While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
President Donald Trump has named Michael Kratsios to serve as his deputy chief technology officer and deputy assistant to the president, according to multiple reports. Kratsios previously served as chief of staff at Thiel Capital, an investment firm founded by Silicon Valley investor Peter Thiel, a prominent backer of Trump during the 2016 presidential campaign.
The hiring, first reported by Politico and confirmed by TechCrunch, represents one of the Trump administration’s most prominent technology personnel decisions to date. The administration has yet to name a permanent CIO to replace Tony Scott, who left the government in January.
Government could save as much as $1 trillion over the next decade by taking advantage of IT innovation, according to a new report from the Technology CEO Council. The group includes the chiefs of IT companies such as Dell, IBM and Oracle. Their suggested ideas and the savings they can generate include:
$500 billion: Improve supply chain and acquisition through advanced analytics and commercially proven process improvements
$270 billion: Effectively mine available data and use that information to identify and stop fraud and improper payments
The best way for federal agencies to adapt to a wave of young workers is to create a clear and reasonable bring-your-own-device policy, according to “Millennial Rising: ‘Digital Warriors’ Introduce Risk to Federal IT Systems,” a new report from information security company Forcepoint.
The report found that millennials are expected to make up almost 75 percent of the federal workforce by 2025, and suggests that organizations need to develop tools that provide greater visibility into users’ motives through behavioral monitoring.
“If security protocols and policies do not evolve, a highly effective millennial worker can quickly go from a super employee to an insider threat,” the report says.
As the Trump adminsitration starts to tackle IT priorities across the federal government, here is a look at three large technology projects that could take shape in the near future:
1. Faster Airport Security Lines
The Transportation Security Administration’s Precheck program clears the majority of travelers before they arrive at the airport. Instead, employees devote most of their time screening for those with criminal backgrounds or on terrorist watchlists. Biometrics could further streamline the process by validating passengers with iris scans, says Tom Greiner, managing director of technology at Accenture.
2. Better Protection of Personal Data
1. Provide user training. Agencies should educate users about the value and inner workings of software licenses. For example, a database license may only allow access to a specific number of processor cores, while other software vendors may charge through a consumption-based model, says Amy Konary, IDC’s vice president of software business models.
2. Coordinate between stakeholders. Many software asset management tools require the installation of software agents on servers to collect data. This means system owners must collaborate with the software asset management team to successfully run the asset management tool, says Daniel Cosgrove of U.S. Citizenship and Immigration Services.
3. Take an agile approach. USCIS adopted agile principles to make continuous improvements to its software management processes, allowing the agency to make changes that met business needs while realizing immediate results, Cosgrove says.
Throughout the federal government, agencies are spending more time and money than ever to limit their exposure to cyberthreats. Here’s a checklist of steps IT leaders can take to bolster their organization’s security and avoid unwanted breaches:
1. Coordinate your goals. “This is no time for silos and bureaucracies, ” says Avivah Litan, vice president and distinguished analyst for Gartner Research. “You need to get your organizations and processes aligned around security.”
2. Secure your users. You’re only as secure as your weakest link: the users whose access may be compromised by an attacker. Cybertraining, exercises, and drills need to receive high priority, says former U.S. CISO Gregory Touhill.
3. Value your information assets. Understand that information has value, and align your protective measures based on the risks to your most important data, Touhill says.
The General Service Administration's 18F digital services unit said its cloud.gov platform received authorization to operate from the GSA’s Federal Risk and Authorization Management Program.
In a blog post, 18F said that “FedRAMP Authorized status marks completion of a comprehensive security and compliance assessment that enables federal agencies to start using cloud.gov with significantly reduced effort.”
Defense Department CIO Terry Halvorsen said on Wednesday that he will retire from government service on Feb. 28.
Halvorsen disclosed his plans during a media roundtable, according to Federal News Radio and Inside Defense. DOD's current IT policies and priorities are unlikely to change significantly during the transition to the Trump administration, he said.
The secretary of the Army, Eric Fanning, has issued an 88-page directive designed to spur further data center consolidation after the Army fell behind on its goals. As Federal News Radio notes, the directive lays out "highly detailed orders to three-and-four star generals in the Army’s headquarters and functional and geographic commands, telling them precisely what must be done to close 60 percent of the service’s 1,200 data centers by the end of 2018 and 75 percent by 2025."
On Dec. 29, the Department of Homeland Security and FBI released a report, called a Joint Analysis Report (JAR), which, the agencies claimed, provides evidence of how Russian intelligence services used spear phishing cyberattacks against the Democratic National Committee and Hillary Clinton campaign chairman John Podesta to hack into their emails and interfere in the 2016 presidential election. The JAR, the agencies said in a statement, "details of the tools and infrastructure used by Russian intelligence services to compromise and exploit networks and infrastructure associated with the recent U.S. election, as well as a range of U.S. government, political and private sector entities."