FedTech - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en How Feds Can Ensure Everyone Can Access Tech Tools https://fedtechmagazine.com/article/2018/06/how-feds-can-ensure-everyone-can-access-tech-tools <span>How Feds Can Ensure Everyone Can Access Tech Tools </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 06/22/2018 - 12:44</span> <div><p>Agencies have been making their IT systems accessible to users with disabilities since 1973, when Section 508 of <a href="https://www.access-board.gov/the-board/laws/rehabilitation-act-of-1973" target="_blank">the Rehabilitation Act </a>made it a requirement. Now IT teams have <strong>a new challenge with regard to accessibility</strong>.</p> <p><a href="https://www.access-board.gov/guidelines-and-standards/communications-and-it/about-the-section-508-standards" target="_blank">The U.S. Access Board</a> released a new set of <a href="https://www.access-board.gov/guidelines-and-standards/communications-and-it/about-the-ict-refresh" target="_blank">Section 508 requirements in 2017</a> designed to meet modern accessibility standards. Compliance with those standards <strong>became mandatory for federal agencies on Jan. 18</strong>. (Legacy technology that complies with the original standard is exempt.)</p> <p>To meet the new requirements, agencies have to understand them. Here are key considerations that IT teams must deal with as they strive to meet the new Section 508 standards.</p> <p><a href="https://fedtechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>How Agencies Can Work with Vendors to Comply with Section 508 </h2> <p>Section 508 applies to all information and communication technologies used by federal agencies. That includes <strong>hardware and software, phone systems, videoconferencing tools, copiers, printers and similar equipment</strong>.</p> <p>Most of these products are purchased from vendors, generally leaving agencies outside the development and testing loop — but that <strong>does not remove</strong> the Section 508 accessibility requirements.</p> <p><a href="https://www.acquisition.gov/browsefar" target="_blank">The Federal Acquisition Regulation</a> also incorporates Section 508 requirements. Agencies must include accessibility considerations at each of the four stages of the acquisition process:</p> <ul><li><strong>Need:</strong> Agencies must include Section 508 considerations when defining the requirements for a purchase of information and communications technologies.</li> <li><strong>Requirement: </strong>Agencies must identify the specific Section 508 requirements that apply when developing product requirements.</li> <li><strong>Research: </strong>Agencies must assess the availability of technology solutions that meet Section 508 requirements.</li> <li><strong>Solicitation: </strong>Unless an exception applies, agencies must ensure that the technology solutions they purchase meet Section 508 requirements.</li> </ul><p>Vendors that commonly deal with government agencies are likely already familiar with the Section 508 requirements. Many offer <strong>configuration settings and options for government agencies to meet accessibility standards</strong>. Some companies’ websites include a Section 508 page, which lists accessible products and how they comply with the regulations.</p> <p>Acquisition officials can refer to these voluntary product accessibility template documents, which provide accessibility information in a standard format, as they compare how well competing products comply with Section 508. <a href="https://www.section508.gov/" target="_blank">The General Services Administration’s Section 508 website</a> also contains several checklists for agencies to follow as they <strong>determine whether their existing technology complies with the regulations</strong>.</p> <h2>DHS Offers Agencies a Trusted Tester Program</h2> <p>Agencies should go beyond simply developing and publishing content and applications that they believe meet accessibility guidelines; they should also test accessibility. <a href="https://www.dhs.gov/interagency-trusted-tester-program" target="_blank">The Interagency Trusted Tester Program</a>, created by the Department of Homeland Security, offers one way to meet this requirement.</p> <p>The Trusted Tester approach provides training and certification to individuals who specialize in the accessibility testing process. Developers from agencies implementing this process are<strong> trained on code-based inspection techniques, then become certified as Trusted Testers authorized to certify code and content within their own agencies</strong>. This approach ensures that testing occurs in a consistent and effective way both within an agency and across the government.</p> <h2>Agencies Must Modernize Web Accessibility</h2> <p>Because the web is now the most common point of interaction between the federal government and constituents, the new Section 508 requirements have <strong>a visible impact on the way agencies develop and maintain web content</strong>.</p> <p>Rather than reinvent the wheel by creating its own web accessibility standards, the Access Board adopted the industry-standard <a href="https://www.w3.org/TR/WCAG20/" target="_blank">Web Content Accessibility Guidelines version 2.0</a>. Federal websites must conform with WCAG Level AA, which requires that websites address the “most common barriers for disabled users.”</p> <p>To confirm Level AA compliance, the WCAG guidelines <strong>provide specific tests that follow four basic principles of accessibility</strong>. The first is that <strong>content must be perceivable</strong> — every user should be able to perceive the content being presented. For example, red text on a green background would not be perceivable to an individual with red-green color blindness. Similarly, an uncaptioned video would not be perceivable to a hearing-impaired user.</p> <p>Next,<strong> websites must be operable</strong>, with interfaces that can be used by individuals with disabilities. A website that requires the use of a mouse pointer, for example, may not be operable by individuals with a physical disability that affects the hands.</p> <p>Third, <strong>websites should be understandable</strong>, relying on intuitive content and interfaces that all users can comprehend. For example, a website that is written at a 12th-grade reading level may not be understandable to a user with a cognitive disability.</p> <p>And finally, <strong>websites must be robust, with content viewable through a wide variety of assistive technologies</strong>. For example, a website that does not use HTML tags correctly may not be viewable using web browsers designed for the visually impaired.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/mike-chapple"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/mike_chapple_updated.jpg?itok=PSiizevj" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/mike-chapple"> <div>Mike Chapple</div> </a> </div> <div class="author-bio"> <p> <div><p>Mike Chapple is associate teaching professor of IT, analytics and operations at the University of Notre Dame. </p> </div> </p> </div> </div> </div> </div> Fri, 22 Jun 2018 16:44:43 +0000 phil.goldstein_6191 41071 at https://fedtechmagazine.com How Agencies Can Accelerate IT Modernization on the Ground https://fedtechmagazine.com/article/2018/06/how-agencies-can-accelerate-it-modernization-ground <span>How Agencies Can Accelerate IT Modernization on the Ground</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 06/22/2018 - 09:26</span> <div><p>The <a href="https://fedtechmagazine.com/article/2018/05/fitara-scores-drop-newest-report" target="_blank">latest scorecards</a> measuring agencies’ progress in <a href="https://oversight.house.gov/wp-content/uploads/2018/05/OGR-Scorecard-6.0-details-v2-.pdf" target="_blank">meeting the mandates of the Federal Information Technology Acquisition Reform Act</a> showed that 11 of the 24 agencies received lower grades since the last scorecard was released in November, and none got the top mark of A.</p> <p>Many of the agencies saw their grades, which were released in late May, slide due in part to three measures, <a href="https://www.fedscoop.com/3-scores-tanked-agencies-fitara-scorecard/" target="_blank">as FedScoop notes</a>: their ability to track <strong>their use of software licenses, ensure agency CIOs report to department secretaries or their deputies, and establish working capital funds</strong> authorized by <a href="https://fedtechmagazine.com/article/2017/12/how-mgt-act-will-spur-agencies-it-investments-2018-and-beyond">the Modernizing Government Technology Act</a>. Some CIOs disputed aspects of the grades, with Agriculture Department CIO Gary Washington saying the scorecard’s current grade on the agency’s IT investment portfolio is not “reflective of the progress we’ve made.”