FedTech Magazine - Technology Solutions That Drive Government

Feds Need to Keep Telework IT Running Smoothly to Maintain Continuity of Operations

Federal agencies often need to maintain critical operations amid emergencies and natural disasters. Keeping users online, ready to work and secure are the cornerstones of any disaster recovery operation. Sometimes, only part of an agency is affected. In other cases, an entire agency may require its staff to work remotely if an office is closed or if transportation is cut off.

When government offices are closed for any reason, agencies are faced with the task of maintaining telework solutions and cybersecurity for entire offices, resulting in mass amounts of federal employees working remotely.

The essential telework tools — thin clients, VPNs, online meeting platforms, instant messaging, tethering and VoIP — need to function smoothly and be secured. That is going to make the need for adequate network capacity more pressing than ever and is also raising critical questions about how to ensure those users do not compromise agencies’ IT security as they work remotely.

Something IT leaders should also keep in mind as they scale up telework capabilities is that they should identify IT administrators who can take over their IT operations management if the executive management team is otherwise unavailable.

Sean Torpey, former acting CIO of the Federal Aviation Administration has told FedTech that if, for example, the FAA headquarters in Washington, D.C., is damaged, Torpey will pass the baton to an IT leader at the FAA’s aeronautical center in Oklahoma City. Once Torpey reaches either of two backup office locations, he can retake control of the organization. “If I’m down, someone needs to lead the ship. We have people who will take over the responsibility in other areas of the country, so IT can still be running,” he says.

Energy Department and Verizon Partner on 5G Development

5G wireless networks that government agencies can use are no longer theoretical. The Defense Department plans to conduct 5G tests at four military bases, with the first experiment expected to take place at Hill Air Force Base in Utah involving spectrum sharing.

Nonetheless, many of the benefits and use cases for 5G in government are still hypothetical. They include the U.S. Postal Service leveraging high data rates and expanded bandwidth to more precisely track drivers and packages, the Defense department sending information to warfighters more quickly and the Department of Veterans Affairs beaming data-rich, high-resolution images wirelessly from the imaging room to a doctor working on another floor.

To kickstart 5G deployments in government, an Energy Department lab announced earlier this month that it would partner with Verizon to explore and test how 5G can be used by agencies. The lab is expected to open by the end of the second quarter, according to Nextgov.

The Pacific Northwest National Laboratory, which focuses on advanced mobile communications research and development, will install Verizon’s 5G Ultra Wideband network at its lab in Richland, Wash. The lab will collaborate with Verizon Business to “develop 5G applications that can benefit everything from chemistry and earth sciences research to the needs of first responders,” according to a Verizon press release.

“They can take the smartest people in government that work for PNNL and really ideate and, with their folks on R&D, collaborate with us to explore how 5G can really transform the work that the federal government does,” Mike Maiorana, senior vice president of federal sales at Verizon, tells FedScoop.

The Top Mobile Security Threats for Government in 2020

With vast numbers of federal workers working remotely due to the coronavirus pandemic, mobile security has become even more important than it was before.

Mobile security has become a prominent part of agencies’ cybersecurity programs, but there are still gaps in security. What are they, and how can agency IT leadership help close them?

Verizon recently released its “Mobile Security Index 2020” report, including an entire chapter on the public sector. The report is based on an independent survey of 876 professionals — over 20 percent of whom were from public sector organizations —responsible for buying, managing and securing mobile and Internet of Things devices for their organizations.

The report revealed that insider threats, unapproved applications and vulnerabilities in Internet of Things devices are among the chief concerns. The report notes that remediation for these threats varies but includes education and enforcing policies, as well as data encryption and enhanced authentication.

The Most Logical Federal Use Cases for DevOps

Agencies are turning to a DevOps methodology to develop applications and increase innovation but face hurdles in increasing adoption of the approach, according to a newly released white paper.

