Emerging Technology
Article | July 16, 2022
A new report offers a five-point framework government agencies can use to maximize the benefits of artificial intelligence while minimizing the risks. “Risk Management in the AI Era,” released by the IBM Center for the Business of Government April 16, proposes a risk management framework that can help agencies use AI to best suit their needs. “Public managers must carefully consider both potential positive and negative outcomes, opportunities, and challenges associated with the use of these tools,” the report states, as well as the relative likelihood of positive or negative outcomes.
Read More
Government Business
Article | July 14, 2022
The CARES ACT (Coronavirus Aid, Relief, and Economic Security) passed by Congress created a sprawling, multi-faceted plan to combat COVID-19 and its debilitating effects on the U.S. economy. Signed into law in March, the $2 trillion relief package allocated funding for preserving jobs, backfilling government budgets, helping school districts, providing assistance for the unemployed and establishing grant programs for various industry sectors such as transportation and telecommunications.
There are murmurs of a second stimulus bill which could be debated as soon as July, with the president on July 2 expressing his support for one. But, billions of dollars remain in the CARES Act funding for numerous programs. Much of that funding has reached recipients already, and more should start flowing at any time. All parties and stakeholders are eager, of course, for the funding to reach governmental entities. CARES Act funding programs include the following examples.
The Elementary and Secondary School Emergency Relief, or ESSER, program was established with approximately $13.2 billion. This funding is designated for public school districts through an application process that has oversight from each state’s centralized education agency. Texas school districts received $1.29 billion through the program, just behind the state of California, which received the highest allotment at $1.6 billion. Other states receiving a larger share of ESSER funding are New York ($1.03 billion), Florida ($770 million), Illinois ($569 million), and Georgia ($457 million).
The program requires that at least 90 percent of the grant funding must be awarded to schools that received Title I, Part A funding during the 2019-20 school year. That stipulation will result in only school systems with a high number of students from low-income families being eligible for the bulk of the revenue. Applications are to be submitted to the state education agency for review and approval. However, decisions about how the funding is used are to be made by local officials in the school districts.
Another part of the CARES Act provides billions more in funding for airports. The Airport Improvement Program (AIP) offers $10 billion in distributions through grants for capital projects. This revenue can also be used to fill funding gaps in fiscal year 2020 budgets, since airport systems throughout the nation sustained such heavy losses as a result of the pandemic. Previously, the grants required a local funding match, but the CARES Act increased the federal share to 100 percent.
The AIP program allocates $7.4 billion for commercial airports that serve more than 10,000 passengers annually. Another $2 billion is set aside for commercial airports and general aviation airports. Looking at the listed intended uses of these funds, it appears that many airports will have thousands of upcoming contracting opportunities. Millions will be spent on projects to extend and/or rehabilitate runways. Other airports plan to install new lighting, expand terminals, purchase additional safety equipment, reconfigure taxiways, conduct studies, and develop planning documents for future expansion.
Cities and counties are most eager to participate in the $5 billion in funding available for local government programs and projects through the Community Development Block Grant, or CDBG, program. This funding is intended for local governmental officials to use for corridor redevelopment, economic development initiatives and other projects. Every state received funding and some of the larger allocations were designated for Texas ($63.4 million), California ($113 million), Florida ($63 million), and New York ($70.5 million).
The U.S. Economic Development Organization continues to accept applications for projects that reinvigorate regional economic recovery, with $1.5 billion earmarked in the CARES Act for the Economic Adjustment Assistance Program. Through grants for projects that “leverage existing regional assets,” this program is designed to support economic development within distressed communities. Funding is available to states, counties, universities, and regional planning organizations, as well as for public-private partnerships.
Examples of funding allocated through the program include the award of a $400,000 in grant to the Kennebac Valley Council of Governments in Maine to update its economic development plans and provide COVID-19 services. In Texas, the Concho Valley Council of Governments in San Angelo received a $2.2 million grant to purchase a building for its regional headquarters.
The city of Odessa is using $927,708 in CDBG grant money for several social services programs and to supplement local nonprofits’ efforts during the pandemic. And the city of Lewisville recently received $5.8 million in CARES Act money, which includes $452,305 in CDBG grants.
The Federal Transit Administration is distributing $25 billion with approximately $22.7 billion earmarked for large and small urban areas and $2.2 billion set aside for rural areas. This funding does not require a local match of any kind, and it can be used for capital projects and for operations and/or planning purposes, as long as those activities relate in some way to COVID-19.
Transit agencies in urban areas with a population over one million --- such as Cap Metro, which received $104 million --- are getting $17.5 billion through the FTA. Transit agencies serving areas with populations fewer than one million --- such as Brownsville, Texas, which is receiving $7.6 million --- are getting $5.1 billion.
In the middle of the current, historic pandemic, the economy will significantly be stimulated by projects and initiatives that result from this funding. Public-private collaboration will not only create jobs and generate additional revenue flow, it will result in getting Americans working together again … and that will serve the country well.
Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.
Read More
Government Business
Article | March 11, 2022
Federal agencies design a wide range of tools, equipment, vehicles and even rockets. Computer-aided design (CAD) technology allows agencies and users to create digital designs more efficiently. CAD is used for a lot more than designing buildings, but is a basic building block of a more advanced tool known as Building Information Modeling, or BIM. CAD can be used to render 2D digital models of products, equipment and buildings. BIM takes those efforts to the next level and serves as a 3D design tool to “create and simulate how a building would operate,” says Andrew Friendly, associate vice president of government affairs at Autodesk, a leading CAD and BIM firm.
Read More
Cybersecurity
Article | March 23, 2022
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More