FedTech Magazine - Technology Solutions That Drive Government https://fedtechmagazine.com/rss.xml en How Will Federal Cloud Use Evolve in 2019? https://fedtechmagazine.com/article/2018/12/how-will-federal-cloud-use-evolve-2019 <span>How Will Federal Cloud Use Evolve in 2019?</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Fri, 12/07/2018 - 10:31</span> <div><p>It was a banner year for federal cloud adoption. Cloud services contract obligations were <a href="https://fedtechmagazine.com/article/2018/10/federal-cloud-spending-soars-2018">expected to increase</a> by about <strong>32 percent</strong> in fiscal year 2018, reaching an all-time high of about <strong>$6.5 billion</strong>, according to an <a href="https://about.bgov.com/blog/cloud-services-market-all-time-high/" target="_blank">analysis by Bloomberg Government</a>.</p> <p>Meanwhile, according to Ashley Mahan, acting director of the General Services Administration’s <a href="https://www.fedramp.gov/" target="_blank">Federal Risk and Authorization Management Program</a>, <strong>40 new agencies</strong> started to participate in FedRAMP in 2018. The program, which authorizes and continuously monitors federal cloud services, <a href="https://fedtechmagazine.com/article/2017/12/fedramp-wants-improve-continuous-monitoring-cloud-services">released a new framework called FedRAMP Tailored</a> to streamline the authorization process. And Mahan, during a panel on Dec. 4 at the <a href="https://www.fedscoop.com/events/public-sector-innovation-summit/2018/" target="_blank">FedScoop Public Sector Innovation Summit</a> in Washington, D.C., said there was <strong>a 60 percent increase </strong>in FedRAMP-authorized cloud products from 2017 to 2018.</p> <p>So where is the federal cloud market going in 2019? The panelists suggested that<strong> hybrid cloud models</strong>, mixing public and private clouds, will become more popular, as will <strong>multicloud</strong><strong> environments</strong>. </p> <p>The Office of Management and Budget’s <a href="https://cloud.cio.gov/strategy/" target="_blank">new Cloud Smart strategy</a> emphasizes that agencies should use cloud tools that help them meet their mission needs, and does not specify whether they should use public or private clouds. The speakers said that they expect agencies to continue to mix public cloud with existing on-premises architectures rather than making wholesale migrations to public cloud. </p> <p>“There’s going to be more hybrid cloud solutions out there. Given, done,” said <a href="https://sba.gov/" target="_blank">Small Business Administration</a> CIO Maria Roat. “We’re already working on an option at SBA. So, while there’s hybrid solutions, we are already managing our entire on-prem facilities, as well as all three of our cloud environments from cloud-based tools. We are doing all of that now.”</p> <p><a href="https://fedtechmagazine.com/article/2018/11/what-casb-solution-and-how-can-feds-benefit-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how agencies can benefit from cloud access security brokers. </em></a></p> <h2 id="toc_0">A Hybrid, Multicloud World Awaits Feds</h2> <p>Mahan said FedRAMP is "primed and ready" for agencies to move into multicloud environments. Notably, she said roughly 65 cloud products could receive FedRAMP authorization in 2019, including a mix of hybrid tools to help more agencies use compatible capabilities, <a href="https://www.fedscoop.com/2019-year-hybrid-cloud-officials-say/" target="_blank">as FedScoop reports</a>. </p> <p>“I truly believe that cloud is becoming that new normal across the board,” she said. “I’m really excited. I’m hearing<strong> a lot of hybrid cloud approaches, </strong><strong>strategy</strong><strong> from some different government organizations</strong>, as well as some multicloud approaches.”</p> <p>Francisco Salguero, deputy CIO at the <a href="https://www.usda.gov/" target="_blank">Agriculture Department</a>, said hybrid cloud solutions can help agencies overcome hurdles to adoption, including compliance and data security regulations.</p> <p>“Part of the reason it’s been so slow to adopt is because some of those legacy applications aren’t built for the cloud,” he said. “So, that’s where the hybrid and having the connection of multicloud becomes very important.” </p> <p>Application rationalization strategies help agencies rebuild their apps for the cloud, Salguero noted. “When you start rebuilding, that <strong>multicloud</strong><strong> type of environment becomes important</strong> so they can take advantage of not only cloud technology, but also the change in business process,” he said. </p> <p>Roat said that the SBA’s cloud strategy has evolved over the past two years and the agency has rebuilt its cloud architecture twice. Along the way, the SBA has learned valuable lessons. The hurricanes of the past several years forced the SBA to spin up services rapidly in the cloud as small businesses devastated by hurricanes Harvey, Irma and Maria used the SBA for services. At one point, the SBA <strong>added 5,000 users in two months</strong>. </p> <p>Roat added that she tells her staff to be creative in overcoming security challenges for the cloud because her agency must be nimble to help small business owners. </p> <p>“Figure it out, because I need to get the right solutions for my business,” she said. “That solution could be <strong>a </strong><strong>multicloud</strong><strong>, hybrid approach, whatever that might be</strong>, but it’s about getting to the right solution and doing it securely. We’ve got 30 million businesses’ worth of data at SBA, we have to do it securely. We have to have those solutions in there, and if it’s a multicloud approach or a hybrid cloud, great.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="Modern IT Infrastructure report" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1_0.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Fri, 07 Dec 2018 15:31:09 +0000 phil.goldstein_6191 41911 at https://fedtechmagazine.com CIA CIO Sees Data as the 'Tip of the Spear' in Intelligence https://fedtechmagazine.com/article/2018/12/cia-cio-sees-data-tip-spear-intelligence <span>CIA CIO Sees Data as the &#039;Tip of the Spear&#039; in Intelligence</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 12/06/2018 - 11:48</span> <div><p>In the world of intelligence, nothing occurs in a vacuum. Threats to U.S. national security are growing in number, range, speed and complexity, according to <a href="https://www.cia.gov/index.html" target="_blank">CIA</a> CIO John Edwards, and the speed and volume of information the agency encounters and analyzes are also increasing. </p> <p>To respond to its adversaries and stay ahead of them, the CIA needs to <strong>use technology to make sense of the data it collects faster than ever before</strong>. That will involve changes to CIA’s <strong>technology solutions and its workforce</strong>, he said. </p> <p>“Data is the new tip of the spear,” Edwards said during a speech Dec. 4 at the <a href="https://www.fedscoop.com/events/public-sector-innovation-summit/2018/" target="_blank">FedScoop Public Sector Innovation Summit</a> in Washington, D.C. </p> <p>“Increasing the edge over our adversaries, our operational advantage will be determined by the speed at which we sense, collect, ingest, condition, analyze and characterize data of the representative threat,” he added. </p> <p>To do so, the CIA will need to develop and mature the digital capacity of <strong>mobile platforms, interoperability, real-time sensing, data integration </strong><strong>and</strong><strong> real-time signature management</strong>. Increasingly, the CIA will need to securely analyze data in the field at the network edge. </p> <p>“Computing at the edge, the point of mission execution, is increasingly important,” Edwards said. “This is particularly true for the CIA given the high operation tempo at the mission edge and the digitally immersive environments in which we operate.”