FedTech Magazine - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en In a Borderless World for Feds, Human-Centric Security Is the Best Defense https://fedtechmagazine.com/article/2019/05/borderless-world-feds-human-centric-security-best-defense <span>In a Borderless World for Feds, Human-Centric Security Is the Best Defense</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 05/21/2019 - 12:13</span> <div><p>Protecting data has always been a core objective, but doing so has become much more challenging since the advent of the cloud. Today, applications and infrastructure <a href="https://fedtechmagazine.com/article/2019/05/cloud-access-security-brokers-give-agencies-view-cloud">are routinely hosted in the cloud</a>, away from the control of federal CIOs. As such, the protective perimeter that once existed around agency data has given way to <strong>a boundaryless environment in which data is widely distributed, dynamic and difficult to contain and protect</strong>. </p> <p>This massive data sprawl is creating fundamental problems for cybersecurity managers. First, it’s <a href="https://fedtechmagazine.com/article/2018/12/what-casb-and-how-will-cloud-smart-strategy-increase-its-use-perfcon">hard to defend against what you can’t see</a>, and highly dispersed data creates a lack of visibility. </p> <p>Second, traditional security technologies — firewalls and endpoint protection solutions, for example — are not as effective in this environment, considering the fact that they were primarily designed to protect a perimeter that no longer exists and keep people away from data.<strong> Today’s agency employees need access to information, uninhibited by cybersecurity controls</strong>, to ensure the success of their missions. </p> <p>All of this adds up to a rich landscape for potential exploitation. Adversaries don’t see confusion; they see opportunities at intersection points where employees interact with data as it passes between their on-premises and hosted environments. </p> <p><a data-entity-type="" data-entity-uuid="" data-widget="image" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" id="" rel="" target="_blank" title=""><img alt="CDW Cybersecurity Insight Report " data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/statetechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220%20(2).jpg" /></a></p> <h2 id="toc_0">Employees Are the First Line of Cybersecurity Defense</h2> <p>The upshot of all of this is that just as we have evolved from exclusively on-premises infrastructures to cloud-based ones, so must agencies now make the next leap in cybersecurity. Government organizations would do well to <strong>shift their focus away from the security architectures they’ve used for years and move their efforts toward their own people</strong>. In a perimeterless world, employees can be the ultimate bulwarks that stand between hackers and their agencies’ data. </p> <p>People are the beating heart of every organization, but they’re particularly important to federal agencies. People are the instigators of innovation, necessary cogs in the wheels that drive agencies forward, but <strong>they need access to information, nearly at machine speed, to accomplish their goals</strong>. </p> <p>Therein lies the rub. How do you protect data without inhibiting access, especially when that data is in the cloud, beyond your immediate control?</p> <p>One way is by adopting a more targeted and personalized approach to cybersecurity than traditional measures were ever designed to accommodate. Instead of focusing on implementing more perimeter defenses, agencies need to begin focusing on their users’ actions and behaviors, particularly as they pertain to their interactions with sensitive information. </p> <p><a href="https://fedtechmagazine.com/article/2019/05/evolution-identity-and-access-management-solutions-federal-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>See how IAM solutions have evolved for feds. </em></a></p> <h2 id="toc_1">Why an Automated, Risk-Adaptive Approach to Security Works</h2> <p>People tend to behave in very predictable ways. An average federal worker might come into work every day, sit at his or her computer, check email, and access the same files and information. This is all very normal, all very stable.</p> <p>A change in that pattern can indicate that something is wrong. Perhaps the employee’s credentials have been compromised. Whatever the case, it’s incumbent upon the agency’s security team to<strong> respond in a targeted manner that ideally does not impact the work of other employees</strong>. </p> <p>This is possible through what’s known as <strong>a risk-adaptive approach to security</strong>. In this scenario, employees are evaluated and assigned a baseline score for their own “normal” behavioral patterns. </p> <p>They’re then monitored for any deviation from this baseline. A deviation triggers an alert that security administrators can react to quickly as well as a relevant automated enforcement response based on the anonymized digital identity’s elevated risk score. </p> <p>Based on a deviation in behavior patterns, security teams know exactly where the problem lies and can focus automated or manual enforcement efforts on observing or blocking specific activities based on the level of risk the activity represents. </p> <p>This is <strong>far different from the “zero trust” proposition that traditional security solutions typically offer</strong>. Traditional solutions aren’t exactly subtle. They tend to slam the door for the entire organization, and when someone is compromised or makes a mistake, everyone pays. Operations are curtailed, security policies are changed and employees get frustrated — causing them to find workarounds that not only lead to friction between IT and an agency’s users but can also compromise data security.</p> <p>An automated risk-adaptive approach is the better option. <strong>Automation increases the speed of determinization and requires less human interaction. </strong>Monitoring each user’s behavioral patterns — and <strong>streamlining managers’ response to only those incidents that exhibit anomalies in baseline patterns</strong> — can keep systems secure without penalizing everyone. In many ways it is delivering a one-to-one security model versus the one-to-many approach commonly used today.</p> <p>That’s important, because everyone is different. There may be instances where employees regularly require access to sites or technologies that are not typically authorized, for example. Security needs to be more personalized, both to be more effective and to allow people to work in today’s environment.