FedTech - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en Cloud-Based Tools Ease the Load for NASA, NOAA Websites https://fedtechmagazine.com/article/2018/07/cloud-based-tools-ease-load-nasa-noaa-websites <span>Cloud-Based Tools Ease the Load for NASA, NOAA Websites</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 07/20/2018 - 10:08</span> <div><p>On Aug. 21, 2017, <a href="https://eclipse2017.nasa.gov/eclipse-who-what-where-when-and-how" target="_blank">as a solar eclipse cast a slice of darkness </a>across the continental U.S., NASA captured the event for ­millions who couldn’t make it to the narrow path of totality.</p> <p>The space agency <a href="https://eclipse2017.nasa.gov/" target="_blank">launched a website dedicated to the rare celestial event</a> and hosted multiple livestreams on NASA TV. Roughly <strong>12 million people</strong> watched video on NASA sites that day, while another <strong>38 million watched the streams on YouTube, Facebook </strong><strong>and</strong><strong> other media sites</strong>, says Brian Dunbar, internet serv­ices manager for NASA.</p> <p>But even as the sky went dark, NASA’s sites did not, thanks to careful planning plus cloud-based hosting and content delivery networks.</p> <p>Speed is one of the most important aspects of building a government website, which is why agencies<strong> turn to cloud providers to improve performance</strong>. Slow page loads can <strong>detract from an agency’s mission and turn citizens away</strong>.</p> <p><a href="https://www.thinkwithgoogle.com/data-gallery/detail/mobile-site-abandonment-three-second-load/" target="_blank">A 2016 Google study</a> found that a little more than half of individuals will abandon a mobile website if it takes more than three seconds to load.</p> <p>“After a period of time, folks will start tuning out,” says Alan McQuinn, senior research analyst for the <a href="https://itif.org/" target="_blank">Information Technology and Innovation Foundation</a>. “And that’s important, because a website is the face of the agency for consumers.”</p> <p><a href="https://fedtechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>NASA Used Past Experience to Plan for Website Traffic Spikes </h2> <p>NASA has been dealing with web traffic surges since the mid-1990s, when an eager public flooded <a href="https://www.nasa.gov/" target="_blank">NASA.gov</a> to view photos from <a href="https://mars.nasa.gov/programmissions/missions/past/pathfinder/" target="_blank">Mars Pathfinder</a>, says Dunbar. Back then, <strong>the agency’s website lived on two servers in the basement</strong> of its Washington, D.C., headquarters.</p> <p>On Jan. 31, 2003, it moved to its first commercial hosting service. Just a few hours after the transition was completed, the space shuttle Columbia disintegrated upon re-entry, and stunned citizens flocked to NASA’s website to learn more about the disaster and the seven astronauts who died.</p> <p><img alt="FT_Q318_F_Tynan-quote.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/FT_Q318_F_Tynan-quote.jpg" /></p> <p>“So many people came to our site looking for information that we burned through a year’s worth of bandwidth in three days,” says Dunbar.</p> <p>By the time of the 2017 eclipse, NASA had <strong>contracted with cloud providers and content delivery networks to handle the deluge</strong>. CDNs cache site content at different points of presence around the country in order to deliver it more quickly and reliably to nearby users.</p> <p>“The good news is that we knew when the eclipse was coming, so we started planning a year out,” says Ian Sturken, NASA’s web and cloud services manager. “We started doing tabletop exercises to make sure we could handle the load, and it worked just peachy. <strong>The amount of content delivered was astronomical, but there was no failure.</strong>”</p> <h2>Cloud Gives Agencies Flexibility to Meet Demand </h2> <p>Though total solar eclipses are rare in the United States, more common events like launches and NASA press conferences can <strong>cause normal traffic to spike by a factor of 10</strong>, says Sturken. The key to success is the ability of cloud-based services to scale and meet rapid increases in demand.</p> <p>“The problem with hosting in your own data center is that your assets are limited,” he says. “You need to buy at the top end of what you think you’re going to consume. You don’t have to do that in the cloud. You can start on a low note and make it larger as you go.”</p> <p>A huge part of NASA’s mission is sharing information, adds Dunbar. <strong>Having a web presence that scales with public demand is essential.</strong></p> <p>“We’ve always taken very seriously the clause in our enabling legislation that requires us to disseminate information about our programs to the widest extent practicable,” Dunbar says. “In the ’90s it was figuring out how to use the World Wide Web. Now our social media teams are all over the place, engaging people in a conversation about NASA. It’s something we take great pride in.”</p> <h2>FEC Uses Cloud Solutions to Save Money </h2> <p>If there’s anything more ­predictable than a solar eclipse, it’s an election. That’s why every three months, <a href="https://www.fec.gov/" target="_blank">Federal Election Commission</a> officials brace for an influx of visitors to their website.</p> <p>“Our website traffic is cyclical, centering on our campaign finance filing deadlines, election years and election dates,” says Christian Hilland, deputy press officer for the agency. “Therefore, <strong>we have the good fortune of being able to plan for spikes</strong> in visits to <a href="https://www.fec.gov/" target="_blank">fec.gov</a>.”</p> <p>The biggest traffic loads hit during quarterly deadlines, when campaigns are required to make public the amount and sources of funding they’ve received. During the year-end filing period in January, page views hit nearly 260,000 over a two-day period — more than five times the typical traffic, says Hilland.</p> <p style="float: right; margin: 10px;"><img alt="FT_Q318_F_Tynan-elpunto-small.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/FT_Q318_F_Tynan-elpunto-small.jpg" /></p> <p>The number of political action committees and candidates has grown steadily over the years, as has the amount of money each candidate has raised, says Hilland. That results in <strong>ever larger data sets that need to be ­downloaded as users request them</strong>.</p> <p>“The commission’s goal is to make filings available through the website within seconds after a report is received electronically,” he says. “That can be particularly challenging when millions of records are received in a single day.”</p> <p>In the past, commission IT staff needed to predict web traffic several years in advance, and then buy powerful servers that could handle the high-traffic periods but would remain underutilized at other times. Using <a href="https://cloud.gov/" target="_blank">cloud.gov,</a> a custom platform created for the federal government, <strong>saves the agency an estimated $1.2 million annually</strong>.</p> <p>“Since migrating to a cloud system, we no longer need to buy or allocate servers to handle an influx of traffic,” says Hilland.</p> <h2>NOAA Uses the Cloud to Handle Surges During Storm Season </h2> <p>Unlike astronomical events or campaign finance reporting, the weather is both more unpredictable and more important to people’s day-to-day lives. The <a href="http://www.noaa.gov/" target="_blank">National Oceanic and Atmospheric Administration</a> operates some of the most heavily visited sites in government, such as <a href="https://www.weather.gov/" target="_blank">weather.gov</a> for the National Weather Service and <a href="hurricanes.gov" target="_blank">hurricanes.gov</a> for the National Hurricane Center.</p> <p>Last fall, as hurricanes Irma and Maria swirled over the southeastern United States, <strong>hurricanes.gov received over 1 billion hits in one day</strong>, says Cameron Shelton, director of the <a href="http://www.cio.noaa.gov/cio_orgs.html#sdd" target="_blank">Services Delivery Division in the Office of the CIO</a> at NOAA.</p> <p>“Last year’s traffic came as a surprise,” says Shelton. “Luckily, we were prepared. But it’s not unusual to have several million hits in a day, and several hundred million for a large hurricane.”</p> <p>All told, the site generated more than<strong> 500 million page views</strong> during that period; Irma alone accounted for three times the amount of web traffic ever produced by a single storm.</p> <p>Like NASA, NOAA used to maintain public-facing sites in-house. Last year, anticpating people checking the weather for the eclipse, <strong>NOAA contracted with a content delivery network</strong>.</p> <p>“We still have our web farms, which are similar to CDNs,” Shelton says. “But we’re using the cloud to deal with surges rather than invest in hardware.”</p> <div class="sidebar_wide"> <h3>Users Love Fast Websites</h3> <p>Agencies rely on their websites to deliver information to users, and they’re working to make sure they can handle surge periods, whether the extra traffic comes at a predictable time or in response to an unexpected event. It’s a challenging task.