FedTech - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en Coast Guard Takes a Long View on Transition to the Cloud https://fedtechmagazine.com/article/2018/08/coast-guard-takes-long-view-transition-cloud <span>Coast Guard Takes a Long View on Transition to the Cloud</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Sun, 08/19/2018 - 13:12</span> <div><p>The Coast Guard <a href="https://fedtechmagazine.com/article/2018/07/army-coast-guard-sba-complete-journey-windows-10">recently completed</a> a transition to <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a>’s <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Windows 10</a>, but it is unlikely to make a wholesale migration to the cloud anytime soon.</p> <p>That’s the message Coast Guard Commandant Adm. Karl Schultz delivered during a Center for Strategic and International Studies <a href="https://www.csis.org/events/maritime-security-dialogue-conversation-admiral-karl-schultz-commandant-us-coast-guard" target="_blank">event </a>on maritime security Aug. 1. The Coast Guard is closely watching the Defense Department’s Joint Enterprise Defense Infrastructure cloud acquisition for guidance on how to proceed with a cloud migration, <strong>but it likely will not make an </strong><strong>enterprisewide</strong><strong> shift to the cloud in the near future</strong>, according to Schultz.</p> <p>As part of the Windows 10 migration, the Coast Guard <strong>realized that it has a hodgepodge of applications</strong>, according to Schultz. Though the service branch has missed the boat on some opportunities to shift to the cloud, Schultz wants his IT leaders to think through <strong>new technological opportunities to give the Coast Guard a major leg up</strong>.</p> <h2>Coast Guard Faces Hurdles to Cloud Migration</h2> <p>In late July, after months of delays, the DOD <a href="https://www.fbo.gov/index.php?s=opportunity&amp;mode=form&amp;id=7a17a56421e2d84e53c8ee6f7209ef8f&amp;tab=core&amp;_cview=0" target="_blank">released the final request for proposals</a> for JEDI, a single-award, indefinite-delivery, indefinite-quantity commercial cloud acquisition worth up to $10 billion for a possible 10 years.</p> <p>At the CSIS event, Schultz called the DOD’s journey toward the cloud a “big movement,” <a href="https://www.fedscoop.com/coast-guard-commercial-cloud-dod-jedi/" target="_blank">FedScoop reports</a>.</p> <p>“You sort of say, ‘What is <strong>that next big technological advancement that really changes things</strong>, that allows you to find efficiencies?’” he said. Schultz said he has tasked his senior leadership to report back with an answer.</p> <p>“We missed some opportunities, so potentially we’ll be having that conversation about cloud in the next four years,” Schultz said, <a href="https://fcw.com/articles/2018/08/03/uscg-it-progress-williams.aspx" target="_blank">according to <em>FCW</em></a>. “But until then, I’m challenging my team to tell us where they think the next big step will be that can really make a difference.”</p> <p>The Coast Guard, technically a part of the Department of Homeland Security but also a branch of the armed forces, has long struggled with IT modernization <strong>but achieved a major milestone in March with the completion of its transition to Windows 10</strong>.</p> <p>“We recently transitioned to Windows 10, which was a pretty stringent requirement to stay on top of,” Schultz said, according to <em>FCW</em>. “As we looked at our systems holistically through that transition, we realized that we have patchwork of applications and things.”</p> <p>As an example, Schultz pointed to some of the Coast Guard’s older ships that <strong>cannot surmount connectivity issues simply by adding in “more bandwidth”</strong> for their internet connections.</p> <p>“Those 50-year-old, 210-foot ships, the 30-year-old, 270-foot ships, we have issues with connectivity,” he said. “And initially we thought we could just buy more bandwidth and push it out there as a bandwidth problem, but it’s more complicated than that. It’s the applications we have on there.”</p> <p><em>FCW</em> reports:</p> <blockquote><p>Overall, the Coast Guard is taking a more targeted approach to enterprise IT by “treating our CG-6 [Command, Control, Communications, Computers and Information Technology], our tech, our computers, more like other programs,” Schultz said — defining requirements and improving staffing and governance.</p> </blockquote> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Sun, 19 Aug 2018 17:12:07 +0000 phil.goldstein_6191 41341 at https://fedtechmagazine.com How Feds Should Think About IoT Cybersecurity https://fedtechmagazine.com/media/video/how-feds-should-think-about-iot-cybersecurity <span>How Feds Should Think About IoT Cybersecurity </span> <div><p>The Internet of Things presents federal agencies with opportunities to make operations more efficient and gather valuable data from connected sensors. However, IoT also increases the risk surface for agencies. We spoke with federal IT leaders about the best ways to think about IoT cybersecurity. </p> <p>This is part of our <a href="https://fedtechmagazine.com/fedtech-focus-internet-things"><em>FedTech Focus: Internet of Things</em> video series</a>.</p> </div> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 08/17/2018 - 09:50</span> <div> <div>Tweet text</div> <div>Watch this video, with experts from @NASA, @USDS and @NOAA to find out how #FedIT should approach #IoT #cybersecurity as they deploy more connected devices. #GovIT </div> </div> <div> <div>Video ID</div> <div><p>1448867938</p> </div> </div> <div> <div>video type</div> <div><a href="/taxonomy/term/7396" hreflang="en">Conference</a></div> </div> <div> <div>CDW Activity ID</div> <div><p>MKT25514</p> </div> </div> <div> <div>CDW Segment</div> <div>Federal</div> </div> <div> <div>Customer Focused</div> <div>True</div> </div> <div> <div>Buying Cycle</div> <div><a href="/taxonomy/term/7446" hreflang="en">Engagement</a></div> </div> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="https://fedtechmagazine.com/media/video/how-feds-should-think-about-iot-cybersecurity" data-title="Watch this video, with experts from @NASA, @USDS and @NOAA to find out how #FedIT should approach #IoT #cybersecurity as they deploy more connected devices. #GovIT" data-via="FedTechMagazine" data-button-background="none"> <span> <span>Aug</span> <span>17</span> <span>2018</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-googleplus cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="https://fedtechmagazine.com/media/video/how-feds-should-think-about-iot-cybersecurity" data-title="Watch this video, with experts from @NASA, @USDS and @NOAA to find out how #FedIT should approach #IoT #cybersecurity as they deploy more connected devices. #GovIT" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="https://fedtechmagazine.com/media/video/how-feds-should-think-about-iot-cybersecurity" data-title="Watch this video, with experts from @NASA, @USDS and @NOAA to find out how #FedIT should approach #IoT #cybersecurity as they deploy more connected devices. #GovIT" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href="https://twitter.com/search?f=realtime&amp;q=https%3A%2F%2Ffedtechmagazine.com%2Frss.xml%3Fitok%3D0KRe73b7%26destination%3D%2F%253Fitok%253D0KRe73b7%26_exception_statuscode%3D404" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-googleplus cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div> <div>Pull Quote</div> <div> <p class="quote"><a href="node/"> So, I think it&#039;s impossible to ensure network security. I think it&#039;s always a conversation about managing the risk. </a></p> <img src="/sites/fedtechmagazine.com/files/styles/photo_quote_thumb/public/2018-08/Screen%20Shot%202018-08-17%20at%2010.51.25%20AM.png.jpg?itok=h59fPA3M" width="60" height="60" alt="Jeff Seaton, Acting Deputy CIO, NASA" typeof="foaf:Image" /> <p class='speaker'> <span>Jeff Seaton</span> Acting Deputy CIO, NASA </p> </div> </div> Fri, 17 Aug 2018 13:50:32 +0000 phil.goldstein_6191 41336 at https://fedtechmagazine.com Feds Prepare for the VEP: Understanding Full Disclosure vs. Responsible Disclosure https://fedtechmagazine.com/article/2018/08/feds-prepare-vep-understanding-full-disclosure-vs-responsible-disclosure-perfcon <span>Feds Prepare for the VEP: Understanding Full Disclosure vs. Responsible Disclosure</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 08/16/2018 - 12:54</span> <div><p>This fall, the White House is due to release its first transparency report on <a href="https://www.whitehouse.gov/articles/improving-making-vulnerability-equities-process-transparent-right-thing/" target="_blank">the Vulnerabilities Equities Process</a>, the interagency process by which the government decides whether it will <strong>retain knowledge of a security vulnerability for future spying purposes or disclose it to the software or device manufacturer so that it may be fixed</strong>.