</p> <p><a href="https://fedtechmagazine.com/article/2018/04/cia-turns-fast-food-it-innovation-and-fbi-takes-note" target="_blank"><strong>MORE FROM FEDTECH:</strong> Discover why the CIA has taken an approach to its tech akin to McDonald’s franchises. </a></p> <h2 id="toc_0">How the CIA Needs to Modernize to Keep Up with Data Collection</h2> <p>The intelligence community has <strong>unique data requirements in terms of format and fidelity</strong>, Edwards said, noting that the variety of data intelligence that agencies collect is vast and “much broader” than most companies. The intelligence community must rationalize “massive, unstructured” data sets that are collected from different sources and in different forms. Adversaries also seek to feed false information to agencies like the CIA. “The data sets are probably among the most complex in the world,” Edwards said, and mistakes in data collection and analysis can lead to loss of life or damage to U.S. national security. </p> <p>The old approach of agencies like the CIA to collect data, analyze it and produce intelligence reports cannot keep pace with the needs of policymakers, Edwards said. “Speed is necessary,” he said. </p> <p>For most of history, intelligence services collected scarce amounts of information. Now, the task is to find meaning in large volumes of data to solve questions intelligence agencies have. The CIA can use several decades of social science work to apply models and make forecasts about the data it ingests, Edwards said. </p> <p>However, the CIA also needs to be able to detect subtle shifts and discontinuities in the data it collects from sensors and human intelligence sources that may lead to disruptions and require new policies. </p> <p>To be able to do that, the CIA needs to tap <strong>artificial</strong><strong> intelligence and machine learning tools to sift through large volumes of data</strong> and enable high-level human cognition on the part of its analysts. Such analysts need to be able to think independently and assess information with rational detachment. “There’s not an app for rational thinking,” Edwards said. </p> <p>Edwards mentioned the <a href="https://www.dni.gov/files/documents/IC_ITE_Strategy.pdf" target="_blank">Intelligence Community Information Technology Enterprise</a>, which is <a href="https://fedtechmagazine.com/article/2017/08/its-not-top-secret-intelligence-community-encourages-data-sharing">a platform of nine shared services</a>, from security to networking, email to virtual desktops, all delivered via a private cloud. The intelligence community is moving ICITE to a common reference architecture model, which will address the need for a unified technology platform while giving users in the intelligence community a degree of flexibility to use technologies that make sense for their particular agencies. </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-report.html" target="_blank"><img alt="Digital%20Transformation_IR_1%20(1).jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Digital%20Transformation_IR_1%20(1).jpg" /></a></p> <p>Edwards said there is a need for a reference architecture in the intelligence community and that “interconnecting platforms and ecosystems across the IC is where digital transformation and value at scale occur.” The intelligence community also needs to embrace agile development models, which he called the “central nervous system” of the intelligence community. </p> <p>At the CIA, targeters, analysts, developers and data scientists are <strong>working together and bringing together data in ways that have never been done before</strong>, an approach that has “produced amazing results” for the agency, Edwards said. </p> <p>Edwards stressed the need for agile acquisition vehicles that would allow the agency to keep pace with the speed of commercial innovation and help the CIA avoid being locked into proprietary technologies. </p> <p>Additionally, Edwards returned several times to the importance of people, which he called the CIA’s “most important resource.”</p> <p>“We need to <strong>broaden and deepen the digital acumen of our workforce</strong>,” he said. “This means a combination of elevating the digital proficiency of the broader workforce to help them apply the power of data and data analytics to their missions as well as deepening the skills of the digital workforce to develop applications of value.”</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 06 Dec 2018 16:48:20 +0000 phil.goldstein_6191 41906 at https://fedtechmagazine.com Where Are Federal Workforce Hiring and Retention Strategies Headed? https://fedtechmagazine.com/media/video/where-are-federal-workforce-hiring-and-retention-strategies-headed <span>Where Are Federal Workforce Hiring and Retention Strategies Headed? </span> <div><p>Federal agencies have increasingly sophisticated IT demands, but they must compete with private sector companies in hiring personnel qualified to tackle those demands. Officials from HUD, USDA, GSA, USCIS and SBA discuss how they attract and retain qualified hires in this competitive environment.</p> <p>For more on boosting worker productivity, <a href="https://www.cdw.com/content/cdw/en/orchestration/modern-workforce.html" target="_blank" title="Modern Workforce Insight Report"><strong>download CDW's Modern Workforce Insight Report</strong></a>. </p> <p>Check out more of our coverage from <strong><a href="https://fedtechmagazine.com/imagine-nation-elc-2018" target="_blank" title="FedTech Imagine Nation ELC 2018">Imagine Nation ELC 2018</a></strong> here.</p> </div> <span><span lang="" about="/user/95421" typeof="schema:Person" property="schema:name" datatype="">Mickey_McCarter_qjsu</span></span> <span>Wed, 12/05/2018 - 08:41</span> <div> <div>Tweet text</div> <div>How do #FedIT leaders make their agencies an exciting place to work? Officials @HUDgv, @USDA, @USGSA, @USCIS @SBAgov discuss their strategies #federalworkforce #GovIT <br /> </div> </div> <div> <div>Video ID</div> <div><p>1596045686</p> </div> </div> <div> <div>video type</div> <div><a href="/taxonomy/term/7396" hreflang="en">Conference</a></div> </div> <div> <div>CDW Activity ID</div> <div><p>MKT25515</p> </div> </div> <div> <div>CDW VV2 Strategy</div> <div>Collaboration</div> </div> <div> <div>CDW Segment</div> <div>Federal</div> </div> <div> <div>Customer Focused</div> <div>False</div> </div> <div> <div>Buying Cycle</div> <div><a href="/taxonomy/term/7446" hreflang="en">Engagement</a></div> </div> <div class="pw-widget pw-size-medium pw-layout-vertical" data-layout="vertical" data-url="https://fedtechmagazine.com/media/video/where-are-federal-workforce-hiring-and-retention-strategies-headed" data-title="How do #FedIT leaders make their agencies an exciting place to work? Officials @HUDgv, @USDA, @USGSA, @USCIS @SBAgov discuss their strategies #federalworkforce #GovIT" data-via="FedTechMagazine" data-button-background="none"> <span> <span>Dec</span> <span>05</span> <span>2018</span> </span> <a class="pw-button-twitter cdw-taboola-social"></a> <a class="pw-button-facebook cdw-taboola-social"></a> <a class="pw-button-linkedin cdw-taboola-social"></a> <a class="pw-button-reddit cdw-taboola-social"></a> <a class="pw-button-flipboard cdw-taboola-social"></a> <a class="pw-button-email cdw-taboola-social"></a> <!-- Pinterest button is in EdTechk12 theme's vertical template --> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-url="https://fedtechmagazine.com/media/video/where-are-federal-workforce-hiring-and-retention-strategies-headed" data-title="How do #FedIT leaders make their agencies an exciting place to work? Officials @HUDgv, @USDA, @USGSA, @USCIS @SBAgov discuss their strategies #federalworkforce #GovIT" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter"></a> <span class="pw-box-counter" pw:channel="twitter"></span> </div> <div> <a class="pw-button-facebook"></a> <span class="pw-box-counter" pw:channel="facebook"></span> </div> </div> <div class="pw-widget pw-size-medium pw-layout-horizontal" data-counter="true" data-url="https://fedtechmagazine.com/media/video/where-are-federal-workforce-hiring-and-retention-strategies-headed" data-title="How do #FedIT leaders make their agencies an exciting place to work? Officials @HUDgv, @USDA, @USGSA, @USCIS @SBAgov discuss their strategies #federalworkforce #GovIT" data-via="FedTechMagazine" data-button-background="none"> <div> <a class="pw-button-twitter cdw-taboola-social"></a> <a href="https://twitter.com/search?f=realtime&amp;q=https%3A%2F%2Ffedtechmagazine.com%2Frss.xml%3Fitok%3De0vq2QfQ%26destination%3D%2F%253Fitok%253De0vq2QfQ%26_exception_statuscode%3D404" target="_blank"><span class="pw-box-counter cdw-taboola" data-channel="twitter"></span></a> </div> <div> <a class="pw-button-facebook cdw-taboola-social"></a> </div> <div> <a class="pw-button-linkedin cdw-taboola-social"></a> </div> <div> <a class="pw-button-reddit cdw-taboola-social"></a> </div> <div> <a class="pw-button-flipboard cdw-taboola-social"></a> </div> <div> <a class="pw-button-email cdw-taboola-social"></a> </div> <!