The white paper from ACT-IAC, “DevOps Primer: Case Studies and Best Practices from Across Government,” notes that DevOps remains “a small pilot effort on a handful of applications” because it “usually lacks visibility and struggles to the attention and resources devoted to larger initiatives.”

The white paper notes that agencies face challenges in deploying DevOps due to “a lack of true executive understanding, buy-in, and support,” leading to many IT leaders and staff working on DevOps to “struggle to define and then meet expectations (both their own and their leaders and appropriators).”

However, the white paper outlines ways that agencies have successfully shifted to DevOps, providing a roadmap for their peers as they continue to evolve their strategies. The paper includes case studies from the U.S. Patent and Trademark Office, U.S. Citizenship and Immigration Services, the IRS, the National Museum of African American History and Culture, the National Park Service, and the National Science Foundation.

The agencies describe the goals, benefits, approach, lessons learned and next steps that are specific to their unique missions and cultures, and the case studies highlight the possibilities and pitfalls to be avoided.

How Agencies Can Manage Cloud Consumption for Optimal Results

The public cloud can simplify IT environments. But what happens when an enterprise’s cloud environment itself becomes maddeningly complex?

As organizations across industries have increased their cloud spending and made the public cloud a more integral part of their operations, a number of inefficiencies have cropped up. The sources of these complications range from poor design to a lack of governance, and these inefficiencies can lead to negative outcomes that include cost overruns, lack of visibility into the environment and security vulnerabilities.

An effective cloud management strategy can help organizations to manage their environments more efficiently. Such a strategy should include plans to control costs and optimize application performance, as well as to detail who is responsible for which aspects of cloud security.

A variety of solutions and services can help organizations to implement and manage this strategy over time. These solutions include cloud management platforms, application and performance monitoring, backup and recovery, and other tools. Many organizations find it helpful to work closely with a third-party cloud management partner with broad and deep expertise managing cloud environments.

Learn more by downloading our white paper: "Managing Cloud Consumption for Optimal Results."

How to Ensure Mobile Security as Smartphone and Tablet Deployments Increase

Federal agencies have deployed mobile devices, including smartphones and tablets, at an astonishing clip over the past few years to surge in the mobile, usage, technologies and productivity which gives the modern workforce and federal missions the ability and flexibility to complete their work and enhance their agencies’ missions.

For example, the Defense Department grew its base of 30,000 mobile users to 120,000 between 2015 and 2018. NASA had more than 70,000 mobile users as of 2018, and the Department of Homeland Security currently has more than 90,000 devices in use.

As those figures have grown, so have mobile security concerns. Mobile devices increase the attack surface for agencies and become threat vectors for everything from phishing attacks to ransomware and data exfiltration. Devices can also be used by employees to mount insider attacks.

To guard against such attacks, agency IT security leaders need to focus on their mobile strategy, policy and compliance, cybersecurity training, mobile data and application management, secure supply chain, testing of their mobile environment, encrypting data when it is in transit, and restricting access to data.

“There’s a lack of appreciation of the risk of mobile devices,” says John Loveland, global head of cybersecurity strategy and marketing at Verizon.

“The focus from an InfoSec perspective has been around proacting the network,” he notes. “But as the network edge starts to blur or disappear, you need to be thinking about your assets and the devices that connect in. You need education and awareness.”

Are Agencies Making Progress on Application Rationalization?

Federal agencies are working to rationalize their application portfolios as they move to the cloud. However, discarding older applications or consolidating them into new ones does not mean that agencies will have to stop investing in IT.

One of the core tenets of the government’s Cloud Smart strategy is application rationalization, which involves reducing an application portfolio by assessing the need for and usage of apps and a push to get rid of obsolete, redundant or overly resource-intensive applications.

“Decreased application management responsibilities will free agencies to focus on improving service delivery by optimizing their remaining applications,” the strategy states. “To support these rationalization efforts, the CIO Council will develop best practices and other resources.”

