FedTech - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en State Department Takes a New Cloud Approach https://fedtechmagazine.com/article/2018/09/state-department-takes-new-cloud-approach <span>State Department Takes a New Cloud Approach</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 09/24/2018 - 14:27</span> <div><p>The State Department has been working to transform its IT operations <a href="https://fedtechmagazine.com/article/2017/04/how-state-department-transforming-its-technology">for a while now</a>, and the agency has also been busy <a href="https://fedtechmagazine.com/article/2018/02/how-hyperconvergence-simplifies-agencies-data-centers">adopting </a><a href="https://fedtechmagazine.com/article/2018/02/how-hyperconvergence-simplifies-agencies-data-centers">hyperconverged</a><a href="https://fedtechmagazine.com/article/2018/02/how-hyperconvergence-simplifies-agencies-data-centers"> infrastructure</a> to modernize its data centers.</p> <p>At the heart of the agency’s new strategy is an embrace of a hybrid cloud model and a desire to stop using decentralized, purpose-built IT tools. </p> <p>“We have gone through a comprehensive review, analysis and fact-finding across the department in 2017 and 2018 to identify what we need to do in order to do IT differently across the department,” Ken Rogers, the State Department’s deputy CIO for business management and planning, <a href="https://federalnewsradio.com/ask-the-cio/2018/09/state-dept-s-move-to-hybrid-cloud-underpinning-new-it-modernization-strategy/" target="_blank">told Federal News Radio</a>. “A lot of that is <strong>pulling back in a lot of the decentralized activity, and centralized that into a shared </strong><strong>service</strong><strong> process</strong>. It’s a fundamental paradigm shift to how we have been doing IT over the past decade or so.”</p> <p>Moving in that direction will <strong>deliver efficiency and cost savings</strong> while still allowing the State Department’s business units to get access to the applications and services they need, Rogers contends. </p> <p><em><a href="https://fedtechmagazine.com/article/2017/07/how-cloud-improves-transparency-state-department-usaid-and-noaa" target="_blank"><strong>MORE FROM FEDTECH: </strong>Find out how the cloud improves transparency at the State Department and other agencies! </a></em></p> <h2 id="toc_0">State Department Wants to Get More Users on the Cloud</h2> <p>Rogers said the agency is moving away from thinking “cloud first” to <strong>an “optimized cloud" approach</strong>. The hybrid cloud approach the department is taking gives it the necessary “guardrails” for technology modernization. </p> <p>“How do we now increase the value proposition of cloud by optimizing what we are doing?” Rogers said. “It really is delivering a secure infrastructure and platform to the department, and<strong> pushing up our customers to that Software as a Service layer where they have a lighter lift</strong>. There is huge potential for cost savings, to create efficiencies and to remove some of the friction.”</p> <p>The State Department must strengthen its Infrastructure and Platform as a Service cloud offerings so that agency components “don’t have a huge, heavy lift of basic stuff that should be commoditized,” he said. That will allow them to cut costs and use those savings to build IT systems that will have greater capabilities and allow them to complete their mission more effectively. </p> <p>“That’s the primary way we are approaching this at this point,” Rogers said. “There still is a significant need for the business side of the organization that really understands what their business requirements are and how to best leverage those business requirements with modern technologies.”</p> <p>As a sign of how the State Department is shifting its thinking on the cloud, Federal News Radio reports that the agency is using more <strong>enterprise license agreements for cloud services</strong>. That, according to Rogers, will make it easier for the agency to modernize apps since business units will not need to procure their own cloud services. They will then also have faster access to test, development and production environments.</p> <p>“Over the past eight years, we’ve gone from tiptoeing into the cloud space to actually confronting cloud sprawl. How do we get that value proposition back in by having an elastic cloud environment that can scale rather than setting up duplicative infrastructure environments?” Rogers said. “This is a real opportunity to do real modernization and I think one of the biggest value propositions out there when you move away from the cost piece is the data. What are you doing with the data?”</p> <p>Notably, <a href="https://fedtechmagazine.com/article/2018/05/why-state-department-sees-data-strategic-asset">Rogers has said</a> the agency sees data as a strategic asset, and that <strong>information is the “currency” of the department</strong>.</p> <p>According to Rogers, the agency’s new strategic IT plan incorporates an acquisition strategy that creates a multivendor multicloud environment at State. “We looked at what we have, how do we leverage it and <strong>how do we secure this </strong><strong>multicloud</strong><strong> environment</strong> with some of the production stuff that is out there so we have a go-to strategy for our bureau customers,” he said. </p> <p>Next year, the agency will look to consolidate all of its one-off contracts for cloud services into the enterprise service agreements, according to Federal News Radio. Then it will optimize those environments to achieve cost savings.</p> <p><a href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><em><strong>DOWNLOAD: </strong>Find out how your agency can successfully move to the cloud in CDW's Modern IT Infrastructure Insight Report! </em></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 24 Sep 2018 18:27:42 +0000 phil.goldstein_6191 41486 at https://fedtechmagazine.com The IC Now Envisions ICITE as a Reference Architecture https://fedtechmagazine.com/article/2018/09/ic-now-envisions-icite-reference-architecture <span>The IC Now Envisions ICITE as a Reference Architecture</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 09/24/2018 - 09:07</span> <div><p>The intelligence community is vast, encompassing a wide range of agencies and missions, from the CIA to the Office of Naval Intelligence and National Geospatial-Intelligence Agency. </p> <p>Since 2013, the IC has moved away from siloed IT and established <a href="https://www.dni.gov/files/documents/IC_ITE_Strategy.pdf" target="_blank">the Intelligence Community Information Technology Enterprise</a>. The Office of the Director of National intelligence’s ICITE is <a href="https://fedtechmagazine.com/article/2017/08/its-not-top-secret-intelligence-community-encourages-data-sharing">a platform of nine shared services</a>, from security to networking, email to virtual desktops, all delivered via a private cloud. The common desktop provides standard operations such as email and office systems.</p> <p>The model has helped <strong>standardized the intelligence community’s IT to a degree</strong>. Sue Gordon, principal deputy director of national intelligence, <a href="https://fedtechmagazine.com/article/2018/08/intelligence-community-sees-surge-cloud-use">last month praised her predecessors</a> who set up ICITE and “who started with the idea of efficiency — that we should do in common what’s commonly done.” ICITE “allows integration in a serious way,” she said Aug. 21 <a href="https://www.fedscoop.com/events/fedtalks/2018/" target="_blank">at the FedTalks 2018 event</a> in Washington, D.C.</p> <p>However, the ODNI is <strong>shifting its approach to ICITE over the next couple of years</strong>, according to La’Naia Jones, the IC’s deputy CIO. Speaking Sept. 11 <a href="https://www.pscouncil.org/c/e/c/Technology_Conference/Tech_Trends_Conference_Page_Updated.aspx" target="_blank">at the Professional Services Council’s TechTrends conference</a>, she said the IC is going to move toward <strong>a reference architecture model for ICITE</strong>. Reference architectures offer a template solution for an architecture for a particular domain, and they often stress commonality.</p> <p><a href="https://fcw.com/articles/2018/09/11/icite-ref-arch-williams.aspx" target="_blank">As <em>FCW</em> reports</a>, Jones said the ODNI is working with intelligence agencies on plans to implement the reference architecture <strong>by May 2020</strong>.