CYBERSECURITY

One Year In, Cyber Executive Order Progress is Under Way, But Early Stage

MeriTalk | May 06, 2022

Cyber Executive Order Progress
Ninety-one percent of Federal cybersecurity decision-makers say the 2021 Executive Order (EO) on Improving the Nation’s Cybersecurity has made U.S. data and critical infrastructure safer, but just 28 percent say significantly safer, according to Impact Assessment: Cyber EO Year One, a new study from MeriTalk, a public-private partnership focused on improving the outcomes of government information technology (IT).

The report explores perspectives on progress against Cyber EO goals, identifies what successful agencies do differently, and finds the fault lines where agency cyber leaders say they need more help to succeed. Most Federal cyber decision-makers (78 percent) agree the steps outlined in the Cyber EO are necessary to protect our nation. Implementing software supply chain security and migrating to a zero-trust architecture are the two most important factors for national cybersecurity, the research highlights.

And, while just 15 percent have seen tangible improvements because of EO efforts to date, a significant portion expects to see an impact within the next year.

Federal cyber leaders confirm initial progress in areas including vulnerability detection, software supply chain security, vulnerability response, and investigative and remediation capabilities. Just over half confirm IT management and staff are placing increased priority on cybersecurity, and just over half are collecting more cyber data than in the past. But, across the board, progress against EO goals is still in the early stages. Fewer than half rate their agencies’ progress against key EO goals as “excellent.” For example, 36 percent rate progress toward creating a formal strategy as excellent; 34 percent rate progress toward investing in endpoint detection and response (EDR) as excellent; and, 33 percent rate progress migrating to secure cloud solutions, as excellent.

When asked about the importance of zero trust, 82 percent agree that allocating staff and budget resources to zero trust is vital to national security and almost all, 96 percent, agree the Federal zero trust strategy is somewhat or very helpful. Despite the high priority, just 30 percent of Federal cyber decision-makers rate their zero trust progress as “excellent” and many, 67 percent, say the EO’s three-year window for implementing a zero trust architecture is not realistic.

Zero Trust is the gold standard for cybersecurity, so we're encouraged to see the EO is prioritizing that approach. In addition, cloud-native endpoint detection and response capabilities can significantly strengthen the cybersecurity posture for the federal government, especially when integrated with other security capabilities including identity security, threat intelligence, and managed threat hunting. These concepts have become cybersecurity best practices for the private sector’s most technologically advanced businesses, and we encourage the public sector to continue to embrace these technologies and strategies.”

Drew Bagley, vice president and counsel for Privacy and Cyber Policy, CrowdStrike

“Getting to zero trust is not easy. The detail provided in the multi-step guidance from OMB provides a path, but there is no single box you can buy to meet the varied needs of the five zero trust pillars,” says Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs, Zscaler. “You need multiple solutions from varying vendors that work together with seamless integration to achieve true zero trust – it is a team sport. OMB has done a good job in helping to define those rules, with rule one being to keep users off the network. If they can’t reach you, they can’t breach you.”

Funding is another roadblock. Just 14 percent report they have all funding needed to meet Cyber EO requirements. One-third say they have half, or less than half, of the funding needed.

“The sea change is the focus on comprehensive cyber resiliency,” says Nicole Burdette, principal, MeriTalk. “The EO provided direction, and Federal cyber leaders are now doing the hard work. But progress requires sustained funding and resource commitment. The research shows the gaps.”

“The U.S. federal government is taking important steps to improve the nation’s cybersecurity posture,” said Dave Levy, Vice President of U.S. Government, Nonprofit, and Healthcare at Amazon Web Services (AWS). “In the Cyber EO, the White House directs federal agencies to adopt security best practices, implement zero trust architectures, and accelerate migration to secure cloud services. Organizations of all sizes should consider similar principles and practices to enhance their cybersecurity and protect employees and sensitive data against cyberattack.”

What are the leaders doing differently? Cyber EO champions (leaders who give their agency’s EO progress an A) are predictably more likely than their peers to say they have all the funding they need. They are also more likely to have their chief information officer (CIO) leading their zero-trust implementation (67 percent to 28 percent).