</p> <p><a href="http://www2.itif.org/2017-benchmarking-us-government-websites.pdf" target="_blank">A report by the Information Technology and Innovation Foundation published last November</a> found that <strong>63 percent</strong> of federal websites produced acceptable page download speeds for desktop users; <strong>27 percent </strong>of pages loaded within a few seconds on a mobile device.</p> <p>Also, <strong>6 in 10 sites were considered mobile-friendly</strong> — able to detect when a mobile device accessed the site and then adjust the page display for easier navigation on a small screen.</p> <p>Two websites earned perfect scores for desktop page load speed in the ITIF report: <a href="https://www.usa.gov/" target="_blank">USA.gov</a>, a portal to general government information; and <a href="https://www.juvenilecouncil.gov/" target="_blank">juvenilecouncil.gov</a>, which coordinates information on juvenile delinquency prevention programs. For mobile load speed, juvenilecouncil.gov was the only one to receive a perfect score.</p> </div> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/dan-tynan"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/dan-tynan-180.jpg?itok=mnbuJzub" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/dan-tynan"> <div>Dan Tynan</div> </a> <a target="_blank" class="google-plus" href="http://plus.google.com/102093055760798427858/posts?rel=author"><span>Google+</span></a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=tynanwrites&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Dan Tynan is a freelance writer based in San Francisco. He has won numerous journalism awards and his work has appeared in more than 70 publications, several of them not yet dead.</p> </div> </p> </div> </div> </div> </div> Fri, 20 Jul 2018 14:08:30 +0000 phil.goldstein_6191 41196 at https://fedtechmagazine.com Agencies Get Access to New Mobile Phishing Protections https://fedtechmagazine.com/article/2018/07/agencies-get-access-new-mobile-phishing-protections <span>Agencies Get Access to New Mobile Phishing Protections</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 07/19/2018 - 11:43</span> <div><p>Phishing is not going away for federal agencies. Now, they have another tool to fight back against the attacks.</p> <p>Earlier this year, William Evanina, director of <a href="https://www.dni.gov/index.php/ncsc-home" target="_blank">the National Counterintelligence and Security Center</a> within the Office of the Director of National Intelligence, noted that about <strong>90 percent</strong> of the data exfiltrations that have <a href="https://fedtechmagazine.com/article/2018/03/phishing-culprit-behind-vast-majority-data-exfiltration-intelligence-official-says">hit the federal government and private sector</a> in the last eight or nine years were the result of spear-phishing campaigns that targeted unsuspecting employees.</p> <p>This month, <a href="https://www.dhs.gov/science-and-technology/news/2018/07/05/news-release-st-announces-transition-new-phishing-protection" target="_blank">the Department of Homeland Security announced</a> that security firm <a href="https://www.cdwg.com/search/?key=Lookout&amp;amp;searchscope=all&amp;amp;sr=1" target="_blank">Lookout</a> added <strong>new anti-phishing and content protection capabilities to its Mobile Endpoint Security platform</strong>, which received funding from DHS’s <a href="https://www.dhs.gov/science-and-technology" target="_blank">Science and Technology Directorate</a>. The enhanced platform is now available for iOS and Android operating systems.</p> <p>“Most enterprise mobility management solutions require mobile endpoint security technology to <strong>continuously validate security </strong>and protect their <a href="https://www.dhs.gov/science-and-technology/csd-mobile-device-security" target="_blank">mobile devices</a> and applications,” S&amp;T Mobile Security Research and Development Program Manager Vincent Sritapan says in a statement.</p> <p>“These advancements in mobile threat defense will <strong>protect sensitive data, such as personally identifiable information, on mobile devices and enterprise networks and greatly increase the security </strong>of the federal government’s mobile systems for mission-critical activities,” he adds.</p> <p><a href="https://fedtechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>Why Phishing Protections Matter for Feds </h2> <p>Protecting against phishing attacks, in which malicious actors attempt to gain access to a user’s credentials (and then to systems and networks) through social engineering, is still critical for the government.</p> <p>In October 2017, <a href="https://cyber.dhs.gov/bod/18-01/" target="_blank">DHS mandated that federal agencies</a> use the<a href="https://dmarc.org/" target="_blank"> Domain-Based Message Authentication, Reporting </a><a href="https://dmarc.org/" target="_blank">and</a><a href="https://dmarc.org/" target="_blank"> Conformance protocol</a>.</p> <p>DMARC enables email servers to <strong>determine whether an email is actually from the sender, then delete forged emails or mark them as spam</strong>. Without it, anyone can send emails with a forged sender address and recipients would be unaware of the forgery.</p> <p>Some DMARC requirements were due for adoption in January while others have an October deadline. But <a href="https://www.fedscoop.com/month-later-agencies-still-lagging-vulnerable-move-dmarc/" target="_blank">recent reports</a> indicate that many agencies are not yet using the protocol <a href="https://www.fedscoop.com/month-later-agencies-still-lagging-vulnerable-move-dmarc/" target="_blank">or don’t have it configured correctly</a>.</p> <p>The updated platform from Lookout is one more arrow in agencies’ quivers to fight phishing. DHS notes that the rapid growth of mobile device and app use and the constantly expanding mobile ecosystem mean that<strong> agencies must continuously validate mobile security and enhance their threat protection</strong>. “Vulnerabilities discovered in new devices and apps may be used by hackers as vectors to access sensitive government information and attack legacy enterprise network systems,” the agency says in the statement.</p> <p>The new capabilities are designed to block mobile phishing attacks that aim to steal user credentials or deliver malware.</p> <p>“Beyond simply detecting phishing attempts in SMS messages, the system also <strong>detects and prevents attacks that hide inside mobile apps, social media messages, and in </strong><strong>personal</strong><strong> and corporate email</strong>,” DHS says.</p> <p>The updated Lookout platform inspects all outbound connections at the network level when a user attempts to connect. However, DHS notes, the platform does not inspect message content, and thus maintains user privacy.</p> <p>The system <strong>sends real-time alerts to users when it detects a harmful connection</strong>, which protects users (and networks) from malicious apps, websites with known vulnerabilities and other risky content, DHS says.</p> <p>“Phishing protection for mobile never existed before. It’s really important to bring those capabilities to bear,” <a href="https://www.fedscoop.com/agencies-can-test-mobile-phish-blocking-tech-dhs/" target="_blank">Sritapan tells FedScoop</a>. “So we provide licenses — this includes the use of the software and also the labor support to train their people — that’s all a part of the engagement.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 19 Jul 2018 15:43:09 +0000 phil.goldstein_6191 41191 at https://fedtechmagazine.com Assets in the Air Provide High-Value Data for Feds https://fedtechmagazine.com/article/2018/07/assets-air-provide-high-value-data-feds <span> Assets in the Air Provide High-Value Data for Feds</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 07/18/2018 - 12:05</span> <div><p>Alisa Coffin, a research ecologist with the Agriculture Department’s <a href="https://www.ars.usda.gov/" target="_blank">Agricultural Research Service</a> (ARS), anticipated that she’d need more infrastructure when she used a drone to assist with her crop production studies in Georgia.</p> <p>“We knew there was going to be a lot of data to handle, and we knew we would have high processing needs,” she says.</p> <p>The <a href="https://www.cdwg.com/search/?key=DJI&amp;ctlgfilter=&amp;searchscope=all&amp;sr=1" target="_blank">DJI</a> drone helped her and her team <strong>gather high-resolution, multispectral images </strong>that she hopes will give them <strong>better insight into the density and health of the crops below</strong>.</p> <p>“The drone data provides an important connection between what we’re collecting on the ground and what we can see with satellite imagery,” she says. “You need a middle step.”</p> <p>Drones are increasingly popular across the federal government, with the military services and agencies such as the <a href="https://www.doi.gov/" target="_blank">Interior Department</a> and the <a href="https://www.fs.fed.us/" target="_blank">Forest Service</a> all using or testing unmanned aerial ­vehicles, or UAVs.</p> <p><a href="https://www.idc.com/getdoc.jsp?containerId=PRF004840" target="_blank">Shawn McCarthy</a>, research director for the Government Insights group at IDC, notes that <strong>the ease of data collection enabled by drones can present both benefits and challenges</strong>.