</p> <p><a href="https://fedtechmagazine.com/article/2019/04/post-shutdown-cisa-carves-out-space-cybersecurity" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> See how CISA is establishing itself in the federal cybersecurity realm. </em></a></p> <h2 id="toc_2">Feds Are at a Cybersecurity Crossroads</h2> <p>That environment has led us to a crossroads in our cybersecurity journey. Traditional security measures still have their place in today’s world, but at the same time we can no longer simply put up a firewall to defend our agencies’ infrastructures. We must find new ways to protect data, wherever it exists. </p> <p>People are the most sensible solution. After all, the data is literally in their hands. <strong>By focusing their security efforts on monitoring user behaviors, agencies can effectively enlist users in the fight to protect that data.</strong> In doing so, they can turn the users that hackers may see as a vulnerability <a href="https://fedtechmagazine.com/article/2019/04/gitec-2019-dhs-partners-agencies-find-and-protect-high-value-assets">into their organization’s greatest cybersecurity assets</a>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11706"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/profile-sean-berg-2018.png.jpg?itok=v0VSR6h1" width="58" height="58" alt="Sean Berg is the senior vice president and general manager of global governments and critical infrastructure at Forcepoint." typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11706"> <div>Sean Berg</div> </a> </div> <div class="author-bio"> <p> <div><p>Sean Berg is the senior vice president and general manager of global governments and critical infrastructure at Forcepoint.</p> </div> </p> </div> </div> </div> </div> Tue, 21 May 2019 16:13:34 +0000 phil.goldstein_6191 42601 at https://fedtechmagazine.com Metadata Helps Agencies Get More Value Out of Vast Information Stores https://fedtechmagazine.com/article/2019/05/metadata-helps-agencies-get-more-value-out-vast-information-stores <span>Metadata Helps Agencies Get More Value Out of Vast Information Stores</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 05/20/2019 - 09:20</span> <div><p>When the <a href="https://www.cancer.gov/" target="_blank">National Cancer Institute</a> stores its genome data, naming a file after the type of cancer it contains isn’t enough. The study of cancer is so precise these days that scientists need other identifying characteristics to better target a possible cure, says Jeff Shilling, the agency’s acting CIO.</p> <p><strong>“It’s got to go past, ‘Where did you get it from?’ and ‘What is it?’” </strong>he says. </p> <p>NCI adheres to the notion that <strong>data is only as valuable as its metadata</strong>. <a href="https://whatis.techtarget.com/definition/metadata" target="_blank">As TechTarget notes</a>, metadata “summarizes basic information about data, which can make finding and working with particular instances of data easier.” The more granular the metadata, <strong>the more information agencies can store about it, and the easier it is to catalogue and analyze it</strong>. </p> <p>In the past, a file was associated with its name, the date it was created and when it was last edited. None of that information is useful for identifying the relative value of that data.</p> <p>This is why analysts say modern metadata management will become critical as agencies look to glean more information and benefit from their data. Artificial intelligence and machine learning are at the core of this trend. </p> <p>Using metadata, <strong>agencies can set archive and storage policies more easily and create more consistency</strong>, so data that was once unusable can be accessed, analyzed and shared.</p> <p>“Metadata that’s captured can then be used to identify files and to establish policy around them,” explains Steven Hill, senior analyst for applied infrastructure and storage technologies at 451 Research, an IT research and advisory firm. “And the cool thing is that it’s virtually unlimited in terms of scalability.”</p> <p>The more information an agency has about its data, <a href="https://fedtechmagazine.com/article/2019/05/hci-helps-feds-find-new-ways-store-and-analyze-data" target="_blank">Hill tells <em>FedTech</em></a>, the more flexibility it has in handling and automating it.</p> <p>“This is really about the re-emergence of object storage as the ideal framework for policy-based management because of its metadata capabilities, <strong>as well as its massive scalability</strong>,” he says. </p> <p><a href="https://fedtechmagazine.com/article/2019/03/what-fog-computing-tech-can-spur-government-it-modernization-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out how fog computing can help your agency.</em></a></p> <h2 id="toc_0">The Role Metadata Plays in Data Lakes</h2> <p>Metadata is a key element that makes data lakes so valuable. <strong>Data lakes are repositories with flat architectures that can hold data from a wide variety of data formats</strong>, including unstructured data, allowing users to transform and visualize the data into new structures when needed.</p> <p><a href="https://www.linkedin.com/in/cchehreh" target="_blank">Cameron Chehreh</a>, COO and CTO of <a href="https://www.cdwg.com/content/cdwg/en/brand/emc.html#flash?cm_mmc=Vanity-_-EMC-_-NA-_-NA" target="_blank">Dell EMC Federal</a>, <a href="https://fedtechmagazine.com/article/2019/01/data-lakes-what-they-are-and-how-they-can-benefit-feds-perfcon" target="_blank">has told <em>FedTech</em></a> that data lakes enable agencies to take the data that drives information and insights for them and put the data into “a consolidated and scalable agile repository.”</p> <p>Chehreh notes that another key benefit to data lakes is that they can ingest any type of data. They then create a mechanism for agencies to add metadata around the data so that it can be tagged and easily searched by any user that has secure and proper access to the data lake. <strong>“This allows people the opportunity to drive those deeper insights,”</strong> he says.</p> <p>Agencies also need to strongly consider security when putting data into data lakes, Chehreh says. However, agencies can control access to the data in the data lake through the same security functions and authentication methods they used before, he says. “You control the access to the data through the same security functions you would use today, and then <strong>also have it correlate to the metatags and the metadata that is created around your core data sources</strong>, so that you can still protect the sovereignty of the core information you would protect in today’s world,” he says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/karen-j-bannan"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/bannan.jpg?itok=AUnlK_-q" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/karen-j-bannan"> <div>Karen J. Bannan</div> </a> </div> <div class="author-bio"> <p> <div><p>Karen J. Bannan is a freelance writer and editor who has written for a variety of publications including <em>The New York Times, The Wall Street Journal, Time</em> and <em>CIO.