Tag Archives: Security

Biometrics is Finding its Identity in Government IT

Posted on by

Biometrics is the use of an individual's unique physical and behavioral characteristics, typically used for identification and access control. Fingerprinting, the oldest form of biometrics, can be used for much more than identifying criminals. Fingerprint sensors have long been in use to allow individuals to login to their laptops, control physical access to buildings, track attendance of employees, and much more. Today, the focus is on improving facial recognition both for access to systems and facilities and as part of national security practices.

Facial recognition holds promise for accurately identifying who should and should not be in a specific place - whether that is a physical location like a building or an airport, or a virtual one like a set of classified files. However, the technology is not as reliable as the market requires. The impact of false positives and missed identities are measurably bigger when you are talking about identifying someone on a terror watch list rather than simply being locked out of your cell phone. There is considerable work being done to close the gaps between the promise of facial recognition and the reality of today's technology.

In a world where we are conducting more and more business online, biometric identification seems like a no-brainer for increasing the security of accessing personal data. But there is a privacy concern. Using biometrics means that organizations have access to very personal credentials and a recent ruling showed that the FBI does not need to disclose what biometric data it has on citizens. Continue reading

In the Event of an Emergency: Ensuring Government is Disaster-Ready

Posted on by

With a rash of recent natural disasters, weird weather patterns, and a few months of Hurricane season to go, we wanted to look at disaster recovery practices - beyond the basics. We all know it is critical to have backups for your backups, but sometimes that's not even enough.

Last year, when the U.S. Virgin Islands and Puerto Rico were impacted by Hurricanes Irma and Maria, they lost a lot of government data. Although they had backups of their data stored in different locations, all of these locations were on the island. In Puerto Rico, first responders were trying to make a map of shelter locations, hospitals and flood zones. They started with a spreadsheet containing information on 450 shelters and had to correlate that information with other datasets. Once the data was merged, they found they only had complete data for 88 of the 450 shelters. Only half of those 88 shelters could be mapped using Google, leaving the team with an incomplete picture and a lot of manual work to identify and publicize shelter locations. Continue reading

Hybrid Technology: It’s Not Just for Cars, It’s in the Cloud

Posted on by

As cloud gains momentum as a platform for government IT, the one-size-fits-all solution is becoming obsolete. Government organizations require unique solutions to suit their specific needs, which is why understanding the cloud platform options is the first step to making the change to the cloud. Initially, there were public clouds hosted completely off government sites by a third party (like Google or Amazon Web Services). Then came private clouds, infrastructure and networks designed as a cloud but only available to a closed loop of individuals. Private clouds are hosted on-premise by the government entity they were built for. Now, there is a third type of cloud implementation that is proving to be the most popular and most attractive to government agencies - the hybrid cloud.

Hybrid infrastructures mean that some elements are hosted in a cloud (either public or private) while others are managed on-premise. There is a connection that allows all systems to work seamlessly. This set-up alleviates security concerns and helps organizations maintain tight control over critical applications.

Additionally, a hybrid environment helps avoid vendor lock-in. As agencies found with hardware, becoming an all "one vendor" shop has drawbacks. While going with a single IT vendor can have initial cost savings and economies of scale, in the long run, agencies grew frustrated when that one vendor could not innovate quick enough or provide the support they needed. Agencies are wary of falling into the same trap with cloud providers and look to spread out their applications across several platforms. This allows them to pick the cloud infrastructure that works best for that particular IT solution. There are hybrid cloud management tools that "abstract away many of the common features offered by different cloud providers" making it easier to manage multiple clouds. Continue reading

FITARA 6.0: The Case of the Falling Scores

Posted on by

As summer vacation is in full swing across the country, we're sure many of you are missing tracking the grades of your students (insert sarcasm font here). We wanted to fill that void with a look at where agencies stand on their FITARA report cards. We've written here before about the progress, and lack of progress, agencies are making regarding modernizing IT infrastructure and services. The sixth report card on FITARA compliance was issued in May so we wanted to revisit the topic.

The Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 and agencies are evaluated on their progress against the Act's goals about twice a year. The latest report found that despite a renewed focus on modernization from both the executive and legislative branch, agencies are actually backsliding in terms of grades.

Part of the challenge agencies had with this reporting period was the addition of a new category to track progress on the Modernizing Government Technology (MGT) Act. This "failure" should perhaps have been graded on a curve since MGT has only been in place since December 2017, meaning many agencies have not yet had a chance to have their proposals funded, much less started work.

But even discounting the MGT "learning curve," agency scores show that there is a real struggle across the board in meeting FITARA goals around: Continue reading

Getting Mobile Government Moving

Posted on by

 

Given that we all walk around with a device in our pockets that has more computing power than it took to put a man on the moon, mobile is a key channel for government to use to reach citizens and get work done. This ubiquity has led to mobile being an integral part of every agency's IT strategy. While this has opened a new medium for citizen interaction, it also raises issues around security and privacy. Today, agencies are looking to balance the opportunities presented by mobile with implementation challenges.

Mobile devices are quickly becoming a channel of choice for emergency communication and coordination. Many in the DC area experienced this firsthand with the Wireless Emergency Alert System test in April. This is in addition to regular use of mobile messaging for localized missing child Amber Alerts nationwide. To support this type of alerting and collaboration the FirstNet network was set up to be a wireless broadband network dedicated to public safety. A recent hack-a-thon helped encourage the development of new applications on the network.

Continue reading