Tag Archives: cybersecurity

Government Event Market Remains Consistent

Posted on by

Last month we surveyed GovEvents' organizer members to get a pulse on what they are seeing in the government events' market. The common theme we found is that the environment for government events seems to be stable and unchanging.

This is good news in the wake of the GSA event scandal that dealt a big hit to the government events' market in 2012 and 2013, but should we get comfortable with this status quo? First, let's look at some of the stats:

  • 61% of respondents said they are planning the same number of events as they did a year ago.
  • 42% of organizations said they are spending the same amount of money on events as they did last year.
  • 57% of respondents said that attendance at events is about the same as it was a year ago with 29% noting a rise.[Tweet "GovEvents Survey Findings: Government Event Market Remains Consistent. #GovEventsBlog"]

These findings were similar to those discovered by Market Connections earlier this year. In that survey of government employees, the results showed that event attendance continued to be flat for the last couple of years after seeing an uptick after the issues around the GSA event were addressed. Continue reading

The Secret is in the Cloud

Posted on by

Amazon Web Services (AWS) recently announced a newly developed "secret region" in their cloud, specifically made to host federal data up to the secret level of security classification--the second-highest level behind top secret. Amazon had previously offered only a top secret region, but this new offering now allows for any sensitive data to be stored in the commercial cloud. According to Amazon, "The U.S. Intelligence Community can now execute their missions with a common set of tools, a constant flow of the latest technology and the flexibility to rapidly scale with the mission." Microsoft Azure also has a similar offering.[Tweet "AWS newly developed "secret region" in their cloud to host federal data. #GovEventsBlog"]

The government's adoption of cloud technology started with administrative and low-risk data and applications - service workflow solutions with Salesforce, email platforms, and video conferencing. As evidenced by the work put into securing the cloud for sensitive data, commercial cloud providers see a need and profitable revenue stream with government customers. Continue reading

Behind the Curtain: Oracle Federal Forum

Posted on by

Now in its tenth year, the Oracle Federal Forum is taking a fresh approach to its annual show. As always, it brings together government technology, business and industry leadership, IT experts of every flavor, as well as technology thought-leaders to provide a hands-on look at the future of government IT.

Oracle's Federal Forum theme this year is, "Modern Cloud, Endless Possibilities," and is scheduled for Thursday, Dec. 14, at the Marriott Marquis hotel in Washington, D.C. Oracle and its industry partners will examine how agencies can begin embracing the power of cloud computing while also acknowledging that government has considerable investments in existing, on-premises technology. In addition to being a hands-on technology event, Oracle will also offer sessions and workshops on more business-oriented content for HR, finance and budgeting, and marketing professionals.[Tweet "Behind the Curtain: Oracle Federal Forum. What you can expect from this year's event. #GovEventsBlog"]

The team at Oracle took some time away from their planning and preparation to share some insights on what people can expect from this year's event.

With 2017 being the tenth anniversary for this event, can you share a little bit about how the Federal Forum has changed over the years? Continue reading

Time to Get Serious About Federal Government Cybersecurity

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

It is generally accepted that, as the National Institute for Standards and Technology points out, cybersecurity threats exploit the increased complexity and connectivity of our critical infrastructure systems and can potentially place the nation's security, economy, and public safety and health at risk. Like financial and reputational risk, cybersecurity risk affects the bottom line of both companies and nation-states. It can drive up costs and impact revenue. It can harm the ability to innovate and to gain and maintain customers, as well as make it difficult to meet the needs of citizens.

To address these risks, President Obama issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," on Feb. 12, 2013. According to the Department of Homeland Security, this executive order directed the executive branch to do five things: develop a technology-neutral voluntary cybersecurity framework; promote and incentivize the adoption of cybersecurity practices; increase the volume, timeliness, and quality of cyber threat information sharing; incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure; and explore the use of existing regulation to promote cybersecurity.

Almost exactly one year later, a cyber intrusion began at the United States Office of Personal Management. This intrusion went undetected for 13 months. As the Wall Street Journal, U.S. News & World Report and other media reports noted, this intrusion was described by Federal officials as among the largest breaches of government data in the history of the United States. Information targeted in the breach included personally identifiable information, such as Social Security numbers, as well as names, dates, places of birth, and addresses. The hack even involved the theft of detailed security clearance-related background information, including more than 5.6 million sets of fingerprints.

Clearly, EO 13636 was insufficient to prevent a major cybersecurity event.

Less than a month ago, President Trump signed a new executive order, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure," designed to protect American innovation and values. This new executive order, which reflects considerable analysis, opens with four findings: that the executive branch has for too long accepted antiquated and difficult-to-defend IT; that effective risk management involves more than just protecting IT and data currently in place; that known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies; and that effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy, and human resources.

The executive order goes on to explicitly hold agency heads accountable to the president for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data. It also mandates the use of the rigorous and recently revised Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology that EO 13636 deemed voluntary.

Will this new executive order make a difference? The answer may rest in the implementation and enforcement of the order. With parallel progress in both pattern recognition algorithms and microelectronic technology, machine learning and artificial intelligence can likely already bridge the gap between the enormous volume of government intelligence data and people capable of analyzing it, as Jason Matheny, Director of the Intelligence Advance Research Project Agency, has forecast. IBM's Watson, for example, can understand all forms of data, interact naturally with people, and learn and reason at scale. Accordingly, the compromise of even sensitive but unclassified information when analyzed by sophisticated means could enable perpetrators to "connect the dots" and jeopardize national security.

In this environment, will "mistakes" or negligence leading to compromised information be tolerated or will they be dealt with severely? Will agency heads be held accountable or will they get a pass? Will "antiquated and difficult-to-defend IT" be tolerated or will rigorous processes and modern applications, like layered security, limitations within network security, encryption of data at rest and in motion, and policy engines used in conjunction with access restriction and auditing software be mandated, implemented, and audited?

The answers will be revealed over the next weeks and months.

The challenge is clear--a well-thought-out and rigorous policy for Federal government cybersecurity is in place, now it must be implemented and enforced. Time is not on our side; the next hack or the next serious incident due to the negligence of a government employee or contractor could happen tomorrow or the next day. It is time to get serious about Federal government cybersecurity.

View original post on MeriTalk

Are You Doing Enough to Keep Attendee Information Safe?

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

Ticket holders for the annual Coachella Valley Music and Arts Festival who are looking forward to spending two weekends in the California desert with some of the biggest names in music may have had their anticipation dampened by a bit of bad news from festival organizers last week. "We recently discovered that unauthorized third parties illegally gained access to the usernames, first and last names, shipping addresses, email addresses, phone numbers, and dates of birth individuals provided to Coachella," read an email from the festival. "We have taken measures to block further unauthorized access, and reported the matter to the appropriate authorities for further investigation." Continue reading