</p> <p><a href="https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External - Unclassified VEP Charter FINAL.PDF" target="_blank">The VEP’s charter</a> does not say what this report will contain, only that it will go to the National Security Council, possibly Congress, and given the requirement for an unclassified summary, theoretically the public, too.</p> <p>While the federal IT world and the wider public waits for this new information, it is important to understand what the VEP process does and does not require, and<strong> </strong>the many disclosure decisions federal agencies get to make before the VEP process even comes into play.</p> <p>In June, the White House named Grant Schneider, <a href="https://fcw.com/articles/2018/07/19/grant-schneider-ciso.aspx" target="_blank">the federal CISO</a> and the National Security Council’s senior director for cybersecurity policy, <a href="https://www.cyberscoop.com/grant-schneider-vulnerabilities-equities-process/" target="_blank">as chairman of the VEP board</a>.</p> <p>However, there is very little public information about how the VEP process works, and it is possible that agencies are unilaterally deciding to disclose vulnerabilities under their own internal policies at a rate that actually dwarfs the importance of the VEP itself.</p> <p>There are three ways to avoid the VEP altogether, and of them is for an agency to <strong>disclose a vulnerability that is actively being exploited or poses an immediate risk</strong> to government or other systems. The VEP charter repeatedly mentions each agency’s ability to single-handedly determine that notification is necessary and that the interagency process is “not intended to prevent the USG [US Government] from taking immediate actions to protect its network(s) or warn entities actively threatened by a malicious cyber event, including ongoing unauthorized access to information systems.”</p> <p>It also states that, “Vulnerabilities identified through security researcher activity and incident response that are intended to be disclosed in a rapid fashion <strong>will not be subject to adjudication by the VEP</strong>.” It is therefore incredibly important how each agency structures its own disclosure policy.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP:</strong> Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>What Is a Full Disclosure Policy?</h2> <p>Some have advocated that the government adopt <strong>full disclosure policies</strong>, and there does not appear to be any legal prohibition on agencies adopting them. In practice, “full disclosure” involves the immediate publication of a vulnerability without any delay for any reason.</p> <p><a href="https://www.schneier.com/blog/archives/2007/01/debating_full_d.html" target="_blank">Some proponents</a> of full disclosure argue that this facilitates security self-defense, so that <strong>users of the vulnerable device or service can mitigate the damage</strong> without the assistance of the manufacturer or software provider.</p> <p>They also argue that publication of all vulnerabilities allows users to make informed purchasing decisions on the front end, and may have the effect of shaming vendors into fixing immediate problems and building better products over the long run.</p> <h2>What Would a Governmental Full Disclosure Policy Look Like?</h2> <p>Full disclosure comes with risks that the government would have to at least attempt to mitigate. First, the government would have to find a way to immediately mitigate harm to its own systems if they include the flaw. Since a full disclosure policy would not permit the government to get a head start on securing its devices and data before going public with the vulnerability, <strong>it necessitates an entire infrastructure for rapid response</strong>.</p> <p>Admittedly, some of this would exist in <a href="https://cyber.dhs.gov/bod/15-01/" target="_blank">current government IT processes</a> that <strong>update software and respond to known vulnerabilities within 30 days of notification or discovery</strong>. But one would expect the scale of agency rapid response would have to grow substantially to handle the work necessary to play defense.</p> <p>The government would also have to <strong>radically rethink the services it </strong><strong>offers</strong><strong> the private sector and consumers at large</strong>. While a single researcher may feel no responsibility for the consequences of instant disclosure under a full disclosure policy, the U.S. government certainly would — and, in fact, should. Government agencies like the <a href="https://www.dhs.gov/" target="_blank">Department of Homeland Security</a> and the <a href="https://www.commerce.gov/" target="_blank">Commerce Department</a> have developed educational materials targeting small businesses and individuals, for example, but the government would assume an entirely different scale of responsibility for helping those who will be affected by increased vulnerability publication.</p> <p>It would take a gargantuan effort to rapidly and systemically change technology literacy at the scale necessary to fairly help consumers and users.</p> <h2>What Is a Responsible Disclosure Policy?</h2> <p>Another approach is responsible disclosure or coordinated disclosure. It is <a href="https://vuls.cert.org/confluence/display/Wiki/Standards+and+Best+Practices+for+Vulnerability+Coordination+and+Disclosure" target="_blank">widely accepted</a> as a way to balance the competing interests of the vulnerability maintainers and the users of the products.</p> <p>Under responsible disclosure, t<strong>he vendor is notified and given a reasonable chance to cure the defect before </strong><strong>public</strong><strong> release of the vulnerability</strong>. However, other entities can be selectively notified to permit system defense, monitoring or preparation for later patching.</p> <p>An ideal responsible disclosure process results in patching a vulnerability before it can be exploited, and, if appropriate, permits some set of actors to mitigate risk in the meantime.</p> <p>A somewhat controversial but high-profile example of this process is the handling of the <a href="https://fedtechmagazine.com/article/2018/01/everything-you-need-know-about-meltdown-and-spectre-exploits-0" target="_blank">Spectre and Meltdown</a> vulnerabilities in January. Researchers at <a href="https://www.cdwg.com/content/cdwg/en/brand/google.html" target="_blank">Google</a> found a flaw in processors made by <a href="https://www.cdwg.com/content/cdwg/en/brand/intel-interstitial.html" target="_blank">Intel</a>, AMD and ARM Holdings. After notifying the chipset makers about the vulnerabilities, the companies and other major tech sector actors spent six months working on a coordinated response and patching plan.</p> <p>There is <a href="https://www.wired.com/story/meltdown-and-spectre-intel-china-disclosure/" target="_blank">still debate over</a> whether that timeframe was too long or if all the right entities were included in response planning, but it represents how <strong>responsible disclosure policies can encourage coordination to minimize the disruption of devices and services</strong>.</p> <h2>Does the Government Use Responsible Disclosure Policies?</h2> <p>We do not have a fully transparent view into how agencies handle vulnerabilities, but the government is encouraging its agencies to <strong>adopt responsible disclosure policies as part of their overall cybersecurity planning.</strong> The <a href="https://www.nist.gov/" target="_blank">National Institute for Standards and Technology</a> updated its widely praised <a href="https://www.nist.gov/cyberframework" target="_blank">Cybersecurity Framework</a> — the risk analysis and mitigation guidance designed for federal agencies — to include <a href="https://blog.rapid7.com/2017/12/19/nist-cyber-framework-revised-to-include-coordinated-vuln-disclosure-processes/" target="_blank">responsible disclosure</a> this year.</p> <p>It certainly does not appear that any agency has a categorical adoption of vulnerability publication or secrecy, so they are necessarily operating in the responsible disclosure policy space in between. President Donald Trump’s 2017 <a href="https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/" target="_blank">cybersecurity executive order</a> has compelled agencies to use the NIST framework, so agencies will be <strong>considering how to build out these programs in the near future</strong>.</p> <p>While the VEP will continue to attract attention and the imaginations of security commentators, more attention should be paid to what agencies are doing under their unilateral authority to disclose vulnerabilities.