When asked for perspectives on what’s needed to achieve cyber progress, the research identified the Federal wish list:

  • Workforce training and expertise
  • Stronger executive buy-in
  • Detailed direction from agency IT leadership
  • Centers of Excellence (COEs) in the government to lend expertise

Three-fourths of Federal cyber decision-makers also say the EO should have been more authoritative with private-sector directives.

The Impact Assessment: Cyber EO Year One report is based on an online survey of more than 150 Federal cybersecurity decision-makers familiar with their agencies’ cybersecurity initiatives, including zero trust strategies, in March 2022 and is underwritten by Amazon Web Services (AWS), CrowdStrike, and Zscaler. The report has a margin of error of ±7.7 percent at a 95 percent confidence level.

About MeriTalk
The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Our award-winning editorial team and world-class events and research staff produces unmatched news, analysis, and insight. The goal: a more efficient, responsive, and citizen-centric government. MeriTalk connects with an audience of 160,000 Federal community contacts.

Spotlight

Despite a protracted debate on immigration and border security that has lasted more than a decade, Congress has failed to address these issues in a manner that will keep America free, safe, and prosperous. This must end. The role of Congress is critical in crafting a proper path forward. Congress must address the full range of issues but take a step-by-step approach.


Other News
GOVERNMENT BUSINESS

Securing the New Digital Ecosystem: Resecurity® Exhibits at DoDIIS 2021

Resecurity | December 17, 2021

Resecurity®, a cybersecurity and intelligence company, today announced the unveiling of their next-generation cybersecurity platform at the 2021 Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference in Pheonix, Arizona. For nearly 20 years, the DoDIIS Worldwide Conference has served as the premier information technology conference welcoming over 2,000 attendees and representing over 400 different government organizations. Government organizations face an uncharted digital ecosystem that has led to record cyber incidents and advanced adversarial tactics in 2021. This year's conference theme, Foresight 20/20: Building a New Digital Ecosystem, emphasized the need to adopt innovative solutions and collaborate across the industry to maintain a competitive strategic advantage over adversaries. "We simply can't count on hope and good luck to save us from strategic surprise, specifically in the cyber domain in which we operate. We need the strongest possible national unity and purpose to protect our Nation's secrets and keep pace with our adversaries." Michael Waschull, acting Intelligence Community chief information officer and deputy IC CIO, during a keynote session Uniquely positioned to provide ecosystem protection and real-time threat intelligence, Resecurity exhibited their latest research, risk management and security capabilities that protect organizations on multiple levels, including network, cloud, applications and users. Particularly relevant for the government sector, they shared risk intelligence innovations designed to identify and score the network, identity, technology, and geographical risks within an organization's security ecosystem. "Resecurity is proud to have participated in this year's DoDIIS conference. As government organizations look to secure their growing ecosystems, we must come together to collaborate, solve challenges, and share best practices," said Gene Yoo, CEO of Resecurity. "Solutions like Resecurity's cyber risk and intelligence platform are essential to compete with adversaries in the new digital ecosystem, providing security leaders increased visibility and actionable data to protect their organizations." About Resecurity Resecurity® is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence. Known for providing best-of-breed data-driven intelligence solutions, Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks. Founded in 2016, it has been globally recognized as one of the world's most innovative cybersecurity companies with the sole mission of enabling organizations to combat cyber threats regardless of how sophisticated they are. Most recently, Resecurity was named one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California by Inc. Magazine.