</p> <p><a href="https://fedtechmagazine.com/article/2018/08/intelligence-community-sees-surge-cloud-use" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Read about how cloud usage has exploded in the intelligence community! </em></a></p> <h2 id="toc_0">IC Wants a New Approach to Common IT</h2> <p>The intelligence community has shifted to the cloud in a big way over the last several years, via a private on-premises cloud, which was built by Amazon Web Services. Gordon said there has been <strong>an “explosion of use” of the cloud </strong>that IC leaders had not envisioned. </p> <p>However, the shift to the common cloud architecture alone has not been enough keep up with intelligence agencies’ growing data loads and individual needs, Jones said, according to <em>FCW</em>. </p> <p>“Even as we started to adapt and use cloud computing, the need to evolve and increase in data,” she said, was “more than we could keep pace with. <strong>We knew we had to change continuously</strong>.” </p> <p>ICITE’s desktop environment approach was designed to a common desktop for the entire intelligence community. However, Jones said, the IC ran into hurdles as it evolved its cloud architecture. </p> <p>“It <strong>wasn’t as easy to create a common desktop</strong> for everyone and to share everything across the community,” she said. Different agencies had their own IT visions, as well as unique applications and tools. </p> <p>That is why ICITE is going to evolve into a common reference architecture, which will address the need for a unified technology platform while giving users in the IC <strong>“some flexibility to leverage some of the technologies that make sense for them,”</strong> Jones said, according to <em>FCW</em>. </p> <p>“With the second version of ICITE, because we have the challenges of implementing the common desktop and getting us to where we are now, we wanted to continue moving forward to provide interoperability in a collaborative future as well as stay focused on mission,” she said. </p> <p>The IC will still be using the foundations of AWS-built private cloud, Jones said, “but we were mindful that the operators, collectors and analyst leads and their tools weren’t common throughout the community.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 24 Sep 2018 13:07:09 +0000 phil.goldstein_6191 41481 at https://fedtechmagazine.com How DHS Hopes to Use EIS to Modernize Its Approach to IT https://fedtechmagazine.com/article/2018/09/how-dhs-hopes-use-eis-modernize-its-approach-it <span>How DHS Hopes to Use EIS to Modernize Its Approach to IT </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 09/21/2018 - 09:16</span> <div><p>The Department of Homeland Security <a href="https://www.dhs.gov/who-joined-dhs" target="_blank">has 22 component agencies</a>, and its mission has grown since it was formed in 2002. That means there is not only a lot of IT to manage, but also numerous disparate approaches to technology governance and modernization. </p> <p>DHS CIO John Zangardi wants to use the General Services Administration’s $50 billion <a href="https://www.gsa.gov/technology/technology-purchasing-programs/telecommunications-and-network-services/enterprise-infrastructure-solutions" target="_blank">Enterprise Infrastructure Solutions contract</a>, for agencies to modernize their network infrastructures, to <strong>update not just its network but also its broader IT infrastructure</strong>. </p> <p>“When I got to DHS, one of the things I realized is that we have to do network modernization,” Zangardi said this month at the <a href="https://www.billingtoncybersecurity.com/" target="_blank">Billington Cybersecurity Summit</a>, according to <a href="https://www.meritalk.com/articles/dhs-cio-says-priorities-include-modernization-workforce-supply-chain/" target="_blank">MeriTalk</a>. Zangardi joined DHS in December after serving as the acting CIO of the Defense Department. </p> <p>Zangardi said at the conference that DHS will use EIS to modernize its IT systems overall and <strong>give component agencies a reference point </strong>for the technology the agency will deploy, <a href="https://www.fedscoop.com/eis-dhs-it-modernization-zangardi-billington/" target="_blank">FedScoop reports</a>. EIS is also designed to enhance agencies’ cybersecurity by introducing <strong>a standardized network architecture</strong>. </p> <p><a href="https://fedtechmagazine.com/article/2018/06/eis-opportunity-network-transformation-kent-says" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Read why EIS is an opportunity for agencies to transform their networks! </em></a></p> <h2 id="toc_0">DHS Gears Up for EIS Contract Transition</h2> <p>EIS requires agencies to transition away from the Networx contracting vehicle by spring 2020. Agencies can use next-generation network technology through EIS, including software-defined networking and 5G wireless networks, for the foreseeable future.</p> <p>Zangardi said DHS has <strong>created an EIS program management office</strong>, which is being staffed. He also said DHS is meeting with the vendors to discuss the contract and budgeting for new networking gear in fiscal year 2020, MeriTalk reports. </p> <p>“We are going to leverage the GSA vehicle EIS to award in the second or third quarter of 2019,” Zangardi said, according to FedScoop. The CIO wants DHS components to be involved and to move forward with an agencywide approach. </p> <p>“The objective here is to modernize through that vehicle and get to a better network for voice and data. <strong>We have to change the infrastructure we’re on; it is old</strong>,” he said. “We have to do it in a way that’s inclusive of the whole department.” </p> <p>Zangardi is working with the DHS deputies management action group, which is made up of acting Deputy Secretary Claire Grady and the deputies of the component agencies, to create EIS implementation plans. </p> <p>Regarding the EIS PMO, Zangardi said it will “work across DHS to build out our requirements.” The PMO will lead the charge to upgrade the agency’s Ethernet network and make its network connections stronger and faster. Notably, <strong>Zangardi envisions DHS adopting SDN</strong>. “We’re going to look at virtualizing endpoints, improving network resilience and trying to lower costs.” </p> <p>Zangardi wants to hit the ground running to build the new DHS network when the contract begins in 2020. “We are really going to try and make this network state-of-the-art and world-class,” he said.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 21 Sep 2018 13:16:44 +0000 phil.goldstein_6191 41476 at https://fedtechmagazine.com DISA Makes It Easier for DOD Components to Get Managed Mobility https://fedtechmagazine.com/article/2018/09/disa-makes-it-easier-dod-components-get-managed-mobility <span>DISA Makes It Easier for DOD Components to Get Managed Mobility</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 09/19/2018 - 11:17</span> <div><p>The Defense Department contains massive organizations, such as the Department of the Army and much smaller components that focus on policy and logistics. Now, they<strong> all have access to the same managed mobility services</strong> from the Defense Information Systems Agency. </p> <p>DISA, the Pentagon’s IT services arm, <a href="https://www.disa.mil/NewsandEvents/2018/DISA-expands-mobility-Enterprise-Email" target="_blank">announced in August</a> that it would make its <a href="https://www.disa.mil/NewsandEvents/2018/DISA-expands-mobility-Enterprise-Email" target="_blank">DOD Mobility Unclassified Capability service</a> available to<strong> all mission partners, services, agencies and field activities</strong>. Previously, only mission partners that purchased the agency’s DOD Enterprise Email service were able to use the managed mobility service. Additionally, the cost for the service <strong>dropped to $4.31 per device per month from $7.54</strong>.</p> <p>DISA has already snagged major new internal customers for the service, including the Navy and Marine Corps, <a href="https://www.fedscoop.com/expansion-mobile-offerings-big-business-disa/" target="_blank">according to FedScoop</a>, as well as smaller components. The wider availability of the service means that DOD components, large and small, can now offload the cost and time of managing their own mobility programs. </p> <p>“We are interested in bringing on as many DOD mission partners as we can,” DOD Mobility Portfolio Manager Jake Marcellus told FedScoop. He said DISA is managing about 125,000 devices and adding about 3,000 additional devices per week. “So, can we scale? Yes, we can.”