-- Pinterest button is in EdTechk12 theme's horizontal template --> </div> <div> <div>Pull Quote</div> <div> <p class="quote"><a href="node/"> I’ve pushed the envelope a lot at SBA, you know, around workforce, and hiring, and procurement, by asking, “Why not?” So I think my job is to get some of those barriers out of the way so that folks can do the exciting things, and they can do the fun stuff </a></p> <img src="/sites/fedtechmagazine.com/files/styles/photo_quote_thumb/public/2018-12/0.jpeg.jpg?itok=fb1mLsHS" width="60" height="60" alt="Maria Roat" typeof="foaf:Image" /> <p class='speaker'> <span>Maria Roat</span> CIO, SBA </p> </div> </div> Wed, 05 Dec 2018 13:41:01 +0000 Mickey_McCarter_qjsu 41901 at https://fedtechmagazine.com Where Is Cloud.Gov Headed in 2019? https://fedtechmagazine.com/article/2018/12/where-cloudgov-headed-2019 <span>Where Is Cloud.Gov Headed in 2019? </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 12/04/2018 - 06:08</span> <div><p>The General Services Administration is considering having an outside vendor partner take over the management of <a href="https://cloud.gov/" target="_blank">cloud.gov</a>. </p> <p>Cloud.gov is a Platform as a Service offering that allows users to <strong>build applications in the cloud without having to create their own cloud environments</strong>. <a href="https://www.fbo.gov/index?s=opportunity&amp;mode=form&amp;id=28326e35b7c28bfd85abc1fb330cd456&amp;tab=core&amp;_cview=1" target="_blank">In a request for information filed Nov. 9</a>, the GSA indicated it is accepting responses from professional services firms that could help maintain and enhance the platform.</p> <p>Built in 2015 by the GSA’s <a href="https://18f.gsa.gov/" target="_blank">18F digital services team</a>, cloud.gov is a government-customized hosting platform that <strong>takes care of technical infrastructure and security compliance requirements for agencies</strong>. Cloud.gov customers are responsible for their own application code, while the cloud.gov platform handles the security and maintenance of everything underneath, according to the GSA, and is built to keep applications online even with large numbers of users and sharp increases in usage.</p> <p><a href="https://18f.gsa.gov/2017/02/02/cloud-gov-is-now-fedramp-authorized/" target="_blank">18F says</a> that the PaaS gives agencies “a fast and easy way to host and update websites (and other web applications, such as APIs), so their employees and contractors can focus on their missions instead of wrangling the infrastructure and compliance requirements common to federal systems.”</p> <p>The GSA’s Technology Transformation Service indicates in the RFI that it <strong>wants manpower to help manage the security and maintenance aspects of cloud.gov</strong>. The GSA notes that the RFI is not a request for proposals, or a commitment to award a contract.</p> <p><a href="https://fedtechmagazine.com/article/2018/11/what-casb-solution-and-how-can-feds-benefit-it-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how agencies can benefit from cloud access security brokers. </em></a></p> <h2>How the GSA Envisions Cloud.gov Being Managed </h2> <p>In the RFI, the GSA states that it intends to purchase professional services so that the vendor can perform operations and maintenance for the cloud.gov technical system, specifically the <a href="https://www.cloudfoundry.org/" target="_blank">Cloud Foundry</a>-based platform and supporting services and web applications. </p> <p>Cloud.gov uses<strong> DevOps practices and Infrastructure as Code principles</strong> for operations and maintenance, GSA notes in the RFI, work which combines system administration and code development. </p> <p>“Team members commit all changes to source control (git) and test and deploy them using continuous integration and continuous deployment tools,” the GSA notes. “We work in a collaborative, remote-first environment, including chat and videocall discussions of changes before, during, and after development, with frequent use of pairing between employees and contractors.”</p> <p>Any professional services firm that helps the GSA manage cloud.gov would need to be able to <strong>operate, maintain, monitor and update a Cloud Foundry deployment</strong> and the supporting services underlying cloud.gov. </p> <p>In terms of security, such a firm would need to be able to<strong> improve automated monitoring and alerting</strong> for any possible operational failures, possible security issues and anomalous behavior and possible intrusion detection.</p> <p>They would also provide consultation for the cloud.gov development team to support Cloud Foundry best practices and develop, test and deploy code rapidly using a lean and agile approach. </p> <p>Other requirements include the ability to: </p> <ul><li>Identify and fix issues using GitHub pull requests.</li> <li>Use Python, Go and other languages as needed to automate and integrate operation processes.</li> <li>Manage infrastructure as code using Terraform.</li> <li>Manage continuous deployment using Concourse.</li> <li>Package and deploy software using BOSH.</li> <li>Write code, including test harnesses and metric emitters.</li> <li>Manage and analyze capacity on demand.</li> <li>Ensure security and protect privacy, and be capable of defining a virtual private cloud, access control lists bound to security groups, multifactor authentication and Secure Shell access.</li> </ul><p> </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 04 Dec 2018 11:08:06 +0000 phil.goldstein_6191 41891 at https://fedtechmagazine.com DOD Expands ‘Hack the Pentagon’ to Include Hardware, Physical Systems https://fedtechmagazine.com/article/2018/12/dod-expands-hack-pentagon-include-hardware-physical-systems <span>DOD Expands ‘Hack the Pentagon’ to Include Hardware, Physical Systems </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 12/03/2018 - 14:06</span> <div><p>The Defense Department has expanded its “<a href="https://www.usds.gov/report-to-congress/2017/fall/hack-the-pentagon/" target="_blank">Hack the Pentagon</a>” bug bounty program to include <strong>hardware, physical systems </strong><strong>and</strong><strong> high-value defense assets</strong>. </p> <p>The expanded program, which the DOD announced in late October, indicates that the bug bounty programs have been successful and that the Pentagon is willing to allow private sector companies to r<strong>eview vulnerabilities in more sensitive IT systems</strong>. The bug bounties are designed to identify and resolve security vulnerabilities across targeted DOD websites and other IT assets and pay cash to highly vetted security researchers, or “<a href="https://biztechmagazine.com/article/2018/07/ethical-hacking-how-hire-white-hat-hacker-penetration-testing-perfcon" target="_blank">ethical hackers</a>,” to discover and disclose bugs.</p> <p>The DOD awarded <a href="https://www.fbo.gov/index?s=opportunity&amp;mode=form&amp;tab=core&amp;id=7a142ab942e23617c0005dc9b2a717a6" target="_blank">the three-year contract</a> to cybersecurity firms Synack, HackerOne and Bugcrowd to provide vetted hackers for <strong>continual assessments of defense websites, hardware and physical systems</strong>. The contract has a maximum value of <strong>$34 million</strong>. </p> <p>“Finding innovative ways to identify vulnerabilities and strengthen security has never been more important,” Chris Lynch, director of the Defense Digital Service, <a href="https://dod.defense.gov/News/News-Releases/News-Release-View/Article/1671231/department-of-defense-expands-hack-the-pentagon-crowdsourced-digital-defense-pr/" target="_blank">said in a statement</a>. “When our adversaries carry out malicious attacks, they don’t hold back and aren’t afraid to be creative. Expanding our crowdsourced security work allows up to build a deeper bench of tech talent and bring more diverse perspectives to protect and defend our assets. We’re excited to see the program continue to grow and deliver value across the Department.”