</p> <p>Whether and how an agency adopts a full disclosure or responsible disclosure policy may say more about how our government operates in the vulnerability ecosystem than the more infamous VEP process in the long run.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11401"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/041116Michelle_Richardson017_LINKEDiN%20%282%29.jpg?itok=Se2BUghJ" width="58" height="58" alt="Michelle Richardson" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11401"> <div>Michelle Richardson</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=Richardson_Mich&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Michelle Richardson is the director of the Privacy and Data Project at the Center for Democracy and Technology, where she advocates for technology policies that respect privacy and advance social justice. She is also a senior fellow at the George Washington University Center for Cyber and Homeland Security.</p> </div> </p> </div> </div> </div> </div> Thu, 16 Aug 2018 16:54:32 +0000 phil.goldstein_6191 41331 at https://fedtechmagazine.com Census Bureau to Tap Other Agencies for Cybersecurity Help https://fedtechmagazine.com/article/2018/08/census-bureau-tap-other-agencies-cybersecurity-help <span>Census Bureau to Tap Other Agencies for Cybersecurity Help</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 08/15/2018 - 10:58</span> <div><p>With every month that passes, the 2020 decennial census gets closer to reality, as do potential security threats to the nation’s population count. The Census Bureau has taken pains recently to demonstrate that it <strong>takes cybersecurity threats seriously and is doing all it can to mitigate them</strong>.</p> <p>On Aug. 3, at a usually sleepy <a href="https://www.youtube.com/watch?v=pLZlt83rLZg" target="_blank">quarterly meeting</a> known as the <a href="https://www.census.gov/programs-surveys/decennial-census/2020-census/planning-management/program-briefings/2018-08-03-pmr.html" target="_blank">Program Management Review</a>, Kevin Smith, the Census Bureau’s CIO, detailed the efforts the bureau is making to keep the count secure. Census, part of the Commerce Department, will <strong>work with the Department of Homeland Security as well the intelligence community</strong> to address cybersecurity threats not known to its private sector IT security partners, Smith said.</p> <p>Those efforts are part of a multipronged cybersecurity plan Smith detailed. The presentation comes after 11 former U.S. cybersecurity officials <a href="https://www.law.georgetown.edu/icap/wp-content/uploads/sites/32/2018/07/Census-Cybersecurity-Letter.pdf" target="_blank">sent a letter</a> to Commerce Department Secretary Wilbur Ross expressing their concerns about the Census Bureau’s cybersecurity preparations for the count — <strong>and a lack of transparency from the bureau about those measures</strong>.</p> <p>Smith said the bureau is focused on not only protecting the data census enumerators collect but on securing the collection process itself. “There have been some conversations in the public about security and what the census is doing to secure data,” he said, <a href="https://www.fedscoop.com/census-cybersecurity-protections-2020-count/" target="_blank">according to FedScoop</a>.</p> <p>“I want to stress that protection of the data we collect is the census’s highest priority,” Smith continued. “I am going the describe that it’s not just the technology, it’s also the people and processes that we also use within our culture to help make sure everyone is aware of the importance of the data.”</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>Census to Work with DHS, IC on Cybersecurity Protections</h2> <p>The Census Bureau expects to handle<strong> 95 percent</strong> of its cybersecurity concerns through <strong>commercially available IT security products and services,</strong> Smith said, <a href="https://federalnewsradio.com/cybersecurity/2018/08/census-teams-up-with-dhs-intel-community-to-address-2020-cyber-threats/" target="_blank">according to Federal News Radio</a>.</p> <p>However, the agency is working with DHS and some elements of the intelligence community to mitigate other threats.</p> <p>“Once somebody’s already done it, industry knows about it, puts it into their product sets. We’re then covered and protected from the known things people do,” he said.</p> <p><strong>“It’s really that 5 percent of the cyberspace that’s unknown,” </strong>Smith continued. “This is where the federal intelligence community comes in, where they can proactively let us know what things are happening within their realm of tools and resources that typical industry does not know.”</p> <p>According to Federal News Radio, <strong>DHS has conducted penetration testing </strong>on the Census Bureau’s website, this year, as well as the <a href="https://www.cdwg.com/search/Electronics/Cell-Smart-Phones-Accessories/?w=EC&amp;key=iphone&amp;enkwrd=iphone" target="_blank">iPhones</a> enumerators will use when they follow up with households in door-to-door surveys, and the agency’s databases filled with address canvassing data.</p> <p>Commerce Department CIO Rod Turk in June had requested that the intelligence community provide the Census Bureau with “a more significant flow of information” about cyberthreats to the count, <a href="https://www.fedscoop.com/census-cybersecurity-intelligence-agencies/" target="_blank">FedScoop reports</a>.</p> <h2>Census Aims to Allay Concerns over Cybersecurity Protections</h2> <p>The letter sent to Ross last month was signed by several luminaries from the federal cybersecurity world, including J. Michael Daniel, former cybersecurity for the National Security Council; Matthew Olsen, former director of the National Counterterrorism Center; and Christopher Painter, former coordinator for cyberissues at the State Department.</p> <p>They wrote that “the Bureau has not provided basic information such as <strong>whether two-factor authentication will be required </strong>for all access to the data obtained, whether relevant information will always be <strong>encrypted while in transit and also while at rest </strong>(and what specific encryption methods will be used), and whether other now-standard cybersecurity practices will be utilized.”</p> <p>During the quarterly update meeting, Smith said he<strong> did not want to give away the Bureau’s “playbook” on countering </strong><strong>cyberthreats</strong>, but did lay out several measures that are being taken. He also said this playbook is shared with the <a href="https://www.cio.gov/" target="_blank">office of Federal CIO Suzette Kent</a> and the Office of Management and Budget, the intelligence community members Census works with, congressional oversight committees and the bureau’s industry partners.</p> <p>In terms of internal threats, like attacks on the census’s self-response site or the enumerators’ mobile devices, Smith said that the <strong>data will be encrypted both in transit and at rest</strong>, according to FedScoop. He also added that network activity will be heavily monitored and that the data will be collected and isolated from the internet.</p> <p>Smith also said the <strong>enumerators’ devices will only contain data until it is transmitted to Census systems</strong>, and the data will in no way be retained.</p> <p>When it comes to external threats like a respondent’s compromised device, Smith said that the bureau will conduct public service campaigns to warn citizens about the <strong>threats of rogue websites, spear phishing attacks </strong><strong>and</strong><strong> other cybersecurity threats</strong>.</p> <p>Though data submitted to the Census Bureau through its self-response option will be encrypted, users should be careful of how they handle the data when they are inputting it, Smith said, according to FedScoop.</p> <p>“Census is not storing any data on your respondent device, computer or your mobile phone to go collect data or to submit data to the internet self-response tool,” he said. “If you choose, as a respondent, on your device to store data locally, or cache it, there’s not much I can do to stop you from caching that data. That’s up to you, with how you use your internet browser and how you want to connect to rest of the internet.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 15 Aug 2018 14:58:42 +0000 phil.goldstein_6191 41326 at https://fedtechmagazine.com DOD Lays Out Plan to Enhance Website Security by Year-End https://fedtechmagazine.com/article/2018/08/dod-lays-out-plan-enhance-website-security-year-end <span>DOD Lays Out Plan to Enhance Website Security by Year-End </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 08/14/2018 - 11:12</span> <div><p>The Defense Department is charged with protecting the nation from military threats. However, it is now turning its attention to a mission closer to home: protecting its own websites.