</p> <p>“There is a substantial geographic information system element in drone data collection, along with video,” McCarthy says. “It’s not that either of those elements is new, but drones help access data in an efficient and inexpensive manner, which leads to a greater amount of data to deal with.”</p> <p><a href="https://fedtechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the<em> FedTech </em>newsletter in your inbox every two weeks!</a></p> <h2>Processing Drone Data Takes Time and Computing Horsepower</h2> <p>Robert Wells, a research hydraulic engineer with ARS, flew a drone over fields in Minnesota and Iowa last summer, collecting data to help farmers better manage soil erosion.</p> <p>Using the unmanned aerial vehicle, Wells gathered images that <strong>provided 3.5 billion data points from a single field within three hours</strong>.</p> <p><img alt="FT_Q318_F_Hennick-portrait.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/FT_Q318_F_Hennick-portrait.jpg" /><br /><span style="font-size: 11px; line-height: 20.8px;">Alisa Coffin uses a DJI drone to collect data for her USDA research, and has upgraded her storage capacity to handle the extra information.</span></p> <p>But even with the help of <strong>a 24-core workstation</strong>, it took him an <strong>entire week</strong> to process the data from each field and <strong>18 weeks to process the data for the entire project</strong>. “It’s amazing how much data was generated in that short period of time. I have multiterabyte hard drives, and I started filling them up quickly,” Wells says. “If I weren’t working solo — if multiple people were doing this every single day — the storage requirements would be devastating.”</p> <p>Coffin’s office made investments to handle the new workload triggered by the use of the DJI drone: a rack-mounted PC solution with 256 gigabytes of RAM dedicated to processing drone images, including components such as a <a href="https://www.cdwg.com/product/Dell-DDR4-8-GB-DIMM-288-pin/4142755?pfm=srh" target="_blank">Dell Precision Rack 7910</a>, a <a href="https://www.cdwg.com/search/?key=Intel%20Xeon%206%20Core%20Processor%20E5-2643%20v4&amp;searchscope=all&amp;sr=1" target="_blank">Dual Intel Xeon 6 Core Processor E5-2643 v4</a> and an <a href="https://www.cdwg.com/search/?key=NVIDIA%20Quadro%20K6000%2012GB%20video%20card&amp;searchscope=all&amp;sr=1" target="_blank">NVIDIA Quadro K6000 12GB video card</a>.</p> <p>The solution provides more than <strong>7TB</strong> of storage capacity, but Coffin expects to <strong>create 2TB to 3TB of new data, </strong><strong>largely</strong><strong> images, this summer alone</strong>. “It’s starting to fill up,” she says.</p> <p>She finds drone-gathered data so helpful that she has also acquired <a href="https://www.cdwg.com/product/DJI-Matrice-M210-drone/4863251?pfm=srh" target="_blank">a Matrice M210 drone</a> to gather thermal infrared imagery and an inexpensive ­consumer drone to collect additional photos. However, she always “strongly cautions” others who are interested in dabbling with drones.</p> <p>“They look so simple, and the results look so promising,” Coffin says. “But if you haven’t thought through all of the components of a UAV program —<strong> the software, the hardware, the ­people </strong>— you can end up wasting a lot of time and money and not have the quality of data you need to do the research.”</p> <h2>The Cloud May Ease Data Storage Concerns </h2> <p>In the fall of 2017, <a href="https://www.cbp.gov/" target="_blank">U.S. Customs and Border Protection</a> tested UAVs to determine whether they could assist with the agency’s mission. While drones show promise for gathering data at the border, the agency faces challenges in storing, processing and securing that data, says Tom Mills, chief systems engineer in the department’s Office of Information and Technology.</p> <p>“I think we’re still in that stage of assessing,” Mills says. “We face <strong>an issue with the logistics of transmission and where it’s stored</strong>. We also have to figure out how to store the sheer amount of data and how to process that data.”</p> <p>For the latter issue,<strong> the cloud</strong> may provide an answer. Mills notes that the price of data storage is falling and that cloud solutions provide flexibility. “The good thing about the cloud is, <strong>it’s elastic</strong>,” he says. “As soon as we don’t need it, we’re not paying for it.”</p> <p><a href="https://www.uscg.mil/" target="_blank">The Coast Guard</a> has decided that a drone is worth the effort. <a href="https://en.wikipedia.org/wiki/USCGC_Stratton" target="_blank">The Stratton</a>, a 418-foot national security cutter with a crew of about 150, has carried a drone on board for the past 18 months.</p> <p><img alt="FT_Q318_F_Hennick-elpunto.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/FT_Q318_F_Hennick-elpunto.jpg" /></p> <p>“It’s performing well for us,” says Capt. Craig Wieschhorster, the vessel’s commanding officer. “It gives us a tactical advantage.”</p> <p>The drone helps the crew conduct fisheries enforcement, flying over closed areas to see if anyone is fishing illegally. It also assists in counterdrug operations, allowing the Coast Guard to<strong> gather intelligence and assess situations before intercepting vessels</strong> suspected of trafficking drugs.</p> <p><strong>“We’re able to see everything these guys are doing, without them seeing us,” </strong>Wieschhorster says.</p> <p>When it comes to one of the Coast Guard’s classic missions — search and rescue — pilots can look at images collected by the drone “before even getting in the helicopter,” he says. That lets them reduce the amount of potentially dangerous time surveying conditions from the air.</p> <h2>More Drones Leads to More Data for Navy </h2> <p>The Navy is currently preparing to move on from smaller UAVs to a larger, unmanned surveillance aircraft currently under development. Christopher Page, command information officer for <a href="http://www.oni.navy.mil/" target="_blank">the Office of Naval Intelligence</a>, says that the service’s drone program — coupled with data from a growing array of other sensors and sources — is leading to <strong>“significant, near-term increases in the volume, variety </strong><strong>and</strong><strong> velocity of data.”</strong></p> <p>To accommodate the influx, Page says, the Navy will increasingly treat data storage and processing as an ongoing operational expense, rather than as a one-time capital outlay.</p> <p><img alt="FT_Q318_F_Hennick-quote_0.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/FT_Q318_F_Hennick-quote_0.jpg" /></p> <p>“The Navy is not going to generate the necessary capabilities and capacities through the traditional approach of making large, capital-intensive investments in on-premises hardware, software and support,” Page says. “It is, instead, going to <strong>generate what it needs by embracing an operations-intensive, cloud-first approach</strong> that emphasizes taking full and effective advantage of commercial cloud services.”</p> <p>On a much smaller scale, USDA’s Wells is looking for better solutions to store and process the data he collects in the fields of the Midwest. He is hoping that cloud resources might provide those functions, and also allow him to quickly share large data sets with his colleagues across the country.</p> <p>“The technology itself is absolutely glorious,” Wells says. <strong>“I intend to do a great deal more of this, but I’m trying to find an easier path forward.”</strong></p> <div class="sidebar_wide"> <h3>How Feds Use Drones Today</h3> <p>Although the public usually associates drones with military applications, civilian agencies are also finding innovative uses for the devices:</p> <ul><li><strong>Department of the Interior: </strong>Using out-of-service Defense Department drones, Interior has cut the cost of tasks such as dam inspections and wildlife surveys by a factor of 10.</li> <li><strong>Federal Emergency Management Agency: </strong>FEMA used imagery collected by other organizations’ drones to assist with operations in the aftermath of Hurricanes Irma and Maria.</li> <li><strong>Forest Service: </strong>In partnership with Michigan Technological University, the Forest Service is using drones to monitor the condition of Great Lakes coastal wetlands at Hiawatha National Forest in Michigan’s Upper Peninsula.</li> <li><strong>FBI: </strong>The FBI has acknowledged using surveillance drones in “a very minimal way.”</li> <li><strong>NASA: </strong>Along with modeling and simulations, NASA is conducting flight tests to identify technologies and procedures that “will make it possible for unmanned aircraft systems to have routine access to airspace occupied by human-piloted aircraft</li> </ul></div> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/calvin-hennick"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/calvin-hennick.jpeg.jpg?itok=xXXtEq5w" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/calvin-hennick"> <div>Calvin Hennick</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=calvinhennick&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Calvin Hennick is a freelance journalist who specializes in business and technology writing. He is a contributor to the CDW family of technology magazines.