</p> <p>The first Hack the Pentagon program <a href="https://fedtechmagazine.com/article/2016/04/can-you-hack-pentagon">occurred in 2016</a>, as the Pentagon used crowdsourced cybersecurity expertise to <a href="https://fedtechmagazine.com/article/2016/06/dod-expand-hack-pentagon-efforts-more-just-public-websites">detect hundreds of vulnerabilities</a> in its public websites. Since then, the DOD has conducted a total of 11 bug bounty programs, including sessions examining the Army, Air Force, Defense Travel Service and, most recently, the Marine Corps in August, <a href="https://www.fedscoop.com/dod-expands-hack-pentagon-program-cover-hardware-systems/" target="_blank">FedScoop reports</a>. </p> <p><a href="https://fedtechmagazine.com/article/2018/10/pentagons-new-cybersecurity-strategy-emphasizes-commercial-it" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out what is in the Pentagon's new cybersecurity strategy<strong>. </strong></em></a></p> <h2 id="toc_0">DOD to Explore Vulnerabilities in More Sensitive Systems</h2> <p>In 2016, Hack the Pentagon established two contract vehicles that allow the department to run bug bounty assessments: One is aimed at public-facing web sites and applications, while the other focuses on more sensitive, internal systems. The new contract expands the program’s scope and capacity for bounties targeting private DOD assets, <strong>“which include the tailored and bespoke products and systems for meeting defense mission needs,”</strong> according to a DOD statement. </p> <p>“The contract will enable vetted hackers to simulate real and insider threats to certain systems, bringing in valuable new security perspectives to emulate combat adversaries and mitigate risk,” the statement says.</p> <p>Notably, new features of the enhanced program will enable DOD components to run <strong>continuous, year-long assessments of high-value assets</strong>, according to the Pentagon. That way, the department can “maintain an open dialogue with vetted hacker participants throughout the development lifecycle of a system, which is particularly valuable as software and other assets are regularly updated.” </p> <p>The expanded program will also allow the DOD to conduct assessments on a broader range of assets, such as hardware and physical systems. That likely also will include more sensitive systems. </p> <p>While he declined to go into what those specific systems will be, <a href="https://www.fifthdomain.com/dod/2018/10/24/dod-bug-bounty-program-to-expand-to-more-sensitive-systems/" target="_blank">HackerOne CEO Marten Mickos told Fifth Domain</a> that the contract will focus on DOD systems that are more critical and perhaps more sensitive.</p> <p><strong>“We are stepping one step into more sensitive systems,” </strong>Mickos said. “We started from the very public ones, demonstrated amazing, amazing success there, so therefore [DOD is] saying let’s apply this same model and the same vendor to the more sensitive systems that we have,” he said.</p> <p>Through Hack the Pentagon, the Defense Digital Service works with DOD components and external government agencies to advise on bug bounties, crowdsourced security, vulnerability disclosure policies, and private sector best practices and approaches. </p> <p>Since the launch of the crowdsourced security program, thousands of talented ethical hackers have worked for DOD, and more than <strong>8,000 valid vulnerabilities </strong>have been reported. </p> <p>The bug bounty ethos is being embedded in the Pentagon’s cybersecurity culture. <a href="https://fedtechmagazine.com/article/2018/10/pentagons-new-cybersecurity-strategy-emphasizes-commercial-it" target="_blank">DOD’s Cyber Strateg</a>y emphasizes the importance of identifying crowdsourcing opportunities to find and mitigate vulnerabilities more effectively: “The Department will continue to identify crowdsourcing opportunities, such as hack-a-thons and bug-bounties, in order to identify and mitigate vulnerabilities more effectively and to foster innovation.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank" title="CDW Cybersecurity Insight Report"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://biztechmagazine.com/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 03 Dec 2018 19:06:55 +0000 phil.goldstein_6191 41881 at https://fedtechmagazine.com What Is a CASB Solution and How Can Feds Benefit from It? https://fedtechmagazine.com/article/2018/11/what-casb-solution-and-how-can-feds-benefit-it-perfcon <span>What Is a CASB Solution and How Can Feds Benefit from It?</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Thu, 11/29/2018 - 10:28</span> <div><p>Cloud service use is booming across the federal government. Cloud services contract obligations were <a href="https://fedtechmagazine.com/article/2018/10/federal-cloud-spending-soars-2018">expected to increase</a> by about 32 percent in fiscal year 2018, reaching an all-time high of about <strong>$6.5 billion</strong>, <a href="https://about.bgov.com/blog/cloud-services-market-all-time-high/" target="_blank">according to an analysis by Bloomberg Government</a>.</p> <p>That includes not just Software as a Service applications like <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft.html" target="_blank">Microsoft</a>’s <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft/windows-10.html" target="_blank">Windows 10</a> and <a href="https://www.cdwg.com/content/cdwg/en/brand/office365.html" target="_blank">Office 365</a> but Infrastructure as a Service and Platform as a Service from the likes of Amazon Web Services, <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoftazure.html" target="_blank">Microsoft’s Azure</a>, <a href="https://www.cdwg.com/content/cdwg/en/brand/google.html" target="_blank">Google Cloud</a>, <a href="https://www.cdwg.com/content/cdwg/en/brand/oracle.html" target="_blank">Oracle</a> and others. Cloud service adoption is expected to continue to accelerate in 2019 under the Trump administration’s <a href="https://fedtechmagazine.com/article/2018/09/white-house-unveils-new-cloud-smart-strategy">“Cloud Smart” strategy</a>. </p> <p>All of those cloud services can lead to increased security risks, however. That’s where cloud access security brokers come in for agencies. CASBs can provide federal IT leaders and security pros with <strong>a unified control point for visibility into cloud applications</strong>, use and data, according to cloud security experts. Beyond visibility, these experts say, CASBs also offer help with <strong>compliance, data protection and threat protection capabilities</strong>, since they allow agencies to track data flowing in and out of cloud apps and also help monitor users. </p> <p>Srini Gurrapu, chief cloud evangelist at <a href="https://www.cdwg.com/content/cdwg/en/brand/mcafee.html">McAfee</a>, tells <a href="https://biztechmagazine.com/media/video/what-casb-and-why-it-important" target="_blank">sister site <em>BizTech</em></a> that until now, most organizations’ security practices have been built on the assumption that they owned their infrastructure and security perimeter. Security was built around endpoint protection, patching and anti-malware and less so on data security.</p> <p>“When you move to the cloud, you don’t have a choice,” he says. “Now, you don’t own the infrastructure, but you are putting your applications and data on somebody else’s premise. So, this is the opportunity to understand your data, to understand your users, to understand your business workflows, and secure the data and the workflows and the identities.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> <h2 id="toc_0">What Is a CASB Solution?</h2> <p>As organizations are trusting cloud to host their applications and data on SaaS, or IaaS or PaaS cloud services, they need one unified control point to give them that <strong>visibility and the control for all their applications, usage and data</strong>, Gurrapu says. “A CASB is precisely that,” he notes. “It’s that one unified cloud access security control point and the platform that provides that consistent visibility and the control across all the cloud services that the organizations are using.”