</p> <p><a href="https://fedtechmagazine.com/article/2018/08/how-air-force-secures-and-customizes-its-mobile-solutions"><em><strong>MORE FROM FEDTECH: </strong>Read about how the Air Force secures and customizes its mobile solutions! </em></a></p> <h2 id="toc_0">DISA Service Delivers More Cost-Effective Mobility Management</h2> <p>The DMUC service offers DOD components a bevy of managed mobility services. It allows government-purchased commercial mobile devices access to the Department of Defense Information Network, Defense Enterprise Email, encrypted email capability and access to hundreds of approved apps from <a href="https://www.cdwg.com/content/cdwg/en/brand/apple.html" target="_blank">Apple</a>’s App Store and <a href="https://www.cdwg.com/content/cdwg/en/brand/google.html" target="_blank">Google</a> Play.</p> <p>DMUC also offers <strong>mobile device management capabilities, mobile app management</strong>, high-availability architectures and commercial voice services.</p> <p>DISA’s service is simply more cost-effective for many smaller DOD components. Marcellus told FedScoop that, on average, many independent DOD mobility programs <strong>may serve somewhere between 5,000 and 10,000 users</strong>. “And we’ve even recently seen customers or mission partners that have come to us, and they’re managing a whole mobility program with only 500 users,” he said. “So that’s really <strong>not cost-effective when you think about it</strong>.”</p> <p>Additionally, DISA can <strong>host a mobile application</strong> if an organization has an app or plans to create one.</p> <p>“We tell you what the standards are, validate those standards through a vetting process and then place you in a mobile application store that we host here,” Marcellus said. “And I’ll say that’s where … we see a lot of innovation and ideas.”</p> <p>DISA offers components lists of supported products, which show devices that have been vetted by <a href="https://www.niap-ccevs.org/" target="_blank">the National Information Assurance Partnership</a>, according to FedScoop.</p> <p>Marcellus said customers should expect a commercial experience through the service. “We are using commercial services, not anything specifically government,” Marcellus said. “So, you can expect that the experience will be like the experience you have with your personal phone.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/modern-workforce.html?cm_mmc=Vanity-_-modernworkforce-_-NA-_-042018" target="_blank"><img alt="Modern-Workforce_the-office.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/biztechmagazine.com/files/Modern-Workforce_the-office.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 19 Sep 2018 15:17:01 +0000 phil.goldstein_6191 41471 at https://fedtechmagazine.com DHS to Roll Out New Cybersecurity Risk Score for Agencies https://fedtechmagazine.com/article/2018/09/dhs-roll-out-new-cybersecurity-risk-score-agencies <span>DHS to Roll Out New Cybersecurity Risk Score for Agencies</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 09/18/2018 - 11:26</span> <div><p>Over the next three to six months, the Department of Homeland Security will launch a new cybersecurity risk score for agencies.</p> <p>The new algorithm, which is <a href="https://www.dhs.gov/cdm" target="_blank">part of DHS’ Continuous Diagnostics and Mitigation program</a>, incorporates DHS threat intelligence data and is called Agency-Wide Adaptive Risk Enumeration.<strong> AWARE will allow agencies to prioritize cybersecurity vulnerability mitigation activities</strong>, using threat data combined with agency dashboard data related to the existence of known vulnerabilities and the FIPS 199 information system impact level (high, moderate or low), <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/FY2017FISMAReportCongress.pdf" target="_blank">as a White House report notes</a>. </p> <p>Agencies will be able to use this risk scoring approach to improve cybersecurity hygiene, the report adds. “The idea there is that we’re going to be able to take a look, agency by agency, to <strong>see how well agencies are doing with patching, configuration</strong>, etc., and be able to help ultimately get down to the system level as well,” Kevin Cox, the CDM program manager, said at an ATARC event in late August, <a href="https://www.meritalk.com/articles/cdm-cyber-dashboard-complete-in-september/" target="_blank">according to MeriTalk</a>. </p> <p><a href="https://fedtechmagazine.com/resources/white-paper/managing-cyber-risks-public-sector-environment" target="_blank"><em><strong>DOWNLOAD: </strong>Read this white paper to ensure your agency is not the next cybersecurity headline!</em></a></p> <h2 id="toc_0">DHS to Bolster Cybersecurity for Agencies Under CDM</h2> <p>By the end of September, <strong>all 23</strong> of the CFO Act agencies will have their agency cybersecurity threat dashboards feeding into a federal dashboard, Cox said at the event. Four smaller, non-CFO Act agencies are reporting to CDM’s <a href="https://fedtechmagazine.com/article/2018/03/dhs-will-soon-launch-cdm-service-smaller-agencies">shared service dashboard</a>, <strong>with another 15 expected toward the end of September</strong>.</p> <p>The federal dashboard, which gives DHS an enterprisewide view of real-time threats across government, has been upgraded to a new version, “Release 5,” and DHS is working to upgrade each of the individual agency dashboards to the same release, according to MeriTalk. </p> <p>Those agency dashboards inform data on the federal dashboard and help direct daily operational government cybersecurity activities. Given that, Cox said, it is important that those dashboards be <strong>optimized to receive the best information</strong>. </p> <p>“We are working to make those agency dashboards even more useful to the agencies,” Cox said. “We’ve been working really diligently to make sure that with each new release of the dashboard, that we’ve got performance improvements and we’ve got reporting improvements.”</p> <p>Another key part of the upgrades is the rollout of AWARE, which will serve as a score to show agencies where they stand in terms of cybersecurity preparedness. It will be<strong> “similar to a credit score,”</strong> Cox said at the event, but in reverse. The lower the score, the smaller the agency’s attack surface, according to MeriTalk.</p> <p>“We want to help agencies identify their overall security posture, cyber hygiene as quickly as possible,” he said.</p> <p>Chris Jensen, <a href="https://www.cdwg.com/content/cdwg/en/brand/tenable.html" target="_blank">Tenable</a>’s federal business development and capture manager, <a href="https://www.tenable.com/blog/cdm-making-us-federal-agencies-more-aware-of-cyber-exposure" target="_blank">writes in a blog post</a> that AWARE “is an evolving concept intended to drive CDM toward the goal of <strong>improving the way the government measures its cyber risk </strong>— that is, the degree to which known vulnerabilities continue to provide an unprotected attack surface for potential adversaries.” </p> <p>AWARE, Jensen writes, will “continue to be refined in subsequent releases, increasingly taking mitigation and other relevant factors into account.” He notes that the “initial release represents an important step toward the overarching goal of sharpening the federal focus on performing basic cyber hygiene,” such as “making sure that software, applications and operating systems are promptly and regularly updated with their most recent versions.