</p> </div> </p> </div> </div> </div> </div> Wed, 18 Jul 2018 16:05:48 +0000 phil.goldstein_6191 41186 at https://fedtechmagazine.com GSA: Agencies Must Modernize Networks If They Want an EIS Extension https://fedtechmagazine.com/article/2018/07/gsa-agencies-must-modernize-networks-if-they-want-eis-extension <span>GSA: Agencies Must Modernize Networks If They Want an EIS Extension</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 07/18/2018 - 11:20</span> <div><p>The General Services Administration is trying to be as clear as possible: Agencies should use <a href="https://fedtechmagazine.com/article/2018/06/eis-opportunity-network-transformation-kent-says" target="_blank">the 15-year, $50 billion Enterprise Infrastructure Solutions contract</a> to modernize their networks. And if they want an extension on the EIS transition deadline,<strong> they are going to have to prove they’re working toward modernization.</strong></p> <p>That was the message that Kay Ely, assistant commissioner for the GSA's Office of Information Technology Category, delivered on July 17 at a conference on EIS sponsored by FedInsider and CeturyLink, one of the main EIS contractors.</p> <p>“What we have said, and we are sticking to it, is that if we just hear transition and an agency, for whatever reason, can’t even do partial transformation” or plan for modernization, then an extension would not be offered, <a href="https://www.fedscoop.com/ely-says-agencies-wanting-eis-extension-better-transformation-mind/" target="_blank">FedScoop reports</a>.</p> <p>EIS requires agencies to transition away from the Networx contracting vehicle by the spring of 2020. Agencies will be able to take advantage of next-generation network technology through EIS — <strong>including software-defined networking and 5G wireless networks </strong>— for the foreseeable future.</p> <p>GSA has not offered agencies a formal extension, but Ely said it is still being considered. "We're very aware it's an issue," Ely said, <a href="https://fcw.com/articles/2018/07/17/eis-deadline-no-extension.aspx" target="_blank">according to <em>FCW</em></a>. "We're looking at how we have conversations with stakeholders."</p> <p>Still, she was unequivocal that agencies cannot just transition existing network architectures and services to similar ones if they want any kind of leeway. They must demonstrate that they will thoroughly modernize. <strong>"No modernization, no extension," </strong>she said.</p> <p>Ely said wants to demonstrate to the Government Accountability Office and GSA Chief Senior Procurement Executive Jeff Koses that agencies are demonstrably leveraging EIS for modernizing their IT. "Then we'll have a conversation" about extending the deadline, she said.</p> <p>To get a better idea of where agencies are in the EIS transition process, Ely said she plans to soon meet with GSA’s 70 agency representatives, and ensure they have all of the resources they need, <a href="https://federalnewsradio.com/technology-main/2018/07/eis-deadline-extension-still-on-the-table-says-top-gsa-acquisition-official/" target="_blank">Federal News Radio reports</a>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 18 Jul 2018 15:20:07 +0000 phil.goldstein_6191 41181 at https://fedtechmagazine.com Why the IRS Wants Cloud-Based AI to Enhance Cybersecurity https://fedtechmagazine.com/article/2018/07/why-irs-wants-cloud-based-ai-enhance-cybersecurity <span>Why the IRS Wants Cloud-Based AI to Enhance Cybersecurity</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 07/17/2018 - 12:23</span> <div><p>The IRS may not be the first agency one thinks of when it comes to forward-looking technology. Indeed, the Trump administration’s pick to lead the agency <a href="https://fcw.com/articles/2018/06/29/irs-legacy-tech-rettig.aspx" target="_blank">told lawmakers at his confirmation hearing in late June </a>that modernizing the IRS IT system and bringing it into the 21st century is one of his top goals.</p> <p>The IRS is trying to get there. The day before Charles Rettig’s appearance before Congress, the tax collection agency <a href="https://www.fbo.gov/index.php?s=opportunity&amp;mode=form&amp;id=9e4ff975a1edb741cede23ed01c8512d&amp;tab=core&amp;_cview=0" target="_blank">issued a request for information</a>, noting that its cybersecurity division wants to <strong>explore the potential of an artificial intelligence and machine-based analytical platform</strong> to “proactively<strong> detect and respond to cyber- and insider-related threats</strong>.” Further, the RFI seeks information on <strong>a cloud-based Big Data platform</strong> as part of this technology effort.</p> <p>Specifically, the AI platform will need to support local settings for specific needs and global settings capable of sharing attack sequences between environments. The platform will also need to automatically and continuously learn environments to improve accuracy, triage alerts “to reduce false positives to parts-per-billion events,” <strong>identify and track new threats and entities, analyze data and provide context for the alerts and cases used in investigations</strong>.</p> <p>The IRS will gather information from industry and academia, and it will use the results to assess ongoing industry efforts within the identified focus areas. The findings will also help to shape the agency’s path forward for “potential acquisitions to include determination of contractual mechanisms to potentially pursue capabilities.” Submissions for the RFI are <strong>due by July 26</strong>.</p> <p><a href="https://fedtechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the<em> FedTech </em>newsletter in your inbox every two weeks!</a></p> <h2>IRS Seeks Machine Learning Tools and Cloud-Based Big Data</h2> <p>The IRS is seeking information on a wide range of technologies as part of the proposed platform, according to the RFI. Those include <strong>artificial intelligence, machine learning, cognitive computing, and data analytics techniques and algorithms</strong>.</p> <p>Additionally, the agency is seeking information on capabilities that can be applied in cybersecurity areas at the IRS, such as threat intelligence, insider threat, cyber operations and processing, exploitation and dissemination, and Big Data analytics.</p> <p>In terms of machine-learning analytics, the IRS is seeking information on a platform that applies multiple diverse modes of behavioral ML analytics, which can be<strong> unsupervised, semi-supervised or supervised, to guard against insider threats</strong>. The platform should also support “streaming data sources to provide near real-time assessment” and be able to use “near real-time data sources to provide analytic views of correlated activities for <strong>near real-time monitoring of cyber threats across government networks</strong>.”</p> <p>The machine-learning tools must also be able to “process, analyze, and identify threats in highly diverse sets of IT data sources” and with operational technology data sources such as Internet of Things devices and industrial control systems. Further, the tools should be able to “identify unknown threats using unsupervised analytic techniques and behavioral-based analytics, along with known threats using external threat intelligence.”</p> <p>For its <strong>cloud-based Big Data platform</strong>, the IRS is seeking a Software as a Service system that can be deployed and meet the high baseline requirements of <a href="https://www.fedramp.gov/fedramp-releases-high-baseline/" target="_blank">the Federal Risk and Authorization Management Program</a>. The platform must be able to support “forensic search of aggregate archive data;” centrally collect, aggregate and store security log files; and be “fully elastic to accommodate data expansion.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 17 Jul 2018 16:23:41 +0000 phil.goldstein_6191 41176 at https://fedtechmagazine.com How Feds Can Manage IoT Security Issues https://fedtechmagazine.com/article/2018/07/how-feds-can-manage-iot-security-issues-perfcon <span>How Feds Can Manage IoT Security Issues</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 07/16/2018 - 09:31</span> <div><p>The federal government is poised to spend about <strong>$81.3 billion</strong> on IT in fiscal 2018, <a href="https://itdashboard.gov/" target="_blank">according to the federal IT Dashboard</a>. It's unclear how much of that will be spent on IoT technology, but that amount is growing. <a href="https://blog.immixgroup.com/2017/04/27/federal-iot-market-to-reach-3b-by-fy18/" target="_blank">Analysts from the Immix Group estimated </a>in April 2017 that the total federal IoT addressable market will hit<strong> $3 billion i</strong>n fiscal 2018, up from <strong>$2.5 billion</strong> in fiscal 2016. Meanwhile, the contract and spending analysis firm Govini found that the government spent nearly<strong> $9 billion </strong>in 2015 on IoT technology.</p> <p>Although there are differences of opinion on how much the government is spending on IoT right now, it is clear that agencies are adopting IoT technologies for all kinds of use cases, including <strong>sensors that measure the physical environment and smart utility systems </strong>in government buildings.