</p> <p>Agencies will likely continue to make progress in shuttering data centers, tracking software and modernizing IT. However, there are some actions they can take to spur progress, and some stumbling blocks Congress and the Trump administration can take out of their way, says Steve Harris, senior vice president and general manager of <a href="https://www.cdwg.com/content/cdwg/en/brand/dell-emc-interstitial.html" target="_blank">Dell EMC Federal</a>.</p> <p>If agencies want to not just get better FITARA scorecard grades but actually upgrade their IT to more modern architectures, they need to <strong>accelerate their data center optimization and consolidation efforts</strong>, Harris says. Congress also needs to <strong>stop funding agencies via continuing resolutions, and agencies need more stable IT leadership</strong>, he argues.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>How to Accelerate Data Center Modernization</h2> <p>A key element of the FITARA scorecard is measuring agencies’ progress on implementing <a href="https://fedtechmagazine.com/article/2016/08/optimization-strategy-aims-shutter-half-federal-data-centers" target="_blank">the Data Center Optimization Initiative</a>. The scorecard notes that <strong>17 agencies saw their DCOI grades stay the same, five improved and two saw declines</strong>. Only four agencies received A grades.</p> <p>Improving data center optimization and consolidation will help agencies “make a ton of progress across the board,” especially if they embraced <a href="https://fedtechmagazine.com/article/2018/02/fact-or-fallacy-can-hyperconvergence-scale-enough-help-feds">hyperconverged</a><a href="https://fedtechmagazine.com/article/2018/02/fact-or-fallacy-can-hyperconvergence-scale-enough-help-feds"> infrastructure</a> (HCI) and <a href="https://fedtechmagazine.com/article/2017/03/feds-are-embracing-software-defined-data-centers-flexibility-cost-savings">software-defined data centers</a> (SDDCs) Harris tells FedTech.</p> <p><strong>“The quicker we can get to those implementations of real, modern IT, the better,” </strong>he says. “You will be killing two or three birds with one stone.”</p> <p>By retiring legacy data center platforms and embracing automation, agencies can meet DCOI’s goals of <strong>smaller data center footprints and also repurpose IT personnel</strong> to <a href="https://fedtechmagazine.com/article/2018/03/usdas-sheridan-cloud-way-out-infrastructure-death-spiral">focus on higher-value IT projects than monitoring a data center</a>.</p> <p>“It’s a big key to moving forward on a revolutionary rather than an evolutionary basis,” Harris says. “Everybody has got their toes, if not their whole foot, in there right now. It’s time to jump in.”</p> <p>Harris estimates that only about 5 to 20 percent of federal workloads are currently run via SDDCs. More needs to be done to accelerate adoption of these technologies. “We have to get many more modernization projects in production right now, a bunch of them simultaneously,” he says.</p> <p>Adoption of HCI is doubling year over year in the federal market, but only from a small base, Harris says. “We’re <strong>still barely scratching the surface</strong> as it pertains to the” roughly $80 billion <a href="https://itdashboard.gov/" target="_blank">annual federal IT budget</a>. “The bulk of IT still needs to be modernized,” he says.</p> <p>In order to get more modernization projects in production simultaneously, Harris advises agencies to more broadly <a href="https://fedtechmagazine.com/article/2018/06/embrace-agile-development-training-everyone-once">adopt agile software development</a> and<strong> develop cloud-native applications that can be easily moved to virtualized environments</strong>.</p> <p>Agencies now <a href="https://fedtechmagazine.com/article/2018/03/new-tech-and-policies-can-help-agencies-optimize-data-centers">have until Oct. 1, 2020, to meet DCOI deadlines</a>, but what Harris described is a multiyear process. “If you are going to have a meaningful proportion of your IT hosted” in the cloud or virtualized environments by that deadline, he says, “you need an awful lot of projects.”</p> <h2>The Role of Congress and Agency IT Leadership in Modernization</h2> <p>Upgrading IT on a massive scale is difficult to pull off in the best conditions. Harris says it’s especially difficult for agencies to do when Congress keeps appropriating money for agencies via continuing funding resolutions instead of the normal appropriations process (there are usually <a href="http://www.alaskajournal.com/2018-06-20/%E2%80%98poison-pill%E2%80%99-free-interior-dept-spending-bill-moves-ahead#.WyrFSBJKg2I" target="_blank">12 separate appropriations bills</a>.)</p> <p><strong>“You can’t start a net-new project under a continuing resolution,” </strong>Harris says. “You are kind of stuck just continuing projects” that were previously funded. Agencies may have some transformational IT projects teed up, he notes, but they’re waiting to get proper appropriations to start them.</p> <p>“It doesn’t feel like everybody has their money across the agencies,” he says.</p> <p>Noting that the fiscal year ends Sept. 30, Harris says that Congress is just now starting to move on appropriations for fiscal year 2019.<strong> Having all of the appropriations bills signed into law by Oct. 1 would help move IT modernization projects along</strong>, according to Harris.</p> <p>Agencies have also been hamstrung by significant turnover in IT leadership and “gaps in the command chain,” Harris says. There are still <a href="https://www.cio.gov/about/members-and-leadership/" target="_blank">five agencies</a> with acting CIOs on the federal CIO Council. “It slows down appropriations and decision-making,” Harris says.</p> <p>Additionally, some CIOs who are permanent are <strong>still relatively new to the top job</strong>.</p> <p>However, Harris has seen some forward momentum. “We’re a lot further along than we have been at any other time in the last 15 to 16 months,” he says. “I see everybody picking up steam now.”</p> <p>IT modernization is a long-term endeavor that requires a lot of coordination and effort, Harris says.<strong> “It’s not like you can unscrew an incandescent lightbulb” </strong>and pop in an LED bulb.</p> <p> </p> <p>“These projects we’re asking people to take on involve impacts on the end user,” he says. “It requires investment. If you are waiting to apply for money from the MGT Act, you have to hope your project is selected and that you get money.<br /> You need to have a contingency plan around self-funding.”</p> <p><a href="http://www.cdw.com/dell" target="_blank"></a><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/brand/dell-emc-interstitial.html?cm_mmc=vanity-_-dell-_-NA-_-032018" target="_blank"><img alt="Dell%20EMC%20Federal.jpg" src="/sites/fedtechmagazine.com/files/Dell%20EMC%20Federal.jpg" /></a><br /><em>Federal agencies are at the crossroads of mandate and mission; eager to modernize IT, but still struggling to maintain legacy systems. Directives like the Federal Information Technology Acquisition Reform Act (FITARA) provide a framework for moving ahead, but only Dell has the tools to help agencies build a new architecture and make the transition seamlessly.</em></p> <p> </p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 22 Jun 2018 13:26:00 +0000 phil.goldstein_6191 41056 at https://fedtechmagazine.com EIS Is an Opportunity for Network ‘Transformation,’ Kent Says https://fedtechmagazine.com/article/2018/06/eis-opportunity-network-transformation-kent-says <span>EIS Is an Opportunity for Network ‘Transformation,’ Kent Says</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 06/20/2018 - 14:38</span> <div><p>Deadlines are starting to loom for agencies to transition to the General Services Administration’s <strong>$50 billion</strong> <a href="https://www.gsa.gov/technology/technology-purchasing-programs/telecommunications-and-network-services/enterprise-infrastructure-solutions" target="_blank">Enterprise Infrastructure Solutions contract</a>, which will enable agencies to modernize their network infrastructures and embrace new architectures, including software-defined networking (SDN). Federal CIO Suzette Kent thinks it’s <strong>an opportunity that shouldn’t go to waste</strong>.</p> <p>As agencies prepare to issue their first task order solicitations and requests for proposals under EIS, Kent urged them to use the transition away from the government’s Networx contract as a chance to <strong>truly modernize their networks and lay the foundation for future innovation</strong>.</p> <p>Kent noted that transitions of any type are a lot of work but that coordination of technology, change management processes and “people management” are critical with EIS. The Office of Management and Budget has been working with GSA to “make sure agencies understand what an important opportunity this represents.”</p> <p>“We’re not going after point-to-point solutions” with EIS, Kent said Tuesday at <a href="https://www.actiac.org/2018-eis-network-modernization-forum-0" target="_blank">the ACT-IAC EIS Network Modernization Forum</a> in Washington, D.C. <strong>“This is a transformation opportunity.”