</em></p> </div> </p> </div> </div> </div> </div> Mon, 20 May 2019 13:20:28 +0000 phil.goldstein_6191 42596 at https://fedtechmagazine.com GSA Selects OPM as Third Centers of Excellence Agency https://fedtechmagazine.com/article/2019/05/gsa-selects-opm-third-centers-excellence-agency <span>GSA Selects OPM as Third Centers of Excellence Agency</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 05/17/2019 - 13:45</span> <div><p>The Centers of Excellence train keeps on chugging.</p> <p>On Friday, the General Services Administration <a href="https://www.gsa.gov/about-us/newsroom/news-releases/gsa-opm-partner-in-centers-of-excellence-initiative" target="_blank">announced</a> that it had selected the Office of Personnel Management as the third agency to go through <strong>the CoE IT Modernization program</strong> it has been running, <a href="https://fedtechmagazine.com/article/2018/09/gsa-names-hud-second-centers-excellence-agency">following the Department of Housing and Urban Development</a> and <a href="https://fedtechmagazine.com/article/2019/04/gitec-2019-usda-moves-quickly-meet-center-excellence-goals">the Agriculture Department</a>.</p> <p>In a statement, GSA said it will work with OPM to<strong> “help stabilize OPM’s legacy IT systems and enable the agency to modernize its IT capabilities and methods.” </strong>The CoE work that OPM will embark on will also help kickstart “structural change needed to support OPM’s critical human capital strategy mission with 21st century IT infrastructure,” according to the GSA. </p> <p>The five CoEs are run by the GSA and based around<strong> cloud adoption, IT infrastructure optimization, customer experience, service delivery analytics and contact centers</strong>. The goal of the centers is to accelerate modernization by leveraging private-sector expertise and talent, and to provide agencies with consulting and IT engineering services to radically improve the way they design services and interact with their citizens.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <p>The CoE and GSA IT teams will focus on four key areas identified by OPM: IT workforce planning; IT planning and governance; mainframe and disaster recovery planning; and OPM’s retirement services technology portfolio.</p> <p>“The time to address structural changes at OPM is now and GSA is helping us meet the needs of the federal workforce,” OPM Acting Director Margaret Weichert says in a statement. “Aging IT infrastructure at OPM has put the agency in an unsustainable position and hurt OPM’s critical human capital mission. By partnering with GSA — a proven leader in federal IT and technology contracting — through the CoEs, <strong>we are taking steps toward long-overdue transformation in OPM’s IT infrastructure and operations</strong>.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 17 May 2019 17:45:03 +0000 phil.goldstein_6191 42591 at https://fedtechmagazine.com Cyberattackers Can Cause Damage in the Blink of an Eye https://fedtechmagazine.com/article/2019/05/cyberattackers-can-cause-damage-blink-eye <span>Cyberattackers Can Cause Damage in the Blink of an Eye</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 05/16/2019 - 10:17</span> <div><p>Cyber experts may have been pleased that the average dwell time for intruders in 2017 was a mere <strong>101 days</strong>, but now there’s a new statistic to worry about: <strong>19 minutes</strong>.</p> <p>That’s the incredibly short amount of time it takes for Russian adversaries to <strong>move inside a network and cause damage</strong>, according to a report by <a href="https://www.cdwg.com/content/cdwg/en/brand/crowdstrike.html" target="_blank">CrowdStrike</a>. </p> <p>North Korean hackers are the second-­fastest, with a breakout time of 2 hours and 20 minutes; the Chinese come in third at 4 hours. Overall, the average breakout time is about 4 hours and 37 minutes, CrowdStrike writes in its <a href="https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/" target="_blank">2019 Global Threat Report</a>.</p> <p>“As defenders get better at hunting for and identifying intrusions, it has become more important for threat actors to raise their game and accomplish their mission as rapidly as possible,” the report states.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://statetechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <p>The average breakout time has risen since 2017, when it was 1 hour and 58 minutes. The report attributes this to an increase in<strong> the number of slow-moving adversaries, plus improved security</strong>.</p> <p>But, notes the report, “it is not the sophistication of the tools — which can be bought or stolen from others — that determines the capability of the adversary, but rather their<strong> operational tradecraft and how rapidly they can achieve their objectives</strong>.”</p> <p>The fastest adversaries are not always the most dangerous, states the report: “It doesn’t account for volume of activity — just their speed of lateral movement within the network. Slow adversaries can still cause tremendous damage if they have the motivation to do so.”</p> <p><rc-c2d-menu class="_6772342E312E3130_src-lib-ExtensionContentRunner-_styles_c2dMenu_2ChJF"></rc-c2d-menu></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11291"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/2016-04-08%2016.05.48.jpg?itok=eGeZcR1m" width="58" height="58" alt="Elizabeth Neus " typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11291"> <div>Elizabeth Neus </div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=e_neus&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Elizabeth Neus is the managing editor of<em> FedTech</em>. Before joining <em>FedTech</em>, Elizabeth was a reporter for Gannett, covering health care policy and medicine. As a Gannett editor, she worked on publications and magazines focusing on everything from defense to agriculture to travel to shopping. The Washington Nationals are her team; 80s Brit pop is her sound.