</p> <p>Yet the proliferation of sensors and connected devices also means that <strong>the attack surface for agencies is increasing</strong>. <a href="https://fedtechmagazine.com/article/2017/03/feds-are-using-iot-deeply-concerned-about-its-security">The security</a> of IoT devices has been <a href="https://fedtechmagazine.com/article/2018/03/feds-need-iot-security-goes-beyond-perimeter">a constant concern</a> for government IT leaders, <a href="https://fedtechmagazine.com/article/2018/02/future-dods-plan-defend-against-iot-threats">especially at the Pentagon</a>.</p> <p>How can agencies<strong> enhance IoT security and engage in the effective management of IoT security risk</strong> issues? And are the cybersecurity best practices that have helped guard traditional networks and IT systems <strong>useful or adaptable enough</strong> to guard against IoT security attacks and weaknesses?</p> <p>For many federal IT leaders, IoT security risks cannot be eliminated, only managed. “I think it's impossible to ensure network security. I think it's <strong>always a conversation about managing the risk</strong>,” Jeff Seaton, acting deputy CIO of <a href="https://www.nasa.gov/" target="_blank">NASA</a>, tells <em>FedTech </em>magazine.</p> <p>Within NASA, one of the things the agency is trying to do with respect to IoT is “not create a separate realm or sphere for the Internet of Things, but figure out how understanding the risk associated with IoT can fit within our existing security framework and risk management processes.”</p> <p>NASA does not want to create a separate set of processes for IoT, Seaton says, “but instead build those into the existing processes we have and evolve those as needed.” The idea is to not treat IoT “as something unique and distinct and separate.”</p> <p>Even though some agencies like NASA want to fold IoT security into their broader cybersecurity efforts, IoT is <a href="https://fedtechmagazine.com/article/2017/10/how-iot-changes-role-federal-ciso">changing the nature of the role of the federal CISO</a>. Speaking at a Washington, D.C., cybersecurity event in September, Rod Turk, the CISO and acting CIO of the <a href="https://www.commerce.gov/" target="_blank">Commerce Department</a>, said that CISOs and those who work for them need to<strong> evaluate IoT security holistically and assess the risks associated with connecting new devices</strong>.</p> <p>“Know what’s in your environment,” he said, <a href="https://federalnewsradio.com/technology-main/2017/09/iot-introducing-new-cyber-risks-redrawing-federal-ciso-role/" target="_blank">according to Federal News Radio</a>. “You may not know all of your IoT, but I’ve got a good hunch that you’ve probably got a sense of where it all is. You know your printers, you know your copiers now have computers in them, and they’re going to be storing information, and they have the ability to take that information and send it out to random places.”</p> <p>How can federal IT leaders get a handle on IoT security and introduce effective IoT risk management policies? Thankfully, the National Institute of Standards and Technology has <a href="https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program" target="_blank">a robust program on cybersecurity for IoT</a>. In February, NIST released <a href="https://csrc.nist.gov/CSRC/media/Publications/nistir/8200/draft/documents/nistir8200-draft.pdf" target="_blank">a draft interagency report </a>on IoT cybersecurity standards, and concludes that <strong>without a standardized set of cybersecurity requirements, malicious actors could exploit security gaps and IoT systems could be vulnerable to </strong><strong>cyberattacks</strong>.</p> <p>The report offers feds a handy primer on how to effectively address IoT risk management.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>How Feds Can Guard Against IoT Security Issues</h2> <p>The NIST report notes that IoT networks are “deployed over a multitude of protocols and physical links” and that therefore “selecting the appropriate messaging and communication protocols depends on the use case and security requirements for each system.”</p> <p>One characteristic of IoT deployments is the potential for spontaneous connections to be made without a system view. Viewed in this way, according to the NIST report, “IoT could not be ‘planned’ nor secured well using traditional approaches to security since system compositional or emergent properties would never be seen by a risk manager.”</p> <p>The network interfaces used in these loosely coupled IoT deployments<strong> represent attack surfaces for agencies</strong>. “Therefore, without a system asset definition and subsequent threat analysis the security design is very unlikely to be useful,” NIST states.</p> <div style="position:relative;height:0;padding-bottom:56.21%"> <iframe allow="autoplay; encrypted-media" allowfullscreen="" frameborder="0" height="3394" src="https://www.youtube.com/embed/H_X6IP1-NDc?ecver=2" style="position:absolute;width:100%;height:100%;left:0" width="700"></iframe></div> <p>NIST notes that <strong>many of the cybersecurity techniques designed for industrial control systems can be adapted for IoT</strong>.</p> <p> </p> <p>For example, agencies can restrict logical access to the network and network activity by “using unidirectional gateways, a demilitarized zone network architecture with firewalls to prevent network traffic from passing directly between the corporate and IoT networks, and having separate authentication mechanisms and credentials for users of the corporate and IoT networks.” Additionally, agencies can restrict physical access to IoT network and components via as locks, card readers or guards.</p> <p>NIST also advises agencies to protect individual IoT components from exploitation by deploying security patches “in as expeditious a manner as possible, after testing them under field conditions,” and “disabling all unused ports and services and assuring that they remain disabled.”</p> <p>The principle of least privilege applies to IoT as well, and agencies should restrict IoT user privileges to only those required for each person’s role. Other best practices include <strong>tracking and monitoring audit trails, using security controls such as anti-virus software</strong> and “file integrity checking software where technically feasible to prevent, deter, detect, and mitigate malware,” notes the NIST report.</p> <p>Additionally, agencies should seek to <strong>prevent the unauthorized modification of IoT data</strong>, either in transit or at rest.</p> <p>Another key aspect of IoT security is to <strong>detect security events before they escalate into incidents</strong>, NIST argues. Agencies can do this by developing the capability to “detect failed IoT components, unavailable services, and exhausted resources that are important to provide proper and safe functioning of an IoT system.”</p> <p>If there is a security event, IoT systems need to be able to <strong>maintain functionality during such adverse conditions</strong>, NIST states. That means designing IoT systems so that each critical component has a redundant counterpart. And if an IoT component fails, “it should fail in a manner that does not generate unnecessary traffic on IoT or other networks, or does not cause another problem elsewhere, such as a cascading event.”</p> <p>Having an <strong>effective incident response plan is also essential</strong>. “A major characteristic of a good security program is how quickly IoT systems can be recovered after an incident has occurred,” NIST notes.</p> <h2>How to Effectively Manage IoT Security Issues</h2> <p>The proliferation and <strong>increased ubiquity of IoT components are likely to heighten the risks they present</strong>, according to NIST, particularly as malicious cyberactors “work to develop new generations of malware dedicated to exploiting them.”</p> <p>As NIST has long argued, agencies must work with IoT vendors to <strong>“design components with security in mind.” </strong>Systems designers must also “pay attention to new attack surfaces revealed with unforeseen emergent properties of these systems.”</p> <p>There are several supply chain risk management standards that NIST has approved. However, they are not specific to IoT and “they need to be reviewed to determine if they are sufficient or require revision for IoT systems,” the agency says.</p> <p>Overall, NIST notes, “there is a multiplicity of risks associated with IoT” and that to mitigate IoT security risks, they “should not be assessed and monitored in a vacuum, but<strong> take into consideration the broader perspective of risk to ensure all aspects of threat and vulnerability are addressed</strong>.”</p> <h2>IoT Security Solutions: Next-Gen Firewalls, Encryption and Beyond</h2> <p>Although agencies face challenges related to IoT security, there are several best practices and technologies IT leaders can turn to secure their IT environments. “All of the security controls and techniques that we have known about and worked with for years can absolutely be applied to the IoT space,” <a href="https://www.cdw.com/content/cdw/en/resources/iot-best-practices-of-iot-deployments.html" target="_blank">says Christos Dimitriadis</a>, board of directors chair for <a href="https://www.isaca.org/pages/default.aspx" target="_blank">ISACA</a>, a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management and governance.