</strong></p> <p>According to Kent, EIS can help agencies eliminate redundant contracts and move more quickly to new network architectures and capabilities. The vehicle provides and supports the efficient use of acquisition experts and technology resources. She and other federal IT leaders from OMB and GSA who spoke at the forum urged agencies to <strong>get buy-in and involvement from agency IT leaders and address transition challenges early</strong>.</p> <p>Officials from several agencies said at the forum they were moving forward with plans to issue solicitations under EIS.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>What Will EIS Enable for Network Modernization?</h2> <p>Last summer, <a href="https://fedtechmagazine.com/article/2017/08/gsa-awards-50-billion-eis-contract-10-companies">GSA awarded 10 prime contracts</a> for EIS, and vendors are moving toward being able to offer agencies services. <a href="https://fcw.com/articles/2018/06/19/eis-update-rockwell.aspx" target="_blank">As <em>FCW</em> reports</a>:</p> <blockquote><p>Although GSA's testing for the vendors is formally slated to be completed by the fall, some vendors are getting their operations set to allow testing to be completed early. After that testing is completed, the contractors must obtain an Authority to Operate certification before they can provide services to agencies.</p> </blockquote> <p>EIS requires agencies to transition away from the Networx contracting vehicle by the spring of 2020. Agencies will be able to take advantage of next-generation network technology through EIS —<strong> including SDN and 5G wireless networks </strong>— for the foreseeable future.</p> <p>EIS is expected to extend until 2032. Technology will continually be updated and refreshed under the vehicle, and the contract also builds in time at the end for a transition to a new vehicle.</p> <p>Agencies face two clear choices with EIS. One is <strong>a “like for like” transition</strong>, in which agencies would move to services under EIS that are similar to those they use now.<strong> The other route is “modernization,” in which agencies would jump forward technologically. </strong>Many agencies are expecting to choose the latter.</p> <p>According to <a href="https://www.usgs.gov/staff-profiles/tim-quinn" target="_blank">Tim Quinn</a>, associate CIO for the U.S. Geological Survey, a component of the Interior Department, the agency has been discussing EIS internally for more than a year. During a panel discussion at the forum, he said the agency decided to call its EIS transition plans<strong> “great big change.”</strong></p> <p>Without disclosing what will be in USGS’s statement of work for EIS, he described what the agency hopes to eventually be able to do with its network. Imagine, he said, the agency detects there will be an earthquake in California. What if, <strong>10 to 15 seconds before the quake hits, USGS can send messages to utility and building operators’</strong> connected devices so that garage doors open, elevators go to the nearest floor and open, trains are slowed down and gas mains are secured?</p> <p>USGS plans to add tens of thousands of wireless sensors to its network in the years ahead as prices for sensors drop, Quinn said. The agency will need to <strong>“go big” with EIS to be able to accomplish the kinds of network functions he described</strong>. And that was his message to other agencies as well.</p> <p>“Go big. Put your business first,” he said. “In my case, it’s the scientists. Scientists are trying to put the American public first. How can I get that information to them, such that they can do something about it and it makes a gigantic economic impact?”</p> <p>The kinds of precautionary measures that a more advanced network could enable <strong>could save millions of dollars in damages in an earthquake</strong>, Quinn claimed.</p> <h2>What Agencies Need to Do to Ensure EIS Success</h2> <p>Technology is just one element of a successful EIS transition, officials said at the forum. <a href="https://www.linkedin.com/in/crystal-philcox/" target="_blank">Crystal Philcox</a>, GSA’s deputy assistant commissioner for category management, said agencies need to move to EIS as one unit.</p> <p><strong>“It’s critical to get different factions in your agency on board — your business, financial and IT folks all need to be on board,” </strong>she said at the forum, <a href="https://www.nextgov.com/it-modernization/2018/06/officials-heres-how-not-screw-50-billion-networking-contract/149137/" target="_blank">according to Nextgov</a>.</p> <p>Agency officials are more likely to get on board with the transition plans if they are able to understand how an enhanced network will benefit them, she said. For example, an enhanced network could enable more telework opportunities.</p> <p>Federal Deputy CIO Margie Graves also said that it’s critical for agency leadership to back EIS transition plans, because if the transition gets delegated to lower-level employees, they will most likely simply recreate existing services and not push for modernization. In addition to <strong>researching new technologies and structuring contracts to be able to add them easily in the future</strong>, Graves offered other advice.</p> <p>“Know what your specific transition challenges are — whether they’re in the realm of policy, finance or acquisition — and <strong>get those to the table as quickly as possible</strong> with the experts who can help you,” she told Nextgov.</p> <p>Some agencies are moving full steam ahead. Iris Cooper, the Treasury Department’s senior procurement executive, confirmed Tuesday that the agency is expecting to issue its first task order solicitation for work under EIS next month, and that the solicitation will be led by CIO Eric Olson, <a href="https://www.fedscoop.com/treasury-plans-issue-eis-task-order-solicitation-july-official-says/" target="_blank">FedScoop reports</a>.</p> <p>That represents a shift in the acquisition process that “will likely be welcomed by congressional members clamoring for agencies to give the tech executives more leadership authority,” the publication reports.</p> <p><strong>“I think the biggest surprise today is that we changed the source selection authority to the CIO,” </strong>Cooper said. “It was the right thing to do. He owns it [with the Federal IT Acquisition Reform Act]. He’s responsible. He doesn’t pick his favorite, there’s a whole process, but I think it’s the right thing to do when we put people in charge of programs that they have to own and be responsible for.”</p> <p>Meanwhile, <em>FCW</em> reports that the Social Security Administration is not going to make EIS awards immediately but is “currently evaluating” several responses to its request for proposals. <em>FCW</em> also reports that the Justice and Labor departments recently issued RFPs, according to GSA.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 20 Jun 2018 18:38:59 +0000 phil.goldstein_6191 40996 at https://fedtechmagazine.com How the Intelligence Community Will Make Use of Microsoft’s Azure https://fedtechmagazine.com/article/2018/06/how-intelligence-community-will-make-use-microsofts-azure <span>How the Intelligence Community Will Make Use of Microsoft’s Azure </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 06/19/2018 - 12:00</span> <div><p>The intelligence community can always use <strong>more technological capabilities</strong> as it seeks to conduct espionage and ferret out national security threats.</p> <p>That’s a key reason why last month the IC struck an agreement with <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a> to use the software giant’s <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft/windows-10.html" target="_blank">Windows 10</a> platform and Cloud for Government, including <a href="https://www.cdwg.com/content/cdwg/en/brand/office365.html" target="_blank">Office 365</a> U.S. Government and <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoftazure.html" target="_blank">Azure</a> Government. <a href="https://www.bloomberg.com/news/articles/2018-05-16/microsoft-wins-lucrative-cloud-deal-with-intelligence-community" target="_blank">As Bloomberg News reports</a>, “Microsoft’s new deal renews and expands a previous agreement” between the Office of the Director of National Intelligence (ODNI) and <a href="https://www.cdwg.com/content/cdwg/en/brand/dell-emc-interstitial.html" target="_blank">Dell</a>, which licenses Microsoft’s products to the federal government.</p> <p>In an interview <a href="https://federalnewsradio.com/ask-the-cio/2018/05/intelligence-community-brings-on-microsoft-as-key-piece-to-second-epoch-of-icite/" target="_blank">with Federal News Radio</a>, John Sherman, CIO in the ODNI, says that the agreement not only gives the nation’s 17 intelligence agencies<strong> access to cloud-based productivity services via Office 365 but cognitive computing capabilities in Azure</strong>. The cloud platform enables the IC to more rapidly adopt artificial intelligence, which has been <a href="https://fedtechmagazine.com/article/2017/10/why-intelligence-agencies-are-so-interested-ai">a key area of focus for the country’s spy agencies</a>.