Federal agencies have taken the lead in the public sector’s adoption of cloud computing. It has provided many benefits, including flexibility for applications, cost savings as legacy systems have been phased out, and empowering customers in their interactions with agencies – but it also has opened new methods for cyberattacks, such as corrupting elements of the software supply chain. As a result, data protection is more important t...

The COVID-19 pandemic forced public sector agencies across the country to rely on their IT to deliver services to customers. The “forced evolution” of systems can be seen as a long-term benefit, but it also amplified the vulnerability of communities to potentially serious cyberattacks. For instance, the threat of ransomware continues to grow as cyber criminals target managed service providers, the cloud, and the software supply cha...

Securing Your Networks From IPv6 Threats The explosion of Internet-connected devices – from mobile communications to the Internet of Things – demonstrates the need for the quantum increase in available IP addresses created by moving to IPv6. This webinar, the second of four sessions, addresses the unique strengths and security challenges of IPv6. The shift to IPv6 means that end-to-end encryption is built into devices and systems,...

Federal agencies are taking seriously the administration’s September 2024 deadline for implementing zero trust throughout government systems. When Executive Order 14028, “Improving the Nation’s Cybersecurity,” was issued in May 2021, it set tight deadlines for agencies to meet zero trust requirements. One year after the EO was released, a survey found that two-thirds of agencies said they would meet the maturity require...

In June 2019 the Office of Management and Budget released MemorandumM-19-21, directing all Executive Branch departments and agencies to transition to fully digitize all permanent records by Dec. 31, 2022. But many agencies are going to miss that deadline. Between the scope of the requirements and the effects of the pandemic, fully one-third of agencies have indicated they are going to miss the deadline. The challenge is not simply digitizing r...

Phishing continues to be one of the most common internet crimes today, but the stakes have risen enormously as our society has become online-driven. More than 80% of these attacks involve credential misuse in the network. With increased remote workers, users need a seamless mobile device experience to be able to do their jobs. Derived credentials allow agencies to utilize existing investments, adopt modern protocols, and apply phishing-resista...

Cyberattacks against organizations are now often using what might be considered a “bank shot” – planting malicious code in software components before they are used in products. When coders draw upon software libraries, whether open source or proprietary, to build new applications, they unwittingly include the malware. This is a less conspicuous method that threatens the software supply chain and harms organizations’ wil...

As part of the Infrastructure Investment and Jobs Act of 2021, Congress included $1 billion over the next four years for state, local and tribal governments to strengthen their cybersecurity. The Cybersecurity and Infrastructure Security Agency established the State and Local Cybersecurity Grant Program and the Tribal Cybersecurity Grant Program to distribute funds. The Federal Emergency Management Agency is responsible for administration and...

Our nation’s K-12 schools are data-rich, but often resource-poor. That combination makes them very attractive targets for ransomware attacks. The Multi-State Information Sharing and Analysis Center, part of the Center for Internet Security, just released a new report that 29% of its member organization reported being victims of ransomware attacks – and the rapid expansion of remote learning in response to the pandemic has only made...

Modernizing the Federal Acquisition Lifecycle As Federal procurement policy and processes become more complex, agencies must adapt their business processes and technology solutions to better enable their acquisition professionals to maintain compliance and efficiency while executing mission-critical tasks. IT modernization initiatives empower acquisition professionals and leadership to make better-informed decisions throughout each phase of th...