Read More

GOVERNMENT BUSINESS

Accela's Platform and Solutions Drive Continued Quarterly Business Momentum and Empower Agencies to Deliver Critical Services

Accela | May 11, 2022

Accela, the trusted provider of cloud solutions for government, announced a third quarter of growth in fiscal 2022 as state and local leaders partnered with the technology provider for digitized solutions and a unified platform to address the complex and diverse challenges governments are facing. From January through March, Accela added new customers to its roster, migrated customers to the cloud, appointed a new board member, and received multiple awards. It's an exciting moment for the dynamic govtech market, as government-as-a-platform is finally here. Governments are eager to use technology to improve how they deliver critical services, meet the 'consumer-like' expectations of agency staff and residents, and provide valuable insights that transform communities and strengthen economic development. Accela delivers both the flexible, robust platform and out-of-the-box government service-specific solutions to make these goals, and those to come, achievable." Gary Kovacs, CEO of Accela Nearly three-fourths of state CIOs said in a recent survey creating better online experiences for residents is the single biggest driver to expanding digital services. Government agencies can utilize a powerful platform to empower them to achieve this goal, while also creating new efficiencies and streamlining cross-departmental insights and processes. With unprecedented funding opportunities available for local communities, including American Rescue Plan funds, now is the time for governments to accelerate their digital transformation. Accela Continues Customer Growth, Completes New Go-Lives and Migrations This past quarter, the company saw double-digit growth in recurring revenue and unparalleled professional services revenue performance. In 2021, more than 84 percent of Accela's SaaS customers used more than one solution on the company's platform, maximizing insights and automating more processes for staff and residents. In partnership with Velosimo and OpenCities, Accela signed San Joaquin County, CA as an enterprise customer tapping into multiple Accela solutions including the Accela Civic Application for Building, Fire Prevention, Business Licensing, and Environmental Health. Additionally, the State of Tennessee Department of Transportation selected Accela for its permitting solution. Several communities selected Accela Environmental Health to further protect their residents, including Monterey County, CA; Tacoma-Pierce County, WA; and Kings County, CA. Atlantic County, NJ also authorized a project to quickly transition to Accela's cloud-based Civic Application for Environmental Health — migrating current and historical data, modernizing workflows, and publishing a public-facing web portal for operators to conveniently renew, apply, and manage their environmental health programs. Accela upgraded additional customers to the cloud, including the City of High Point Fire Department, NC; City of Hermosa Beach, CA; City of New Albany, OH; City of Memphis, TN Fire Department; City of Pittsburgh, CA; City of Hillsborough, OR; Polk County, FL; Solano County, CA; and City of Andover, KS. New customer go-lives this quarter included DuPage County, IL; Suffolk County, NY; Michigan CSCL; Oklahoma ABLE; State of Virginia Alcohol Beverage Control Authority; and completed the first project phase for Anne Arundel County, MD. Over the past two years, Accela completed dozens of customer upgrades to the company's multi-tenant cloud on Azure, and continues at a steady pace each month. Accela's net customer retention is among the industry's best at 110 percent, a testament to the caliber of its solutions and commitment to great government. "Government IT leaders and CIOs are at the forefront of laying the foundation for navigating the uncertainty of business today and leading their agencies into the future," said Dustin Haisler, CIO of Center of Digital Government. "To help them during these uncertain times, they need to leverage their partnership with a technology leader, like Accela, who can help them reimagine processes and service delivery to both empower residents and produce more efficient outcomes for agency staff." Accela Recognized for its Leadership in Reimagining Public-Private Partnerships, Strengthens Board In February, Accela won the inaugural National League of Cities (NLC) Capstone Challenge Series for a project designed to reimagine the City of Madison, WI's Report a Problem capability. NLC recognized Accela and Madison as a premier example of how public-private partnerships can transform communities. "This project allowed us to automate a process that staff had been doing manually, freeing up their time to focus on addressing resident concerns and proactive problem solving," said Madison Mayor Satya Rhodes-Conway. Beyond this NLC recognition, Accela was also selected by Government Technology magazine as a 2022 GovTech 100 company for the seventh year in a row, and Accela Vice President of Alliances and Channels Tony Aiello was named to CRN's 2022 Channel Chief list. In March, Accela added a new board member in March with the appointment of Kara Wilson to its board of directors. Spring Partner Summit Announced Accela announced its annual Spring Partner Summit, a complimentary event to be held in-person at the company's headquarters in San Ramon, CA on May 12. About Accela Accela provides a unified suite of cloud solutions trusted by governments across the globe to accelerate their digital transformation, deliver vital services, and build stronger communities. More than 275 million citizens worldwide benefit from Accela's government software solutions. The company offers agile, purpose-built solutions and the power of a platform that provides users with a consumer-like experience, shares data across departments, and ensures world-class security. With Accela, government agencies experience rapid and effective digital transformation. Accela's government software meets agencies wherever they are on their modernization journey, while also helping them prepare for whatever comes next. The company is a 2021 Microsoft US Partner Award winner for its innovative SaaS solutions to help governments respond to the COVID-19 pandemic and was named as one of the Largest East Bay Tech Employers by San Francisco Business Times. Accela is headquartered in San Ramon, California, with offices around the world.