</p> <p>Under the agreement,<strong> each agency can choose whether and when to adopt Microsoft’s cloud</strong>, Dana Barnes, the vice president of Microsoft’s national security group, tells Bloomberg.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP:</strong> Get more news from the <em>FedTech </em>newsletter in your inbox every two weeks!</a></p> <h2>Microsoft Deal Helps Intelligence Community Adopt AI</h2> <p>Sherman has made clear that the intelligence community will not be locked into any one vendor and will continually go in search of new IT capabilities to fulfill its mission.</p> <p>“One of the things I’ve got clear guidance on is <strong>we will always be looking for new technologies, new industry capabilities on cloud computing</strong>,” Sherman tells Federal News Radio.</p> <p>“One of the priorities we have in the IC is to move to artificial intelligence and machine learning, and this cloud computing foundation is absolutely critical in getting us there,” he notes. The Microsoft platform is “complementary to the broader arrows in our quiver.”</p> <p>Indeed, Toni Townes-Whitley, Microsoft's corporate vice president of industry, <a href="https://blogs.microsoft.com/blog/2018/05/16/microsoft-dell-enter-into-transformative-agreement-with-the-us-intelligence-community-for-microsoft-cloud-services-for-government/" target="_blank">writes in a company blog post</a> that the deal “positions Microsoft to help the IC achieve its mission at home and around the world with a trusted cloud and modern workplace solution that keeps critical data secure, <strong>while delivering advanced capabilities including artificial intelligence, machine learning </strong><strong>and</strong><strong> large-scale data analysis</strong>.”</p> <p>Among the capabilities Townes-Whitley touts for Microsoft’s Cloud for Government platform are “the power of deep learning across applications, through Microsoft’s AI solutions such as <a href="https://azure.microsoft.com/en-us/services/cognitive-services/" target="_blank">Cognitive Services</a>.”</p> <p>Under the deal, the IC will have “access to Azure for some types of cognitive services” says Sherman. The inclusion of Microsoft along with other cloud services means that executives, operators and analysts within the IC will be able to analyze information and make decisions even faster.</p> <p>Sherman says that there are<strong> “some eye-watering things we are doing” on counterterrorism, as well as following state and nonstate actors</strong> “who mean to do this country harm.” The IC can now stay ahead of those threats more readily, he says, whereas two decades ago analysts like Sherman would be looking at satellite imagery and “would have to feed this into a very manual process.”</p> <p>“We are at a very different place now to have to stay ahead of the reams of data that come in from all the different intelligence collectors,” he says.</p> <h2>IC Also Aims for Cloud-Based Office Productivity</h2> <p>In addition to AI capabilities, the intelligence community is turning to Microsoft for <strong>more prosaic cloud-based office productivity tools</strong>.</p> <p>“After recent Windows iterations here, we were under the impression that there would not be any more [Office] offerings like they used to do,” Sherman tells Federal News Radio.</p> <p>“We are excited about what Microsoft products and services we can leverage, and O365 is a real coin of the realm capability that all 17 agencies need and this was almost a no-brainer for us to leverage it this way and have a software-as-a-service capability like this,” he says, referring to Office 365.</p> <p>With Office 365, IC employees “can stay productive from anywhere, using virtually any device, with <strong>a seamless platform experience and leading capabilities for mobility, teamwork, analytics, accessibility and AI-driven search</strong>,” Townes-Whitley notes.</p> <p>To ensure world-class security, Azure Government’s eight geographically distributed, highly available government-only data center regions host no commercial data, according to Townes-Whitley. Only U.S. federal, Defense Department, state and local governments and their partners have access to this dedicated instance of Azure, which is operated by screened U.S. persons.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 19 Jun 2018 16:00:22 +0000 phil.goldstein_6191 40991 at https://fedtechmagazine.com The End of the Common Access Card Could Be in Sight https://fedtechmagazine.com/article/2018/06/end-common-access-card-could-be-sight <span>The End of the Common Access Card Could Be in Sight</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 06/18/2018 - 13:43</span> <div><p>The official start of summer is almost here, and so is the beginning of the end of the Common Access Card.</p> <p>The Defense Department <a href="https://fedtechmagazine.com/article/2016/12/dod-start-testing-secure-alternatives-common-access-cards-after-christmas">has long sought</a> to <a href="https://fedtechmagazine.com/article/2017/07/dod-tests-replacement-cac-card">move beyond</a> the <a href="https://fedtechmagazine.com/article/2018/01/dod-wants-transform-its-authentication-technology">CAC</a> to authenticate users’ identities, but now it’s getting serious about doing so. The Defense Information Systems Agency, the Pentagon’s IT services branch, <strong>plans to roll out the first CAC replacement prototypes this summer</strong>, according to top DISA officials.</p> <p>The shift, which will begin with the initial rollout of prototype authentication devices this summer, is part of a broader plan within DISA to deploy new ways to validate users’ identities through biometrics that <strong>go beyond the normal methods of authentication, and include a user’s gait, or manner of walking</strong>.</p> <p>DISA has been working to develop a suite of seven multifactor authentication tools. In <a href="https://www.youtube.com/watch?v=5-BuGc9TQc4" target="_blank">a video DISA posted in December</a>, the seven factors include GPS location, voice recognition, facial recognition, device orientation, trusted peripherals and trusted networks, as well as gait.</p> <p>“Prototype devices for establishing assured identity are being developed right now,” Vice Adm. Nancy Norton, DISA’s director, said at an AFCEA cybersecurity operations conference in Baltimore in May, <a href="https://fcw.com/articles/2018/05/15/cac-disa-replacement.aspx" target="_blank"><em>FCW</em> reports</a>. “The first few will arrive this summer to assist with determining the right test parameters,” <strong>with the agency planning to distribute 75 devices later this fall</strong>.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP:</strong> Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>DISA Plans Overhaul of Authentication Tech</h2> <p><a href="http://www.cac.mil/common-access-card/" target="_blank">The CAC</a> is a “smart” card about the size of a credit card, and it’s the standard identification issued to active-duty uniformed service personnel, selected reserve, DOD civilian employees and eligible contractors, the DOD notes. It is also the principal card used to <strong>grant physical access to buildings and controlled spaces, and it gives users access to DOD computer networks and systems</strong>. Last year, <a href="https://fedtechmagazine.com/article/2017/07/dod-tests-replacement-cac-card">the DOD tested alternatives to the CAC</a>.</p> <p>However, the DOD wants to make authentication via biometrics easier for soldiers in the field. Identity management is becoming more critical as war fighters become more mobile. DISA wants to <strong>provide ways for officers and DOD officials to access classified and sensitive data on the go</strong>.</p> <p>At the AFCEA conference, Norton said DISA will deploy an additional prototype that will give DOD testers “a more convenient alternative to using a CAC for authentication, decryption, and signing operations in [a] Microsoft Windows PC environment,” according to <em>FCW</em>.</p> <p><a href="https://www.nextgov.com/emerging-tech/2018/05/pentagon-has-big-plan-solve-identity-verification-two-years/148263/" target="_blank">According to Nextgov</a>, the authentication pilot program is being developed by an unnamed private company with DISA funding. The technology, which will be embedded in smartphones, <strong>will use a variety of unique identifiers, such as the hand pressure and wrist tension when a user holds a smartphone and the user’s gait</strong>, Steve Wallace, technical director at DISA, tells Nextgov.