Cybersecurity in today’s volatile world is understandably critical but translating understanding into practice is challenging, especially as agencies’ resource demands are at an all-time high, competent IT talent is at a premium, and budgets aren’t keeping pace. Continuous regulatory compliance and security risks to organizations and individuals alike keep evolving—making it difficult to plan and implement specific, act...

The challenges of cybersecurity in today’s volatile environment have hit state, local and educational agencies and institutions particularly hard. Their IT shops already faced manpower shortages, outdated hardware and software, threats such as ransomware, and skimpy budgets – all of which have been amplified by the pandemic and its follow-on effects. And now war in a faraway country, involving a nation-state already hostile to the...

The cybersecurity landscape has never been more complicated. The Russian invasion of Ukraine prompted cybersecurity alerts across government agencies and critical infrastructure sectors. After the pandemic forced millions to work from home and security professionals adapted to protecting networks without traditional perimeters, new hybrid work models are emerging. Ransomware wreaked havoc on organizations large and small, government and privat...

Several Russian generals have been killed in Ukraine because their soldiers have been forced to rely on communications “in the clear,” on regular cellphones and handheld radios. But that does not necessarily translate into a permanent tactical advantage for the Ukrainians – Russia is also known for its hacking skills. If their secure communications are breached, Ukrainian forces also can be at risk. There is no more timely ex...

It has been more than a decade since the Obama administration adopted a “cloud first” strategy for IT modernization. The policy shifted in 2019 to a “cloud smart” approach. Agencies across the federal government have been including cloud migration in their digital transformation initiatives over this period. But 10 years is a long time for any digital technology, and as cloud computing has matured its long-term drawback...

The Federal Risk and Authorization Management Program – FedRAMP – has been in place for more than a decade now. It has always been a great vehicle for moving government IT workloads to the cloud and into secure government-approved environments. Increasingly, FedRAMP is enabling faster adoption of cloud services and reducing organizational risks and costs associated with the sustainment of traditional government-owned equipment and...

Warnings from the White House about potential cyber attacks by a hostile nation-state. Security risks in third-party software code. Ransomware paralyzing schools and hospitals. Phishing schemes targeting employees. Talk of cyberwar. It is a very tough time to be a cybersecurity professional. Success in this ecosystem depends on more than technical expertise and knowledge of specific attack countermeasures. Security and IT leaders need a clear...

The Russian invasion of Ukraine started with cyber attacks shortly before tanks crossed the border. Data-wiping malware infected a number of government systems, while many official websites were downed by DDoS attacks. The problem is, malware released into the wild rarely stays in one place. While Ukrainian systems may have been the target, it did not take long for the malware to show up in Latvia and Lithuania. Times of uncertainty trigger he...

The pandemic of the last two years has changed the federal workplace. As employees begin a cautious return to their offices, the federal government’ Safer Federal Workforce Task Force is exploring how to balance reopening with the employees’ desire to keep some of the flexibility they discovered while working remotely. Key priorities such as hoteling, workplace/building services, visitor management, and the potential for understand...

When the pandemic drove millions of government employees out of their offices and into remote work two years ago, the need to overhaul legacy identity and access management (IAM) processes became apparent. President Biden’s Executive Order and National Security Memorandum on cybersecurity pushed this further by embedding Zero Trust architecture at their core, and January’s memorandum from the Office of Management and Budget (M-22-0...