</p> <p>As Tim Hanrahan, manager of cloud client services at CDW, <a href="https://blog.cdw.com/cloud-computing/dont-get-robbed-use-cloud" target="_blank">notes in a blog post</a>, CASBs scan, evaluate and report on which cloud applications are already running on organizations’ networks. They <strong>provide audits, policy, data loss prevention and additional security controls</strong> for applications outside networks, specifically SaaS apps like email, file sharing and consumer relationship management.</p> <p><strong>CASBs also ensure compliance</strong>, Hanrahan says, since they add security to cloud-based apps that have multiple data center locations “by enforcing things like data residency.” CASBs also provide “intelligent analytics to ensure no unwanted access based on learned behavior,” Hanrahan says.</p> <p>CASB use is expected to grow over the next few years. <a href="https://www.gartner.com/doc/reprints?id=1-4LC58WS&amp;ct=171130&amp;st=sb" target="_blank">Gartner predicted</a> in November 2017 that by 2020, <strong>60 percent</strong> of large enterprises will use a CASB to govern cloud services, <strong>up from less than 10 percent</strong> at that time.</p> <p><a href="https://fedtechmagazine.com/media/video/imagine-nation-elc-2018-hud-and-gsa-discuss-factors-cloud-migration-federal-agencies" target="_blank"><em><strong>VIDEO:</strong> HUD and GSA leaders discuss the factors that go into federal cloud migrations. </em></a></p> <h2 id="toc_1">How CASB Solutions Can Help Feds</h2> <p>Given their many uses, CASBs have a lot of applicability for federal agencies. Eric Andrews, vice president of cloud security at <a href="https://www.cdwg.com/content/cdwg/en/brand/symantec.html" target="_blank">Symantec</a>, tells <em>BizTech</em> CASBs can help organizations, like my federal agencies, that are trying to <strong>get a handle on all of the cloud apps they have deployed</strong>.</p> <p>“What are all of the apps and services that people are going to? How risky are these cloud apps and services?”</p> <p>CASBs can help agency IT leaders with reporting for compliance and certification as well, he notes. <a href="https://www.skyhighnetworks.com/cloud-security-university/what-is-cloud-access-security-broker/" target="_blank">McAfee adds</a> that CASBs can “identify sensitive data in the cloud and enforce DLP policies to meet data residency and compliance requirements.”</p> <p><strong>CASBs also help agencies with data security. </strong>“How do I track all of this sensitive content that may be flowing in and out of these cloud apps?” Andrews says. That can include source code, personally identifiable information, credit card information or healthcare information. “How do I track that and make sure it doesn’t get exposed inadvertently, with proper policies and controls and even tokenization and encryption?” Andrews says.</p> <p>Additionally, CASBs offer agencies <strong>threat protection</strong>. This is especially valuable at large agencies with thousands of users accessing cloud services. “How do I monitor all of these user accounts?” Andrews says. “Now that I have a lot of activity, I might have 20,000 credentials floating around for my Office 365 account. If any one of those credentials gets compromised, that rouge actor can have direct access to my content.” CASBs help organizations “detect and respond to negligent or malicious insider threats, privileged user threats. And comprised accounts,” McAfee says.</p> <p><a href="https://blog.cdw.com/cloud-computing/3-must-know-pieces-cloud-access-security-brokers" target="_blank">In a separate blog post</a>, Hanrahan notes that there are<strong> three main models for deploying CASBs</strong>.</p> <script type="text/javascript" src="//sc.liveclicker.net/service/getEmbed?client_id=1526&amp;widget_id=1208110706&amp;width=640&amp;height=360"></script><p>The first approach is to <strong>work on the application program interface leve</strong>l, which is an “out-of-band solution” because it does not sit directly between the request and the data. “Rather, it works directly with known API’s of specific cloud applications,” Hanrahan says. “For example, a CASB that employs API as its primary access protection methodology will have written its software to work directly with cloud apps” like Office 365.</p> <p>The second approach is a <strong>reverse proxy</strong>. Many organizations use a reverse proxy for certain data flows and understand the basic concept, Hanrahan notes.</p> <p>“A proxy is an intermediary that sits between a requestor (client) and one or more data sources (servers),” he says. “This is an ‘in-line’ approach to securing cloud apps because it sits directly in the network traffic path. A reverse proxy broker’s connections are coming from the internet to your app servers. This approach can also hide the information behind it coming from the original source.”</p> <p>The final approach is a <strong>forward proxy one</strong>, the opposite path of a reverse proxy. Both use a proxy to sit between requests and data, and both are considered in-line. However, forward proxies “filter connections going out to the internet from clients sitting behind the firewall,” Hanrahan says.</p> <p>“Specific to CASB, the biggest thing forward proxies offer is the ability to integrate any application,” he adds. “While this sounds great, there is always a cost or benefit associated with any feature. The downside to working with any application is that it can be more difficult to deploy, reduces end-user privacy and requires digital certs.”</p> <p>Gartner refers to CASB solutions that support both proxy and API modes as multimode CASBs and notes that “they give their customers a wider range of choices in how they can control a larger set of cloud applications.”</p> <p><a href="https://fedtechmagazine.com/article/2018/11/data-migration-process-how-agencies-can-successfully-move-data-modern-systems-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how agencies can successfully migrate data to the cloud. </em></a></p> <h2 id="toc_2">CASB Vendors and Solutions Agencies Can Tap</h2> <p>As organizations consider which CASBs to deploy, Gurrapu notes that they should <strong>choose a CASB platform “that’s built for the cloud for both north-south and east-west.”</strong> That means it is a CASB platform “that’s not network-centric, but that’s built more for API.”</p> <p>He also suggests choosing platform that secures both IaaS and the SaaS platform from one single console. </p> <p>It should be noted that, as of now, there is only one CASB that is certified by the General Services Administration’s <a href="https://www.fedramp.gov/" target="_blank">Federal Risk and Authorization Management Program</a>, and <a href="https://marketplace.fedramp.gov/#/products?sort=productName&amp;productNameSearch=cloud%20access" target="_blank">that is Skyhigh Networks</a>, which is owned by McAfee. </p> <p>Gartner lists Symantec, Skyhigh and Netskope as the leaders in the CASB market, though there are numerous other players, including <a href="https://www.cdwg.com/content/cdwg/en/brand/cisco.html" target="_blank">Cisco Systems</a>, Microsoft and Oracle.</p> <p>The CASB market is crowded, with vendors seeking differentiation across the four main use cases, Gartner says. “Some execute well across all of them, while others choose to focus on fewer of them but still offer basic functionality in all four,” the research firm notes. “When originally conceived, CASBs focused on either visibility or encryption. As products have matured, visibility remains an important use case, but <strong>additional use cases have arisen that are as important, if not more so, than visibility</strong>.”</p> <p>Many Gartner clients deploy CASBs for data loss prevention and data security, for adaptive access control and for user and entity behavior analytics, “which raise the importance of a CASB from a visibility tool to a cloud service governance tool. Encryption or tokenization at the field level is not a common use case for most clients.”