</p> <p>The publication reports:</p> <blockquote><p>Organizations that use the tool can combine those identifiers to give the phone holder a “risk score,” Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score’s too high, she’ll be locked out.</p> </blockquote> <p>Wallace tells Nextgov the new tool will be able to continuously gather and verify encrypted identifying information.</p> <p>After the pilots this fall and after kinks have been worked out, Wallace says that the tool will be embedded inside smartphone chipsets, and <strong>smartphone makers that supply the DOD with equipment will need to update their phones to take advantage of it</strong>. Wallace tells Nextgov he expects the technology to be commercially available within a couple of years and that the capabilities will be available “in the vast majority of mobile devices.”</p> <p>It’s unclear how many smartphone makers or DOD organizations will use the tool, but<strong> it will be up to DOD components on whether they want to use it</strong>, Wallace tells Nextgov. DISA worked with some private-sector organizations, including in the financial sector, to gather data on whether the verification tool also meets their needs, according to Wallace. “We foresee it being used quite widely,” he says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>BizTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 18 Jun 2018 17:43:14 +0000 phil.goldstein_6191 40986 at https://fedtechmagazine.com Review: NetApp AFF A700s Integrates Government Data Center and Cloud Storage https://fedtechmagazine.com/article/2018/06/review-netapp-aff-a700s-integrates-government-data-center-and-cloud-storage <span>Review: NetApp AFF A700s Integrates Government Data Center and Cloud Storage</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 06/15/2018 - 09:55</span> <div><p>Small is relative when it comes to federal agencies — the Office of Management and Budget <a href="https://www.gao.gov/products/GAO-14-344" target="_blank">defines it as 6,000 workers or fewer</a> — but those agencies are often divided into even smaller components that still have big storage needs.</p> <p>Few vendors can deliver a storage system that can scale from a handful of users to thousands. Enter <a href="https://www.cdwg.com/product/NETAPP-AFF-A700S-HA-24X7.6TB-40GBE/4853105" target="_blank">the NetApp AFF A700s</a>, which <strong>retains the simplicity of a small system while scaling to a multinode cluster that can support thousands of users</strong>.</p> <p>The four-unit rackmount chassis accommodates dual controllers, 24 solid-state drives (SSDs) and eight PCIe expansion slots (for additional network ports), and can support 8-, 16- and 32-gigabit-per-second Fibre Channel, 40 Gigabit Ethernet, and <strong>both storage area network (SAN) and network-attached storage (NAS) functionality</strong>.</p> <p>Included ONTAP data management software makes it simple to start with one system and add as many as 24 in a cluster, then expand with cloud-based storage for cheaper replication targets and offsite fault tolerance or to support workloads that migrate from the data center to the cloud.</p> <p><a href="https://www.cdwg.com/content/cdwg/en/brand/netapp.html" target="_blank">NetApp</a> specifies as many <strong>as 7 million input/output operations per second </strong>(IOPS) and an effective capacity of up to 155 petabytes, with a maximum raw capacity of 39PB in NAS configuration, or 19.8PB raw and 77.8PB effective in SAN configuration. Of course, effective capacity depends on both compression and deduplication, which can boost results exponentially — up to five or six times raw capacity, depending on the type of data being stored.</p> <p>A single node can hit 600,000 IOPS, with an effective capacity of up to 13PB.</p> <p>Configuration of a single A700s is simple, and adding it to an existing cluster is<strong> straightforward, given </strong><strong>the large</strong><strong> number of options</strong>. The installation wizard makes the initial configuration easy for any administrator familiar with data storage concepts, even without NetApp training or support. Both are available online or over the phone.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech </em>newsletter in your inbox every two weeks!</a></p> <h2>Intuitive User Interface Makes Storage for Feds a Snap</h2> <p>Creating volumes and setting up replication was <strong>very intuitive, with a well-developed user interface</strong>. The same can be said about enabling compression and deduplication, and enabling SAN protocols over Fibre Channel or iSCSI, or NAS protocols using NFS or CIFS/SMB.</p> <p>A clustered system <strong>adds both resiliency and performance</strong>: The failure of any one node will not result in downtime, and performance increases with each node.</p> <p><img alt="NetApp AFF A700s product features" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/Q0218-ST_PR-Harbaugh-NetApp_product.jpg" /></p> <h2>Enter Hybrid Storage That Scales for Agencies </h2> <p>The AFF A700s easily scales to 24 nodes to deliver fault-tolerant, high-performance and high-capacity storage that can be administered from a single dashboard.</p> <p>When demand calls for even more storage, <strong>the system adds cloud capacity from multiple vendors as well as </strong><strong>legacy</strong><strong> hard drive–based storage systems in the data center</strong>.</p> <p>ONTAP data management software can automatically move data between tiers to maximize performance for the most active data. (Data that hasn’t been used for a while can be moved to a less expensive storage tier.) The software also migrates data to keep it with the server instance that needs it.</p> <p>As workloads move from one virtual machine to another (on a server in the data center or in the cloud), keeping the data with the app becomes more complex. NetApp’s software simplifies that process, <strong>allowing a new snapshot of the existing data to be created for a new version of the app, or for the existing data to migrate from one storage volume to another</strong>.</p> <p>Within a system where an app may need to shift from one data center to another, such flexibility becomes even more important.</p> <h3 id="toc_0">NetApp AFF A700s Specifications</h3> <p><strong>Max Drives</strong>: 24 SSDs<br /><strong>Max Capacity</strong>: 39PB<br /><strong>Max IP Routes</strong>: 20,000 IPv4; 6,000 IPv6<br /><strong>Rackmount Size</strong>: 4U<br /><strong>Ports</strong>: 8 Fibre Channel, 12 40GbE, 24 10GbE, 8 SAS<br /><strong>Storage Networking</strong>: FC, iSCSI, NFS, CIFS/SMB</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/logan-g-harbaugh"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/author/logan_harbaugh.jpg?itok=P-ASBGv_" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/logan-g-harbaugh"> <div>Logan G. Harbaugh</div> </a> </div> <div class="author-bio"> <p> <div><p>Logan G. Harbaugh is a longtime technology journalist with experience reviewing a wide range of IT products.</p> </div> </p> </div> </div> </div> </div> Fri, 15 Jun 2018 13:55:31 +0000 phil.goldstein_6191 40981 at https://fedtechmagazine.com Is Your Agency Ready for a Move to the Cloud? https://fedtechmagazine.com/article/2018/06/your-agency-ready-move-cloud <span>Is Your Agency Ready for a Move to the Cloud? </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 06/14/2018 - 09:03</span> <div><p>The White House <a href="https://fedtechmagazine.com/article/2017/12/white-house-releases-final-it-modernization-report">has made it clear</a>: federal agencies must accelerate their adoption of commercial cloud solutions. Some agencies, like the Navy, are <a href="https://fedtechmagazine.com/article/2018/03/navy-plans-complete-massive-cloud-migration-2021">undertaking ambitious cloud migrations</a>. </p> <p>While many agencies have placed simple workloads in the cloud, some are resisting a more aggressive move. By placing more of their workloads in public, private and hybrid clouds, agencies can achieve benefits including flexibility, agility and cost savings — but only if they do so strategically. The first step is to<strong> assess the agency’s existing environment to set goals, identify potential stumbling blocks and determine which resources to move first</strong>.</p> <p>“Everybody’s ‘ready’ for the cloud, but the real question is,<strong> ‘How prepared are you?’</strong>” says <a href="https://www.forrester.com/Lauren-E.-Nelson" target="_blank">Lauren Nelson</a>, a principal analyst with Forrester. “What you find out about your organization during a preparedness assessment doesn’t change your ability to move, but it may affect your timeframe and require you to make additional investments.”</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech </em>newsletter in your inbox every two weeks!</a></p> <h2>How to Recognize the Challenges for an Agency Cloud Migration </h2> <p>The considerations surrounding a move to the cloud can feel overwhelming: Which workloads should you start with? What workloads may prove difficult to migrate? <strong>Does the agency have the networking and data center capacity to support cloud resources?