</p> <p>DOD CIO Dana Deasy has indicated that the Pentagon will be taking several steps between now and then end of 2018 to <strong>bolster the cybersecurity defenses of its public-facing websites</strong>, according to <a href="https://www.wyden.senate.gov/imo/media/doc/Wyden - DoD Web Services - Best Practices (Jul 20 2018).pdf" target="_blank">a letter Deasy sent late last month</a> to Sen. Ron Wyden of Oregon. The letter was a response to <a href="https://www.wyden.senate.gov/imo/media/doc/wyden-web-encryption-letter-to-dod-cio.pdf" target="_blank">one that Wyden sent in May</a> detailing how some DOD websites, including that of the CIO’s office, either do not secure connections with encryption or only prove their authenticity using a certificate issued by the DOD Root Certificate Authority.</p> <p>In the earlier letter, Wyden urged the DOD to concrete action to enhance its website security and to provide an action plan for doing so.</p> <p>Deasy now says that the DOD will <strong>fix issues related to encryption and certificates by the end of the year</strong>. Some aspects of the plan will take longer than that, but the Pentagon now has a timeline for completing the security enhancements.</p> <p>“The Department is working hard to ensure DoD inspires trust among citizens and partners in its digital interactions across our missions, business, and entitlements roles,” Deasy says in the letter to Wyden. Deasy notes that the DOD has spent the past two to three years <strong>beefing up web and email security measures and has refreshed its infrastructure and changed policy</strong> to do so.</p> <p>Indeed, <a href="https://www.fedscoop.com/pentagon-expanding-bug-bounties-after-inaugural-success/" target="_blank">since 2016</a>, the Pentagon and various branches of the armed forces have worked with <a href="https://biztechmagazine.com/article/2018/07/ethical-hacking-how-hire-white-hat-hacker-penetration-testing-perfcon" target="_blank">white hat hackers</a> to identify vulnerabilities on public-facing websites in “bug bounty” programs. Since then, <strong>more than 3,000 vulnerabilities</strong> <a href="http://cts.businesswire.com/ct/CT?id=smartlink&amp;url=https%3A%2F%2Fwww.hackerone.com%2Fblog%2Fhack-the-pentagon-turns-one&amp;esheet=51781609&amp;newsitemid=20180402005247&amp;lan=en-US&amp;anchor=3%2C000+vulnerabilities+have+been+resolved&amp;index=5&amp;md5=87c16a55b8e1afe0e4e6ca92c8e8c48f" target="_blank">have been resolved in government systems</a>. Just this week, the DOD and HackerOne, the leading hacker-powered security platform, announced the launch of the department’s sixth bug bounty program, <a href="https://www.businesswire.com/news/home/20180813005420/en/U.S.-Department-Defense-Announces-Hack-Marine-Corps" target="_blank">Hack the Marine Corps</a>.</p> <p>Deasy’s letter indicates that the DOD is taking website security seriously and has elevated it to a higher priority level within the department.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>DOD Sets Targets for Boosting Website Security</h2> <p>DOD is working to implement <a href="https://fedtechmagazine.com/article/2017/11/dhs-agencies-need-adopt-stronger-cybersecurity-standards">the measures ordered by</a> the Department of Homeland Security in its October “<a href="https://cyber.dhs.gov/bod/18-01/" target="_blank">Binding Operational Directive</a>,” Deasy said, which directed agencies to apply security standards for email and web traffic.</p> <p>The directive noted that Hypertext Transfer Protocol connections can be easily monitored, modified and impersonated, and <a href="https://biztechmagazine.com/article/2017/06/http-vs-https-debate-over-only-one-helps-keep-your-business-safe-cybercrime" target="_blank">switching to HTTPS</a> remedies each vulnerability. Additionally, <strong>HTTP Strict Transport Security ensures that browsers always use an https:// connectio</strong>n, and removes the ability for users to click through certificate-related warnings.</p> <p>In 2015, <a href="https://https.cio.gov/" target="_blank">a directive from the Office of Management and Budget </a>required all existing federal websites and web services to be accessible through a secure connection (HTTPS-only, with HSTS). In 2017, the .gov registry began <a href="https://home.dotgov.gov/hsts-preloading/" target="_blank">automatically preloading</a> new federal .gov domains as HSTS-only in modern browsers.</p> <p>Although HSTS can assure the use of HTTPS, Deasy notes, <strong>“it can have negative impacts such as denial of service on subdomains or improperly prepared root domains,”</strong> and once DOD commits to using HSTS preload for its websites, there is no quick “rollback” option. The department must do more testing on the technology, but in the interim it will direct components to prepare to use HSTS for .mil domains and work to address any issues the move creates regarding the DOD’s defensive capabilities.</p> <p>Meanwhile, <strong>DOD will direct that all of its public-facing websites use HTTPS</strong>, regardless of the HSTS preload state, and authorize the use of HSTS on websites that are ready, Deasy says. Further, all HTTP requests will redirect to HTTPS. DOD will work with DHS on the HSTS rollout and issue a plan by the end of the year.</p> <p>In another area of website security, the DOD will shift away from website certificates it issued to <strong>publicly trusted certificates on its websites</strong>. By the end of August, this will happen for sites operated by the Defense Media Agency, which operates many of the Pentagon’s public information resources.</p> <p>By the end of the year, Deasy expects the DOD to move to public trust root and issuing certificate authorities, as well as supporting certificate transparency services.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 14 Aug 2018 15:12:59 +0000 phil.goldstein_6191 41316 at https://fedtechmagazine.com 5 Steps Feds Can Take to Achieve Tech Upgrades https://fedtechmagazine.com/article/2018/08/5-steps-feds-can-take-achieve-tech-upgrades <span>5 Steps Feds Can Take to Achieve Tech Upgrades </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 08/13/2018 - 13:33</span> <div><p>Many agencies are actively undertaking <strong>IT modernization efforts</strong>. Some are further along than others, but the message from Federal CIO Suzette Kent is clear: it is imperative <a href="https://fedtechmagazine.com/article/2018/05/citizens-expect-better-service-government-federal-cio-says">for agencies to modernize to improve citizen services</a>. </p> <p>The Agriculture Department is the <a href="https://fedtechmagazine.com/article/2018/07/qa-usda-cio-discusses-agencys-it-modernization-vision">lead agency for the General Services Administration’s Centers of Excellence initiative</a>, and updating IT related to customer service is a key focus at USDA. Other agencies are plowing ahead with migrations to <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft’</a>s <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Windows 10</a> to enhance security. And several are working with the <a href="https://www.usds.gov/" target="_blank">U.S. Digital Service</a> to modernize processes, adopt new software and <a href="https://fedtechmagazine.com/article/2018/06/usds-helps-drive-digital-transformation-government">take novel approaches to technology challenges</a>.   </p> <p>Government agencies looking to <strong>modernize must formulate a strategy to do so effectively.</strong> This means not merely making large investments in new technologies, but also<strong> thoroughly assessing the current state of IT operations </strong>and setting goals for where the agency wants to go. Here are five steps for federal IT leaders to follow as they <a href="https://fedtechmagazine.com/article/2018/03/how-your-agency-should-think-about-legacy-system-modernization-perfcon">strive to modernize their technology systems</a>. </p> <p><a href="https://fedtechmagazine.com/register?newsletter">SIGN UP: Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>1. Assess the State of IT at Your Agency </h2> <p>The first step of an IT modernization plan is to identify the systems, processes and job categories that need to be modernized. This should include <strong>a careful inventory of IT systems to determine what needs to be replaced</strong>. During the assessment, IT staff should consider how much the agency is spending and how long vendors will maintain support for specific products.</p> <p>Next, IT leaders and agency executives should<strong> identify the goals of the modernization effort</strong>. The <a href="https://fedtechmagazine.com/article/2018/07/employee-buy-good-planning-trigger-successful-it-modernization">more clearly agency leaders can spell out where they want to get to</a>, the more effectively they can plan on how to get there.</p> <h2>2. Consider Upgrading the Network or IT Management Platform </h2> <p>A modernization effort represents an opportunity to find new IT partners as well as to update processes.