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank" title="CDW Cybersecurity Insight Report"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://biztechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 18 Sep 2018 15:26:32 +0000 phil.goldstein_6191 41466 at https://fedtechmagazine.com White House Wants GEAR Initiative to Spark IT Modernization https://fedtechmagazine.com/article/2018/09/white-house-wants-gear-initiative-spark-it-modernization <span>White House Wants GEAR Initiative to Spark IT Modernization</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 09/17/2018 - 10:38</span> <div><p>Washington, D.C., is filled with think tanks. The White House does not want another one, and does not expect its proposed <strong>Government Effectiveness Advanced Research Center</strong> to be a typical research center. </p> <p>Instead, the Trump administration wants the GEAR Center to serve as a catalyst for <strong>actual pilot programs agencies can use to spur IT modernization</strong>. The administration is currently digesting responses it received to <a href="https://www.nextgov.com/it-modernization/2018/07/white-house-seeks-input-reskilling-feds-and-upgrading-agency-services/149990/" target="_blank">a request for information</a> from the private sector it put out in July on GEAR.</p> <p>GEAR was part of the administration’s <a href="https://www.whitehouse.gov/wp-content/uploads/2018/06/Government-Reform-and-Reorg-Plan.pdf" target="_blank">wide-ranging government reorganization </a><a href="https://www.whitehouse.gov/wp-content/uploads/2018/06/Government-Reform-and-Reorg-Plan.pdf" target="_blank">plan</a>, and is one that would not require approval from Congress to set up. Margaret Weichert, deputy director of management at the Office of Management and Budget, said last month that the administration does not want bureaucracy to impede its efforts to deliver better services for citizens, <a href="https://www.nextgov.com/it-modernization/2018/08/white-house-unveils-more-details-about-proposed-modernization-center/150785/" target="_blank">Nextgov reports</a>. </p> <p>The GEAR Center would be a public-private partnership that would bring together “experts from disciplines ranging from behavioral economics, to computer science, to design thinking, in order to take a creative, data-driven, and interdisciplinary approach to imagining and <strong>realizing new possibilities in how citizens and government interact</strong>,” the reorganization plan states.</p> <p>“Collaboration and co-creation are part of the norm of how people do business in the 21st century,” Weichert said in late August on a phone call with reporters and potential vendors. “We want to … make that a possible reality for government.”</p> <p><a href="https://fedtechmagazine.com/media/video/how-nasa-atf-sba-and-nara-plan-successful-it-futures"><em><strong>VIDEO: </strong>Find out how NASA, ATF, SBA </em></a><a href="https://fedtechmagazine.com/media/video/how-nasa-atf-sba-and-nara-plan-successful-it-futures"><em>and</em></a><a href="https://fedtechmagazine.com/media/video/how-nasa-atf-sba-and-nara-plan-successful-it-futures"><em> NARA plan successful IT futures!</em></a></p> <h2 id="toc_0">GEAR to Focus on Concrete Federal IT Modernization Projects</h2> <p>The GEAR Center is designed to fast-track private sector innovations in government technology. Weichert said the center will initially focus on key aspects of <a href="https://www.whitehouse.gov/wp-content/uploads/2018/03/Presidents-Management-Agenda.pdf" target="_blank">the President’s Management Agenda</a>: IT modernization, cybersecurity, data management and workforce development. </p> <p>The White House argues that the executive branch currently lacks the capability to work with state and local governments, businesses, and higher education institutions to assess the long-term strategic needs of government, and “to <strong>‘test and learn’ how to apply innovative approaches</strong> to meeting the mission, service and stewardship needs” of the 21st century. “This capability is needed to effectively apply theory to practice in a low-risk environment,” the White House reorganization plan adds.</p> <p>GEAR would give the government with the opportunity “to not only catch up to where the private sector services and capabilities are today, but to lay the groundwork for where Government operations and services need to be in five, 10, or 20 years or more.” </p> <p>For example, the GEAR Center could examine the impacts to government that are likely to occur due to broader economic forces such as <strong>self-driving cars and automation</strong>, improving government services and exploring strategies to <strong>leverage big data and manage data as an asse</strong>t across government silos.</p> <p>Weichert stressed the GEAR Center is not a “think tank” in the traditional sense, according to Nextgov, and its will need to produce solutions that agencies can actually implement. </p> <p>“We want to emphasize at the end of the day this is about applied research in the government context,” she said. “We don’t just want to have … written diagnoses. We want to have pilots.”</p> <p>The GEAR Center is designed to spark innovation as an engine to <strong>transform the public’s experience with government</strong>. “Researchers will validate and/or develop improved ways to serve the needs and desires of the customers of Government services, and rethink the experience of Government-public interactions,” the White House plan says.</p> <p>OMB Program Manager Mark Bussow says the administration has not yet decided if the GEAR Center will be in a physical building or a be composed of a dispersed consortium of experts, but that it is leaning toward the consortium model, according to Nextgov. OMB expects to begin formally setting up GEAR next year.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 17 Sep 2018 14:38:03 +0000 phil.goldstein_6191 41461 at https://fedtechmagazine.com What Feds Can Do to Guard Against DDoS Attacks and the Botnet Threat https://fedtechmagazine.com/article/2018/09/what-feds-can-do-guard-against-ddos-attacks-and-botnet-threat-perfcon <span>What Feds Can Do to Guard Against DDoS Attacks and the Botnet Threat</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 09/17/2018 - 09:35</span> <div><p>In October 2016, <a href="https://biztechmagazine.com/article/2016/10/dyn-ddos-attack-highlights-vulnerability-iot-devices" target="_blank">the Mirai botnet took down domain name system provider Dyn</a>, waking much of the world up to the fact that Internet of Things devices could be weaponized in a massive distributed denial of service (DDoS) attack. Although DDoS attacks have been around since the early days of the modern internet, IT communities around the globe came to realize that IoT devices could be <strong>leveraged in botnet attacks to go after all kinds of targets</strong>.</p> <p>In the case of Dyn, the cyberattack took huge chunks of the web offline, since Dyn served as a hub and routing service for internet traffic. The attack temporarily shut off access to Twitter, Netflix, Spotify, Box, GitHub, Airbnb, reddit, Etsy, SoundCloud and other sites.</p> <p><a href="https://fedtechmagazine.com/article/2012/10/how-defend-against-botnets">The rising prominence of botnets</a> in DDoS attacks also <strong>prompted the federal government to take a stronger interest</strong>. President Donald Trump’s <a href="https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/" target="_blank">May 2017 executive order</a> on cybersecurity directed the secretaries of Commerce and Homeland Security to lead “an open and transparent process to identify and promote action by appropriate stakeholders” that would improve the resilience of the internet and encourage collaboration around the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).”</p> <p>In late May, the departments of Commerce and Homeland Security <a href="https://www.commerce.gov/sites/commerce.gov/files/media/files/2018/eo_13800_botnet_report_-_finalv2.pdf" target="_blank">issued a final report on the topic</a>, which included numerous recommendations for agencies to take to mitigate DDoS attacks and botnet threats. </p> <p>The government, the report says, “should leverage industry-developed capability baselines, where appropriate, in establishing capability baselines for IoT devices in U.S. government environments to meet federal security requirements, promote adoption of industry-led baselines, and accelerate international standardization.”</p> <p>Among numerous other measures, the report says that agencies should put in place<strong> basic DDoS prevention and mitigation measures for all federal networks</strong>, and ensure they are not used to amplify DDoS attacks.</p> <p>Before federal IT leaders and professionals put mitigation and prevention measures in place, it’s worth taking time to understand the nature of the threat. Here is a primer on DDOs attacks, botnets, the damage they can do and how agencies can guard against them.