Tag Archives: policy

In Cyberspace Showdown, Government Has the Upper Hand on the “Bad Guys”

Posted on by

The annual Federal Information Security Modernization Act (FISMA) report was delivered to Congress in May and contained encouraging news. The report, tracking agencies' ability to meet the guidelines set forth in FISMA, showed that there were 8% fewer cybersecurity incidents across government in fiscal year 2019. Additionally, the report showed that 73 agencies meet the highest FISMA rating, up from 62 in 2018.

All of this improvement comes at a time when more attacks are being carried out against agencies and those attacks are becoming more and more sophisticated. The government's ability to stay ahead of the increasing attack vectors can be attributed to compliance with federal regulations and mandates including Continuous Diagnostics and Mitigation program and the National Cybersecurity Protection System.

Additionally, a focus on educating federal employees about spear phishing, the practice of sending emails that look like they are coming from a known or trusted sender to intice targeted individuals to reveal confidential information, has also paid off. The report showed that the U.S. Department of State, U.S. Department of Health and Human Services, and the U.S. Department of Commerce had the largest reduction in phishing-related security incidents via email. Fittingly, the Department of Education earned a proverbial gold star, reporting zero phishing incidents. They attributed this success to employing "increasingly complex phishing scenarios" to improve spam filtering and implementing anti-phishing policies with their email provider. Continue reading

When Telework Stopped Being a Remote Possibility

Posted on by

Man Working Using Laptop on Coffee TableAt the beginning of 2020, the idea that the vast majority of the federal workforce would be working from home seemed like a remote (pun intended) reality. However, due to shelter-in-place orders across the U.S. this spring, much of the public sector work was being done from kitchen tables, guest bedrooms, and home offices. This fast pivot to remote work left agencies scrambling to get devices to employees now separated from their desks, develop reliable and secure connections to enterprise systems and applications, and re-engineer decades-old processes to accommodate fully virtual teams. Some examples include:

  • The Department of Homeland Security (DHS) created a workaround to give employees access to systems when they could not use their PIV card. An alternative credential process was created in under a month, enabling DHS to issue credentials that included logical access tokens to give employees and contractors access to DHS networks only. Unlike a PIV card, this credentialing system doesn't have the employee or contractor's photo ID or allow physical access to a DHS building.

  • The Office of Personnel Management (OPM) issued Temporary Procedures for Personnel Vetting and Appointment of New Employees During Maximum Telework Period Due to Coronavirus COVID-19. These procedures included deferring the fingerprint requirement for background checks and opened the door to PIV card alternatives like the one created by DHS.

    • Continue reading

Get to Know the CDO

Posted on by

Chief Data Officer (CDO) may be one of the newest C-suite designations, and it's quickly becoming one of the most important. With data-driven government becoming a mandate via the Federal Data Strategy and the Evidence Act, accountability around data management is essential. More than just a way to check a compliance box, having a CDO is a smart business decision in a world where data is critical to how government organizations interact with constituents. However, having a CDO is only a start. The CDO needs to be set up for success as well.

One report indicated that 60% of federal CDOs lack a clear understanding of their role. According to Gartner, a CDO is a senior executive who bears responsibility for enterprise-wide data and information strategy, governance, control, policy development, and effective exploitation. This role makes sure data is secured appropriately for access, as well as privacy concerns, and sets the rules and processes for managing the data lifecycle. The CDO also develops solutions to use that data to create business value.

Even if the role is defined within an organization, CDOs report they lack budget authority or insight into what budget they have to complete their jobs. This mirrors what we have seen with another "young" position, CIOs. Chief Information Officers have seen their role elevated by its measurement in the FITARA scorecard, and with that tracking, are getting more budget authority and input. In addition to budget, CDOs also need the authority to set and enforce policies and processes across their organization and, in doing so, streamline communication among related groups. Continue reading

Census…Clear as 20/20

Posted on by

The Census Bureau's mission is "to serve as the nation's leading provider of quality data about its people and economy." 2020 is a decennial census year where the government is required by Article I, Section 2 of the Constitution to collect data on the population of the country. This data is used to determine the number of seats each state has in the U.S. House of Representatives and inform the distribution of billions in federal funds to local communities. The 2020 questionnaires will begin arriving to homes mid-March. All households receiving a questionnaire are required to fill it out and return it. Those that have not responded will be visited by census takers beginning in May.

The first census took place in 1790, one year after George Washington took office. For this initial census, marshals visited every house and collected data. The process took months and the end results were questioned for accuracy and completeness. Since then, the process by which census data is collected continues to evolve.

In 1890, a punch card system was used for the census. This automation was developed specifically to meet the growing amount of data that needed to be processed. The company that developed this technology went on to become IBM. Moving ahead 130 years, this year's census marks the first time people will be able to submit their responses online.

Continue reading

The Insecurity Around Election Security

Posted on by

The delays and confusion over the Iowa Caucus results has once again brought election security into the national spotlight. Voting has increasingly moved to electronic means following the 2000 elections that put the fate of the election in the "hanging chads" of Florida. Electronic voting machines seek to remove human-error in the actual voting process as well as vote tallying. However, many voting precincts are using technology that is 10-20 years old, introducing problems around maintaining and securing the systems for today's use.

One surprising conclusion around election security is the critical role of a paper trail. Having a paper back-up to electronic voting proved to be important in Iowa and is making counties nationwide re-examine the role of paper in modern elections with the end goal of accuracy being more important than speed.

To modernize voting procedures, systems, and products, Congress has earmarked over $700 million to replace paperless voting machines with more secure digital options that offer a paper trail. While voting is handled at the state and local level, more support from the federal level comes with a new policy that ensures the FBI brief state election officials when local election infrastructure has been compromised. However, many argue this does not go far enough and that the FBI should loop in election officials if they discover breaches of private sector companies involved in providing election technology and support. Continue reading