</p> <p>It seems clear that agencies are going to be turning to CASBs more in the years ahead. “Much like firewalls have been a fundamental building block in the data security architectures of the past, <strong>cloud access security brokers are going to be the fundamental building block going forward</strong>,” Andrews says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Thu, 29 Nov 2018 15:28:00 +0000 phil.goldstein_6191 41861 at https://fedtechmagazine.com DOD Sets Up Task Force to Focus on Data Protection https://fedtechmagazine.com/article/2018/11/dod-sets-task-force-focus-data-protection <span>DOD Sets Up Task Force to Focus on Data Protection </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 11/27/2018 - 09:07</span> <div><p>The Defense Department has created a cross-functional task force designed to enhance data security for critical defense technologies. </p> <p>The task force was created via <a href="https://s3.amazonaws.com/fedscoopwp-media/wp-content/uploads/2018/11/01155310/DOD-Supply-Chain-Memo.pdf" target="_blank">a memo from Defense Secretary James Mattis</a>, dated Oct. 24, which first came to light earlier this month. The group, officially dubbed the Protecting Critical Technology Task Force is designed<strong> not just to prevent the loss of classified and controlled unclassified information, but also the data-exfiltration</strong> of closely guarded secrets by foreign adversaries. </p> <p>“This is not a ‘quick-fix’ task force,” Joseph Buccino, a spokesperson for the Pentagon, <a href="https://www.fifthdomain.com/dod/2018/11/13/pentagon-task-force-not-a-quick-fix-to-protect-critical-technology/" target="_blank">told Fifth Domain</a>. “The <strong>loss of technology and data critical</strong> to our national security is a long-term problem.”</p> <p>Mattis says in the memo that is committed to protecting the DOD’s critical technology, and that is estimated that every year American industry loses more than <strong>$600 billion</strong> to theft and expropriation. “Far worse, the loss of classified and controlled unclassified information is putting the Department's investments at risk and eroding the lethality and survivability of our forces,” the memo states.</p> <p>“Each year, American businesses lose hundreds of billions of dollars while our military superiority is challenged,” Deputy Secretary of Defense Patrick Shanahan said in a statement, <a href="https://www.fifthdomain.com/dod/2018/11/02/a-new-dod-task-force-addresses-the-growing-threats-to-critical-technology/" target="_blank">according to Fifth Domain</a>. “Together with our partners in industry, we will use every tool at our disposal to end the loss of intellectual property, technology and data critical to our national security.”</p> <p>The PCTTF will report to Shanahan and Gen. Paul Selva, the vice chairman of the Joint Chiefs of Staff, and Air Force Maj. Gen. Thomas Murphy will lead the task force until a new director is appointed, <a href="https://www.meritalk.com/articles/mattis-establishes-task-force-to-protect-critical-technology/" target="_blank">MeriTalk reports</a>.</p> <p><a href="https://fedtechmagazine.com/article/2018/09/why-disa-has-embraced-sdn-pentagon-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out why DISA has embraced SDN for the Pentagon.</em></a></p> <h2 id="toc_0">How the DOD Will Move to Protect Critical Technology Information</h2> <p>The task force will be staffed by about 25 dedicated members from the secretaries of the armed forces, the chairman of the Joint Chiefs of Staff and numerous agencies across the Pentagon that include the Defense Intelligence Agency, the Defense Cyber Crime Center and Army Counterintelligence.</p> <p>“The need for concrete action is critical,” Mattis says in the memo. “To this end, the PCTTF will start with two sprints: <strong>30 and 90 days, to address a number of basic problems</strong>. While the sprints are underway, the PCTTF will also address <strong>broader systemic issues</strong>, and to this end, leverage the previous work done by the Maintaining DoD Technology Advantage Cross Functional Team, which is now dissolved.”</p> <p>It is unclear what those “basic” data protection problems are. </p> <p><a href="https://federalnewsnetwork.com/other-dod-agencies/2018/11/mattis-stands-up-new-pentagon-office-to-safeguard-defense-information/" target="_blank">Federal News Radio adds</a>:</p> <blockquote><p>It’s unclear exactly how the new task force’s work will differ from the cross functional team it’s replacing. Those teams were mandated by Congress in 2017 to help solve various cross-cutting organizational problems across the Defense Department. According to the Government Accountability Office, they have been slow to meet lawmakers’ original intent.</p> </blockquote> <p>John Slye, an analyst with Deltek, <a href="https://iq.govwin.com/neo/marketAnalysis/view/3120?researchTypeId=1" target="_blank">says in a research note</a> that the task force’s focus on protecting both classified and controlled unclassified information “has <strong>implications for companies that do work for federal agencies</strong>, which have been taking various steps over the last few years to increase the security of federal information that resides on or passes through contractor systems.”</p> <p>Most of those efforts affect acquisition rules but also point to technology policy and governance. For example, in 2016, the National Archives and Records Administration released <a href="https://www.archives.gov/cui/registry/policy-guidance" target="_blank">a “Controlled Unclassified Information” final rule</a> that established standardized practices for the handling of CUI in nonfederal computer systems. The rule applies to executive branch agencies as well as nonexecutive branch entities “through incorporation into agreements,” such as contracts, Slye notes. </p> <p>Additionally, a 2017 update to the <a href="https://www.federalregister.gov/agencies/defense-acquisition-regulations-system" target="_blank">Defense Acquisition Regulations System</a> clause 204.73 directed contractors to implement standards outlined in the National Institutes for Standards and Technology’s Special Publication 800-171, “<a href="https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final" target="_blank">Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations</a>” by Dec. 31, 2017. </p> <p>Slye notes that the change was intended to <strong>“provide a uniform set of requirements that contractors can implement with their existing systems.”</strong> DOD, NARA and NIST held a workshop on the topic in October that “covered security requirements around CUI in a FAR clause that is coming in 2019 that will give agencies a mechanism to extend current NARA CUI rules from just agencies to include contractors,” Slye says. </p> <p>“This coming FAR clause is more extensive than the current DFARS Clause 252.204-7012 for ‘covered defense information’ (CDI) that stops short of covering parts of CUI included under NARA rules,” he says. “Although the rule changes for CUI are not intended to require additional contractor expense, compliance may require some system enhancements and possibly external support. This could prove burdensome for small businesses.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity_IR_stayprotected_700x220.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 27 Nov 2018 14:07:42 +0000 phil.goldstein_6191 41856 at https://fedtechmagazine.com DHS Sees Value in Cloud Shift as It Consolidates Data Centers https://fedtechmagazine.com/article/2018/11/dhs-sees-value-cloud-shift-it-consolidates-data-centers <span>DHS Sees Value in Cloud Shift as It Consolidates Data Centers</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Mon, 11/26/2018 - 13:14</span> <div><p>Department of Homeland Security officials have, in the past, <a href="https://fedtechmagazine.com/article/2018/06/dhs-sees-many-benefits-cloud-migration">cited the operational efficiencies and cost savings</a> of moving to the cloud. The cloud shift also represents an opportunity for DHS to<strong> rationalize its data storage strategy</strong>. </p> <p>The Office of Management and Budget’s <a href="https://fedtechmagazine.com/article/2018/09/white-house-unveils-new-cloud-smart-strategy">new “Cloud Smart” strategy</a>, as well as ongoing efforts to close and consolidate data centers, is pushing DHS to r<strong>eexamine how and where it stores data across the sprawling agency.