</p> <p>“Existing best practices, such as <strong>network segmentation,</strong> will help take some of the security load off of these devices,” says Mark Blackmer, product marketing manager of industry solutions for <a href="https://www.cdwg.com/content/cdwg/en/brand/cisco.html?cm_mmc=vanity-_-cisco-_-NA-_-NA’" target="_blank">Cisco Systems</a>’ security business group.</p> <p>“External mechanisms, such as <strong>machine-learning-based traffic analytics</strong>, can help close the [security] gap,” adds Mike Tennefoss, vice president of strategic partnerships for <a href="https://www.cdwg.com/content/cdwg/en/brand/aruba.html" target="_blank">Aruba Networks</a>.</p> <p>There are other specific technology solutions agencies can use to secure IoT deployments. One is<strong> next-generation firewalls </strong>(NGFW), a hardware- or software-based network security system, can detect and block attacks by enforcing security policies at the application, port and protocol levels. “Looking at security best practices, the NGFW provides some of the most critical ingredients of total IoT protection,” <a href="https://www.cdw.com/content/cdw/en/articles/security/2017/06/07/securing-the-iot-environment.html" target="_blank">notes Yariv Fishman</a>, head of product management for vertical solutions and IoT for <a href="https://www.cdwg.com/content/cdwg/en/brand/check-point.html?enkwrd=Check%20Point" target="_blank">Check Point Software Technologies</a>.</p> <p><strong>Encryption also plays an important role in securing IoT devices as well as network communications.</strong> “For example, establishing an encrypted virtual private network connection between a device and the network helps eliminate potential attacks, such as ‘Man in the Middle,’ that compromise the integrity and validity of the information provided from the device to the network and vice versa,” Fishman says.</p> <p><strong>Partitioning a network</strong> <strong>into secure segments</strong> helps isolate IoT devices from mainstream IT devices. While traditional network endpoints typically run endpoint protection services, that’s not true for IoT devices. “If an attacker is able to compromise an IoT device, they could sit there for months undetected while carrying out attacks behind your network perimeter,” warns Marc Laliberte, an information security threat analyst for security provider <a href="https://www.cdwg.com/content/cdwg/en/brand/watchguard.html?enkwrd=watchguard" target="_blank">WatchGuard Technologies</a>. “Because of this threat, IoT devices should be segmented from the rest of the network by an NGFW performing inspection on internetwork connections.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 16 Jul 2018 13:31:05 +0000 phil.goldstein_6191 41171 at https://fedtechmagazine.com DHS Will Soon Ramp Up CDM Program Efforts https://fedtechmagazine.com/article/2018/07/dhs-will-soon-ramp-cdm-program-efforts <span>DHS Will Soon Ramp Up CDM Program Efforts</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 07/13/2018 - 11:46</span> <div><p>The Department of Homeland Security is moving ahead on several fronts to accelerate cybersecurity efforts under its <a href="https://www.dhs.gov/cdm" target="_blank">Continuous Diagnostics and Mitigation program</a>, with several major CDM contracts expected to be awarded this summer.</p> <p>DHS will also ramp up efforts to roll out new cybersecurity capabilities related to <strong>ongoing assessments, mobile security, network access control and certificate management</strong>.</p> <p>And the agency is also going to evaluate solutions for the next phase of the CDM program, which will focus on data protection.</p> <p>Taken together, all of the moves, announced roughly over the past month, indicate that DHS is seeking to give more tools to agencies under CDM as they seek to enhance their cybersecurity. The need to speed up the deployment of cybersecurity capabilities likely became more acute after the late May release of the “<a href="https://www.whitehouse.gov/wp-content/uploads/2018/05/Cybersecurity-Risk-Determination-Report-FINAL_May-2018-Release.pdf" target="_blank">Federal Cybersecurity Risk Determination Report and Action Plan</a>,” in which the Office of Management and Budget and DHS determined that <strong>71 of 96 agencies (74 percent) </strong>participating in a federal risk assessment process<strong> “have cybersecurity programs that are either at risk or high risk.”</strong> OMB and DHS also found that agencies are “not equipped to determine how threat actors seek to gain access to their information.”</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the<em> FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>DHS to Award New CDM DEFEND Contracts</h2> <p>CDM, launched in 2013, allows agencies to monitor their IT systems and then respond almost instantaneously to vulnerabilities. The program enables agencies to prioritize the risks based on how severe they might be in an effort to let cybersecurity personnel mitigate the most significant problems first. CDM offers commercial, off-the-shelf tools — hardware, software and services — that agencies can access via a central fund. DHS runs the CDM program in partnership with the General Services Administration.</p> <p>The program consists of four phases of activity designed to provide network administrators with<strong> real-time (or near real-time) information about the state of their networks</strong>.</p> <p>Each phase is designed to answer specific questions:</p> <ul><li>Phase 1: What is on the network?</li> <li>Phase 2: Who is on the network?</li> <li>Phase 3: How is the network protected? What is happening on the network?</li> <li>Phase 4: What role exists for emerging tools and technologies?</li> </ul><p>Last August, DHS and GSA released a new task order, called <strong>DEFEND (Dynamic and Evolving Federal Enterprise Network Defense)</strong>, under the Alliant governmentwide acquisition contract. DEFEND replaces blanket purchase agreements (BPAs) that expire in August 2018.</p> <p>DHS will award contracts worth<strong> $1 billion</strong> this month under DEFEND, <a href="https://www.fedscoop.com/new-cdm-contract-awards-worth-1b-coming-month/" target="_blank">FedScoop reports</a>. Kevin Cox, program manager for CDM at DHS, said in mid-June that the contracts would be awarded in “the next few weeks.”</p> <p>The new task orders, supplied through the GSA Alliant contract vehicle, will provide enhanced increased cybersecurity services and give agencies more flexibility for network security solutions.</p> <p>“We wanted to make sure that the new task orders we awarded had significant runway to be able to handle a whole lot of different actions in support of future phases,” Cox said, <a href="https://federalnewsradio.com/cybersecurity/2018/06/dhs-putting-the-pedal-to-the-metal-for-one-of-its-major-cyber-programs/" target="_blank">according to FedScoop</a>. “We can now run a lot of different things in parallel. We can run cloud security efforts, mobile security efforts, we can work and support agencies in implementing network access control, certificate management, etc.”</p> <p>With Phase 3 of CDM, DHS is exploring a “big number of capabilities that we want to eventually support the agencies in getting the capabilities in place,” Cox said, <a href="https://federalnewsradio.com/cybersecurity/2018/06/dhs-putting-the-pedal-to-the-metal-for-one-of-its-major-cyber-programs/" target="_blank">according to Federal News Radio</a>. “With the DEFEND task order we are able to schedule the work over the six years of the task order. We will focus on four main things starting out for all the agencies.”</p> <p>The four main areas include:</p> <ul><li>Ongoing assessments, in which agencies can use automated tools deployed under Phase 1 of CDM to <strong>consistently review the cybersecurity posture of systems</strong>, FederalNews Radio reports</li> <li>Mobile security, to give agencies <strong>greater visibility into their </strong><strong>mobility</strong><strong> device management systems</strong> by sending data to their agencywide dashboard</li> <li>Network access control, to <strong>automatically determine if devices trying to connect to agency networks are properly configured</strong> (and quarantine them if they are not)</li> <li>Certificate management, to give agencies <strong>a singular view of their website certificates</strong></li> </ul><h2>CDM Dashboard Efforts to Get a Boost</h2> <p>Cox has said DHS approaches CDM with <strong>an “ABCD” model </strong>that captures and surfaces threat information. In the A layer, sensors in the network give admins visibility into what devices are on the network and how users are acting. The B layer takes that information and standardizes it. That information then feeds up to agency dashboards in the C layer. DHS is working with agencies to produce reports based on those dashboards that let agencies know what their vulnerabilities are and how they can be patched. The D layer is <strong>the federal dashboard, which DHS stood up earlier this year to get an </strong><strong>enterprisewide</strong><strong> view of federal cybersecurity</strong>.</p> <p>Cox told Federal News Radio that DHS aimed to get all of the CFO Act agencies feeding into the federal dashboard this month. DHS has also been <a href="https://fedtechmagazine.com/article/2018/03/dhs-will-soon-launch-cdm-service-smaller-agencies">rolling out a shared service</a> to give smaller, non-CFO Act agencies their own multitenant dashboard.