Indeed, last year the Federal CIO Council released an application rationalization playbook.

“Agencies can determine whether the existing ‘as-is’ environment, or a proposed ‘to-be’ configuration is the best fit for their core mission, based on cost, business resiliency and service delivery,” a General Services Administration spokesperson tells Federal News Network. “This rationalization process feeds directly into cloud smart decisions. As we streamline existing data centers, efficiency decreases, eventually leading to closure.”

Game On: The Army Leverages Esports to Boost Recruitment

Outside a facility at Fort Knox, Ky., known affectionately as “The Pit,” an observer can sometimes hear a little yelling and screaming. That’s the U.S. Army eSports Team practicing for its next recruiting event.

“It gets a little chaotic in there sometimes when they’re in a competitive match,” says Staff Sgt. Andrew Waller, who manages team operations.

More than 164 million Americans play video games, according to the Entertainment Software Association; about 40 percent are between 18 and 35, and about half are women. Those numbers inspired the Army to use competitive video gaming — esports — as a recruitment tool.

The hope is that young people who are passionate about video gaming will see parallels between their interests and the needs of a modern military.

“You’re looking for a base skill set, whether it's the ability to communicate, quick decision-making or critical thinking. All of those skill sets are things that we value as soldiers and as leaders,” Waller says. They’re the same skills gamers rely on to compete effectively.

The U.S. Army Recruiting Command at Fort Knox stood up its first esports cadre in 2018. By mid-2019, the 16-member team was operating at the national level, with an appearance at the Salt Lake Gaming Con in Salt Lake City. Top-end gear has helped the Army to take the team into the big leagues.

“When you think of competitive athletes, they train with the best equipment. In order to be the best, you really have to train with the best,” says Waller. “Esports is really no different from that standpoint.”

Is VPN Still Valuable in a Zero-Trust Environment?

Zero-trust cybersecurity represents a mindset shift for federal agencies, in which every transaction is verified before access is granted to users and devices. Under zero trust, every user and transaction must be validated for access to be granted.

Identity management and authentication are central to zero trust, and zero trust enables more granular control related to access in an organization’s environment.

According to a recently released survey, “Security Without Perimeters: Government’s Shift to Identity-Centered Access,” nearly half (48 percent) of federal government IT decision-makers reported that their agency is “substantially on their way to adopting an identity-focused approach to protecting access to agency resources.”

The survey, produced by FedScoop and underwritten by Duo Security, surveyed 171 prequalified government and industry IT decision-makers in November 2019.

The survey notes that recent federal government mandates — from the Federal Data Strategy action plan to the OPEN Government Data Act — are placing greater demands on agencies to use and protect government data more effectively. Meanwhile, many private sector firms and agencies are shifting away from traditional VPNs and perimeter defense tactics.

Such tools may no longer be “effective by themselves in protecting sensitive data from hackers and insider threats,” the report notes.

However, 3 in 10 federal government respondents say their agencies still rely heavily on perimeter defense tools or policies.

Predictive Analytics: What Is It and How Can It Help the Federal Government?

The federal government sits on mounds of data and often organizes that information into data lakes to gain insights from it. However, another powerful tool in agencies’ IT arsenals that many have been busy deploying is predictive analytics.

Predictive analytics tools allow the government to get ahead of problems before they waste money, harm IT systems or cost lives. Such data analytics platforms can provide agency leaders, IT leaders and analysts with actionable insights they can use to enhance their missions, improve their cybersecurity, save money on maintenance costs and generally make more informed decisions.

Agencies can also take advantage of open data to glean insights for and from one another, or open up data to the public and give them the opportunity to do the same.

“From spotting fraud to combatting the opioid epidemic, an ounce of prevention really is worth a pound of cure — especially in government,” Deloitte notes in a report on predictive analytics in government. “Predictive analytics is now being applied in a wide range of areas including defense, security, health care, and human services, among others.”