While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Throughout the federal government, agencies are spending more time and money than ever to limit their exposure to cyberthreats. Here’s a checklist of steps IT leaders can take to bolster their organization’s security and avoid unwanted breaches:
1. Coordinate your goals. “This is no time for silos and bureaucracies, ” says Avivah Litan, vice president and distinguished analyst for Gartner Research. “You need to get your organizations and processes aligned around security.”
2. Secure your users. You’re only as secure as your weakest link: the users whose access may be compromised by an attacker. Cybertraining, exercises, and drills need to receive high priority, says former U.S. CISO Gregory Touhill.
3. Value your information assets. Understand that information has value, and align your protective measures based on the risks to your most important data, Touhill says.
The General Service Administration's 18F digital services unit said its cloud.gov platform received authorization to operate from the GSA’s Federal Risk and Authorization Management Program.
In a blog post, 18F said that “FedRAMP Authorized status marks completion of a comprehensive security and compliance assessment that enables federal agencies to start using cloud.gov with significantly reduced effort.”
Defense Department CIO Terry Halvorsen said on Wednesday that he will retire from government service on Feb. 28.
Halvorsen disclosed his plans during a media roundtable, according to Federal News Radio and Inside Defense. DOD's current IT policies and priorities are unlikely to change significantly during the transition to the Trump administration, he said.
The secretary of the Army, Eric Fanning, has issued an 88-page directive designed to spur further data center consolidation after the Army fell behind on its goals. As Federal News Radio notes, the directive lays out "highly detailed orders to three-and-four star generals in the Army’s headquarters and functional and geographic commands, telling them precisely what must be done to close 60 percent of the service’s 1,200 data centers by the end of 2018 and 75 percent by 2025."
On Dec. 29, the Department of Homeland Security and FBI released a report, called a Joint Analysis Report (JAR), which, the agencies claimed, provides evidence of how Russian intelligence services used spear phishing cyberattacks against the Democratic National Committee and Hillary Clinton campaign chairman John Podesta to hack into their emails and interfere in the 2016 presidential election. The JAR, the agencies said in a statement, "details of the tools and infrastructure used by Russian intelligence services to compromise and exploit networks and infrastructure associated with the recent U.S. election, as well as a range of U.S. government, political and private sector entities."
While about 33 percent of applications run in the cloud today, federal cloud users predict that 58 percent will run in the cloud by 2020, according to “Destination Cloud: The Federal and SLED Cloud Journey,” a September 2016 report from MeriTalk. The top federal cloud apps include web hosting, collaboration and backup services.
To avoid security challenges, more than half of respondents run their apps in a private cloud. Agencies are especially likely to choose the private cloud model for apps that handle sensitive information or are highly specialized.
A new report from IDC Government Insights underscores agencies’ frequent need for external support in implementing new technologies. Systems integrators play a key role in helping agencies become more agile and responsive in understanding citizen needs.
“Many systems integrators are deploying agile processes and assisting agencies in the design of user-friendly offerings for the data-driven customer, with the goal of driving better mission outcomes,” says Adelaide O’Brien, research director of IDC Government Insights and author of IDC Marketscape: U.S. Systems Integrators Serving the Federal Government 2016 Vendor Assessment. “While some government organizations have adopted agile software development to varying degrees, progress for many has been slow.”
Echoing similar durability and reliability requirements at other defense agencies, the Army can offer an additional lesson that procurement professionals have learned after purchasing thousands of notebooks per year, including the Getac X500.
The Army leverages the buying power of consolidated purchases to get the most from its IT budget.
Its Common Hardware Systems (CHS) program serves as a clearinghouse for Army project offices to procure tactical network commercial hardware.
The U.S. Agency for International Development has been upgrading the software it uses to manage its telework program.
The software upgrade, which was expected to go live in late 2016, allows employees to make revisions after submitting their applications, but before supervisory approval, says Brenda Horne, telework executive at USAID.
For example, if they mistakenly requested Wednesday to be a telework day instead of Thursday, they can make the change. “It’s much more employee-friendly,” she says.
The new software will also make it easier for the agency’s telework coordinators to build reports on employee telework data, she says.
When David A. Bray became CIO at the Federal Communications Commission in 2013, the agency was saddled with cumbersome legacy systems that consumed more than 85 percent of the IT budget.
The cloud offered an effective and cost-efficient solution. A series of projects helped Bray and his team prove that it could be successful.
First, they moved employees to virtual desktops. They then tackled the most frustrating application: The Consumer Help Center was more than 15 years old and required users to download 1 of 18 different forms, fill it out by hand and mail or fax it back.
Transitioning the application to an on-premises cloud or another federal agency site would have cost more than $3 million and taken 14 to 16 months. However, a Software as a Service model would only cost $450,000, including contractor time, and the new solution would be running in less than six months.