Tag Archives: Security

Getting on the (Block) Chain Gang

Posted on by

We've been watching the use of blockchain growing in the government space as agencies look for ways to more efficiently and securely share their data. A Congressional Resolution was introduced to tout the promise of blockchain saying that, "blockchain has incredible potential that must be nurtured through support for research and development and a thoughtful and innovation-friendly regulatory approach." Following this encouragement from congress, it seems like each day there is a new application of the technology being tried and evaluated.

We've gathered a couple applications that we found interesting to help illustrate what blockchain is and what it can do.

  • Supply Chain - The Navy is looking to use blockchain to track aviation parts throughout their lifecycles, helping them better manage their supply chain. Similarly, the FDA is looking at how blockchain can better track the chain of custody of prescription drugs. In a related application, blockchain is also being considered as a solution for better tracking digital evidence in criminal cases.
  • Managing Public Records - State and local organizations are using blockchain to digitally distribute records, including marriage certificates, property titles, and business registrations.
  • Voting - Blockchain is being tested as a way to make it easier for service members and overseas citizens to vote. Last fall, 144 West Virginia voters living abroad were able to vote through their mobile phones via an app. Identities were confirmed by scanning a valid U.S. ID along with a selfie. Once the identity was confirmed, voters made their selections based on the ballot they would have used at their local precinct. Voters were then given a unique ID or hash that, once the vote was cast, allowed them to write on to the blockchain. Each submission was encrypted to the blockchain ledger, which gave election clerks the ability to conduct post-election audits.
  • Public Health - Blockchain can also speed the delivery of information as it relates to public health crises. The Food and Drug Administration is looking at how to use blockchain to share health care data securely and effectively in real time when epidemics like the swine flu threaten the health of the nation.

Continue reading

AI is Ready for Prime Time

Posted on by

Artificial Intelligence (AI) is a hot buzzword being thrown around in technical as well as business circles as a way to increase the efficiency of organizations. More than just a buzzword or "next big thing," it is now official policy of the United States. This February the President issued an executive order directing federal agencies to invest more money and resources into the development of artificial intelligence technologies to ensure the U.S. keeps pace with the world in using AI (and related technology) for business, innovation, and defense.

On the heels of the executive order, the DoD outlined its AI plans which include using AI technology to improve situational awareness and decision-making, increasing the safety of operating vehicles in rapidly changing situations, implementing predictive maintenance, and streamlining business processes.

But with all of this focus and excitement around AI, there are many groups raising concerns. Paramount is the federal workforce who sees AI technology potentially taking over their work. A recent survey found that while 50 percent of workers were optimistic that AI would have a positive impact, 29 percent said they could see new technologies being implemented "without regard for how they will benefit employees' current responsibilities." Across government, technology leaders are working to ease fears, stating that technology will take on the rote, manual tasks that humans tend to dread, freeing up people to spend additional time on more strategic, meaningful work.

Another group wary of AI's broad impact are security experts who say that with new, more advanced technologies come new, more advanced threats. In an effort to get in front of these threats, DARPA has launched the Guaranteeing AI Robustness against Deception (GARD) program. This program aims to develop theories, algorithms, and testbeds to aid in the creation of ML models that will defend against a wide range of attacks. Continue reading

The Next Step in Data Center Consolidation

Posted on by

Data center consolidation has been a mandated goal in the federal government for a number of years. The introduction of cloud, virtualization, and shared services means the government can run more efficiently with less hardware that no longer requires huge, physical servers to sit in buildings. Many of which were built for the sole purpose of housing servers. Consolidation saves money on technology, the support of that technology and also reduces agency real estate footprints and needs. While agencies have made some strides, the OMB sees the progress to date as going after low hanging fruit and is now challenging agencies to think bigger.

According to a drafted policy issued in November, OMB stated, "Agencies have seen little real savings from the consolidation of non-tiered facilities, small server closets, telecom closets, individual print and file servers, and single computers acting as servers." The push now should be in moving to the cloud and shared services, and looking to commercial third parties to host government data.

More than moving servers and workloads, data center consolidation relies on changing the way agencies manage data. The Data Accountability and Transparency Act was enacted to make information on government spending more transparent. Doing so requires agencies to agree to and implement data standards so that information can be shared across government and openly with the public. This implementation of standards has been a stumbling block for compliance. Continue reading

Is IoT a Superhero or Villain?

Posted on by

The Internet of Things (IoT) is made up of webcams, sensors, thermostats, microphones, speakers, cars, and even stuffed animals. All of these connected devices can help individuals and organizations stay connected across geographic distances, keeping tabs on and managing assets from miles away. The data they collect can be combined with other data sets to create actionable advice for better management and service.

This holds incredible promise for local governments and federal agencies charged with maintaining safe operating fleets and facilities. There's also the application for improving the routing of field technicians as well as traffic flow in general. But, as every superhero knows, with great power comes great responsibility.

As with any technology, IoT standards need to be developed for effective and safe use as well as to enable interoperability. NIST has been working on defining standards and recently released Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, but no federal agency is currently claiming jurisdiction over IoT policy and rule-making. In this vacuum, the legislative branch is getting involved. This past November, the House passed the SMART IoT Act that tasks the Department of Commerce with studying the current U.S. IoT industry. A Senate bill was introduced to manage what types of IoT devices the government can purchase, ensuring that all IoT tech in government is patchable and has changeable passwords. Finally, states are even weighing in on the proper use of IoT in government. California passed the first IoT cybersecurity law, making device manufacturers ensure their devices have "reasonable" security features. Continue reading

CDM Hits Phase Three: Determining What is Happening on the Network

Posted on by

The Continuous Diagnostics and Mitigation (CDM) program, led by the Department of Homeland Security, was designed to fortify the cybersecurity of government networks and systems with capabilities and tools that identify risks on an ongoing basis, prioritize these risks based on potential impacts, and enable personnel to mitigate the most significant problems first. The program was rolled out in phases with phases one and two pretty much complete across government.

Now that agencies know what and who is on their network, they need to move onto phase three - what is happening on the network. This involves installing and managing the network and perimeter security measures. Given that the perimeter now includes mobile devices, securing those devices and the way they access the network is critical to meeting CDM goals. Currently,agencies are mapping out mobile connections at the agency level, and the networks with which agencies are regularly interacting.

Continue reading