</p> </div> </p> </div> </div> </div> </div> Thu, 16 May 2019 14:17:26 +0000 phil.goldstein_6191 42586 at https://fedtechmagazine.com Where Do Agencies’ EIS Network Transition Plans Stand? https://fedtechmagazine.com/article/2019/05/where-do-agencies-eis-network-transition-plans-stand <span>Where Do Agencies’ EIS Network Transition Plans Stand? </span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 05/16/2019 - 08:52</span> <div><p>The General Services Administration’s $50 billion <a href="https://www.gsa.gov/technology/technology-purchasing-programs/telecommunications-and-network-services/enterprise-infrastructure-solutions" target="_blank">Enterprise Infrastructure Solutions contract</a> is the network contract that will carry federal agencies into the next decade and beyond. However, they need to transition to it first. </p> <p>EIS, which is <a href="https://fedtechmagazine.com/article/2018/12/how-eis-will-enable-agencies-update-mobile-devices">designed to let agencies modernize their networks</a>, especially via technologies such as <strong>software-defined networking and 5G wireless networks</strong>, replaces the existing Networx contract. Agencies had been required to transition away from the Networx contracting vehicle to EIS by the spring of 2020. However, in December, the GSA <a href="https://www.fedscoop.com/gsa-extends-agencies-deadline-implementing-eis-2023/" target="_blank">extended the deadline to 2023</a> to give agencies more time to switch.</p> <p>Agencies are making progress, according to a GSA spokesperson, and are “working hard, with support from GSA, to finalize their solicitations and get them released to industry as soon as possible.” </p> <p>As of April 16, <strong>47 solicitations</strong> had been submitted to the GSA for scope review, and <strong>20 of those had been released to industry</strong>, the spokesperson says. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <h2 id="toc_0">GSA Pushes Agencies to Meet EIS Deadlines</h2> <p>The rate of submission to the GSA and release to industry continues to increase <strong>as agencies strive toward Sept. 30, 2019 awards</strong>, the spokesperson adds. That date is the deadline for agencies to award EIS task orders. On March 31, 2020, the GSA will limit the use of the extended contracts for agencies that have not made task order awards. </p> <p>“Not making this deadline is a yellow light,” Laura Stanton, the GSA’s deputy assistant commissioner for category management in IT category at GSA, said in remarks at an ACT-IAC conference on May 8, <a href="https://fcw.com/articles/2019/05/08/eis-deadline-yellow-rockwell.aspx" target="_blank">according to <em>FCW</em></a>. </p> <p><strong>If an agency misses the Sept. 30 deadline to award an EIS task order, the GSA will increase its efforts with that agency to move to EIS</strong>, according to Stanton, and will work directly with that agency to see how it can aid in the transition.</p> <p>According to <em>FCW</em>, while the September deadline is important, Stanton said that the March 2020 deadline is critical, and if agencies miss that target date, the light <strong>“will go from yellow to red.”</strong> By that point, “agencies may not have the time to make the transition” within the three-year window. </p> <p>According to the GSA, by March 31, 2022, <strong>90 percent</strong> of agencies’ telecom inventory must be off current contracts and moved to EIS. And on May 31, 2023, current Networx, WITS and LSA telecom contracts expire.</p> <p>The GSA is supporting agencies in their transition to EIS in several ways, the GSA spokesperson says. The GSA offers agencies access to its <a href="https://www.gsa.gov/blog/2018/12/06/Extending-Current-Telecommunications-Contracts-To-Allow-For-Successful-EIS-Transition" target="_blank">Transition Ordering Assistance program</a>, “which includes transition planning, solicitation drafting, and expert guidance.” </p> <p>The GSA has also designated agency managers to support each agency with its transition. And the agency hosts the Infrastructure Advisory Group, a customer executive advisory board that meets quarterly. </p> <p>“We published the Fair Opportunity &amp; Ordering Guide, which provides step-by-step guidance for developing agency solicitations,” the spokesperson says. “We also provide transition inventory analysis to collect, validate and maintain transition inventory from the 94 expiring contracts, in addition to Delegation of Procurement Authority training.”</p> <p><a href="https://fedtechmagazine.com/article/2018/09/why-disa-has-embraced-sdn-pentagon-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out why DISA has embraced SDN for the Pentagon.</em></a></p> <h2 id="toc_1">How Agencies Plan to Upgrade Telecom technology</h2> <p>Agencies face two clear choices when using EIS to upgrade. <strong>One is a “like for like” transition</strong>, in which agencies would move to services under EIS that are similar to those they use now. <strong>The other route is “modernization,”</strong> in which agencies would jump forward technologically to solutions such as SDN and 5G wireless networks. </p> <p>EIS is designed as a best-in-class total solution, the GSA spokesperson says, “so agencies can access and implement technologies that best meet their mission-critical needs.”</p> <p>Almost every agency’s EIS transition plan proposes modernization efforts that will transform its IT infrastructure, the spokesperson says,<strong> including migration to carrier Ethernet and SDN</strong>. Additionally, the spokesperson adds “many agencies will be purchasing managed services as part of their efforts to modernize.”</p> <p>For example, the State Department wants to replace its legacy time-division multiplexing infrastructure throughout the continental U.S. and potentially overseas as well, Kurt Meves, division chief at the agency, said at the ACT-IAC event, according to <em>FCW</em>. </p> <p>Meves said<strong> “the challenge is getting people off the legacy mentality” that wireline TDM technology is more secure than IP-based services and technology</strong>, <em>FCW</em> reports. </p> <p>The Department of Homeland Security has a more ambitious transition plan, and its contract will cover its headquarters and components. Shawn Hughes, director of the agency's enterprise network modernization program and EIS, said at the conference that DHS components will issue task orders for EIS services from that contract. </p> <p>DHS plans to invest in 5G wireless capabilities to augment its “very brittle” <a href="https://fcw.com/articles/2018/10/30/dhs-onenet-follow-psc.aspx" target="_blank">OneNet backbone</a>, Hughes said. The agency also intends to move to agile software development and cloud services, he added, according to <em>FCW</em>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 16 May 2019 12:52:00 +0000 phil.goldstein_6191 42581 at https://fedtechmagazine.com Summer 2019 https://fedtechmagazine.com/magazine/issue/2019/5/summer-2019 <span>Summer 2019</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 