Tag Archives: Security

Exposing the Supply Chain is a Matter of National Security

Posted on by

The phrase "Supply Chain" may make you immediately think of retail giants like Amazon and Walmart or manufacturers like GM and John Deere, but government is highly reliant on security supply chains. A supply chain is the network of all the people, organizations, resources, activities and technology involved in the creation and sale of a product. It encompasses the delivery of source materials from the supplier to the manufacturer, to its eventual delivery to the end user. In government, supply chains have come front and center with the Trump administration's rulings banning government use of products from certain Chinese manufacturers citing security concerns that products could contain ways for the Chinese to spy on the U.S. Companies selling technology to the government have to be able to trace the source of all elements of their products to ensure nothing originated with the banned distributors.

Being able to do this requires a mature supply chain process and solution. Interagency committees have been established to determine best practices in securing increasingly complex supply chains. Understanding supply chains is an expensive undertaking and one survey found that small and mid-sized businesses are opting out, counting on the fact that they will not be the ones called out to defend their supply chain to government. This mentality may not be an option for long.

DoD is getting more and more prescriptive in their security and supply chain guidance, adding the review of contractor purchasing systems as part of bid reviews. GSA has also explored banning the use of refurbished IT, since that includes products where a supply chain cannot be re-created.

The rules and regulations around supply chains can seem just as complex as the chains themselves. Luckily, it's a topic of discussion at a number of upcoming events.

Continue reading

There is No Single Way to IoT

Posted on by

It is called the Internet of Things (IoT) - plural - for a reason. IoT encompasses everything from traditional IT devices like laptops and phones to next-generation technologies like virtual assistants (Alexa, Google Home) to previously unconnected technologies like TVs to everyday utilities like HVAC systems and even refrigerators. With this wide range of things, agencies are finding it difficult to catalog every IoT device, making the creation of policies and processes even more challenging.

Shadow IoT--connected devices that aren't managed or monitored by an organization's IT resources--is a real concern for IT teams. In one study, 90% of organizations found IoT devices they were not aware of using their network. These devices can include fitness trackers, digital assistants, and smart televisions. Once these devices are identified, huge security challenges still remain as many of them were not designed with security in mind. There is also such a wide range of devices and manufacturers that policies cannot be applied consistently across all of the different products and systems.

Even known IoT devices can provide security challenges and concerns. Historically, systems running building automation - lights, elevators, sprinkler systems, HVAC - were separate from the IT systems. Today, these Industrial Internet of Things (IIoT) regularly connect to external networks and introduce risk back into the agency networks. As a workaround, a survey of IoT leaders found that 45% of respondents said they were deploying IoT devices on a dedicated network. Continue reading

Easy as RPA

Posted on by

Robotic Process Automation (RPA). It may sound like a premise to a movie where robots take over the world, but it's very real and it's helping organizations realize modernization goals. Despite the name, RPA has nothing to do with robots. It is about software that uses artificial intelligence (AI) to automate high-volume, repetitive tasks. This can include queries, calculations, and maintenance of records and transactions.

In government, RPA is already being implemented in a wide variety of applications.

  • Inspections - As agencies look to modernize the way they perform inspections of the water we drink, the roads we travel, and the buildings we travel to, they are using RPA to move off paper-dependent processes.
  • Claims review -- RPA is built into an intake tool used by the Centers for Medicare and Medicaid that ingests records, automating the process and identifying potential problems.
  • Procurement - RPA is being used to automate and streamline the close-out process of government contracts, freeing up staff to work on actual programs, rather than spending time documenting that work.
  • IT asset management - Managing IT assets is a combination of automated and manual tasks. The introduction of RPA greatly reduces the need for manual intervention when it comes to enforcing governance and process, freeing up staff to work on mission-focused projects rather than tracking the technology used on those projects.

Continue reading

CDM – Concentrating on the How of Cybersecurity

Posted on by

The Department of Homeland Security's Continuous Diagnostic Mitigation Program (CDM) was developed as a guideline process for agencies to fortify their ongoing cybersecurity plans and tactics. Agencies have worked through the stages of the program, first identifying what and who is on their network and then looking at what is happening on the network - really identifying the who, what, when, and where. Today, the focus is to put all that information to work in developing plans that address the "how" of secure networks including:

  • Reduce agency threat surface
  • Increase visibility into the federal cybersecurity posture
  • Improve federal cybersecurity response capabilities
  • Streamline Federal Information Security Modernization Act (FISMA) reporting

According to a recent survey, in the seven years since its inception, the CDM program has met its mission of making government IT systems more secure. But this success does not mean the work is done. Legislation has been introduced that will make CDM permanent and expand its reach to meet the ongoing cyber threats that face government agencies. Moving forward, the CDM will help agencies focus on taking what has traditionally been a piecemeal approach to cybersecurity and creating a more integrated approach that ties to the an overall cyber strategy.

Continue reading

Department Spotlight ~ U.S. Department of Agriculture: Harvesting Crops and Innovation

Posted on by

Fall visits to the farmers market take us back to simpler times when people lived off the land. Today's farmers may provide the same "output" of food, but how they manage the growth and distribution of it has changed dramatically.

The U.S. Department of Agriculture (USDA) was established in 1862 and was nicknamed "The People's Department" by President Lincoln because of its mission to support the farmers that feed the nation. Today, the USDA is focused on providing "leadership on food, agriculture, natural resources, rural development, nutrition, and related issues based on public policy, the best available science, and effective management."

In achieving this mission, the USDA has become a hub for innovation. It was chosen as the first host agency for a modernization Center of Excellence (CoE). Spearheaded by the General Services Administration (GSA), the CoE at USDA was established to accelerate IT modernization across government to improve the public experience and increase operational efficiency. The CoE centralizes top government tech talent and combines it with private sector experts and expertise to implement best practices to move processes and technologies ahead. The CoE is focused on five functional areas: Cloud Adoption, Contact Center, Customer Experience, Data Analytics, and Infrastructure Optimization.

Continue reading