</strong> <strong>Should workloads move to a public, private or hybrid cloud?</strong></p> <p>The truth is that IT and agency leaders who are considering these challenges are already better positioned than many of their peers. While Nelson says organizations shouldn’t use horror stories as an excuse to drag their feet, many have made the mistake of starting “too big” — led by broad executive mandates, rather than a strategic focus on business goals.</p> <p>“People grab onto case studies and talk about moving their entire organizations to the cloud in 20 days,” Nelson says. “That’s where people get grandiose ideas and plans that are flawed from the start. Many exciting popular case studies include a good deal of marketing that strips out key limitations to seemingly grandiose plans”</p> <p>Ivan Oprencak, director of product marketing for <a href="https://www.cdwg.com/content/cdwg/en/brand/vmware.html" target="_blank">VMware</a> Cloud, says that <strong>“pretty much all” of the customers he speaks with have incorporated public cloud somewhere in their IT strategies</strong>. “The differences lie in how much of their environment will be public cloud, which workloads make sense, and how far organizations are on their journey to execute their strategies,” Oprencak says. “Customers are still, for the most part, trying to figure that out.”</p> <p>Failures frequently occur, Oprencak says, when leaders make the mistake of thinking that<strong> the simplicity of cloud computing models will translate into simple migrations</strong>. “People often have a mindset of, ‘This is simple, and I can do it quickly,’” he says. “The reality is, that’s often not the case.” Oprencak cites the example of one organization that set out to migrate 400 workloads in 18 months, but only ended up completing five of those migrations. “Some workloads are easier to move than others,” he says.</p> <p>Tim Hanrahan, principal for <a href="https://www.cdw.com/content/cdw/en/solutions/cloud/cloud-experts.html" onclick="javascript:CdwTagMan.createElementPageTag(window.cdwTagManagementData.page_name, 'Rich Text|Cloud Overview | Cloud Computing, Storage &amp; Custom Solutions |');" title="Meet our Cloud Experts">Cloud Client Services at CDW</a>, says that some customers have told him they want to shift their entire data center to the public cloud, <strong>only to reveal that they haven’t even implemented virtualization</strong>. Further, many of their legacy applications are still running on operating systems not supported by major cloud providers. Rather than blindly pursuing this sort of “all-in” push, he says, organizations should examine how the cloud can help them <strong>drive efficiency given their existing environments, and then prepare accordingly</strong>.</p> <p>“It’s not about implementing cloud for the sake of implementing cloud,” Hanrahan says. “It’s about looking at the business strategy and finding where cloud fits.”</p> <h2>Get Started on Moving Your Agency to the Cloud </h2> <p>Agencies often begin their cloud journeys by <strong>experimenting with workloads that aren’t mission-critical</strong>, and that won’t hamper operations if performance or availability issues arise. <strong>Disaster recovery</strong> is one popular use case.</p> <p>However, in agencies that have made the cloud a significant part of their IT strategies, leaders may want to place more critical resources in the cloud earlier on, t<strong>o quickly learn lessons about managing and maintaining applications in the cloud over time</strong>. In these instances, it is typically much easier to first build out new applications, rather than migrate existing resources.</p> <p>“A lot of disappointment comes from ‘lift and shift,’” says Oprencak. “<strong>When organizations design something from scratch for the cloud, it tends to be more successful.</strong>”</p> <p>Many agencies rely on a third-party partner to help them determine their organizational readiness and take their first steps toward the cloud. During such cloud engagements, consultants can assist organizations with integration plans, infrastructure reviews, planning analyses, financial modeling and validation for available cloud options.</p> <p>“You need <strong>tools to scan your environment.</strong> There’s a lot of data to collect and process to make educated decisions. Leveraging tools and experience from people who have actually gone that route accelerates and optimizes migration strategies,” says Nelson. “Migrating existing workloads is so intensive that I have very rarely seen anybody do it alone.”</p> <p><a href="https://www.cdwg.com/content/cdwg/en/solutions/cloud/overview.html" target="_blank">Learn more about</a> how CDW can help you select the right cloud provider and design the perfect solution for your agency.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/fedtech-staff"> <div>FedTech Staff</div> </a> </div> <div class="author-bio"> <p></p> </div> </div> </div> </div> Thu, 14 Jun 2018 13:03:01 +0000 phil.goldstein_6191 40971 at https://fedtechmagazine.com Infrastructure that Adapts Can Boost Feds' Cybersecurity https://fedtechmagazine.com/article/2018/06/infrastructure-adapts-can-boost-feds-cybersecurity <span>Infrastructure that Adapts Can Boost Feds&#039; Cybersecurity </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 06/13/2018 - 14:21</span> <div><p><a href="https://fedtechmagazine.com/article/2018/03/how-your-agency-should-think-about-legacy-system-modernization-perfcon">IT modernization</a> is the foundation upon which government security rests. The need for updated and properly integrated systems drives funding requests and agency spending. However, these initiatives may also<strong> introduce vulnerabilities by expanding network footprints and creating integration challenges </strong>among vendors and services. The advent of <a href="https://fedtechmagazine.com/article/2018/04/AFCEA-IoT-Technology-Summit-2018-IoT-Saves-Agencies-Time-Money-Manpower">the Internet of Things</a>, <a href="https://fedtechmagazine.com/article/2017/04/government-cloud-storage-its-uses-and-benefits">cloud storage</a> and other external services result in an increasingly blurred network perimeter, making it <a href="https://fedtechmagazine.com/article/2018/03/feds-need-iot-security-goes-beyond-perimeter">difficult to apply traditional perimeter-based security controls</a>.</p> <p>As government agencies increase their digital transformation and modernization efforts, they must choose <strong>multilayered security solutions that not only provide an effective defense against modern threats but also keep an eye toward the future</strong>. Agencies adopting a defense-in-depth approach to cybersecurity will find themselves well-positioned to combat these future threats.</p> <p>For example, an agency may wish to <a href="https://fedtechmagazine.com/article/2017/11/race-protect-feds-laptops-and-mobile-devices" target="_blank">harden its endpoints against external intruders</a> while making sure that routine patch management activities close security weaknesses within the network. At the same time, agency cybersecurity teams should monitor user behavior and other patterns of activity on the network, watching for anomalies and outliers that may indicate insider misuse or external attackers.</p> <p>Here is a rundown of the essential infrastructure elements that agencies can use to create an adaptive cybersecurity strategy. </p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>The Basics Feds Need to Guard Against Sophisticated Threats</h2> <p><strong>Malware protection:</strong> As many security threats arrive via malware vectors, agency cybersecurity teams should ensure that they are taking proactive, detective and reactive steps to protect systems against malware-borne threats. These controls should include d<strong>eploying frequently updated anti-virus protection on servers, endpoints and network gateways</strong>. Agencies should also consider the use of advanced botnet and malware detection tools that incorporate threat intelligence information and provide a robust defense against evolving threats.</p> <p><strong>User training: </strong>Cybersecurity starts and finishes with the user. No matter how robust an agency’s cybersecurity controls, a single mistake by an end user can undermine those efforts, providing attackers with access to sensitive information or granting them a foothold on internal agency networks. Combating these efforts <strong>requires regular security awareness training</strong> that helps users understand the threats facing the agency and their<strong> individual role in protecting the confidentiality, integrity </strong><strong>and</strong><strong> availability of government information and systems</strong>. These efforts should include a particular focus on phishing and spoofing attacks.