05/15/2019 - 15:09</span> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="https://fedtechmagazine.com/magazine/issue/2019/5/summer-2019" data-title="Summer 2019" data-via="FedTechMagazine" data-button-background="none"> <span> <span>May</span> <span>15</span> <span>2019</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="https://fedtechmagazine.com/magazine/issue/2019/5/summer-2019" data-title="Summer 2019" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href="https://twitter.com/search?f=realtime&amp;q=https%3A%2F%2Ffedtechmagazine.com%2Frss.xml%3Fitok%3DD1HqJBJW%26destination%3D%2F%253Fitok%253DD1HqJBJW%26_exception_statuscode%3D404" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="https://fedtechmagazine.com/magazine/issue/2019/5/summer-2019" data-title="Summer 2019" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> Wed, 15 May 2019 19:09:52 +0000 phil.goldstein_6191 42576 at https://fedtechmagazine.com OPM Wants Agencies to Plan for the Federal Workforce of the Future https://fedtechmagazine.com/article/2019/05/opm-wants-agencies-plan-federal-workforce-future <span>OPM Wants Agencies to Plan for the Federal Workforce of the Future</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 05/15/2019 - 11:46</span> <div><p>As the federal government continues to address challenges in finding skilled workers for open jobs, especially in the IT and cybersecurity realms, the Office of Personnel Management recently directed federal agencies to detail the gains and obstacles they have faced in implementing workforce goals laid out in <a href="https://www.whitehouse.gov/wp-content/uploads/2018/04/ThePresidentsManagementAgenda.pdf" target="_blank">the President’s Management Agenda</a>.</p> <p><a href="https://www.chcoc.gov/content/human-capital-reviews" target="_blank">In a Feb. 13 memo</a>, Acting OPM Director Margaret Weichert requires the <strong>gathering and sharing of information across agencies about what works best in achieving a 21st-century workforce</strong>, and where federal hiring and reskilling continues to lag.</p> <p>“We’re trying to get a sense of what people are doing and what’s working well <strong>so we can share information about leading practices</strong>,” Weichert tells FedTech. “We’re also looking to find experiences that may challenge their ability to actually move forward and use that for continuous improvement.” </p> <p><a href="https://fedtechmagazine.com/article/2019/05/how-has-government-shutdown-impacted-federal-it" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Discover how the government shutdown continues to ripple through federal IT. </em></a></p> <h2 id="toc_0">How to Create a 21st-Century Workforce</h2> <p>The President’s Management Agenda lays out a long-term vision for modernizing the federal government in areas that will “improve the ability of agencies to deliver mission outcomes, provide excellent service, and effectively steward taxpayer dollars on behalf of the American people,” according to its mission statement. </p> <p>For many federal agencies, a hurdle to achieving those goals is having the right skilled workforce in place. Much like in the private sector, finding talented people for government IT and cyber jobs has been the toughest gap to fill. <strong>Nearly 314,000 cybersecurity positions are open in the U.S., and about 17,000 are in the public sector</strong>, according to <a href="https://www.cyberseek.org/" target="_blank">CyberSeek</a>, a <a href="https://www.nist.gov/itl/applied-cybersecurity/nice" target="_blank">National Initiative for Cybersecurity Education</a> online tool that collects jobs data. Weichert says that the federal government also has the unique challenge of finding skilled candidates for attorney and law enforcement jobs.</p> <p>Weichert says that one of the first things she saw when she took on her role was that IT modernization in government “overall wasn’t simply a challenge of old technology, but a challenge of the fact that <strong>we weren’t well set up from a human capital standpoint to actually do the changes that were needed</strong>.” </p> <p>She also noticed that modernization efforts had failed because no one had thought about <strong>how to upskill the workforce already in place</strong>, and that “we outsourced so much of our technology capability that we don’t have the resources in government to do many of the tasks that we need to do around modernization, including things like procurement,” she says. </p> <p>Steps toward filling in those gaps include addressing the need to bring in new talent and finding who in the current federal talent pool would be suitable for these jobs. </p> <p><a href="https://fedtechmagazine.com/article/2019/01/digital-twin-technology-what-digital-twin-and-how-can-agencies-use-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out what digital twin technology is and how agencies can use it. </em></a></p> <h2 id="toc_1">Finding New Talent Inside and Outside the Government</h2> <p>Of the Feb. 13 memo, <a href="https://www2.deloitte.com/us/en/profiles/semorris.html" target="_blank">Sean Morris</a>, government and public services human capital leader at Deloitte, says, “to me, this is a positive step in the right direction, to put policies and procedures and best practices in place so the government can continue to evolve.” </p> <p>Right now, he says, many government organizations have “mid-20th-century structures that worked really well in the Cold War” but not today, especially given how the economy has radically changed since then. </p> <p>“We need the ability to<strong> break down some of those structures</strong>, and more important, have the ability for those very talented individuals that are going to stay with the government<strong> to have mobility across those traditional hard structures</strong>. That’s a leverage point for the government to utilize — that becomes a huge asset for them,” he says.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1.jpg" /></a></p> <p>Since the release of the memo, he has seen government clients reach out and ask “how do we think this through? We are being asked increasingly to give our perspective on this and what the government could do to start to move the needle a little bit.” </p> <p>This move to bring more talent into the federal government has been paired with efforts to identify workers already there who are candidates for what Weichert calls “upskilling,” which is “giving them the skills so they will be able to fill some of the roles that are exceedingly hard to recruit for in government,” she says.