</p> <p><a href="https://fedtechmagazine.com/media/video/how-feds-should-think-about-iot-cybersecurity"><em><strong>VIDEO: </strong>Find out how agencies should approach Internet of Things cybersecurity! </em></a></p> <h2 id="toc_0">What Is a DDoS Attack?</h2> <p>A DDoS attack is a cyberattack in which <strong>multiple compromised systems attack a given target</strong>, such as a server or website, to deny users access to that target. </p> <p>Attackers often use compromised devices — desktops, laptops, smartphones or IoT devices — to command them to generate traffic to a website in order to disable it, in ways that the user does not even detect.</p> <p>“The smart cybercriminal imposes limits on the malware code to avoid detection by not utilizing too much of the user’s bandwidth or system resources,” Carl Danowski, a CDW service delivery architect in managed services, <a href="https://blog.cdw.com/security/hyperscale-cloud-offers-additional-protection-ddos-attacks" target="_blank">writes in a blog post</a>. “The user would have to know where to look to detect this, and probably won’t be motivated to as long as the software doesn’t cause any problems for them. The attack does not use just a single system but millions of such compromised systems, nearly simultaneously.”</p> <p>The malware then visits or sends special network packets (OSI Layer 7 and Layer 3, respectively) to the website or DNS provider. The attack then generates what looks like, to most cybersecurity tools, normal traffic or unsuccessful connection attempts.</p> <p>“However, the website soon becomes unavailable <strong>as some part of the infrastructure can no longer handle the sheer number of simultaneous requests</strong>,” Danowski notes. “It could be the router, the firewall, the web servers, the database servers behind the web servers — any number of points can become overwhelmed, leading to the unavailability of the service they are providing. As a result, legitimate users of the website are denied service.”</p> <p>As the DHS/Commerce report notes, DDoS attacks have been a concern since the early days of the internet and were a regular occurrence by the early 2000s. They can “overwhelm networked resources, sending massive quantities of spam, disseminating keylogger and other malware.”</p> <h2 id="toc_1">What Is a Botnet Attack?</h2> <p>Botnet attacks are related to DDoS attacks. Not all botnets are malicious; a botnet is a simply <strong>a group of connected computers working together to execute repetitive </strong><strong>tasks</strong>, and can keep websites up and running. However, malicious botnets use malware to take control of internet-connected devices and then use them as a group to attack.</p> <p>“More often than not, what botnets are looking to do is to add your computer to their web,” <a href="https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html" target="_blank">a blog post</a> from anti-virus firm <a href="https://www.cdwg.com/search/?key=norton&amp;ctlgfilter=&amp;searchscope=all&amp;sr=1" target="_blank">Norton</a> notes. “That usually happens through a drive-by download or fooling you into installing a Trojan horse on your computer. Once the software is downloaded, the botnet will now contact its master computer and let it know that everything is ready to go. Now your computer, phone or tablet is entirely under the control of the person who created the botnet.”</p> <p>Malicious botnets are often used to amplify DDoS attacks, as well as sending out spam, generating traffic for financial gain and scamming victims.</p> <p><a href="https://fedtechmagazine.com/article/2018/03/will-there-be-government-standard-iot-security">The rise of the IoT</a> makes botnets more dangerous and potentially virulent. The IoT means there are simply <strong>many more (usually unsecured) connected devices for attackers to target</strong>. As a result, the DHS/Commerce report notes, “DDoS attacks have grown in size to more than one terabit per second, far outstripping expected size and excess capacity. As a result, recovery time from these types of attacks may be too slow, particularly when mission-critical services are involved.”</p> <p>Further, the report adds, traditional DDoS mitigation techniques, such as network providers building in excess capacity to absorb the effects of botnets, “were not designed to remedy other classes of malicious activities facilitated by botnets, such as ransomware or computational propaganda.”</p> <p><a href="https://fedtechmagazine.com/resources/white-paper/managing-cyber-risks-public-sector-environment" target="_blank"><em><strong>DOWNLOAD: </strong>Read this white paper to ensure your agency is not the next cybersecurity headline! </em></a></p> <h2 id="toc_2">Botnet Detection and Removal Tools</h2> <p>Botnet detection can be difficult, since infected bots are designed to operate without users knowing about them. <a href="https://www.veracode.com/security/botnet" target="_blank">A blog post</a> from <a href="https://www.cdwg.com/search/?key=ca&amp;searchscope=all&amp;sr=1&amp;ln=0&amp;b=CCF.COM" target="_blank">CA Technologies</a> suggests <strong>several symptoms of botnet infection that administrators should look for</strong>. These Include: </p> <ul><li>Internet Relay Chat traffic (botnets and bot masters use IRC for communications)</li> <li>Connection attempts with known command-and-control servers</li> <li>Multiple machines on a network making identical DNS requests</li> <li>High outgoing Simple Message Transfer Protocol traffic (as a result of sending spam)</li> <li>Unexpected pop-ups (as a result of clickfraud activity)</li> <li>Slow computing/high CPU usage spikes in traffic, especially on Port 6667 (used for IRC), Port 25 (used in email spamming) and Port 1080 (used by proxy servers)</li> <li>Outbound messages (email, social media, instant messages, etc.) that weren’t sent by the user </li> </ul><p>Some tools, such as <a href="https://www.cdw.com/content/cdw/en/solutions/cybersecurity/security-threat-check.html?cm_mmc=Vanity-_-CDWThreatCheck-_-NA-_-NA" target="_blank">CDW’s Threat Check tool</a>, perform passive inspection of all inbound and outbound network traffic and look for evidence of malicious activity. “It will not block any traffic but simply monitor and report on what it sees. This includes connections to botnets, connections to command and control servers, remote access tools, visits to sites hosting malicious code, or any other evidence of an infection,” Aaron Colwell, manager of strategic software sales for the analytics practice at CDW, <a href="https://blog.cdw.com/security/is-your-network-under-attack" target="_blank">writes on CDW’s solutions blog</a>.</p> <p>“Botnet detection is useless without having<strong> botnet removal capabilities</strong>,” the CA blog notes. “Once a bot has been detected on a computer, it should be removed as quickly as possible using security software with botnet removal functionality.”</p> <p><a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a> offers tools to <a href="https://support.microsoft.com/en-us/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo" target="_blank">remove malicious software</a>, as do many other <a href="https://www.cdw.com/search/?wclss=f14&amp;pcurrent=1&amp;cm_re=hubpa-_-category-_-1" target="_blank">security software companies</a>. </p> <h2 id="toc_3">A Brief History of DDoS Attacks: Reaper, Zeus and Mirai Botnets</h2> <p>In recent years, there have been several high-profile botnet attacks that have rocketed around the internet, causing <strong>varying levels of devastation to IT environments</strong>.</p> <p><a href="https://www.csoonline.com/article/3258748/security/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html" target="_blank">According to CSO Online</a>, the Mirai botnet was actually created by Paras Jha, then an undergraduate at Rutgers University, who became interested in how DDoS attacks could be used for profit, especially by using DDoS attacks to disable rival servers that might be used to host the online game Minecraft. </p> <p>The major <strong>Mirai botnet attack</strong> <a href="https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/" target="_blank">took down the security blog KrebsOnSecurity in September 2016</a>, and its source code was published online a few weeks later. Then came the major attack on Dyn. “The FBI believes that this attack was ultimately targeting Microsoft game servers,” which can be hosted and used to generate money from Minecraft players, CSO reports. The attack spread to vulnerable devices “by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords,” Krebs reports.