</p> <p><strong>Network monitoring: </strong>Network activity is one of the most important sources of information for cybersecurity teams seeking to maintain situational awareness and identify active threats. Network monitoring activities fit into two major categories: <strong>passive and active</strong>. Passive network monitoring <strong>simply captures network</strong> traffic as it travels from point to point and monitors it for unusual activity. Active network monitoring <strong>actually manipulates network traffic</strong> by injecting test activity onto the network and observing its performance. This also plays an important role in network troubleshooting and performance monitoring.</p> <p><strong>Network access control: </strong>In addition to regularly monitoring network activity, agencies should consider the implementation of network access control technology that regulates devices allowed to connect to the network. NAC technology permits agencies to<strong> require user and/or device authentication prior to granting access to wired and wireless networks as well as VPN connections.</strong> NAC solutions also provide posture-checking capability, which verifies that a device is configured in compliance with the agency’s security policy before it is allowed on the network.</p> <h2>Feds Can Restrict Access to Agency Networks</h2> <p>Once the basic steps have been implemented, agencies must move to a second layer of security:</p> <p><strong>Endpoint protection: </strong>Once a device is permitted on the network, agency IT teams should ensure that it remains secure over time. Endpoint protection technologies extend beyond traditional anti-virus software to provide additional security tools, <strong>including automated patch management and application control</strong>. Patch management<strong> e</strong>nsures that the operating systems and applications installed on devices receive current security patches; application control technology limits the software that may run on a device by either blocking prohibited software or only allowing preapproved software.</p> <p><strong>Next-generation firewalls: </strong>Agencies already use network firewalls to build perimeters between networks of differing security levels — in particular, separating an internal network from the public internet. Firewalls operate based on rules that allow administrators to define authorized traffic and block anything that doesn’t match those rules.</p> <p>Next-generation firewalls (NGFWs) enhance traditional firewall technology by providing administrators with additional flexibility. While traditional firewalls are limited to rules based on network characteristics, such as IP addresses and ports, <strong>NGFWs provide additional context</strong>, allowing administrators to create rules based upon <strong>the identity of the user, the nature of the application, the content of traffic and other characteristics</strong>.</p> <p><strong>Secure web gateways: </strong>Malicious websites are a significant source of security incidents. Users are tricked into visiting a malicious link and then either fall victim to password phishing attacks or have malware installed on their systems. Secure web gateways offer a solution to this problem by <strong>providing administrators with an opportunity to control the websites visited by network users</strong>. They act as a proxy, making requests to web servers on behalf of end users and perform filtering to remove malicious traffic and block access to known malicious sites, preventing users from accidentally harming agency security.</p> <p><strong>Data loss prevention: </strong>Agencies can restrict the flow of sensitive information outside of controlled environments through data loss prevention systems. These systems may reside as a hardware appliance that monitors network traffic, a software solution that resides on endpoints and monitors user activity or a cloud-based solution that filters email and web traffic. <strong>DLP technology identifies sensitive information using two primary techniques. </strong>The first, <strong>pattern recognition</strong>, understands the formatting of sensitive data elements such as Social Security or credit card numbers and watches for data matching those patterns. The second approach, <strong>watermarking</strong>, applies digital tags to sensitive files and then watches for those tags leaving the secure network in an unauthorized fashion.</p> <p><strong>Internet of Things security: </strong>Modern networks are becoming increasingly complex as agencies deploy Internet of Things solutions in support of smart office programs, smart city initiatives and public safety programs. These IoT solutions use a broad network of sensors that require the same monitoring and maintenance as any other networked device. They often contain embedded operating systems that require security patches;<strong> left unmaintained, these may serve as access points for intruders</strong>. Before deploying any IoT solution, agencies should ensure that they have <a href="https://fedtechmagazine.com/article/2018/03/will-there-be-government-standard-iot-security">appropriate security controls in place to segment IoT from other networked devices,</a> <strong>controlling access and maintaining a secure operating environment</strong>.</p> <h2>Analytics Tools Can Reveal Risks for Agencies</h2> <p>Today’s networks are growing complex enough that even the toughest defenses need backup:</p> <p><strong>Security analytics:</strong> The security infrastructures deployed by government agencies generate massive amounts of information. From anti-virus alerts on endpoints to intrusion alerts on the network, cybersecurity analysts must handle a deluge of information. <strong>Security information and event management solutions</strong> help manage this problem by receiving and aggregating information from a wide variety of security tools. They also use artificial intelligence and machine learning algorithms to correlate information received from different tools, watching for signs of compromise that might otherwise go unnoticed.</p> <p><strong>Security assessments and penetration testing: </strong>Even the most well-designed security infrastructure experiences issues. From accidentally created firewall rules to undetected software vulnerabilities, unexpected events can create sudden and significant cybersecurity risks. Agency cybersecurity teams should complement existing security controls <a href="https://www.cdwg.com/content/cdwg/en/solutions/cybersecurity/security-assessments.html" target="_blank">with a set of security assessment tools</a> designed to <strong>continuously evaluate the security of their infrastructure</strong>. Vulnerability management systems scan networked devices, searching for signs of vulnerabilities and tracking remediation efforts. Software testing tools watch for critical flaws in production code.</p> <p><strong>Penetration tests</strong> are the ultimate security assessment. During these tests, skilled cybersecurity professionals take on the role of an attacker and seek to break into a network using common hacking tools and techniques. If they gain access, they report back the vulnerabilities that they exploited, allowing agency cybersecurity teams to correct them and lower the risk of an actual attack.</p> <p><em>Learn how federal agencies can address the growing threats they face in the CDW white paper, “<a href="https://fedtechmagazine.com/resources/white-paper/managing-cyber-risks-public-sector-environment">Managing Cyber Risks in a Public Sector Environment.</a>”</em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/fedtech-staff"> <div>FedTech Staff</div> </a> </div> <div class="author-bio"> <p></p> </div> </div> </div> </div> Wed, 13 Jun 2018 18:21:12 +0000 phil.goldstein_6191 40966 at https://fedtechmagazine.com Embrace Agile Development by Training Everyone at Once https://fedtechmagazine.com/article/2018/06/embrace-agile-development-training-everyone-once <span>Embrace Agile Development by Training Everyone at Once</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 06/12/2018 - 09:00</span> <div><p>Many agencies are intrigued by <a href="https://fedtechmagazine.com/article/2018/06/usds-teams-cms-spur-it-modernization">the idea of an agile workplace</a>, one that would allow them to shift resources easily, break down silos between teams and departments and <a href="https://digital.gov/2016/01/04/how-agile-development-can-benefit-federal-projects/" target="_blank">deliver projects more efficiently.</a> But where to begin?</p> <p>One starting point should be <strong>a training event that involves all employees</strong>. In-house instruction allows the majority of the group that develops software, as well as those that have or manage requirements for software, to get in the same room at the same time and learn the concepts together.