</p> <p>In April, the agency <a href="https://www.cio.gov/reskilling/" target="_blank">inaugurated its first Federal Cyber Reskilling Academy class</a>. <strong>More than 1,500 federal workers with nontechnical backgrounds applied </strong>to be part of the academy, far more than OPM expected. “This was our first go-round with no major advertising push,” Weichert says. About 200 candidates passed the program’s initial aptitude test, which led the agency to <strong>expand the first class size from 25 to 30</strong>.</p> <p><a href="https://fedtechmagazine.com/article/2019/01/how-federal-it-leaders-can-adapt-accelerating-tech-change" target="_blank"><em><strong>MORE FROM FEDTECH:</strong> Find out how federal IT leaders can adapt to accelerating technological change. </em></a></p> <h2 id="toc_2">How to Speed Up Hiring in Federal IT</h2> <p>Helping with these efforts is <a href="https://www.federaltimes.com/management/hr/2019/04/03/agency-heads-to-get-special-hiring-authority-for-tech-workers/" target="_blank">an April 3 rule change</a> that allows federal agencies to declare special hiring authority if they can show critical need or severe staff shortages in IT positions.</p> <p>“The federal government has a notoriously difficult time navigating the labyrinth of the hiring process to fill important vacancies,” says <a href="https://www.grantthornton.com/people/bios/s/sf-si/shea-robert.aspx" target="_blank">Robert Shea</a>, principal and public sector strategy lead at Grant Thornton. “This allows them to circumvent those processes and hire someone without having to compete for the position. So, if you have those skills the agencies can hire those individuals.” </p> <p><strong>The key is for agencies to demonstrate they have a critical need.</strong> “Once they do that, they should be able to dramatically reduce the time to hire,” he says. </p> <p>Weichert says this rule change is not only crucial in order to bring new people into federal government but also to stop losing employees it already has to the private sector. </p> <p>“You might have someone who really wants to support the mission of the Veteran’s Administration, but if they’ve got five other job offers and we take six to nine months to fill a slot, people can’t wait around,” she says. That’s critical when it comes to law enforcement jobs, where local police departments can hire candidates faster. </p> <p>Morris says he is encouraged by these recent steps, and that they <strong>should make a big dent in skilled job openings in the federal government</strong>. “It’s an exciting time in the government. What Weichert and her team are putting out there is really good, and I think ultimately will get us where we need to go,” he says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/jen-miller"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/u--2vU_g_400x400.jpg?itok=X9PVb1Ma" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/jen-miller"> <div>Jen A. Miller</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=byJenAMiller&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Jen A. Miller writes about technology for CIO.com. She's also a contributor to the <em>New York Times</em>, <em>Washington Post</em> and the <em>Guardian</em>. Her most recent book, <em>Running: A Love Story</em> was published in March.</p> </div> </p> </div> </div> </div> </div> Wed, 15 May 2019 15:46:46 +0000 phil.goldstein_6191 42571 at https://fedtechmagazine.com Creative Workers Power the Government Engine https://fedtechmagazine.com/article/2019/05/creative-workers-power-government-engine <span>Creative Workers Power the Government Engine</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 05/14/2019 - 09:19</span> <div><p>No matter what issues grab public attention when it comes to the federal government, there is one consistent topic you should hear more about: the unending dedication of the people who have made government their career.</p> <p>This is an era of great change for the government. Agencies are <strong>modernizing their legacy technology, increasingly emphasizing customer service, keeping up with the ever-faster pace of private-sector IT developments</strong> — and they’re doing this even with limited budgets.</p> <p>The government itself is working on creative solutions to the agencies’ fiscal needs. It has turned to new vehicles <a href="https://fedtechmagazine.com/article/2019/04/how-are-agencies-modernizing-tech-their-tmf-funds">such as the Technology Management Fund</a>, which essentially provides loans to agencies trying to boost cybersecurity and improve their technology; <a href="https://fedtechmagazine.com/article/2019/04/gitec-2019-usda-moves-quickly-meet-center-excellence-goals">or the Centers of Excellence program</a>, designed to<strong> help agencies better coordinate modernization plans and develop new best practices</strong>.</p> <p><a href="https://fedtechmagazine.com/article/2019/01/digital-twin-technology-what-digital-twin-and-how-can-agencies-use-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out what digital twin technology is and how agencies can use it. </em></a></p> <h2 id="toc_0">IT Leaders Should Remember That Ideas Come From Everywhere</h2> <p>Creativity, however, doesn’t only flow from the top. Take, for example, the agencies working to comply with the Continuous Diagnostics and Mitigation program, a Department of Homeland Security initiative to strengthen cybersecurity. In “<a href="https://fedtechmagazine.com/article/2019/05/sba-interior-energy-find-different-effective-ways-deploy-cdm">SBA, Interior, Energy Find Different but Effective Ways to Deploy CDM</a>,” officials at the Small Business Administration describe how they meshed their cloud migration plans with DHS’ standard on-premises requirements — <strong>a success that resulted in DHS pilots to test cloud-based cybersecurity tools</strong>.</p> <p>“<a href="https://fedtechmagazine.com/article/2019/05/va-sba-and-noaa-modernize-their-apps-improve-user-experience">VA, SBA and NOAA Modernize Their Apps to Improve User Experience</a>” discusses the Department of Veterans Affairs and its efforts to<strong> make agency application programming interfaces available to third parties</strong> while making sure that activity inside the network was still visible and protected.</p> <p>And the Army employs an agile structure, placing blue-jeaned civilians and uniformed personnel in an open-office environment to design an upgrade for its unwieldy payroll system (“<a href="https://fedtechmagazine.com/article/2019/05/qa-col-darby-mcnulty-commercial-tools-behind-armys-payroll-modernization">Q&amp;A: Col. Darby McNulty on the Commercial Tools Behind the Army’s Payroll Modernization</a>”) </p> <p>Yet creativity and dedication aren’t the only qualities that government employees display on a daily basis; they’re also resilient. In our special roundtable, “<a href="https://fedtechmagazine.com/article/2019/05/how-has-government-shutdown-impacted-federal-it">How Has the Government Shutdown Impacted Federal IT?