The executive order signed by the president in May to strengthen the nation’s cybersecurity policies is evidence that the federal government has recognized and is going to take significant steps to address increasingly frequent and sophisticated cyber attacks. This order is a great first step, but must be supported by more innovative and flexible acquisition and procurement strategies and processes.
The National Institute of Standards and Technology's (NIST) benchmark for encryption modules has seen recent innovation, opening the playing field for competition.
For years, NIST’s Federal Information Processing Standards (FIPS) 140-2 validation list read like a Who’s Who of Fortune 100 technology vendors. Only those products that leverage cryptographic modules shown on the list were eligible for federal agency deployment. Until recent changes, only the deepest pockets could absorb the costs of development, testing and expensive consultants to facilitate introducing solutions into the federal marketplace.
Some government leaders still hesitate to make the move to public cloud services, citing security concerns, a lack of familiarity with cloud-based applications or the perceived need that employees must be educated on the cloud. Things have changed. Commercial cloud offerings are part of the modern technology arsenal that all agencies should be considering.
While I might not go so far as to pen an open letter to President Donald Trump, consider this a note for anyone with a need to know how the procurement process works for defining and moving ahead on military expenditures. It’s safe to say the behemoth process borders on the absurd and wastes millions of taxpayer dollars.
There are two types of government procurement issues many might find infuriating and prevent warfighters from getting the best industry offers. The two problem areas include the small business set-aside and the absurdity of asking for revolutionary capabilities but telling businesses how to do it using an evolutionary process.
Both procedures just get in the way of progress.
As the Defense Information Services Agency (DISA) knows, a network that complies with standards is not necessarily secure. DISA’s new evaluation program, the Command Cyber Operational Readiness Inspection (CCORI), is designed to go beyond standards. Its goal is to provide site commanders and federal agencies an understanding of mission operational risks.
In spite of an outcry from the federal work force for heightened access to wireless networks, U.S. government spending that would extend the service into offices reached a five-year low of $820.2 million in fiscal year 2015, a decline of 21 percent from its peak three years earlier, according to market research firm Govini.
SDN, BYOA, VDI. This alphabet soup of technologies and approaches has complicated U.S. Defense Department networks.
Trends such as bring your own device (BYOD), bring your own application (BYOA), software-defined networking (SDN) and virtual desktop infrastructure (VDI) have dramatically increased network vulnerabilities, where failures, slowdowns or breaches can cause great damage. For the military, specifically, such occurrences can be serious and mission altering, exposing incredibly sensitive data.
Much anticipation surrounds the U.S. Defense Department's transition to Windows 10, primarily because of the promise that the software update is a significant upgrade from its predecessor, and perhaps Microsoft's best operating system yet.
Nevertheless, a software overhaul can be intimidating. For agencies facing the Windows 7 to Windows 10 migration, the challenge often lies in the preparation—or the lack thereof. With Windows 7 nearing the end of its extended support timeline, it is crucial to have the proper training and migration plan in place to eliminate unexpected roadblocks and ensure a smooth deployment.
As the nation deals with intelligence reports of Russian hacks of the U.S. presidential election, some of us in industry are pondering how President Donald Trump will tackle cybersecurity issues.
He already has a good road map. In December, the Commission on Enhancing National Cybersecurity issued its “Report on Securing and Growing the Digital Economy.” Kudos are in order. It is high time the executive branch dug deeply into cybersecurity issues.
Do you work for a cyber company with federal government contracts? If so, hold onto your hat, because $210 billion in government information technology contracts will expire this year and be re-competed.
As we near the end of the first quarter of this new year, it seems like a perfect time to introduce and discuss four new "resolutions," if you will, for federal information technology managers and what a new action plan for progress might look like.
Without further ado, let's dive right in.
Open standards are easy to love. With a common, defined computing system, anybody can port their applications to them and the software syncs beautifully, simplifying upgrades and providing flexibility in customers’ choice of supplier. One U.S. Army crack at open standards provides a good example of the expectation, which was to correct the problems created by the bolted-on approach of field equipment on vehicles. Unfortunately, like far too many of such standards, the Vehicular Integration for C4ISR/EW Interoperability, or VICTORY, falls flat on implementation.
For the past several years, U.S. federal agencies have undergone a concerted effort to consolidate and streamline their data centers. As such, they’ve ramped up initiatives to drive application requirements to the cloud, used virtualization services whenever possible to improve efficiencies and deployed sensors to monitor power consumption.
The ability of warfighters to be mobile and nimble is not a luxury during combat operations. It is an absolute necessity. Staying ahead of the enemy or avoiding attack often means an entire command post must move, and quickly—a mammoth challenge if the command post relies on a wired communications network with cumbersome and costly cables and equipment.
Right at this moment, hundreds of U.S. government analysts are trying to solve the exact same problem. Each is tackling a number of major national and international security issues, from cyberthreats to terrorism, global health crises and public safety problems. Without easy, trusted data sharing, these analysts, who the nation relies on to solve the most challenging of worries, cannot benefit from shared knowledge—a hurdle that adds to inefficiencies fostered by redundancies, reinforcing the public’s perception of ineffective federal bureaucracy.
There’s no disputing technology’s role in the rapidly changing face of modern warfare. The convergence of commercial services with military applications, such as delivery of real-time data from anywhere using various devices, has changed the physical nature and understanding of what constitutes a combat environment. The U.S. military seeks to define a strategic approach to these converged operations.
With U.S. military troops stationed in nearly 150 countries, the force is the primary safeguard for ensuring national security—domestically and abroad. Each day, military personnel sacrifice time from family and risk their lives to protect the interests of the country—which is why, in 1903, Congress authorized the Defense Department to build, operate and maintain libraries, schools, recreation centers and gyms for the warfighters.
While it’s clear the cloud is the future of government IT, concerns surrounding cloud security continue to abound. Some agency IT personnel remain skittish about handing over data to cloud service providers and skeptical that the data will remain out of the hands of bad actors. As a result, they’re more comfortable housing information in legacy IT systems, even if those systems are, in some cases, decades old and prone to security vulnerabilities.
In truth, deploying a cloud IT infrastructure is ideal for managing today’s ever-changing threat landscape, for several reasons. Here are three reasons why.
When we think about critical infrastructure, specifically the sectors the Department of Homeland Security has deemed essential to the wellbeing of the country, rarely does the idea center on public networking assets to support critical infrastructure. But a rapid transformation of network technology and security improved processes so that agencies now can take advantage of combined public and private networking to accomplish information technology goals.
It seems like a simple choice. You need to upgrade a platform’s computing capabilities—whether on a ground vehicle, a fast-delivery ship, a signal’s intelligence airplane or in a server room—but some of the existing hardware still is salvageable. Rather than do a complete upgrade from scratch, it is possible to leverage much of the existing technology and retain existing racks, power supplies and mass storage in the retrofit. It makes perfect sense: Why throw away parts that seem to be working? But a closer inspection might reveal a different answer. Let’s peel back a few layers and see why—and when—it might make sense to throw away existing equipment and start over.