</p> <p><strong>A network upgrade is frequently a useful target for modernization</strong>, as the network powers everything else in an agency’s IT environment. Replacing older switches and routers with new hardware can provide support for the modernization of other technologies. In addition to improving bandwidth, security and efficiency, these upgrades will make every other step of IT modernization easier, as they will ensure that the network doesn’t serve as a choke point that hampers productivity and limits the adoption of new applications.</p> <p>Another valuable option is to <strong>deploy a unifying digital platform for centralized management of IT infrastructure</strong>. This centralized platform — or “single pane of glass” — allows agencies to view and manage data from throughout their organization. By collecting and integrating data from multiple types of sensors and applications, agencies can arrive at insights that help them to improve operational effectiveness, customize and expand systems, and inform the development of new apps.</p> <h2>3. Evaluate Both Public and Private Cloud Options </h2> <p><strong>Public cloud</strong> providers give agencies the flexibility to rapidly scale resources up or down without major capital outlays. <strong>Private clouds</strong> offer the same benefits around flexibility and automation, but with the added benefit of on-premises control. Agencies embarking on IT modernization plans should carefully consider both approaches, and may choose to combine them into a hybrid cloud or multicloud strategy.</p> <p>With the public cloud, agencies can <strong>modernize their IT systems without needing to “rip and replace” existing on-premises systems</strong>. And in many cases, they can replicate and even enhance the functionality of legacy systems by subscribing to <a href="https://fedtechmagazine.com/article/2018/03/why-army-corps-engineers-believes-saas">a cloud-based, Software as a Service version</a> of the same service.</p> <p>Although cost reduction has historically been a major motivator for organizations looking to push resources to the public cloud, agencies should <strong>take a careful look at their specific use cases and cost models</strong>. Often, organizations have found that private clouds are more economical for predictable, ongoing workloads. Also, private clouds are an especially good fit for agencies that must follow rigid guidelines about where and how data is managed and stored.</p> <p>The <a href="https://www.fedramp.gov/" target="_blank">Federal Risk Authorization and Management Program</a> helps agencies to ensure that their cloud deployments meet federal requirements.</p> <p>Migration is often <a href="https://fedtechmagazine.com/article/2018/04/How-to-Break-the-Cultural-Logjam-on-Federal-Cloud-Adoption">a challenge for many agencies in moving to the cloud</a>. Third-party IT partners can often provide valuable expertise in helping agencies identify the best path to the cloud and walk them carefully through the process.</p> <h2>4. Always Remember to Focus on Security</h2> <p>As they implement their IT modernization plans, agencies must <a href="https://fedtechmagazine.com/article/2018/04/how-feds-can-secure-legacy-it-systems">ensure that both new and old systems are as secure as possible</a>. A robust array of security tools will often include advanced malware detection, email security, web security, policy and access management, next-generation firewalls, network analytics and other solutions.</p> <p>Together, these security technologies can increase visibility across an agency’s entire network. As a result, agencies will be able to<strong> block malware before it enters their networks, detect malicious code hiding in encrypted data and analyze data</strong> to better understand threats and improve future defenses.</p> <h2>5. Find Help for IT Modernization from a Trusted Partner </h2> <p><strong>A trusted third party</strong> can also provide valuable assistance for agencies looking to modernize their systems. A partner may offer the expertise and perspective to perform an initial assessment, helping to provide agency leaders with an honest look at the state of various IT elements, such as cloud readiness and the status of the network. Third parties <a href="https://www.cdwg.com/content/cdwg/en/services/managed-services.html" target="_blank">also offer managed services</a>, such as <strong>network connectivity, colocation for backup and IT hosting; and managed cloud services, including Infrastructure, Desktop and Contact Center as a Service</strong>. Handing these IT chores off to a partner reduces the burden on in-house IT staff and allows them to focus on the agency’s mission.</p> <p>A <a href="https://www.cdwg.com/content/cdwg/en/solutions/digital-workspace.html" target="_blank">modernization of mobile IT tools</a> can benefit greatly from third-party services. A partner will work with IT staff and mobile carriers to ensure the agency’s enterprise mobile devices are automatically activated, enrolled and ready to use right out of the box. These services can include software configuration and imaging for a variety of devices, including smartphones and tablets, as well as tagging, tracking and laser etching to streamline asset management.</p> <p>Many agencies are opting for <strong>Device as a Service </strong><strong>offerings</strong><strong> from partners</strong>. Through a DaaS program, users receive fully supported, customized devices. Because the agency pays for the devices through a monthly subscription fee, it can shift procurement costs to an operating expense. The device provider manages technology refreshes, secures devices, operates management software, provides help desk services and recycles devices.</p> <p>Once a modernization program is underway, adoption and training services may smooth the transition. Even the most aggressive investments in new technologies won’t do agencies much good if they’re not being used. Most organizations can point to at least one or two end-user tools from over the years that simply haven’t gained traction with users inside the agency.</p> <p><strong>Trusted service providers can help spur adoption and train users</strong>, ensuring that agencies recoup their IT modernization investments. To take one example, some end users find video collaboration tools intimidating and, if left on their own, may never go through the simple steps of setting up an account and learning how to initiate video chats or meetings. After a short, focused training session, however, users often see the value of these systems and begin integrating them into their normal workflows.</p> <p><em>To learn how federal agencies can address their IT modernization challenges, read the CDW white paper “<a href="https://fedtechmagazine.com/resources/white-paper/how-it-modernization-improves-government">How IT Modernization Improves Government</a>.”</em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/fedtech-staff"> <div>FedTech Staff</div> </a> </div> <div class="author-bio"> <p></p> </div> </div> </div> </div> Mon, 13 Aug 2018 17:33:16 +0000 phil.goldstein_6191 41306 at https://fedtechmagazine.com How IT Modernization Improves Government https://fedtechmagazine.com/resources/white-paper/how-it-modernization-improves-government <span>How IT Modernization Improves Government </span> <div><p>Federal agencies face a constant challenge to deploy modern IT infrastructure.</p> <p>Many existing tools and services rely on <strong>legacy infrastructure</strong>. Technology budgets are limited, and the majority of dollars go to maintaining and operating existing systems, rather than toward new hardware and software. Cumbersome procurement processes also can make it difficult for agencies to quickly obtain and deploy new resources when they need them.</p> <p>Despite these hurdles, <strong>IT modernization is essential for agencies looking to improve operational efficiency, reduce overall technology costs, boost security and support employee productivity</strong>. Among the solutions that can help federal agencies achieve their goals for IT modernization are data center optimization, high-performance <strong>mobile devices, networking, security </strong><strong>and</strong><strong> data analytic</strong>s. Agencies can also derive significant value by obtaining resources and services from the outside — through public cloud providers, consulting and managed services, as well as through offerings such as Device as a Service (DaaS) programs.</p> <p>Effective implementation is essential to successful IT modernization. A solid strategy — combined with support from trusted service providers — can help agencies get there.