</strong> </p> <p>“There’s a lot of thought being put across what is the operating model for storage for the Department of Homeland Security,” Steve Rice, the DHS’ deputy CIO, said earlier this month at <a href="https://www.meritalk.com/event/2018-data-center-brainstorm/" target="_blank">MeriTalk’s Data Center Brainstorm event</a> in Washington, D.C., <a href="https://federalnewsnetwork.com/it-modernization/2018/11/dhs-deputy-cio-sees-opportunity-in-elasticity-of-cloud-amid-data-center-consolidation-effort/" target="_blank">Federal News Radio reports</a>. </p> <p><a href="https://fedtechmagazine.com/article/2018/10/federal-cloud-spending-soars-2018" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out why federal cloud spending soared in fiscal year 2018! </em></a></p> <h2 id="toc_0">DHS Moves to Rethink Data Storage via Cloud</h2> <p>By June 2020, Federal News Radio reports, <a href="https://www.dhs.gov/sites/default/files/publications/Data-Centers.pdf" target="_blank">DHS’ Data Center 1 (DC 1) and Data Center 2 (DC 2) contracts</a> will both expire. DHS Chief Procurement Officer Soraya Correa said in August that DHS is starting to work on the strategy to recompete those contract vehicles.</p> <p>However, DHS is plowing ahead on its cloud migration as part of its data center consolidation strategy. DHS has met <a href="https://itdashboard.gov/drupal/dcoi-closures" target="_blank">OMB’s mandate</a> to close six of its large tiered data centers, but <strong>must still close an additional 19 nontiered data systems before October 2020</strong>.</p> <p>“When we look at it, the evolution of the cloud allows us to think about where the elasticity of our model moves out to public cloud services, and then also ensuring that we understand an inventory, a rationalization of our applications to understand what are the applications and services that would move,” Rice said, according to Federal News Radio. </p> <p>The expiring contracts for its main data centers, located in Stennis, Miss., and south-central Virginia, are forcing DHS to reconsider its data storage strategy and where it wants to put data, according to Rice.</p> <p>“Let’s make some smart decisions, make sure that they simplify the architecture, let’s make sure that we’re understanding where we’re going to compute together so we can<strong> start making informed decisions about the analytical needs that might materialize </strong>over the next several years,” he said. </p> <p>Rice said DHS must use emerging technologies that are “either on the horizon or just coming past the horizon now” as it looks to cloud storage. He added that it is “only a matter of time” until <strong>artificial intelligence</strong> becomes a bigger part of the discussions among federal IT leaders, but he also said it is difficult to plan for the technology tools agencies will need in the medium to long term. </p> <p>“It’s kind of hard to think about what the next 15 to 16 years of governance are going to be,” Rice said, according to Federal News Radio. “The technology is still emerging, especially at the pace that they’re coming out. Cloud Smart to us is taking advantage where it makes sense for the mission.”</p> <p>Rice noted that such decisions need to involve <strong>a wide range of agency stakeholders beyond CIOs</strong>.</p> <p>“It can’t just be an IT decision,” Rice said. “There’s a lot of work that goes on to inform the Chief Financial Officer community, the Chief Procurement Officer community, the Chief Human Capital Officer community to understand that as technology shifts, it really transforms how we deliver services and it starts with the people and ends with the mission.”</p> <p><a href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="https://edtechmagazine.com/k12/sites/edtechmagazine.com.k12/files/IT%20Infrastructure_IR_1.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Mon, 26 Nov 2018 18:14:49 +0000 phil.goldstein_6191 41851 at https://fedtechmagazine.com Air Force Pushes Ahead on Its Mobile and Cloud Initiatives https://fedtechmagazine.com/article/2018/11/air-force-pushes-ahead-its-mobile-and-cloud-initiatives <span>Air Force Pushes Ahead on Its Mobile and Cloud Initiatives</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Wed, 11/21/2018 - 09:15</span> <div><p>The Air Force <a href="https://fedtechmagazine.com/article/2018/08/why-air-force-wants-consolidate-some-it-functions">began an experiment</a> last month at<strong> 20 out of its 187 bases</strong> to test its Enterprise IT as a Service model and use commercially owned and operated IT services at those bases to learn and adjust before transitioning to the rest of the service branch 2020. </p> <p>That is a major undertaking, the goal of which is to improve the IT user experience through commercial services in order to increase mission effectiveness, according to the Air Force. Air Force Deputy CIO Bill Marion says that <a href="https://www.cdwg.com/search/?b=cwt" target="_blank">AT&amp;T</a> and <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft-interstitial.html" target="_blank">Microsoft</a> and are testing new approaches to bringing network services to bases under other transaction authority agreements. </p> <p>“We are in the site survey process and we are rolling out with speed and agility with those two offerors working through the [other transaction authority] process,” <a href="https://federalnewsnetwork.com/ask-the-cio/2018/11/air-force-restructures-cio-to-bring-business-it-and-data-closer-together/" target="_blank">he tells Federal News Radio</a>. </p> <p>However, while it is doing that, the service is <strong>moving ahead on key mobile upgrades and cloud migrations</strong>. The Air Force wants to bring mobile connectivity to its bases and also continue to move both apps and users to various private and public clouds. </p> <p><a href="https://fedtechmagazine.com/article/2018/11/data-migration-process-how-agencies-can-successfully-move-data-modern-systems-perfcon" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how your agency can effectively migrate data to the cloud! </em></a></p> <h2 id="toc_0">Air Force Moves to Enhance Its Networks</h2> <p>Since late 2017, the Air Force has made it clear that it would like to <a href="https://fedtechmagazine.com/article/2017/12/armed-forces-want-mobile-infused-future">expand mobile broadband coverage</a> at its bases. Marion says the service is making a big push toward cellular and mobile and recently released a Request for Proposals to industry for such connectivity.</p> <p>“We are trying to bring public-private partnerships together [to] allow cellular partners access to our real estate to <strong>extend their global mobile infrastructure with what I call ‘five bars to the flight line,’</strong> so we are connecting our airmen from every facet from a mobility perspective,” Marion tells Federal News Radio. </p> <p>Marion says the Air Force will eventually engage in a full acquisition once it knows what is possible with Network as a Service. “This allows us a lot of dialogue with the two vendors to push and pull on price point to capability and really figure out how we ultimately build that requirements construct,” he says. </p> <p>The Air Force wants to understand what industry vendors and wireless carriers can deliver that meets its security requirements, according to Marion. “We all know agility and speed are the new world order in security and risk management, so <strong>how do we deliver that kind of ecosystem at the network layer?</strong>” The Air Force will pilot these concepts at six bases, three per vendor, over the next few years, according to Federal News Radio.</p> <h2 id="toc_1">Air Force Continues Its Shift to the Cloud</h2> <p>The Air Force has <strong>15 applications </strong>on the<strong> </strong>Common Compute Environment, which uses Amazon Web Services and Microsoft <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoftazure.html" target="_blank">Azure</a> Impact Level 5-compliant cloud services, and it is moving its enterprise resource planning system, which includes its human resources, financial management and logistics apps. </p> <p>Meanwhile, the Air Force is pushing ahead with its <a href="https://www.cdwg.com/content/cdwg/en/brand/office365.html" target="_blank">Microsoft Office 365</a> deployment. Marion tells Federal News Radio that so far <strong>more than</strong> <strong>500,000 users have moved to the enterprise cloud service</strong>.</p> <p>“The commercial implementations have typically reduced cost pretty significantly. In our current common computing environment work, we are seeing a 4x reduction in overall application infrastructure costs,” Marion says.