Read More

CYBERSECURITY

U.K. Cyber Firm Expands to North America Following Multi-Million Investment

Bridewell Consulting | March 24, 2022

U.K. cybersecurity services company, Bridewell Consulting, has announced its expansion into the $58 billion U.S. cybersecurity market following a multi-million investment from Growth Capital Partners last year. Specialists in securing organizations in complex and highly regulated sectors such as critical national infrastructure and finance, the company seeks to help U.S. organizations reduce risk and build cyber resilience amid rising cyber threats. With an office strategically located in Houston’s Energy Corridor in Texas, the move enables Bridewell to better serve the needs of its existing client base in the U.S., many of whom the company already serves from the U.K. It will also enable Bridewell to secure new clients in the region and provide a springboard for further growth across North America, in a marked effort to become a globally recognized cybersecurity services firm. The move comes at a significant time for critical national infrastructure security in the U.S., with growing concerns over ransomware attacks on banks and hospitals and mounting pressure to improve cybersecurity from government. Just this week, President Biden issued an urgent warning to American business leaders, telling them to strengthen their cyber defenses immediately while the Computer-Security Incident Notification Final Rule is set to come into effect on April 1, 2022. Under the new rule, U.S banks must report any “significant” cybersecurity incident within 36 hours of discovery. We’re at a crucial stage when it comes to critical national infrastructure security. Threats from nation states are rising and innovative methods of cyberattacks are significantly outpacing regulation, policy and strategies. Bridewell’s success in delivering flagship security transformation projects in the U.K., combined with our industry-leading expertise in both IT and OT security and our Microsoft Gold Partner status, means that we are uniquely placed to help North American organizations develop robust and resilient cybersecurity solutions at this critical time.” Scott Nicholson, Bridewell Co-CEO According to recently released U.K. government data, the U.K. cybersecurity sector attracted record investments in 2021, with over £1 billion raised – a rise of 14% compared to the previous period. Bridewell itself experienced a record year of growth with a 156% increase in headcount and 50% growth in revenue, driven by a combination of factors including increased demand for Managed Detection and Response (MDR), the shift in working models and increased appetite for cybersecurity transformation. Anthony Young, Co-CEO of Bridewell, adds: “The U.S. has always been a key growth market for us, both in terms of our existing client base and the broader market opportunity. We’ve had a phenomenal couple of years in the U.K., but our plan has always been to expand where there is a great need, with the evolving U.S. market ripe for managed security services.” Established in 2013, Bridewell is one of the fastest growing privately-owned U.K. cybersecurity companies, with 75% year-on-year revenue growth since FY18. Headquartered in Reading, Berkshire, the company serves sectors including CNI, aviation, financial services, government and oil and gas, with its 24/7 Security Operations Centre protecting some of the most critical national infrastructure in the U.K. In 2021, the company delivered a number of security transformation projects, including revolutionizing the Security Operations Centre for Manchester Airport Group and an independent information assurance review for the 2021 Census. Bridewell was also named Cyber Business of the Year in the U.K. National Cyber Awards 2021. About Bridewell Consulting Bridewell Consulting is a cybersecurity services company providing global, 24/7 managed detection and response services and cybersecurity consultancy. With extensive experience in delivering large-scale transformational projects in highly regulated environments, Bridewell enables organizations to drive strategic change securely, providing a full breadth of end-to-end cybersecurity services. Its expert team comprises of a diverse range of highly skilled consultants, supported by industry leading technology, deep technical expertise, accredited methodologies and a client-centric business-driven approach. Bridewell delivers a vast number of services across critical national infrastructure, aviation, financial services, government and oil and gas. The company holds a number of industry accreditations including NCSC, CREST, ASSURE, IASME Consortium, Cyber Essentials Plus, ISO27001, ISO9001 and are a PCI DSS QSA Company.

