Emerging Technology
Article | July 16, 2022
Government agencies seek to deliver quality services in increasingly dynamic and complex environments. However, outdated infrastructures—and a shortage of systems that collect and use massive real-time data—make it challenging for the agencies to fulfill their missions. Governments have a tremendous opportunity to transform public services using the “Internet of Things” (IoT) to provide situation-specific and real-time data, which can improve decision-making and optimize operational effectiveness.
Read More
Article | May 27, 2021
Blockchain has started to take off. It is now seen as an important part of development. More and more countries and governments are optimistic about joining the race of leveraging blockchain to commence different projects. It can be used in process optimization, cybersecurity, or integrating connected devices. This distributed ledger format is intended to support both public and government sectors, concluding, identity management, digital currency, payments, health care, land registration, voting, and management of legal entities.
Need For Blockchain in Government Sector
To provide maximum governance, the government must transform itself digitally from both intra-departmental and interdepartmental perspectives. As different departments run on different disjoint technologies, it leads to the concern of data consistency and data integrity. Due to which it becomes highly essential to incorporate multiple digital identities based on citizens in each department to make cross-referencing an easier task. And this is what Blockchain is for and should be used by the government.
Moreover, all over the world, banks are turning towards blockchain technology as a support for their complicated economy. They are going to utilize blockchain for issuing digital currencies. That’s the reason why the central banks of Russia, Japan, Britain, China, and the US are planning to meet and explore digital potential before launching CBDC (Central Bank Digital Currency).
Advantages Of Blockchain
By using Blockchain, governments can acquire several benefits. Some of which are:
1. Data Protection
Personal data has always been higher risk in the unique ids saved by the government. Crucial details have sometimes been open to public records leading to data breach attacks. With the use of blockchain, these intensities can be easily avoided as the blocks are secured from cyber attacks.
2. Transparency
It has been found that citizens have low trust in government bodies due to the unawareness of the reason behind their decisions. However, blockchain tends to remove the barrier of secrecy by creating a distributed network that enables participants to verify data that led to the decision.
3. Reduced Corruption
Every public service department has at least one corrupt officer. So the government is taking measures to remove such personals which indeed is not possible due to other corrupt officials. However, with the inclusion of the Blockchain system, the mediator link will be terminated from the government system leading to the dumping of the corrupted officials.
Final Thoughts
One of the most intimidating things about blockchain is the absence of regulatory bodies that can cause any theft or scams. For a modern digital world, blockchain resembles a key-tool for securing digital records, developing economic transition, budgeting, and so much more. Companies that want to establish themselves as the pioneer in the upcoming blockchain revolution should also hire developers to develop their own blockchain-based apps or platforms for secured transactions.
Read More
Emerging Technology
Article | July 13, 2022
The CARES ACT (Coronavirus Aid, Relief, and Economic Security) passed by Congress created a sprawling, multi-faceted plan to combat COVID-19 and its debilitating effects on the U.S. economy. Signed into law in March, the $2 trillion relief package allocated funding for preserving jobs, backfilling government budgets, helping school districts, providing assistance for the unemployed and establishing grant programs for various industry sectors such as transportation and telecommunications.
There are murmurs of a second stimulus bill which could be debated as soon as July, with the president on July 2 expressing his support for one. But, billions of dollars remain in the CARES Act funding for numerous programs. Much of that funding has reached recipients already, and more should start flowing at any time. All parties and stakeholders are eager, of course, for the funding to reach governmental entities. CARES Act funding programs include the following examples.
The Elementary and Secondary School Emergency Relief, or ESSER, program was established with approximately $13.2 billion. This funding is designated for public school districts through an application process that has oversight from each state’s centralized education agency. Texas school districts received $1.29 billion through the program, just behind the state of California, which received the highest allotment at $1.6 billion. Other states receiving a larger share of ESSER funding are New York ($1.03 billion), Florida ($770 million), Illinois ($569 million), and Georgia ($457 million).
The program requires that at least 90 percent of the grant funding must be awarded to schools that received Title I, Part A funding during the 2019-20 school year. That stipulation will result in only school systems with a high number of students from low-income families being eligible for the bulk of the revenue. Applications are to be submitted to the state education agency for review and approval. However, decisions about how the funding is used are to be made by local officials in the school districts.
Another part of the CARES Act provides billions more in funding for airports. The Airport Improvement Program (AIP) offers $10 billion in distributions through grants for capital projects. This revenue can also be used to fill funding gaps in fiscal year 2020 budgets, since airport systems throughout the nation sustained such heavy losses as a result of the pandemic. Previously, the grants required a local funding match, but the CARES Act increased the federal share to 100 percent.
The AIP program allocates $7.4 billion for commercial airports that serve more than 10,000 passengers annually. Another $2 billion is set aside for commercial airports and general aviation airports. Looking at the listed intended uses of these funds, it appears that many airports will have thousands of upcoming contracting opportunities. Millions will be spent on projects to extend and/or rehabilitate runways. Other airports plan to install new lighting, expand terminals, purchase additional safety equipment, reconfigure taxiways, conduct studies, and develop planning documents for future expansion.
Cities and counties are most eager to participate in the $5 billion in funding available for local government programs and projects through the Community Development Block Grant, or CDBG, program. This funding is intended for local governmental officials to use for corridor redevelopment, economic development initiatives and other projects. Every state received funding and some of the larger allocations were designated for Texas ($63.4 million), California ($113 million), Florida ($63 million), and New York ($70.5 million).
The U.S. Economic Development Organization continues to accept applications for projects that reinvigorate regional economic recovery, with $1.5 billion earmarked in the CARES Act for the Economic Adjustment Assistance Program. Through grants for projects that “leverage existing regional assets,” this program is designed to support economic development within distressed communities. Funding is available to states, counties, universities, and regional planning organizations, as well as for public-private partnerships.
Examples of funding allocated through the program include the award of a $400,000 in grant to the Kennebac Valley Council of Governments in Maine to update its economic development plans and provide COVID-19 services. In Texas, the Concho Valley Council of Governments in San Angelo received a $2.2 million grant to purchase a building for its regional headquarters.
The city of Odessa is using $927,708 in CDBG grant money for several social services programs and to supplement local nonprofits’ efforts during the pandemic. And the city of Lewisville recently received $5.8 million in CARES Act money, which includes $452,305 in CDBG grants.
The Federal Transit Administration is distributing $25 billion with approximately $22.7 billion earmarked for large and small urban areas and $2.2 billion set aside for rural areas. This funding does not require a local match of any kind, and it can be used for capital projects and for operations and/or planning purposes, as long as those activities relate in some way to COVID-19.
Transit agencies in urban areas with a population over one million --- such as Cap Metro, which received $104 million --- are getting $17.5 billion through the FTA. Transit agencies serving areas with populations fewer than one million --- such as Brownsville, Texas, which is receiving $7.6 million --- are getting $5.1 billion.
In the middle of the current, historic pandemic, the economy will significantly be stimulated by projects and initiatives that result from this funding. Public-private collaboration will not only create jobs and generate additional revenue flow, it will result in getting Americans working together again … and that will serve the country well.
Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.
Read More
Cybersecurity
Article | March 23, 2022
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More