</p> <p>The Air Force is also seeing positive results in its work with DISA, Marion says. The service goes through an application rationalization process, thinks through the business case for migrating apps and also works closely with DISA on the data that needs to be migrated between clouds. </p> <p>“You certainly don’t want one application in one cloud and another one in another cloud when they are going to talk all the time,” Marion says. “We want to narrow it down. <strong>We don’t want 100 different cloud providers</strong>, but getting that to a suitable set, a handful if you will, of principle drivers that deliver value and we will rationale based on the use case.”</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2).jpg" data-entity-type="" data-entity-uuid="" src="/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2).jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Wed, 21 Nov 2018 14:15:09 +0000 phil.goldstein_6191 41846 at https://fedtechmagazine.com DHS Hopes Supply Chain Task Force Will Enhance Federal IT Security https://fedtechmagazine.com/article/2018/11/dhs-hopes-supply-chain-task-force-will-enhance-federal-it-security <span>DHS Hopes Supply Chain Task Force Will Enhance Federal IT Security </span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 11/20/2018 - 13:15</span> <div><p>The Department of Homeland Security is moving ahead with plans to beef up security for the global IT supply chain and, by extension, for the federal government. </p> <p>On Oct. 30, DHS <a href="https://www.dhs.gov/news/2018/10/30/dhs-and-private-sector-partners-establish-information-and-communications-technology" target="_blank">announced the creation and chartering</a> of the nation’s first Information and Communications Technology Supply Chain Risk Management Task Force. The task force is a public-private partnership designed to examine and develop “consensus recommendations” to identify and manage risk to the global ICT supply chain.</p> <p>Although the task force is not specifically focused on protecting just the hardware and software that government agencies use, <strong>a DHS official has said that one of its key goals</strong> is to help prevent agencies from buying technologies with security problems. </p> <p><a href="https://fedtechmagazine.com/article/2018/11/bombarded-attacks-feds-learn-spot-malicious-email" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how feds have stepped up their anti-phishing game! </em></a></p> <h2 id="toc_0">DHS Seeks to Identify Supply Chain Cybersecurity Risks</h2> <p>Foreign adversaries, hackers and criminals present significant new cybersecurity risks to government and industry, DHS notes in a statement, adding that their contractors, subcontractors and suppliers at all tiers of the supply chain “are under constant attack, targeted by increasingly sophisticated and well-funded adversaries seeking to steal, compromise, alter or destroy sensitive information.” </p> <p>In some cases, advanced threat actors “target businesses deep in the ICT supply chain to gain a foothold and then <strong>swim upstream to gain access to sensitive information and intellectual property</strong>,” according to DHS. </p> <p>“Threats to the nation’s IT and communications supply chain can severely impact our national security and nearly every facet of our economy” Christopher Krebs, director of the <a href="https://www.dhs.gov/cybersecurity-and-infrastructure-security-agency?utm_source=hp_slideshow&amp;utm_medium=web&amp;utm_campaign=dhsconnect" target="_blank">newly renamed Cybersecurity and Infrastructure Security Agency</a>, said in a statement. </p> <p>“The nature of supply chain threats, because they can encompass a product’s entire life cycle and often involve hardware, make them particularly challenging to defend against,” Krebs said. “Government and industry have a shared interest and thus a <strong>shared responsibility in identifying and mitigating these threats in partnership</strong>. The Task Force will seek holistic solutions across a broad set of stakeholders to develop near- and long-term strategies to address supply chain risks.”</p> <p>The task force will have about <strong>60 members</strong>, drawn equally from the federal government, the technology industry and the communications sector, Emile Monette, a cybersecurity strategist at DHS and co-chair of the task force, said at a Nov. 1 meeting of the Information Security and Privacy Advisory Board, <a href="https://fcw.com/articles/2018/11/01/supply-chain-dhs-lemons.aspx" target="_blank">according to <em>FCW</em>.</a></p> <p><a href="https://fedtechmagazine.com/article/2018/10/how-government-plans-reskill-workers-cybersecurity" target="_blank"><em><strong>MORE FROM FEDTECH: </strong>Find out how the government plans to reskill workers for cybersecurity jobs!</em></a></p> <h2 id="toc_1">How DHS Hopes to Protect Federal IT Supply Chains</h2> <p>The task force is a key component of the DHS Cyber Supply Chain Risk Management Program. The C-SCRM Program leads national efforts to address risks to ICT product and service supply chains by developing and <strong>deploying supply chain risk management capabilities for federal civilian agencies</strong>; private sector critical infrastructure owners and operators; and state, local, tribal and territorial governments. </p> <p>The task force, sponsored by the <a href="https://www.dhs.gov/national-risk-management-center" target="_blank">DHS National Risk Management Center</a>, is the main private sector point of entry for the C-SCRM Program and is jointly chaired by DHS and the chairs of the Information Technology and Communications Sector Coordinating Councils.</p> <p>Monette said at the ISPAB meeting that the task force will <strong>serve as a kind of third-party information broker</strong> — like CarMax does in auto sales — and will give federal IT buyers and procurement officials more data and context about IT purchases, according to FCW. That will help them avoid buying technology that may be risky. </p> <p>“We have to <strong>change the behavior and the culture</strong> of buyers who are blindly trusting these actors in the supply chain,” Monette said, FCW reports. “We also have to change the behavior and the culture of the technology suppliers.” </p> <p>While there is a lot of “low-hanging fruit” in supply chain security the task force could implement, Monette said the group will need to use a variety of stakeholders in the public and private sector to change industry practices. </p> <p>FCW reports: “Some action items could be tackled through the agency's authority to issue binding operational directives to federal agencies, while others would require congressional or private sector action.”</p> <p>The new task force dovetails with other efforts DHS has made this year to bolster federal IT supply chain security. In August, <a href="https://www.fbo.gov/index.php?s=opportunity&amp;mode=form&amp;id=dd5e37051fcfcd9db165e7e6d250308a&amp;tab=core&amp;_cview=0" target="_blank">DHS issued a request for information</a> on ways it can <strong>streamline risk assessments to the government’s IT supply chain</strong>, based on publicly and commercially available unclassified data.</p> <p>“DHS seeks information about capabilities that address risk as a function of threat, vulnerability, likelihood, and consequences, and aggregate multiple data sets into structured archives suitable for analysis and visualization of the relationships of businesses, individuals, addresses, supply chains, and related information,” the RFI states.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity_IR_howstrong_700x220.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/Cybersecurity_IR_howstrong_700x220.jpg" /></a></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/phil-goldstein"><img src="/sites/fedtechmagazine.com/files/styles/face_small/public/people/CoMfravQ_400x400.jpg?itok=W9IAwS8L" width="58" height="58" alt="Phil Goldstein" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/phil-goldstein"> <div>Phil Goldstein</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=philgoldstein&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Phil Goldstein is a web editor for <em>FedTech</em> and <em>StateTech</em>. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.</p> </div> </p> </div> </div> </div> </div> Tue, 20 Nov 2018 18:15:21 +0000 phil.goldstein_6191 41841 at https://fedtechmagazine.com