</p> </div> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 08/10/2018 - 09:05</span> <img src="/sites/fedtechmagazine.com/files/document_images/FedTech-Aug2018whitepaper-ITmodernization.jpg" width="800" height="533" alt="Army officers working in a data center " typeof="foaf:Image" /> <div> <div>Document File</div> <div><span class="file file--mime-application-pdf file--application-pdf"><a href="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/document_files/government-it-modernization-federal.pdf" type="application/pdf; length=1201610">government-it-modernization-federal.pdf</a></span> </div> </div> Fri, 10 Aug 2018 13:05:19 +0000 phil.goldstein_6191 41296 at https://fedtechmagazine.com What Solutions and Services Can Best Support Federal IT Modernization? https://fedtechmagazine.com/article/2018/08/what-solutions-and-services-can-best-support-federal-it-modernization <span>What Solutions and Services Can Best Support Federal IT Modernization?</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 08/10/2018 - 09:03</span> <div><p>Federal agencies face daunting pressure from every direction. <a href="https://fedtechmagazine.com/article/2018/05/citizens-expect-better-service-government-federal-cio-says">Citizens want better services</a>; <a href="https://fedtechmagazine.com/article/2018/01/it-modernization-and-reform-get-new-oversight-2018">congressional overseers demand efficiency</a>; and agency executives <a href="https://fedtechmagazine.com/article/2018/06/cybersecurity-team-sport-dhs-official-says">expect </a><a href="https://fedtechmagazine.com/article/2018/06/cybersecurity-team-sport-dhs-official-says">secure,</a><a href="https://fedtechmagazine.com/article/2018/06/cybersecurity-team-sport-dhs-official-says"> optimized operations</a>.</p> <p>A number of cutting-edge technologies have emerged to help provide government agencies the capabilities they need to meet the demands of IT modernization. These tools range from <a href="https://fedtechmagazine.com/article/2017/11/race-protect-feds-laptops-and-mobile-devices">end-user devices</a> to <a href="https://fedtechmagazine.com/article/2018/02/fact-or-fallacy-can-hyperconvergence-scale-enough-help-feds">modern networking hardware</a> to resources in the <a href="https://fedtechmagazine.com/article/2018/06/your-agency-ready-move-cloud">public cloud</a>. Here are some of the solutions and services that can be <strong>particularly useful for government agencies undergoing IT modernization</strong>.</p> <p><a href="https://fedtechmagazine.com/register?newsletter">SIGN UP: Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>Cloud Solutions and Hybrid IT Gives Feds Flexibility </h2> <p>While the public cloud has a number of benefits to offer around <strong>scalability and flexibility,</strong> many organizations have made the mistake of underestimating the <a href="https://fedtechmagazine.com/article/2018/07/omb-hopes-new-cloud-smart-strategy-will-accelerate-migrations">challenge of making a successful cloud migration</a>. Moving resources to the cloud is not a simple matter of “lifting and shifting.”</p> <p>Rather, organizations must map out their application dependencies, <a href="https://fedtechmagazine.com/article/2018/02/how-agencies-can-optimize-their-data-centers-hybrid-it">determine which applications and data are a good fit for the public cloud</a> (or are even allowed to be stored and run with public cloud providers, depending on regulations) and compare prices and service-level agreements among different providers. Help may also be required to<strong> build out private clouds, migrate and test applications, and forge connections between private and public cloud environments</strong>.</p> <h2>New Data Center Technologies Let Agencies Gain Efficiencies </h2> <p>Depending on when on-premises IT infrastructure was last refreshed, government agencies may find that they have an <strong>array of new options available to them with regard to data center resources</strong>, due both to improvements in technology and drops in prices.</p> <p>Flash storage, for example, may have previously been out of reach for an agency, but falling costs may make it a good fit for use cases in which high availability of data is a top priority. Other data center technologies that may come into play during an agency’s IT modernization effort include next-generation networking, high-performance computing and software-defined solutions. <a href="https://fedtechmagazine.com/article/2018/02/how-hyperconvergence-simplifies-agencies-data-centers"><strong>Hyperconverged</strong></a><strong><a href="https://fedtechmagazine.com/article/2018/02/how-hyperconvergence-simplifies-agencies-data-centers"> infrastructure</a> is a popular choice for organizations</strong> adopting a hybrid cloud model.</p> <h2>Data Analytics and Business Intelligence Offer Insights </h2> <p>Advanced analytics solutions are becoming more accessible even to organizations with budget constraints, leading government agencies to <strong>experiment with the use of data analytics and business intelligence</strong> for tasks such as law enforcement, <a href="https://fedtechmagazine.com/article/2018/03/hhs-embraces-big-data-help-battle-opioid-crisis">public health</a> and the optimization of physical assets such as buildings and vehicles.</p> <p>Consulting services can help agencies without internal data analytics expertise <strong>take advantage of this emerging area and improve their services</strong>.</p> <h2>Enterprise Mobility Management Secures Mobile Devices </h2> <p>While government agencies have generally been slower than organizations in other industries to adopt mobility, <a href="https://fedtechmagazine.com/article/2018/07/air-force-msha-find-ways-free-workers-burden-paper">mobile solutions are now often a central part of the way employees at many agencies work</a>. Many agencies are looking to get away from owning devices internally, leading some to adopt <strong>BYOD programs</strong>, while others look to <strong>Device as </strong><strong>a Service offerings</strong> to equip users with the latest mobile technologies.</p> <p><a href="https://fedtechmagazine.com/article/2018/08/how-air-force-secures-and-customizes-its-mobile-solutions">Enterprise mobility management</a> solutions are a key component of any mobility plan, especially for agencies whose employees handle sensitive or regulated data.</p> <h2>Security Solutions Make Agencies Award of Vulnerabilities </h2> <p>Too often, organizations do not find out that their security solutions are inadequate <strong>until their networks have already been breached</strong>. <a href="https://www.cdwg.com/content/cdwg/en/solutions/cybersecurity/security-assessments.html" target="_blank">Security assessments</a> from a trusted partner can help<strong> identify gaps in agencies’ security strategies before they are exploited by cyberattackers</strong>. Assessments can include <a href="https://fedtechmagazine.com/article/2018/08/everything-you-need-know-about-vulnerability-testing">penetration testing</a>, in which solution experts launch harmless “attacks” against an agency’s network to find vulnerabilities, as well as policy and procedure assessments designed to ensure that organizations are appropriately complying with security standards.</p> <p>In addition to investments in IT infrastructure, government agencies often rely on a trusted third-party service provider that can offer knowledgeable, unbiased advice.</p> <p><em>To learn how federal agencies can address their IT modernization challenges, read the CDW white paper “<a href="https://fedtechmagazine.com/resources/white-paper/how-it-modernization-improves-government">How IT Modernization Improves Government</a>.” </em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/fedtech-staff"> <div>FedTech Staff</div> </a> </div> <div class="author-bio"> <p></p> </div> </div> </div> </div> Fri, 10 Aug 2018 13:03:37 +0000 phil.goldstein_6191 41301 at https://fedtechmagazine.com DARPA Wants to Explore Practical Tech Impact of Quantum Computing https://fedtechmagazine.com/article/2018/08/darpa-wants-explore-practical-tech-impact-quantum-computing <span>DARPA Wants to Explore Practical Tech Impact of Quantum Computing</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 08/09/2018 - 12:42</span> <div><p><strong>Quantum computing</strong> is not a technology widely used in the federal government today, but it could be in the future. The <a href="https://www.darpa.mil/" target="_blank">Defense Advanced Research Projects Agency</a> lives in the future, and it <strong>wants to know more about the technology</strong> now so that it can help the Pentagon get ahead of China and other adversaries.