</p> <p>Although Mirai is <a href="https://www.darkreading.com/vulnerabilities---threats/mirai-gafgyt-botnets-resurface-with-new-tricks/d/d-id/1332789" target="_blank">still causing problems across the web</a>, the Justice Department <a href="https://krebsonsecurity.com/2017/12/mirai-iot-botnet-co-authors-plead-guilty/" target="_blank">in December 2017 secured guilty pleas</a> from Jha and Josiah White for their roles in developing and using Mirai.</p> <p><img alt="Mirai-2.gif" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/Mirai-2.gif" /><br /><span style="font-size: 11px; line-height: 20.8px;">An illustration of the global Mirai botnet attack on DNS provider Dyn in October 2016. Photo: Joey Devilla/Wikimedia Commons </span></p> <p>Another recent botnet that made waves is <strong>Reaper,</strong> which is built on parts of Mirai’s code. However, <a href="https://www.wired.com/story/reaper-iot-botnet-infected-million-networks/" target="_blank">as <em>Wired</em> details</a>, it is different in dangerous ways. “Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further,” the publication reports, meaning that it could “become even larger — and more dangerous — than Mirai ever was.” The botnet surfaced in January when it was used to target financial services firms in the Netherlands, Security Week reports.</p> <p>In 2014, <strong>the GameOver Zeus botnet</strong> rose to prominence, and was “responsible for the theft of millions of dollars from businesses and consumers in the U.S. and around the world,” <a href="https://www.fbi.gov/news/stories/gameover-zeus-botnet-disrupted" target="_blank">according to the FBI</a>.</p> <p>“GameOver Zeus is an extremely sophisticated type of malware designed specifically to steal banking and other credentials from the computers it infects,” the FBI noted. “It’s predominantly spread through spam e-mail or phishing messages.”</p> <p>In February 2015, the FBI <a href="https://krebsonsecurity.com/2015/02/fbi-3m-bounty-for-zeus-trojan-author/" target="_blank">announced a $3 million bounty</a> for information leading to the arrest and conviction of <a href="https://www.fbi.gov/wanted/cyber/evgeniy-mikhailovich-bogachev" target="_blank">Evgeniy Mikhailovich Bogachev</a>, a Russian national the government believes is responsible for building and distributing the Zeus banking Trojan.</p> <h2 id="toc_4">How Feds Can Respond to the Botnet Threat</h2> <p>The DHS/Commerce report offers agencies guidance on how they can combat DDoS and botnet attacks.</p> <p>First, the report says that stakeholders and subject matter experts, in consultation with t<a href="https://www.nist.gov/" target="_blank">he National Institute of Standards and Technology</a>, should lead the development of a Framework for Improving Critical Infrastructure Cybersecurity Profile for enterprise DDoS prevention and mitigation.</p> <p>“The profile would help enterprises <strong>identify opportunities to improve DDoS threat mitigation</strong> and aid in cybersecurity prioritization by comparing their current state with the desired target state,” the report says. “The profile would likely include multiple levels to support industry sectors with different resilience requirements.”</p> <p>After that is created, the report says agencies “should implement basic DDoS prevention and mitigation measures for all federal networks to enhance the resilience of the ecosystem and demonstrate the practicality and efficacy of the profile.”</p> <p>In the past, the report notes, “hackers have <strong>leveraged federal networks in DDoS attacks using open resolvers</strong> and other agency resources to amplify their attacks.” DNS primarily translates hostnames to IP addresses or IP addresses to hostnames. <a href="https://searchsecurity.techtarget.com/answer/Prevent-DDoS-DNS-amplification-attacks-by-securing-DNS-resolvers" target="_blank">As TechTarget notes</a>, DNS resolvers are “servers that client systems use to resolve domain names.”</p> <p>The report says that “poorly administered enterprise resources, such as open DNS resolvers, are often leveraged to amplify attacks.” Many network vendors, including <a href="https://www.cdwg.com/content/cdwg/en/brand/cisco.html" target="_blank">Cisco Systems</a>, offer agencies and other organizations <a href="https://www.cisco.com/c/en/us/about/security-center/dns-best-practices.html" target="_blank">best practices for guarding against DNS attacks</a>. </p> <p>“The federal government should lead by example, <strong>ensuring that federal resources are not unwitting participants</strong> and that federal networks are prepared to detect, mitigate, and respond as necessary,” the DHS/Commerce report states.</p> <p>The administration should mandate implementation of <strong>the federal cybersecurity framework profile for DDoS</strong> prevention and mitigation by all government agencies within a fixed period after completion and publication of the profile, the report advises.</p> <p>“The federal government should evaluate and implement effective ways to incentivize the use of software development tools and processes that significantly reduce the incidence of security vulnerabilities in all federal software procurements, such as through attestation or certification requirements,” the report adds.</p> <p>To establish market incentives for secure software development, the government should “establish procurement regulations that favor or require commercial off-the-shelf software that is developed using such processes, when available,” and “should also ensure that government-funded software development projects use the best available tools to obtain insight into the impact of these regulations.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank" title="CDW Cybersecurity Insight Report"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://biztechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 17 Sep 2018 13:35:30 +0000 phil.goldstein_6191 41456 at https://fedtechmagazine.com How Will Federal Identity Management Technology and Policy Evolve? https://fedtechmagazine.com/article/2018/09/how-will-federal-identity-management-technology-and-policy-evolve <span>How Will Federal Identity Management Technology and Policy Evolve?</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 09/13/2018 - 10:25</span> <div><p>The Common Access Card is going to be <a href="https://fedtechmagazine.com/article/2018/09/dods-deasy-cac-will-be-here-while">staying for a while at the Defense Department</a> as an identity and access management tool. But other forms of government identity verification may evolve in the years ahead. </p> <p>As more government services are accessed and delivered online, there will likely be <strong>a growing need for the government to get better at validating and protecting digital identities</strong>. And agencies will not have to reinvent the wheel to do so, according to federal officials. What they will likely need is money from Congress. </p> <p>The question of how to move forward is part of an “ongoing debate of what to do with identity proofing in a post-Equifax world,” James Sheire of the General Services Administration said at a Sept. 11 ACT-IAC event, “<a href="https://www.actiac.org/2018-identity-and-access-management-forum-1" target="_blank">Authenticating the Digital Identity,</a>” according <a href="https://fcw.com/articles/2018/09/12/government-id-proof-gunter.aspx" target="_blank">to <em>FCW</em></a>.</p> <p>The 2017 Equifax data breach, which <a href="https://www.nextgov.com/cybersecurity/2018/09/year-after-equifax-breach-there-are-consequences-consumers/151126/" target="_blank">exposed the data of 147 million consumers</a>, looms large in the identity management arena, including for government. Several agencies are in<strong> a good position to play a bigger role in identity management</strong>, official said at the event. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" id="" rel="" target="_blank" title=""><img alt="Cybersecurity-report_HowStrong.