</p> <p>Most offices send only a few key leaders, or perhaps a couple of software developers, to agile training. <strong>This is ineffective. </strong>Those few individuals come back with radically different ideas that no one else in the office may understand or accept.</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>How to Get Employees to Buy into Agile Development </h2> <p>The adoption of agile, a very different method of work than the step-by-step waterfall most developers are used to, <strong>requires a broad understanding from multiple points of view throughout the organization</strong>. This won’t happen unless a large segment of the organization goes through instruction together — in particular, <strong>those who will be using agile in their daily work</strong>.</p> <p>Unlike online training, instruction provided to all employees at the same time can <strong>encourage on-the-spot discussion</strong>. They’ll be able to discuss more easily — with each other and with their instructor — the details associated with their office’s idiosyncrasies related to existing processes, users and current products. The process of change can begin immediately, at the same time as they’re learning the concepts.</p> <p>When only a limited number of staff are trained, employees may have a difficult time adopting the new methods, and the response to this failure to change is <strong>often blamed on the agile method itself</strong>. Comments such as, “We tried agile, but it never took off,” or “Bob and Jane had Scrum training, but nothing became of it; I guess it wasn’t important,” can also be seen as criticism of the perceived capabilities of individual employees.</p> <p>But the reality is that, in such cases, the method doesn’t have a chance of being adopted; those looking to transform their office aren’t taking into account t<strong>he wide-reaching cultural, organizational and process changes that have to take place</strong>. A mass training event can help ensure that the push for change gains momentum within the workforce. And it allows leadership the opportunity to build understanding within their workforce, gives them the chance to consider how the method will change their work style — and lets them discuss these details with their coworkers during and after training.</p> <h2>Mass Training Events Give Workers a Voice in Transition to Agile </h2> <p>Mass training events allow everyone involved in software development to start a conversation on how they might want to change how they work, from overall workflow to the small details critical to a successful implementation. An agile workplace brings with it many small, necessary decisions that must be made, and it’s<strong> typically most efficient for these decisions to be made at the lowest level possible</strong>.</p> <p>Take the question, “What software should be used to manage and prioritize your office’s backlog?” This should be discussed among those leading the development teams, the developers and the stakeholders. Managers may have an opinion, but the available systems should be tested, and those who will be using them should be involved. This creates buy-in. <strong>People are more likely to adopt a particular change if they have a voice in it.</strong></p> <p>In-house mass training events create an opportunity for everyone to gain <strong>a more complete understanding of what the agile method means for the organization</strong>. They allow discussions to start regarding work roles, changes to existing processes and how the office may need to reorganize to facilitate teaming and effective feedback.</p> <p>Perhaps most important, a mass training event lets leaders spread the opportunity to lead change throughout the organization — enlisting many to help shape and drive the method to improve their software, reduce costs and improve overall service to their users.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11351"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/brian-fox.jpg?itok=S4TLMWAf" width="58" height="58" alt="Brian Fox" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11351"> <div>Brian Fox</div> </a> </div> <div class="author-bio"> <p> <div><p>Brian Fox is systems development branch chief at the U.S. Geological Survey’s National Geospatial Technical Operations Center.</p> </div> </p> </div> </div> </div> </div> Tue, 12 Jun 2018 13:00:00 +0000 phil.goldstein_6191 40961 at https://fedtechmagazine.com Agencies Can Hit the DMARC Target with These Simple Tips https://fedtechmagazine.com/article/2018/06/agencies-can-hit-dmarc-target-these-simple-tips <span>Agencies Can Hit the DMARC Target with These Simple Tips</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 06/11/2018 - 09:33</span> <div><p>In October 2017, the Department of Homeland Security <a href="https://cyber.dhs.gov/bod/18-01/" target="_blank">mandated that federal agencies use</a> the <a href="https://dmarc.org/" target="_blank">Domain-Based Message Authentication, Reporting </a><a href="https://dmarc.org/" target="_blank">and</a><a href="https://dmarc.org/" target="_blank"> Conformance protocol</a>. DMARC enables email servers to <strong>determine whether an email is actually from the sender, then deletes forged emails or marks them as spam</strong>. Without it, anyone can send emails with a forged sender address, and recipients would be unaware of the forgery.</p> <p>Some DMARC requirements were due for adoption in January; others have an October deadline. <a href="https://www.fedscoop.com/month-later-agencies-still-lagging-vulnerable-move-dmarc/" target="_blank">Recent reports</a> indicate that many agencies are not yet using the protocol or <a href="https://www.globalcyberalliance.org/white-house-e-mail-domains-lack-basic-phishing-spoofing-security/" target="_blank">don’t have it configured correctly.</a> Here are some tips for how your agency can get up to speed with DMARC:</p> <p><a href="https://fedtechmagazine.com/register?newsletter"><strong>SIGN UP: </strong>Get more news from the <em>FedTech</em> newsletter in your inbox every two weeks!</a></p> <h2>1. Do an Initial DMARC Deployment in Report-Only Mode</h2> <p>DMARC uses your existing servers, so deployment is usually not a burden. To support it, you will need to <strong>configure your email servers and possibly add a few features</strong>. You will also need to add records to your DNS servers. Each DMARC resource record specifies how the protocol should be configured for a particular domain.</p> <p>Each agency domain and subdomain should have its own record. For initial DMARC use, set the policy to “none” (p=none). DMARC will <strong>passively monitor all email activity and generate reports on what it observes without interfering with email delivery</strong>. See <a href="https://dmarc.org/overview/" target="_blank">dmarc.org/overview</a> for more details on how to configure DMARC resource records.</p> <h2>2. Verify the Accuracy of the DMARC Resource Records</h2> <p>Errors can have serious consequences, either by allowing forged emails to go unnoticed or by inadvertently preventing genuine messages (often from misconfigured email systems) from reaching their destinations. To verify records:</p> <ul><li><strong>Visually check</strong> every record for syntax errors, typos and other mistakes.</li> <li>Confirm that each domain and subdomain has a record. You may want to <strong>use scanners and other tools</strong> to help compile a list of domains and subdomains.</li> <li>Review the DMARC reports and <strong>confirm that they reflect the settings from the resource records</strong>.</li> </ul><h2>3. Gradually Change Policy Setting from “None” to “Quarantine”</h2> <p>As you gain confidence in the accuracy of your DMARC implementation, changing the settings to “quarantine” will change DMARC’s behavior, and it will <strong>begin to flag emails as spam if it suspects they have forged sender addresses</strong>. By making this change slowly, you can reduce the growing pains that come with any new security control implementation, such as responding to user complaints about incorrectly flagged emails.</p> <h2>4. Change Policy Setting from “Quarantine” to “Reject” by October </h2> <p>The “reject” setting is the final step. This setting causes DMARC to <strong>fully enforce the policies on the domains and subdomains, blocking emails with forged senders</strong>. At this point, your agency should be in compliance with DHS requirements.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/karen-scarfone"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/KarenScarfone.jpeg.jpg?itok=JzlESD2H" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/karen-scarfone"> <div>Karen Scarfone</div> </a> </div> <div class="author-bio"> <p> <div><p>Karen Scarfone is the principal consultant for Scarfone Cybersecurity. She previously worked as a senior computer scientist for the National Institute of Standards and Technology.</p> </div> </p> </div> </div> </div> </div> Mon, 11 Jun 2018 13:33:39 +0000 phil.goldstein_6191 40956 at https://fedtechmagazine.com