seriously the administration’s September 2024 deadline for implementing zero trust throughout government systems. When Executive Order 14028, “Improving the Nation’s Cybersecurity,” was issued in May 2021, it set tight deadlines for agencies to meet zero trust requirements. One year after the EO was released, a survey found that two-thirds of agencies said they would meet the maturity require...