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/biztechmagazine.com/files/Cybersecurity-report_HowStrong.jpg" /></a></p> <h2 id="toc_0">GSA, SSA Could Play Bigger Roles in Identity Management</h2> <p>As <em>FCW</em> notes, <a href="https://www.gsa.gov/cdnstatic/GSA FY 2019 CJ.pdf" target="_blank">the GSA’s budget for </a><a href="https://www.gsa.gov/cdnstatic/GSA FY 2019 CJ.pdf" target="_blank">fiscal</a><a href="https://www.gsa.gov/cdnstatic/GSA FY 2019 CJ.pdf" target="_blank"> year 2019</a>, for instance, proposed the creation of a Modernizing Identity Proofing Program Management Office. GSA said that <a href="https://login.gov/" target="_blank">Login.gov</a>, the agency’s single sign-on platform for government services, and the proposed PMO would improve public access to government services “through secure accounts and user-centered tools” and that they would <strong>“offer a diverse set of modern approaches to digital identity management.”</strong></p> <p>Additionally, Congress passed a law earlier this year that included a section directing the <a href="https://www.ssa.gov/" target="_blank">Social Security Administration</a> to launch an identity validation service, according to <em>FCW</em>.</p> <p>Sheire said government “clearly having the resources” <strong>will lead to greater discussions about what agencies’ roles should be</strong>, <em>FCW</em> reports. </p> <p>Patrick Eager, deputy director of the enterprise security services division within the <a href="https://www.orau.gov/dhseducation/internships/Appointment/OCSO.pdf" target="_blank">Department of Homeland Security’s Office of the Chief Security Officer</a>, agreed that government could do more to help validate digital identities: “I think it’s a good idea.”</p> <h2 id="toc_1">Technology and Policy Hurdles to Identity Management</h2> <p>The speakers at the event said there may be some challenges to an expanded government role. </p> <p>Jeremy Grant, coordinator of the <a href="https://www.betteridentity.org/" target="_blank">Better Identity Coalition</a>, a nonprofit that promotes the development and adoption of better solutions for identity verification and authentication, noted that “some government entities are in a good position to do this, and others will need to create a system to enable this.”</p> <p>“It’s less a question of whether an agency like SSA has the ability to do that today or not,” he said. Instead, the bigger questions center on how much such solutions would cost, where the funding would come from and <strong>which agencies have the best data to use.</strong> </p> <p>Agencies would not need Congress to pass new laws, and could rely on directives from the Office of Management and Budget or an executive order, Grant said, according to <em>FCW</em>. </p> <p>Indeed, the <a href="https://www.whitehouse.gov/wp-content/uploads/2018/03/The-President’s-Management-Agenda.pdf" target="_blank">President’s Management Agenda</a> says that “to help agencies modernize their systems, including the use of cloud email and collaboration tools,” the administration “will update or revise foundational policy documents that strengthen the Federal approach to key areas such as moving to the cloud, ensuring trustworthy internet connections, managing identity, and optimizing data centers.”</p> <p><a href="https://www.linkedin.com/in/abdolrahimi/" target="_blank">Combiz Richard Abdolrahimi</a>, who previously worked at the departments of State and Treasury, said that agencies at all levels of government are sitting on a wealth of identity information, including birth certificates and Social Security numbers, that could be used as people take advantage of more digital services, </p> <p>“There’s a lot of government agencies that are doing the proofing already, <strong>so it’s just a matter of harmonizing it more</strong>,” said Abdolrahimi, now the global emerging technology and innovation strategy manager at Deloitte, according to <em>FCW</em>. “That could be a great service that could improve citizen services.”</p> <p>However, <a href="https://fedtechmagazine.com/article/2018/03/tony-scott-agency-cios-need-get-away-1970s-tech">as he has in the past</a>, former Federal CIO Tony Scott warned that a snag in all of this could be outdated government IT, since many of the systems “that run the federal government are pre-2001 in their architecture, in their design, in their implementation.”</p> <p>“That obviously presents a challenge when you have technology that’s either old or came from a different design era,” he said.</p> <p>“We don’t need to create new ID systems,” Scott added. “We need to leverage what’s out there, <strong>so if consumers want to do things online, they can do the things they can in the paper world</strong>.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 13 Sep 2018 14:25:05 +0000 phil.goldstein_6191 41451 at https://fedtechmagazine.com How the USPS Uses Data Analytics to Sniff Out Fraud https://fedtechmagazine.com/article/2018/09/how-usps-uses-data-analytics-sniff-out-fraud <span>How the USPS Uses Data Analytics to Sniff Out Fraud </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 09/12/2018 - 14:03</span> <div><p>There is a reason <a href="https://criminal.findlaw.com/criminal-charges/mail-fraud.html" target="_blank">mail fraud</a> has been a federal crime since 1872. Fraudsters have been using the mail to run scams and cover up illicit activity for generations. The U.S. Postal Service now has more tools than ever to fight back. </p> <p>The USPS <a href="https://fedtechmagazine.com/article/2015/12/how-big-data-analytics-and-old-fashioned-intuition-can-help-root-out-federal-fraud">has been using data analytics for years</a> to root out fraud, but is using it in new ways to <strong>spot </strong><strong>fraud</strong><strong> at local offices </strong>and even in new missions, like <strong>detecting narcotics trafficking</strong>. </p> <p>The evolving nature of how the postal service uses analytics suggests that the USPS is going to <strong>deepen its support for the technology</strong> as its mission evolves. </p> <p><a href="https://fedtechmagazine.com/article/2017/05/tech-hhs-sec-ssa-and-other-agencies-use-ferret-out-cheaters-and-crooks"><em>Read about how HHS, SEC, SSA </em></a><a href="https://fedtechmagazine.com/article/2017/05/tech-hhs-sec-ssa-and-other-agencies-use-ferret-out-cheaters-and-crooks"><em>and</em></a><a href="https://fedtechmagazine.com/article/2017/05/tech-hhs-sec-ssa-and-other-agencies-use-ferret-out-cheaters-and-crooks"><em> other agencies use analytics to ferret out cheaters and crooks! </em></a></p> <h2 id="toc_0">USPS OIG Sees Fraud Detection as Part of Its Core Mission</h2> <p>The USPS has about <strong>600,000 </strong>employees and more than <strong>150 million</strong> delivery points, giving fraudsters numerous potential opportunities to game the system. Mark Pappaioanou, deputy special agent in charge in the office of the chief data officer at the USPS Office of Inspector General, <a href="https://federalnewsradio.com/data-and-analytics-month-2018/2018/08/usps-uses-data-analytics-to-keep-fraud-in-check/" target="_blank">told Federal News Radio</a> that, given the threat surface, analytics can help the office detect patterns of malign activity. </p> <p>The OIG conducts about <strong>4,000 investigations and 150 audits per year</strong>, and analytics play a role not only in those, but in helping the USPS become more efficient.</p> <p>“The Postal Service delivers more than 5 billion parcels a year to 157 million delivery points. That’s more than 14 million parcels a day,” Pappaioanou said. “So the data that the postal service uses to manage this network can also be <strong>leveraged for our various investigative purposes</strong>, either narcotics investigations or mail theft investigations. Or they assist in audits to help drive to efficiencies or other recommendations.”</p> <p>That jibes with what Kelly Tshibaka, chief data officer at the USPS OIG, <a href="https://gcn.com/articles/2017/11/01/usps-oig-data-models.aspx" target="_blank">told <em>GCN</em> in November</a>. Analytics help make the OIG itself more efficient. </p> <p>By using data analytics tools, she noted, “we know we’re going to be successful and helping our agents if we’re <strong>reducing the time it takes for them to make successful cases</strong>.”</p> <p>Tshibaka added that the OIG used to have an average return on investment of $600,000 average in findings from audits and investigations. Thanks to analytics, that figure has been boosted to more than $900,000.