</a>,” <strong>former federal CIOs talk about how agencies recover long-term from a historically long closure</strong>.</p> <p>Technology is the key to modernizing government, but the employees, it seems, are the real — and the really creative — drivers.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/ryan-petersen"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/ryan-petersen-2013-headshot.jpg?itok=iV6msfy0" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/ryan-petersen"> <div>Ryan Petersen</div> </a> <a target="_blank" class="google-plus" href="https://plus.google.com/110888965639568833839/posts?rel=author"><span>Google+</span></a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=RyanPete&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Ryan has been a magazine and newspaper editor for 18 years, with the last 12 covering a variety of bases for CDW’s family of tech magazines. As Editor in Chief, he works on developing editorial strategy and is always on the lookout for new writing talent and sharing great stories with the IT world. In his spare time, Ryan enjoys spending time with his family, biking and obsessively following Iowa Hawkeye sports and Cubs baseball.</p> </div> </p> </div> </div> </div> </div> Tue, 14 May 2019 13:19:05 +0000 phil.goldstein_6191 42561 at https://fedtechmagazine.com Review: The HP EliteBook x360 1030 G3 Gives Feds Extra Security and Solid Audio https://fedtechmagazine.com/article/2019/05/review-hp-elitebook-x360-1030-g3-gives-feds-extra-security-and-solid-audio <span>Review: The HP EliteBook x360 1030 G3 Gives Feds Extra Security and Solid Audio</span> <span><span lang="" about="/dashboard/philgoldstein6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 05/14/2019 - 09:00</span> <div><p><a href="https://www.cdwg.com/content/cdwg/en/brand/hp-inc-psg.html" target="_blank">HP</a>’s latest EliteBook, the <a href="https://www.cdwg.com/product/hp-elitebook-x360-1030-g3-13.3-core-i7-8550u-16gb-ram-512gb/5401261?pfm=srh" target="_blank">x360 1030 G3 laptop</a>, comes in a sleek and lightweight ­aluminum case that contains all of the ­features that are today’s must-haves.</p> <p>Those include <strong>a solid-state hard drive, bundled software, touch screen, a host of security features</strong> and the ability to work either as a tablet or a regular notebook.</p> <p>The review unit I tested came with an Intel Core i7 processor and UHD Graphics 620 chipset, with 1 terabyte of SSD storage and 16 gigabytes of RAM. This particular EliteBook ran <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft/windows-10.html" target="_blank">Windows 10</a> 64-bit Professional as its operating system.</p> <p><a href="https://fedtechmagazine.com/article/2019/05/5-questions-ask-about-device-service" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>These are the five questions feds should ask about Devcie as a Service. </em></a></p> <h2 id="toc_0">HP Offers Users Multiple Display Options</h2> <p>HP has managed to cram a 13.3-inch diagonal display in a compact case that’s easy for travel. The display comes in four options, touch-enabled with Gorilla Glass 4 for extra durability. </p> <p>My unit had an enabled optional internal privacy filter called Sure View, <strong>which limits viewing angles and operates at 700 cd/m2</strong>.</p> <p>There are other displays that operate at either 500 cd/m2 or 400 cd/m2 — the former can deliver 3480x2160 resolution, while the other screens pump out 1920x1080.</p> <p>The EliteBook x360 also has two USB-C/Thunderbolt ports and one USB-A port, an HDMI port and an audio jack. It comes with support for broadband wireless networks from AT&amp;T and Verizon; each unit has a Nano-SIM slot for this purpose.</p> <p>Federal agencies will especially like the audio features. The laptop comes with <strong>Bang &amp; Olufsen speakers on top and bottom that are better than the built-in components of most laptops</strong>. The unit feels solid and should resist most bumps.</p> <p>The x360 laptop weighs just a hair under 3 pounds; <strong>its battery lasted, on average, more than 8 hours, and can recharge within an hour</strong>.</p> <p><img alt="Product info on HP Elitebook" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/FT_Q219_ProductReview_Strom_Product.jpg" /></p> <h2 id="toc_1">Agencies Get Numerous Security Features to Boot </h2> <p>HP’s EliteBook x360 1030 G3 comes with a variety of additional features that are sure to please federal agencies mindful of security. It <strong>supports the Windows Hello password-free login, using its built-in fingerprint sensor — a boon to federal multifactor authentication requirements</strong> — and software called HP Sure Run. </p> <p>Sure Run also provides app protection by<strong> continuously monitoring critical services and preventing malware from making unauthorized changes to executable files</strong>. For agencies that have HP Endpoint Security Controller software, Sure Run can provide additional reporting and management. It is disabled by default, so IT managers will need to set it up with the HP Client Security Manager tool. </p> <p>The x360 also comes with the Trusted Platform Module 2.0 chipset, which checks for OS tampering upon boot with HP’s Sure Start software. Agency admins can access the laptop and make changes to security policies and prevent users from loading their own software.</p> <h3 id="toc_0">HP  EliteBook x360 1030 G3</h3> <p><strong>Processor</strong>: Intel Core i7-865OU, 2.11GHz<br /><strong>Weight</strong>: 2.76 pounds<br /><b>Dimensions</b>: 12x8x0.62 inches<br /><strong>Hard Drive</strong>: 1TB SSD<br /><strong>Memory</strong>: 16GB RAM<br /><strong>Ports</strong>: 2 USB-C /Thunderbolt, USB-A, audio headphone jack, NanoSIM, HDMI</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11691"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/DavidStrom.jpeg.jpg?itok=4KNQvavq" width="58" height="58" alt="David Strom" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11691"> <div>David Strom</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=dstrom&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>David Strom writes about IT, tweets ­@dstrom and writes at blog.strom.com.