</p> <p>“With our shared service for the non-CFO Act agencies, we are looking to establish the information exchange for that dashboard around the July timeframe. Then we will start to bring in the visibility from the small and micro agencies as well,” Cox told Federal News Radio. “<strong>By mid-to-late summer we’ll start to get visibility across the various agency dashboards</strong>. It’s being summarized but it starts to give the federal leadership <a href="https://federalnewsradio.com/reporters-notebook-jason-miller/2018/04/agencies-faced-14-percent-more-cyber-incidents-last-year-but-security-is-improving/" target="_blank">a good understanding</a> of what the federal landscape looks like.”</p> <p>DHS is working with smaller agencies that already have capabilities in place to feed data to the federal dashboard. And for smaller agencies that were not using the proper data analytics and collection tools, DHS is working to get them on board in small groups.</p> <p>“Throughout the summer and into the fall, <strong>we will be bringing in about 48 agencies t</strong>hat have signed memorandums of agreement,” Cox said. “At the end of the day, we want to get out to all of the small and micro agencies s<strong>o we will probably go </strong><strong>in to</strong><strong> fiscal 2019</strong>. We are looking at a population of 75 to 80.”</p> <h2>DHS Exploring Solutions for Protection Phase of CDM</h2> <p>Meanwhile, DHS is looking ahead to the next phase of CDM, the protection phase.</p> <p>Terence Rountree, deputy director of the GSA’s Office of IT Security Services, said in mid-June that DHS will be evaluating CDM Phase 4 solutions for its approved products list starting the week of July 2.</p> <p>“They are going to be <strong>accepting Phase 4 data protection under the emerging tools and technology area</strong>,” he said, speaking at GSA’s IT Acquisition Summit in Atlanta, <a href="https://www.fedscoop.com/dhs-begin-taking-cdm-phase-4-vendor-submissions-next-month/" target="_blank">according to FedScoop</a>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 13 Jul 2018 15:46:25 +0000 phil.goldstein_6191 41156 at https://fedtechmagazine.com CIA, NSA Embrace the Cloud for Data Security https://fedtechmagazine.com/article/2018/07/cia-nsa-embrace-cloud-data-security <span>CIA, NSA Embrace the Cloud for Data Security </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 07/12/2018 - 12:45</span> <div><p>With troves of sensitive national-security data, one might think that the nation’s intelligence agencies would be reticent to store that data in cloud environments. The opposite is true.</p> <p>Two of the leading intelligence agencies, the <a href="https://www.cia.gov/index.html" target="_blank">CIA</a> and <a href="https://www.nsa.gov/" target="_blank">National Security Agency</a>, are<strong> turning to cloud services to house their data</strong>, and they think it can be done securely.</p> <p>Moreover, officials say, moving to the cloud will help the agencies <strong>accomplish their missions more effectively and improve cooperation among agencies in the intelligence community</strong>.</p> <p>The CIA sees the cloud as a more effective way to house sensitive intelligence data. The NSA is steadily moving its data to an environment that combines NSA technology with commercial cloud tools, and it’s <strong>making that technology available to other intelligence agencies</strong>.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP:</strong> Get more news from the <em>FedTech </em>newsletter in your inbox every two weeks!</a></p> <h2>CIA Sees Cloud as a Secure, Streamlined Option for Data</h2> <p>The CIA is a stickler for security, which is why it trusts the cloud.</p> <p>“Security is an absolutely existential need for everything we do at the agency — the cloud on its weakest day is more secure than a client service solution,” Sean Roche, associate deputy director at <a href="https://www.cia.gov/offices-of-cia/digital-innovation" target="_blank">the CIA’s Digital Innovation Directorate</a>, said at an industry event in Washington, D.C., last month, <a href="https://www.nextgov.com/it-modernization/2018/06/cia-official-cloud-more-secure-old-tech-less-soul-crushing/149211/" target="_blank">according to Nextgov</a>. “Encryption runs seamlessly on multiple levels. <strong>It’s been nothing short of transformational</strong>.”</p> <p>The cloud is the way forward for the federal government, in Roche’s mind. He said he sees it as a streamlined, user-friendly option compared to the “cacophony” of legacy systems at agencies, which IT specialists are “desperately” trying to upgrade, Nextgov reports.</p> <p>Agencies often fall behind on cybersecurity when they try to<strong> bolt on new IT security tools and software to legacy systems</strong>, Roche said, especially when different IT team members are not aware of how those systems are configured.</p> <p>The cloud does not just offer security, Roche said. It also allows agencies to<strong> get easier access to Software as a Service </strong><strong>solutions</strong>, which can enable them to get around the traditional acquisition process and gain easier access to more innovative tools. According to Nextgov, Roche said that the current acquisition process “crushes souls.”</p> <p>“It takes too much time,” he said. “Commercial and private companies doing no business with the government have to have an on-ramp in.”</p> <h2>NSA Moves Data to Cloud to Boost Analytics </h2> <p>Meanwhile, the NSA also sees great potential in the cloud. The signal intelligence agency has moved most of the mission data it collects, analyzes and stores into a classified cloud environment called the Intelligence Community GovCloud, <a href="https://www.nextgov.com/emerging-tech/2018/06/nsa-systematically-moving-all-its-data-cloud/149179/" target="_blank">Nextgov reports</a>. The IC GovCloud serves as an integrated “big data fusion environment” that allows NSA analysts to<strong> rapidly “connect the dots” across the agency’s data sources</strong>, NSA CIO Greg Smithberger tells Nextgov in an interview.</p> <p>“To maximize our ability to rapidly fuse data and bring the most relevant information to our analysts as quickly as possible, while still protecting need to know, we created a custom big data fusion environment, using a combination of NSA inventions and commercially developed technology,” Smithberger <a href="https://about.bgov.com/blog/nsa-cio-smithberger/" target="_blank">tells Bloomberg Government</a>.</p> <p>The data that goes into that environment is carefully tagged so the NSA knows how sensitive it is, and all the<strong> users in the environment are specifically authorized to see only certain types of data</strong>, according to Smithberger. Further, he tells Bloomberg, “the big data analytics fusing data across the entire data lake only deliver to any individual the subset of the results that individual is authorized to see.”</p> <p>Although the system is a bit complicated, it allows the NSA “to strike the right balance between data fusion and need to know, while also ensuring that every type of data is handled in compliance with the appropriate U.S. laws and policies,” Smithberger tells Bloomberg.</p> <p>Although the customized environment was originally designed to address the NSA’s needs,<strong> the agency has now made this technology available to the entire intelligence community</strong> as part of the Office of the Director of National Intelligence’s <a href="https://fedtechmagazine.com/article/2017/08/its-not-top-secret-intelligence-community-encourages-data-sharing">Intelligence Community IT Enterprise</a>, or ICITE.</p> <p>This shared environment is the IC GovCloud. “The same mechanisms that enforce need to know and compliance within NSA’s mission have also proven effective across IC agencies, even though the governing laws and policies differ across agencies,” Smithberger tells Bloomberg.</p> <p>“The NSA has been <strong>systematically moving almost all its mission into this big data fusion environment</strong>,” Smithberger tells Nextgov. “Right now, almost all NSA’s mission is being done in [IC GovCloud], and the productivity gains and the speed at which our analysts are able to put together insights and work higher-level problems has been really amazing.”</p> <p>The IC GovCloud accelerates the work of human analysts by augmenting it with machine learning and algorithms, according to Smithberger. “This environment allows us to run analytic tools and do <strong>machine-assisted data fusion and big data analytics</strong>, and apply a lot of automation to facilitate and accelerate what humans would like to do, and get the machines to do it for them,” Smithberger says.</p> <p>Analysts, he says, can “interactively ask questions” of the data in the cloud and receive data in “humanly readable form.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 12 Jul 2018 16:45:54 +0000 phil.goldstein_6191 41151 at https://fedtechmagazine.com Feds Bust Common Myths About IoT https://fedtechmagazine.com/media/video/feds-bust-common-myths-about-iot <span>Feds Bust Common Myths About IoT </span> <div><p>The federal government is adopting Internet of Things technologies for all kinds of use cases, including sensors that measure the physical environment and smart utility systems in government buildings. Yet there is still a great deal of confusion about the nature of IoT and how agencies can use associated technologies. To separate fact from fiction, we spoke with federal IT leaders and academic experts. </p> <p>This is part of our <a href="https://fedtechmagazine.com/fedtech-focus-internet-things"><em>FedTech Focus: Internet of Things</em> video series</a>.