</p> <p>Pappaioanou noted to Federal News Radio that the OIG has found that <strong>a multidisciplinary approach</strong> is the best way to tackle issues, and that teams have matter experts from either its office of investigations or the audit office. Those experts then work with a team of investigative analysts and computer scientists that work on a specific functional area, he says. Most of the data the OIG is sifting through relates to pick-up and delivery addresses, package weight and the type of mail used. But the subject matter experts can dive into the data to look for patterns. </p> <p>The OIG used analytics to develop a model to examine contract fraud, Tshibaka told <em>GCN</em>. Using the model, auditors can “really quickly rack and stack the $13 billion in contracts the Postal Service has every year, so they can <strong>identify which contractors or which contracts had the highest probability of fraud</strong>,” she said. “In one of those years, there was a $500 million return in our audit findings just from that one model.”</p> <h2 id="toc_1">The Evolving Use of Analytics at USPS</h2> <p>As it relates to audits, Pappaioanou told Federal News Radio that the OIG has used data analytics to <strong>make recommendations to the USPS to prevent future problems</strong>. For example, the office detected several local post offices that, rather suspiciously, would always have perfect financial counts. </p> <p>“We’re leveraging our data to help build a tool that will help us identify suspicious employees who may be assisting in drug trafficking,” he said. “We analyze the Postal Service data and look for various indicators to help us focus on specific employees or routes where those suspicious parcels are being either delivered or disappearing.” </p> <p>Congress has also directed the USPS to study the role it may be playing in narcotics trafficking and <a href="https://healthtechmagazine.net/article/2018/03/opioid-use-rise-hhs-turns-big-data" target="_blank">the opioid crisis</a>. </p> <p>To accomplish that, Pappaioanou said the OIG has turned to <strong>commercial, off-the-shelf software as well as customized in-house tools</strong>. “We have a number of computer scientists on each team who have the ability to write code that can help us create kind of customized work that we use, depending on what the business question is that we’re looking for or into,” he said.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 12 Sep 2018 18:03:54 +0000 phil.goldstein_6191 41446 at https://fedtechmagazine.com Agencies Move Toward a Future of Digital Records https://fedtechmagazine.com/article/2018/09/agencies-move-toward-future-digital-records <span>Agencies Move Toward a Future of Digital Records</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 09/11/2018 - 12:38</span> <div><p>It has taken years to get federal agencies to shift to digital records, and though the government has certainly not completed that transition, it is making progress. </p> <p>That is the conclusion of a report last month from <a href="https://www.archives.gov/" target="_blank">the National Archives and Records Administration</a>, which found that <strong>97 percent</strong> of agencies reported this year that they have either met or will meet the target to manage all permanent electronic records in electronic format <strong>by Dec. 31, 2019</strong>. That goal was laid out in <a href="https://www.archives.gov/files/records-mgmt/m-12-18.pdf" target="_blank">a 2012 memorandum</a> from the Office of Management and Budget and NARA. </p> <p>According to NARA’s “<a href="https://www.archives.gov/files/records-mgmt/agency/2017-farm-annual-report.pdf" target="_blank">Federal Agency Records Management 2017 Annual Report</a>,” overall, “the great majority” of agencies “reported they are working towards transitioning from maintaining the costly separate policies, practices, and physical infrastructures in traditional (analog) formats to <strong>managing records electronically</strong>.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/modern-workforce.html" target="_blank"><img alt="Modern-Workforce_the-office.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/biztechmagazine.com/files/Modern-Workforce_the-office.jpg" /></a></p> <h2 id="toc_0">NARA Pushes for Digitization of Records</h2> <p><a href="https://federalnewsradio.com/agency-oversight/2018/08/nara-most-agencies-on-track-to-transition-from-paper-to-digital-records/" target="_blank">As Federal News Radio reports</a>, NARA started its <a href="https://www.archives.gov/records-mgmt/policy/fermi" target="_blank">Federal Electronic Records Modernization Initiative</a> in October 2015, which mandates several milestones that agencies must hit to transition to digital records. <strong>By 2022, NARA will not accept temporary or permanent records from agencies in a nonelectronic format.</strong></p> <p>NARA told agencies to manage all of their email records in an accessible, electronic format by 2016. “Up until that point, a lot of agencies were printing and filing their emails as the official record,” Courtney Anderson, an electronic records policy analyst at NARA, said last month in an ACT-IAC meeting at the General Services Administration’s headquarters, according to Federal News Radio. </p> <p>According to NARA’s 2017 report, <strong>30 percent</strong> of agencies are at a “Level 3” when it comes to their email systems, and<strong> 49 percent </strong>are at “Level 4.” The higher level means that, among other things, electronic retention is the main method for the preservation of email; email systems manage and preserve email in electronic format; that limited end user input is needed to apply proper retention, access and disposition policies; permanent email is identified and managed; email systems maintain the content, context and structure of the records; and email records are associated with their creator.</p> <h2 id="toc_1">The Technologies That Enable the Shift to Digital Records</h2> <p>How are agencies making the transition to digital record keeping? </p> <p>Most often, agencies say that records are already created and maintained electronically, that they are using <strong>cloud storage or services</strong>, and that they have enterprisewide approaches for managing electronic systems, focusing mainly on email first — particularly by cabinet-level departments and large agencies. </p> <p>Agencies have also issued guidance and policies to staff on electronic records, and say they have made progress in identifying and inventorying permanent electronic records, as well as in <strong>digitizing and scanning paper or other nonelectronic records</strong>.</p> <p>Notably, they also say they are implementing and exploring <strong>digital repositories and technology solutions</strong>. </p> <p>“It’s interesting to think of records created 270 years ago, which were done with pen and parchment, and now they’re done with bits and bytes. They’re done electronically,” Lisa Haralampus, the director of records management and outreach at NARA, said late last month during a Government Executive webinar on records management, <a href="https://federalnewsradio.com/agency-oversight/2018/08/nara-move-to-digital-records-does-not-get-cheaper-but-easier-to-manage/" target="_blank">according to Federal News Radio</a>.</p> <p>“We’ve been struggling, and striving, and succeeding, and taking a step back and two steps forward for decades when it comes to electronic records management,” Haralampus added.</p> <p>Agencies should expect to incur costs as they transition to digital records, Haralampus said, but noted that there are also significant benefits and efficiencies for agencies. </p> <p>“We know that records management and digital government does not get cheaper. <strong>Technology is not cheaper — it’s usually just better</strong>,” she said. “It usually decreases the burden on agency personnel who create records, but it doesn’t mean that it can be done for free.” </p> <p>The lower cost of digital storage technology has made the switch more affordable. “We’ve found that <strong>the cost of storage has gone down exponentially over time</strong>,” Haralampus said. “For a while, people used to say, ‘I can’t do electronic records management because it costs too much to store.’ You don’t hear that now.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 11 Sep 2018 16:38:40 +0000 phil.goldstein_6191 41441 at https://fedtechmagazine.com