Charting the Future of Defense

The National Defense Strategy (NDS) sets the strategic direction for our military to meet the security threats of tomorrow. Overall, the Defense Strategy focuses on China and Russia as the primary adversaries, but it also emphasizes the importance of global cooperation among allies as well as adversaries to meet threats that are bigger than any one country including climate change, food insecurity, and pandemics. The defense strategy lays out three primary tactics for advancing U.S. and global security.

Integrated Deterrence

The practice of integrated deterrence involves working closely across all branches of the military, warfighting domains, and even across other federal entities to ensure national security. It expands responsibility for deterring adversaries beyond the Department of Defense (DoD), involving the intelligence community, health agencies, environmental agencies, and more. Continue reading

Agile Becomes a Core Competency of Government

Agile is not a technology but rather an approach. As such, the barriers to adoption are not technical, they are cultural. Moving to Agile requires a complete shift in thinking from waterfall development. No longer is it feasible to set requirements at the beginning of the project and then design to those specifications, not launching until the whole system is complete. Rather, Agile works more in line with the pace of today, emphasizing constant communication to introduce change into the development process and encouraging small elements of the end solution to be released throughout the project lifecycle. Use of Agile in government has come a long way, but there is still room for improvement in how agencies meet digital goals and expectations. Continue reading

AI Reporting for Duty

Artificial Intelligence (AI) is becoming a key tool in the arsenal of the U.S. military. In 2022, the Department of Defense (DoD) launched the Chief Digital and Artificial Intelligence Office (CDAO) to become the "go-to place for talent and technical expertise." It was formed by merging several DoD offices to create a single, coordinated effort to advance AI technology and policy. Specifically, the CDAO is charged to:

  • Lead the Department's strategy and policy on data, analytics, and AI adoption, as well as govern and oversee efforts across the Department.
  • Empower the development of digital and AI-enabled solutions across the Department, while also selectively scaling proven solutions for enterprise and joint use cases.
  • Provide a sophisticated cadre of technical experts that serve as a de facto data and digital response force able to address urgent crises and emerging challenges with state-of-the-art digital solutions.

A key focus of the CDAO will be how to use AI to better coordinate forces in support of the DoD's Joint All-Domain Command Control (JADC2) efforts. Initial tactical goals include:

  • Review the Department's policy, strategy, data governance, analytics, and AI to create an integrated Data, Analytics, and AI strategy.
  • Provide the enterprise-level infrastructure and services that enable efforts to advance adoption of data, analytics, and AI.
  • Solve and scale enterprise and joint use cases in support of the National Defense Strategy and the Advancing Data and AI (ADA) initiative.

Continue reading

Cloud and Government: Have We Finally Made a Love Connection?

The government's relationship with cloud computing has been an evolving affair. Initially, there was skepticism that cloud solutions could not provide the needed security that on-premise systems had been providing. With checks and balances provided by FedRAMP, security concerns were slowly but surely overcome. With the move to more remote work and the demand for digital interaction with citizens, cloud has moved from a novel approach to a necessary part of the Federal IT infrastructure.

Cloud and Security

Initial concerns about the levels of security maintained by cloud providers have proven to be unfounded. Cloud systems are built with security as a top of mind concern by some of the brightest, most experienced cyber experts in the world. No matter how skilled Federal IT teams are, they just cannot build an on-premises system that meets the same rigors. In fact, today cloud security concerns lie with the users of cloud rather than the providers. Continue reading

Schools Have to Learn the ABCs of Ransomware

Ransomware has traditionally been a practice where cybercriminals encrypt data and demand ransom in exchange for a decryption key. More recently, a growing number of these bad actors threaten to make this information public if they do not get paid. This shift in the practice of ransomware has increased the "attractiveness" of K-12 schools for cyber criminals. Information about children is among the most highly protected data there is, making it more likely ransoms will be paid to keep it private. For this and other reasons, K-12 schools are seeing an increase in ransomware activity. In 2021, there were at least 62 reported ransomware cases as compared to only 11 in 2018. 2021 also saw ransomware as the most common cyber incident for K-12 schools for the first time ever.

What Gets Compromised in a Ransomware Attack?

An incident in 2020 involving Fairfax County, VA Public Schools resulted in employee social security numbers being posted online. Hackers targeting a school district in Allen, Texas emailed parents with threats to expose their childs' personal information if educators did not pay a ransom. Showing the full swing of ransomware impacts from the serious to the mundane, a 2022 attack on the Griggsville-Perry School District in Indiana had many records compromised and leaked including a detention slip from December 2014 for a student who would not stop interrupting his health class. This shows the breadth of access that hackers had to documents and has led many schools to reexamine their file retention policy to reduce the amount of data accessible to bad actors. Continue reading