Read More

EMERGING TECHNOLOGY

U.S. Government Security Technology Provider Opens New Facility

NEC Corporation of America | April 01, 2022

NEC Corporation of America, a leading technology integrator of advanced IT, networking, communications, and multimodal biometric solutions announced the opening of its NEC National Security Solutions, Inc. (NSS) offices in Arlington, VA, with a ribbon-cutting ceremony and open house. NEC NSS is a wholly-owned subsidiary of NEC that uses world-class technology to solve problems and create opportunities for public servants and citizens. These solutions include identity and biometric technologies, artificial intelligence and machine learning that is changing the way the government does business. We wanted the NEC NSS offices to reflect the critical technology and expertise that we provide to our clients and customers. This location positions us right where we need to be to best serve our government clients.” Mark Ikeno, CEO and President, NEC Corporation of America The NSS executive team is led by Dr. Kathleen Kiernan, a 29-year veteran of Federal Law Enforcement and one of our country's foremost experts in threat detection. She previously served as Assistant Director for the Office of Strategic Intelligence and Information for the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), focusing on intelligence-led organizational strategy. “In this fast-changing world, security technology must be in place even before it is needed,” said Kiernan, President, NEC NSS. “Threats don’t wait until you are ready. They happen quickly and we work with our customers to help identify solutions that will help them be proactive in protecting their assets against any number of potential threats.” As a Foreign Ownership, Control or Influence (FOCI)-mitigated subsidiary, NEC NSS provides its world-class innovations in a specialized manner to the United States government. NSS currently offers integrated hardware and software solutions to support critical national security, intelligence, homeland defense, immigration, and law enforcement missions across the U.S. Federal Government. The company's main customers include the Department of Homeland Security, Department of Defense, Department of State, Department of Justice, and the U.S. Intelligence Community. About NEC Corporation of America NEC Corporation of America (NEC) is a leading technology integrator providing solutions that improve the way people work and communicate. NEC delivers integrated Solutions for Society that are aligned with our customers’ priorities to create new value for people, businesses, and society, with a special focus on safety, security and efficiency. We deliver one of the industry’s strongest and most innovative portfolios of communications, analytics, security, biometrics and technology solutions that unleash customers’ productivity potential. Through these solutions, NEC combines its best-in-class solutions and technology and leverages a robust partner ecosystem to solve today’s most complex business problems. NEC Corporation of America is a wholly-owned subsidiary of NEC Corporation, a global technology leader with a presence in 140 countries and $29.5 billion in revenues. About NEC National Security Systems NEC National Security Systems, Inc. (NSS), is a leading provider of biometric identity and AI technology for federal government agencies in defense, intelligence, law enforcement, and homeland security agencies. Based in Arlington, Va., NSS deploys proven groundbreaking technology for access control, identity verification, scene processing, advanced analytics, fiber optic sensing, border control and transportation security, among other applications. The company was launched in 2020 as a wholly-owned subsidiary of NEC Corporation of America and will operate under a Special Security Agreement (SSA) with the US Government as a FOCI-mitigated entity, free of foreign ownership, control, and influence. It provides full-service solutions for large agencies using the intellectual property and resources of the global NEC brand. The NEC Corporation invests an estimated $1.01 billion annually in R&D, holds 47,000 patents, and has more than 110,000 employees in 160+ countries.

Read More

Spotlight

Despite a protracted debate on immigration and border security that has lasted more than a decade, Congress has failed to address these issues in a manner that will keep America free, safe, and prosperous. This must end. The role of Congress is critical in crafting a proper path forward. Congress must address the full range of issues but take a step-by-step approach.

Resources