</p> </div> </p> </div> </div> </div> </div> Tue, 14 May 2019 13:00:00 +0000 phil.goldstein_6191 42556 at https://fedtechmagazine.com Mitigate Supply Chain Risk with Smart Shopping https://fedtechmagazine.com/article/2019/05/mitigate-supply-chain-risk-smart-shopping <span>Mitigate Supply Chain Risk with Smart Shopping</span> <span><span lang="" about="/user/62836" typeof="schema:Person" property="schema:name" datatype="">Elizabeth_Neus_pdwC</span></span> <span>Tue, 05/14/2019 - 08:49</span> <div><p>Even in a secure environment, supply chain security can contain gaps. The seller may have its supply chain locked down, but the manufacturer — confident in its own practices — may be dealing with parts suppliers who work with unsecured companies. </p> <p>The smaller the company, the larger the gaps and lack of information may be. The National Defense Industrial Association <a href="http://www.ndia.org/-/media/sites/ndia/divisions/manufacturing/documents/cybersecurity-in-dod-supply-chains.ashx?la=en" target="_blank" title="National Defense Industrial Association survey">recently surveyed</a> small and medium-sized defense contractors, and found that <strong>fewer than 60 percent of them read the document outlining the minimum security standards</strong> for defense contractors.</p> <p>“Most of [the supply chain problem] is outside the individual’s ability to do anything about, and beyond the ability of small businesses to grapple with. … We do need more national focus on the problem,” Tony Sager, senior vice president and chief evangelist of the Center for Internet Security, told <a href="https://krebsonsecurity.com/2018/10/supply-chain-security-101-an-experts-view/" target="_blank" title="Krebs on Security">Krebs on Security</a>. </p> <p>The risks federal agencies face in the supply chain include <strong>gray-market and counterfeit products, tampering and vendors that don’t properly assess their own risk</strong>. </p> <p><em><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" id="" rel="" target="_blank" title="CDW Cybersecurity Insights Report"><img alt="CDW Cybersecurity Insights Report" src="/sites/fedtechmagazine.com/files/CTA_Slides/Cybersecurity_IR_stayprotected_700x220_0.jpg" /></a></em></p> <h2 id="toc_0">Federal Task Forces Study Supply Chain Risk</h2> <p>At least <a href="https://fcw.com/articles/2019/04/24/dhs-omb-supply-chain-cooperation.aspx" target="_blank" title="Federal supply chain task forces">two federal task forces</a> are working on supply chain security guidelines encompassing everything from how to spot problems to when to ban a company as a supplier. But agencies are concerned about the issue now, and they’re looking for steps to take to protect themselves in the interim.</p> <p>The General Services Administration <strong>took some early steps in the process</strong>. As part of the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, GSA requires potential government vendors to include supply chain risk management plans in order to become part of the <a href="https://www.gsa.gov/technology/technology-products-services/it-security/continuous-diagnostics-mitigation-cdm/continuous-diagnostics-mitigation-cdm-tools-special-item-number-sin-information-for-ordering-organizations" target="_blank" title="CDM Approved Products List">CDM Approved Products List</a>. </p> <p>The APL catalog can serve as a guide for agencies that want to buy products meeting federal security standards. Agencies may also want to consider <strong>including supply chain security requirements in service-level agreements</strong> with their vendors, if they’re not buying through a GSA vehicle that already includes one.</p> <p>In some cases, the solution may be to employ a third party to supplement the monitoring GSA is already trying to do. Large resellers often work with their own suppliers to make sure the supply chain is intact; they’ve got the staff to take care of that, while an agency may not.</p> <h2 id="toc_1">Double-Check Outside Security Policies</h2> <p>Agencies should regularly check in with those third parties, however, making sure supply chain security policies are regularly audited and updated. <strong>Ask specifically what they’re doing</strong> and how they’re carrying out changes. Learn how they create a chain of custody when it comes to handling the merchandise. A good reseller will be happy to discuss the process.</p> <p>Another threat is counterfeit or gray-market goods that find their way into the government supply chain <strong>because a vendor is not vetting its products well enough</strong>. Ten years ago, the Army and other agencies discovered they had <a href="https://www.zdnet.com/article/cisco-partners-sell-fake-routers-to-us-military/" target="_blank">unwittingly bought counterfeit products</a> from an unsuspecting supplier. Since then, GSA adopted <a href="https://csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/ssca/2017-winter/WedAM2_1%20Infusing%20Cybersecurity%20into%20the%20Acquisition%20Process%20by%20Shon%20Lyublanovits.pdf" target="_blank" title="GSA processes for supply chain management risk">new processes for supply chain management risk</a> in that area.</p> <p>Vigilance in the management of supply chains can be difficult, given that much of the manufacturing process may not be transparent. But <strong>agencies have many avenues for assistance </strong>in assessing risk these days, and that’s an important step. </p> <p>As Infosec’s <a href="https://resources.infosecinstitute.com/cyber-security-in-supply-chain-management-part-1/#gref" target="_blank" title="Infosec &quot;Cyber Security Risk in Supply Chain Management&quot;">“Cyber Security Risk in Supply Chain Management”</a> states: “Cyber security of any one organization within the chain is potentially only as strong as that of the weakest member of the supply chain.”</p> <p><em>This article is part of </em>FedTech's <em><a href="https://fedtechmagazine.com/capital" target="_blank" title="CapITal blog">CapITal blog series</a><a href="https://fedtechmagazine.com/capital" target="_blank" title="CDW CapITal blog">.</a> Please join the discussion on Twitter by using the <a href="https://twitter.com/hashtag/FedIT" target="_blank" title="#FedIT on Twitter">#FedIT</a> hashtag.</em></p> <p> </p> <p> </p> <p><em><a data-entity-type="" data-entity-uuid="" href="https://fedtechmagazine.com/capital" target="_blank" title="CapITal blog"><img alt="CapITal blog logo" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/CapITal_Logo.jpg" /></a></em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11621"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/9233_hrvcc.jpg?itok=fPK48nls" width="58" height="58" alt="Ben Bourbon" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11621"> <div>Ben Bourbon </div> </a> </div> <div class="author-bio"> <p> <div><p>Ben Bourbon is vice president of federal sales for CDW•G.</p> </div> </p> </div> </div> </div> </div> Tue, 14 May 2019 12:49:27 +0000 Elizabeth_Neus_pdwC 42566 at https://fedtechmagazine.com