</p> <p>The Defense Department’s research arm last month <a href="https://www.fbo.gov/index?s=opportunity&amp;mode=form&amp;id=2dc9cb27145bc5a144d6e818bb090f21&amp;tab=core&amp;_cview=0" target="_blank">issued a request for information</a> on quantum computing, seeking input on <strong>how the technology will practically impact other areas, including artificial intelligence, physical systems </strong><strong>and</strong><strong> data analytics</strong>. Specifically, DARPA’s Defense Sciences Office is looking for information “on new capabilities that could be enabled by current and next generation quantum computers for understanding complex physical systems, improving” <strong>artificial intelligence, machine learning and enhancing distributed sensing.</strong> Notably, DARPA wants to explore quantum computing’s effects on “hard” science and technology problems and not cryptography.</p> <p>DARPA’s outreach to industry and academia comes as Congress <a href="http://www.sciencemag.org/news/2018/06/updated-quantum-physics-gets-attention-and-brighter-funding-prospects-congress" target="_blank">contemplates ramping up funding for quantum research</a>. DARPA says in its RFI that it wants to challenge the scientific, academic and private sector communities “to address the fundamental limits of quantum computing and to identify where quantum computing can relevantly address hard science and technology problems.”</p> <p>The RFI seeks responses on <strong>four key challenges</strong>: the fundamental limits of quantum computing, hybrid approaches to machine learning, interfacing quantum sensors with quantum computing resources, and quantum computing-inspired algorithms and processes that are applicable to classical computers.</p> <p>Responses are due Aug. 10 and will be used to identify participants and speakers for a potential workshop.</p> <p><a href="https://fedtechmagazine.com/register?newsletter">SIGN UP: Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>DARPA Wants to Understand How Quantum Computing Will Impact AI </h2> <p>First, some basics. What is quantum computing? <a href="https://fedtechmagazine.com/article/2016/07/will-quantum-computing-help-government-agencies-improve-cybersecurity">As <em>FedTech</em> has reported</a>:</p> <blockquote><p>Quantum computing harnesses the laws of quantum mechanics to carry out complex data operations. While traditional computers use bits (represented as either binary 1s or 0s), quantum computing harnesses quantum bits, known as qubits. These can be read as 1s, 0s, or both, providing exponential computing power over traditional computers by creating shortcuts in the computing process. The challenge, though, comes in scale. The more qubits a machine uses, the more likely a breakdown will occur.</p> </blockquote> <p>DARPA is concerned about <strong>how quantum-computing capabilities will develop and be limited</strong> over the near term (the next few years) and longer term (the next few decades).</p> <p>An issue of particular interest to DARPA is the potential impact of quantum computing on <strong>so-called “second wave” AI/ML optimization</strong>. Machine learning, DARPA says in the RFI, has “shown significant value in a broad range of real world problems, but the training time (due to the size and variety of the data needed for learning) and also network design space (due to a paucity of detailed analysis and theory for ML/deep learning (DL) systems) are large.”</p> <p>Quantum computing has the potential to “significantly decrease training time of currently standard ML approaches by providing quantum speedup on optimization subroutines,” DARPA notes in the RFI. New ML capabilities could potentially be unleashed by combining a limited number of quantum computers with either existing quantum sensors or classical computing resources, which might “bypass the problems of state preparation and interfacing to classical memory.”</p> <p>“In this case it has been posited that by aggregating quantum data from distributed sensors, <strong>a quantum computer may improve the performance beyond what could be classically achievable</strong>,” DARPA says.</p> <p>DARPA also seeks information on “adapting to classical computers some of the techniques that are being developed for handling quantum data (both at the algorithm level as well as protocols for loading, storing and transferring data).” Such “quantum inspired” approaches may<strong> “provide novel capabilities in terms of efficiency and speed,”</strong> DARPA notes.</p> <h2>Congress Aims to Ramp Up Quantum Research Funding</h2> <p>The U.S. is not the only country interested in and investing in quantum computing. Indeed, China <a href="https://www.axios.com/quantum-computing-computers-economy-china-0ce94671-fda6-410c-a895-4d891e5e7391.html" target="_blank">seeks</a> to be <a href="https://www.popsci.com/chinas-launches-new-quantum-research-supercenter" target="_blank">a leader in the field</a>, and “its government is building <strong>a $10 billion National Laboratory for Quantum Information Sciences</strong> in Hefei, Anhui Province, which is slated to open in 2020,” <a href="https://www.bloomberg.com/news/articles/2018-04-08/forget-the-trade-war-china-wants-to-win-the-computing-arms-race" target="_blank">Bloomberg News reports</a>.</p> <p>Last month, Sen. John Thune, chairman of the U.S. Senate Committee on Commerce, Science and Transportation, said in a statement that the U.S. “is now in a race with China and Europe to develop the next technological breakthroughs based on the power of quantum science. It's a race we must win.”</p> <p>Thune and Rep. Lamar Smith have introduced companion measures in the Senate and House, <strong>the National Quantum Initiative Act of 2018</strong>, to “help align and accelerate public and private research and development of quantum science,” as Thune’s statement puts it.</p> <p>Back in late June, the House Science, Space, and Technology Committee <a href="https://science.house.gov/news/press-releases/sst-committee-approves-national-quantum-initiative-act" target="_blank">unanimously approved</a> its version of the bill. The bill would establish a National Quantum Coordination Office within the White House Office of Science and Technology Policy “to oversee interagency coordination, provide strategic planning support, serve as a central point of contact for stakeholders, conduct outreach and promote commercialization of federal research by the private sector,” a statement from the committee says.</p> <p>Importantly, <a href="http://www.sciencemag.org/news/2018/06/updated-quantum-physics-gets-attention-and-brighter-funding-prospects-congress" target="_blank">as <em>Science</em> magazine notes</a>, the bill would authorize three agencies — the Energy Department, the National Institute of Standards and Technology and the National Science Foundation — to together spend <strong>$1.275 billion</strong> from 2019 to 2023 on quantum research. DOE would get $625 million of that total, NIST would receive $400 million and NSF would get $250 million.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 09 Aug 2018 16:42:00 +0000 phil.goldstein_6191 41291 at https://fedtechmagazine.com How DCIM Can Help Agencies with the Data Center Optimization Initiative https://fedtechmagazine.com/article/2018/08/how-dcim-can-help-agencies-data-center-optimization-initiative-perfcon <span>How DCIM Can Help Agencies with the Data Center Optimization Initiative</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 08/08/2018 - 11:00</span> <div><p>Imagine you’re upgrading your 40-year-old house with technology to make its functions more efficient. A smart meter system could monitor and manage the home’s energy usage. An automated doorbell would allow you see remotely who’s there. Sensors can cut off the water supply if a pipe breaks, so it won’t cause a costly flood.</p> <p>Any of these changes would save you money, protect your property or make you and your family more secure. <strong>Which, though, is the best investment? Which would give you the most improvement for the expense?</strong> The smart energy system, for example, wouldn’t bring as much bang for the buck if the house has old, poorly insulated windows that waste heating and cooling and need replacement.</p> <p>Federal agency leaders must ask themselves the same questions about upgrades to the aging and expansive infrastructure of their data centers — the houses, so to speak, for the reams of information they keep. Multifaceted technology known as <strong>Data Center Infrastructure Management</strong> is helping them find the answers.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>What Is the DCOI?</h2> <p>In 2010, a federal initiative to <strong>streamline data center operations </strong>and reduce energy consumption and physical footprint led to <a href="https://www.congress.gov/bill/113th-congress/house-bill/1232" target="_blank">the 2014 Federal Information Technology Acquisition Reform Act</a>. The <a href="https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2016/m_16_19_1.pdf" target="_blank">Data Center Optimization Initiative</a> (DCOI) was established two years later to set the requirements for agencies to report on their status and plans for consolidating infrastructure, increasing efficiency, boosting security and reducing costs. The goal: savings of $2.7 billion.