Tag Archives: Security

FedRAMP’s Ongoing Evolution

Posted on by

The Federal Risk and Automation Management Program, commonly known as FedRAMP, was introduced in 2010 and signed into policy at the end of 2011 as a "standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services." In plain English, it provides a baseline for agencies to determine if a cloud solution is secure enough for them to use. Vendors get FedRAMP certified as a way to prove their solution is ready to plug and play into federal systems.

In recent years, cloud has moved from a curiosity for most agencies to a key part of IT infrastructure. With this change in cloud acceptance and use, FedRAMP has also started to evolve to meet today's needs. Last summer, Rep. Gerry Connolly introduced the FedRAMP Reform Act of 2018 as a more stringent enforcement of the use of FedRAMP guidance. Continue reading

The Emerging Use of Blockchain in Government

Posted on by

Blockchain is a complex technology that aims to streamline repetitive, data-intensive tasks. It has become more than a hot buzzword in government IT circles, it is already being put into practice.

One way to think of blockchain is as a database that is jointly managed by a distributed set of participants. Adding data requires the "sign off" of everyone in the chain, verifying that the transaction is legitimate. Because of this interconnectedness, it is inherently secure. Every piece is linked to another, changing one piece will impact the rest of the chain (just like that one bulb going out on your Christmas lights) alerting all owners to an issue.

Government agencies are drawn to the security and transparency provided by blockchain to improve the efficiency and stability of processes requiring strict audit trails. NIST has provided guidance to help educate as well as encourage organizations to begin trying out blockchain approaches. Continue reading

Department Spotlight: Department of Homeland Security

Posted on by

The Department of Homeland Security (DHS) may be the newest cabinet-level department, but it is still facing the same modernization challenges felt across government. The agencies pulled under the DHS umbrella in 2002 came with legacy systems. While a good deal of integration and modernization happened while DHS was being formed, systems have to keep evolving to keep up with the ever-changing threat landscape and the technologies used to threaten the homeland.

Cybersecurity, as it relates to the protection of the national infrastructure and government systems, is a huge focus for DHS. In fact, The DHS Secretary recently said that nation-state adversaries "are at the highest levels since the Cold War, largely but not exclusively due to leveraging cyber to conduct espionage and influence operations and disrupt services." As part of their efforts to strengthen their cybersecurity posture, the Department is leading the Continuous Diagnostic Monitoring (CDM) efforts across government to provide capabilities and tools to identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first.

With a broad mandate to support election security, DHS has been collaborating across the government to ensure the security of machines and records for national elections. New technologies such as Albert sensors, technology designed to detect suspicious IP addresses and malware signatures, will be in place in 90% or more of voting machines used in November. Continue reading

Putting the IT in Your Next Doctor VisIT

Posted on by

National Health IT Week was designed to raise awareness of the role IT plays in healthcare and to move forward the use of IT solutions that make a difference in the quality of patient care. The field of Health IT has evolved greatly from using technology to help with administrative functions and patient records. Today, Health IT is at the bedside with telemedicine consults, IoT medical devices, patient education, and more. Additionally, the health market is looking to emerging technologies like blockchain to help with chain of custody of records and controlled substances. IT is also playing a huge role in public health by using data analytics to spot patterns and trends in everything from flu outbreaks to opioid abuse.

With all of these opportunities for IT to become part of the delivery of healthcare there are of course huge security concerns. Publicity around breeches and ransomware incidents have put the industry on high alert to be proactive in their security and responsive to public concern about the security of private health data. Continue reading

The Shared Responsibility of Cybersecurity

Posted on by

Every October, the cybersecurity community comes together to highlight how each of us plays a role in the security of not just our own online identities, but of cyberspace as a whole. This year, National Cyber Security Awareness Month, organized by the Department of Homeland Security, is celebrating its 15th anniversary. This month is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online while increasing the resiliency of the Nation during cyber-threats.

The theme for 2018 is "Cybersecurity is our shared responsibility, and we all must work together to improve our Nation's cybersecurity." This focus on responsibility, both individual and organizational, is critical for a population becoming more and more dependent on Internet connectivity. A recent study found that while government tends to have better cyber hygiene than most industry sectors, overall, we are not doing all we can to secure our networks and all of the devices that connect to them. Only 50 percent of respondents said they were running authenticated scans and were able to patch vulnerabilities within a week of detection. Almost half use dedicated workstations and networks for administrative activities, but over 40 percent do not use multifactor authentication or don't require unique passwords for each system. Continue reading