</p> </div> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 07/09/2018 - 13:27</span> <div> <div>Tweet text</div> <div>Is #IoT just a series of connected devices? Is it true that #FedIT can&#039;t deploy Internet of Things right now? We break down the myths surrounding #GovIT&#039;s use of IoT. </div> </div> <div> <div>Video ID</div> <div><p>1433260831</p> </div> </div> <div> <div>video type</div> <div><a href="/taxonomy/term/7396" hreflang="en">Conference</a></div> </div> <div> <div>CDW Activity ID</div> <div><p>MKT25514</p> </div> </div> <div> <div>CDW Segment</div> <div>Federal</div> </div> <div> <div>Customer Focused</div> <div>True</div> </div> <div> <div>Buying Cycle</div> <div><a href="/taxonomy/term/7446" hreflang="en">Engagement</a></div> </div> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="https://fedtechmagazine.com/media/video/feds-bust-common-myths-about-iot" data-title="Is #IoT just a series of connected devices? Is it true that #FedIT can't deploy Internet of Things right now? We break down the myths surrounding #GovIT's use of IoT." data-via="FedTechMagazine" data-button-background="none"> <span> <span>Jul</span> <span>09</span> <span>2018</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-googleplus cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="https://fedtechmagazine.com/media/video/feds-bust-common-myths-about-iot" data-title="Is #IoT just a series of connected devices? Is it true that #FedIT can't deploy Internet of Things right now? We break down the myths surrounding #GovIT's use of IoT." data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="https://fedtechmagazine.com/media/video/feds-bust-common-myths-about-iot" data-title="Is #IoT just a series of connected devices? Is it true that #FedIT can't deploy Internet of Things right now? We break down the myths surrounding #GovIT's use of IoT." data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href="https://twitter.com/search?f=realtime&amp;q=https%3A%2F%2Ffedtechmagazine.com%2Frss.xml%3Fitok%3Dw87G9KGN%26destination%3D%2F%253Fitok%253Dw87G9KGN%26_exception_statuscode%3D404" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-googleplus cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div> <div>Pull Quote</div> <div> <p class="quote"><a href="node/"> Unless you build that robust series of ringed defenses around it, you&#039;re not going to be able to control it and you&#039;re not going to be able to defend yourself. </a></p> <img src="/sites/fedtechmagazine.com/files/styles/photo_quote_thumb/public/2018-07/Screen%20Shot%202018-07-09%20at%204.16.56%20PM.png.jpg?itok=ZyVyloIG" width="60" height="60" alt="Robert Hembrook of NOAA" typeof="foaf:Image" /> <p class='speaker'> <span>Robert Hembrook </span> Director of Cybersecurity, National Oceanic and Atmospheric Administration </p> </div> </div> Mon, 09 Jul 2018 17:27:28 +0000 phil.goldstein_6191 41146 at https://fedtechmagazine.com OMB Hopes New ‘Cloud Smart’ Strategy Will Accelerate Migrations https://fedtechmagazine.com/article/2018/07/omb-hopes-new-cloud-smart-strategy-will-accelerate-migrations <span>OMB Hopes New ‘Cloud Smart’ Strategy Will Accelerate Migrations</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 07/09/2018 - 12:27</span> <div><p>It has often been said that <a href="https://fedtechmagazine.com/article/2018/04/How-to-Break-the-Cultural-Logjam-on-Federal-Cloud-Adoption">one key hurdle</a> federal agencies need to overcome to move applications to the cloud is <a href="https://fedtechmagazine.com/article/2018/01/culture-change-sits-heart-successful-cloud-deployments">cultural resistance</a>. The Office of Management and Budget is trying a new, straightforward tack:<strong> focus on what’s working and try to replicate those strategies across the government</strong>.</p> <p>Within the next few months, OMB is expected to release a new government cloud strategy, tentatively <strong>dubbed “Cloud Smart,” </strong>a successor to the <a href="https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/federal-cloud-computing-strategy.pdf" target="_blank">government’s cloud-first policy</a>, which was formalized in early 2011.</p> <p>OMB has spent much of the past year studying what works in terms of cloud adoption and use across government, and that work with agencies will inform the new strategy.</p> <p>“We’re trying to find new ways for people to get to cloud, and the problem is we’re using the same old approaches,” Bill Hunt, a digital services expert at OMB, said last month at <a href="https://www.atarc.org/events/cloud-summit-2018-06-13/" target="_blank">ATARC’s Cloud &amp; Data Center Summit</a>, MeriTalk <a href="https://www.meritalk.com/articles/omb-set-to-release-new-federal-cloud-computing-strategy/" target="_blank">reports</a>. “We have a lot of different individual policies, that are in these little tiny siloes, that address one thing over here, and another thing over there. <strong>We haven’t really been looking holistically across the government.</strong>”</p> <p>Hunt added, <a href="https://fcw.com/articles/2018/06/13/cloud-smart-omb-friedman.aspx" target="_blank">according to <em>FCW</em></a>: “We are tentatively calling the strategy Cloud Smart, and we are looking into areas where we have seen success and best practices.”</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP:</strong> Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>New Strategy to Help Agencies Make Cloud Migrations Easier</h2> <p><a href="https://itmodernization.cio.gov/assets/report/Report to the President on IT Modernization - Final.pdf" target="_blank">The White House’s final report on IT modernization</a>, released in December, requires OMB, in coordination with the Department of Homeland Security, General Services Administration and other federal partners, to update the cloud-first strategy. “This strategy will provide additional guidance to agencies on <strong>the most impactful use cases for cloud adoption and how best to conduct appropriate operational security in cloud environments</strong>,” the report states.</p> <p>Despite the intense focus on cloud migration, federal cloud adoption is still not where it needs to be at this point, Hunt said. “Cloud is still not widely adopted across the government,” he said, according to MeriTalk. “A quarter of the spend has been moved over that way, but we still have a ways to go.”</p> <p>The new strategy will highlight three key areas: <strong>security, procurement </strong><strong>and</strong><strong> workforce</strong>, according to Hunt.</p> <p>Many concerns agencies have had in moving to the cloud have been policy concerns, Hunt said at the ATARC event, <a href="https://federalnewsradio.com/cloud-computing/2018/06/same-old-approaches-to-cloud-will-not-be-part-of-strategy-revamp/" target="_blank">according to Federal News Radio</a>. Those include “things that OMB has created that haven’t been updated or refreshed and make it a lot harder to move to the cloud,” he acknowledged.</p> <p>“That is something we are looking at too,” Hunt said. “This administration really believes in <strong>removing those burdensome barriers of policy that aren’t helping people get to these marketplace solutions</strong> that we all know and love already.”</p> <p><a href="https://www.federaltimes.com/it-networks/cloud/2018/06/13/omb-to-issue-updated-government-cloud-strategy/" target="_blank">According to <em>Federal Times</em></a>, Hunt said that while many agencies are already pushing to take full advantage of cloud computing capabilities, those that have not will find the new strategy useful. The Cloud Smart strategy will be based on data OMB has collected as well as feedback it has received from agency CIOs on what has and has not worked in the cloud.</p> <p>“We’ve really just <strong>tried to address why we haven’t moved</strong>, why the agencies are just not getting where we want them to go, where Congress thinks they should be going, where everybody agrees that they should be going,” Hunt said.</p> <p>One of those IT leaders is Dave Nelson, CIO of the Nuclear Regulatory Commission, who said too often he hears that agencies are risk averse and don’t want to move to the cloud. “<strong>The role of the CIO in cloud migration has morphed considerably</strong>,” he said at the ATARC summit, according to Federal News Radio. “I think many in the cloud services organizations, the vendor community may have missed that shift in the way they continue to talk to CIOs.”</p> <p>The NRC has overcome initial resistance to moving apps and servers to the cloud, according to Nelson. The agency put its email system in the cloud, recently completed the shift of its collaboration tools to the cloud and is testing high-performance computing activities to support mission decisions, Federal News Radio reports.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 09 Jul 2018 16:27:09 +0000 phil.goldstein_6191 41141 at https://fedtechmagazine.com