</p> <p>“Right now, some agencies are spending <strong>75 percent </strong>of their IT budget on legacy systems. That’s a lot,” says <a href="https://www.idc.com/getdoc.jsp?containerId=PRF004840" target="_blank">Shawn McCarthy</a>, research director for IDC Government Insights. “By encouraging agencies to combine data centers, combine applications (when possible) and migrate away from older systems, the initiative <strong>urges agencies toward great efficiencies in their data centers</strong>.”</p> <p>Congress <a href="https://www.congress.gov/bill/115th-congress/house-bill/3243/text" target="_blank">recently extended</a> the September 2018 deadline for agencies to meet the DCOI requirements to <strong>October 2020</strong>. <a href="https://www.gao.gov/assets/700/691959.pdf" target="_blank">A Government Accountability Office report</a> released in May estimated that the 24 agencies targeted by the DCOI will save $1.62 billion by the end of 2018 — just over half the goal — and found that only four of those agencies would meet all optimization requirements by that original deadline.</p> <p>However, David Powner, the GAO’s <a href="https://www.fedscoop.com/dave-powner-gao-leaving-august/" target="_blank">outgoing director of IT management issues</a>, says that the DCOI has enabled agencies to discover data centers in their IT environments — even if they are tiny — and, more importantly, to <strong>determine the applications running on those servers</strong>. In the past, many agencies did not have that information, meaning they were unaware of the security threats that IT equipment and associated apps might be exposed to.</p> <p>“If you’ve got equipment running out there and you don’t know what’s on it, <strong>there’s</strong><strong> security vulnerabilities</strong>,” he says, noting that DCOI has helped agencies inventory their IT environments and improve their security posture.</p> <h2>What Is DCIM?</h2> <p>Data Center Infrastructure Management lays the path toward greater efficiency. Agency IT officials <strong>cannot figure out how to consolidate and optimize without knowing the equipment and data they have</strong>, the space and energy demands of that data, the potential security problems and the potential to apply new technology, says Daniel Kent, chief technology officer of U.S. public sector for <a href="https://www.cdwg.com/content/cdwg/en/brand/cisco.html" target="_blank">Cisco Systems</a>’ federal organization, a DCIM service provider to government agencies.</p> <p>“We have to help them get from the legacy world to this new world,” he says.</p> <p>DCIM is not a single type of technology. The concept encompasses an array of tools that IT leaders can use to <strong>oversee, scrutinize and understand their systems, from power consumption to data storage</strong>.</p> <p>DCIM, <a href="https://www.gartner.com/it-glossary/data-center-infrastructure-management-dcim" target="_blank">as Gartner notes</a>, lets agencies monitor, measure, manage or control the utilization and energy consumption of all IT-related equipment in a data center, like servers, as well as facility infrastructure components, like power distribution units.</p> <p>“It has a heavy focus on monitoring what is being used in the data center,” McCarthy says. “The end game is to collect some good, hard data from which to make decisions.”</p> <p>DCIM ideally <strong>takes control of a hodgepodge of data collection across the government</strong>. From there, agencies can develop strategies to modernize.</p> <p>“You’re putting tools in the right place to get an end-to-end view of your data center,” says Gary Hix, director of engineering for <a href="https://www.cdwg.com/search/?b=hds" target="_blank">Hitachi</a> Vantara Federal, which also provides government DCIM services.</p> <p>A Navy ship has millions of sensors, but without management, that just creates a flow of unrelated information, Hix says. DCIM gathers the data that comes in, correlates it and finds patterns to determine the most relevant improvements. For the Navy, it might show that an easy task like scraping the barnacles off a ship’s surface would reduce drag and improve speed.</p> <p>“We need to identify the mission benefits of that data,” Hix says.</p> <h2>How Can Agencies Implement DCIM Technology?</h2> <p>An agency’s DCIM strategy may affect how an agency moves to the cloud. Some IT leaders believe that moving all data to the cloud will solve their data center optimization problems.</p> <p>But those who specialize in DCIM caution that <strong>an all-cloud plan isn’t suitable for every agency or every application</strong>. IT experts advocate a hybrid cloud approach, as Kent calls it, identifying applications that can easily move to and work best in the cloud and those that are more complicated and better to keep on proprietary systems.</p> <p>“We believe cloud is not a destination. It’s an operating model,” agrees Steve Septoff, vice president of infrastructure solutions for <a href="https://www.cdwg.com/content/cdwg/en/brand/emc.html" target="_blank">Dell EMC</a> Federal, another government service provider. Agencies “need to think about workloads. They need to think about applications,” he says.</p> <p>DCIM shows agencies the space and energy demands of each application, so IT leaders can figure out which would benefit most from moving to the cloud. That analysis is the sweet spot of DCIM.</p> <p>Agencies with cumbersome systems also can benefit from flexible consumption, Hix says.</p> <p>If they buy a whole terabyte for more storage, for example, they’ll have to shift data to the new server over time, so a large portion of that storage space goes unused in the interim. With a flexible model, they’d only buy the amount of storage they need when they need it, helping them avoid large costs up front.</p> <p>“Too often, we try to boil an ocean in IT,” Hix says. <strong>“You become paralyzed, almost, just by the size of your infrastructure.”</strong></p> <h2>How Can DCIM Technology Help Agencies Meet DCOI Requirements?</h2> <p>A primary goal of the DCOI is to address the sheer volume of data centers — servers tucked into closets, stacked in rooms never intended for such operations — what Kent calls “the sprawl of compute.”</p> <p>The DCOI envisions that consolidation would <strong>close at last 60 percent</strong> of so-called “non-tiered” data centers. “Tiered” data centers encompass a separate physical space with a consistent power supply, dedicated cooling system and backup power generation for prolonged outages.</p> <p>Data centers use a huge amount of energy to run servers and reduce the heat they emit. <strong>To control power consumption, agencies need a good grasp of the hardware in their centers</strong>, says Tim Silk, senior manager of systems engineering for Cisco’s U.S. public sector.</p> <p>“It’s most helpful at helping data center managers and CIOs get the big picture when they have one or more sprawling data centers with a wide range of resources,” McCarthy says.</p> <p>Agencies with the oldest equipment have the widest gap to traverse to optimization. The <a href="https://www.faa.gov/" target="_blank">Federal Aviation Administration</a>, for example, needs to upgrade its systems, but that takes time, and air travel can’t grind to a halt during the process, Kent says. Moving some data to the cloud could relieve the burden on that system while upgrades take place over time.</p> <p>The cloud also allows agencies to share services and information — virtual, rather than physical, consolidation — leading to faster deployment and the ability to scale out quickly, Silk says. “It can provide them better management of their data, which is one of the biggest problems we have in government.”</p> <p>Under DCOI, agencies in most cases cannot expand data center infrastructure. New information, however, continues to pour in from an increasing number of smart devices intended to improve operations.</p> <p><strong>“There’s data all around us,” Hix says, “and a lot of the time, we aren’t doing anything with it.”</strong></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/carolyn-shapiro"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/Carolyn%20Shapiro%20headshot.jpg?itok=jAl8Kga-" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/carolyn-shapiro"> <div>Carolyn Shapiro</div> </a> </div> <div class="author-bio"> <p> <div><p>Carolyn Shapiro is a freelance journalist based in Burlington, Vt., with expertise in covering business and technology, health and science, consumer issues and the food industry.</p> </div> </p> </div> </div> </div> </div> Wed, 08 Aug 2018 15:00:34 +0000 phil.goldstein_6191 41281 at https://fedtechmagazine.com