Cybersecurity
Article | March 23, 2022
The pandemic has blown up entrepreneurs and start-up ecosystems, so government support for start-ups has become critical.
The majority of them faced cash shortages and a lack of venture capital. For start-ups, cash is the most pressing issue. Furthermore, start-ups experienced a slow fundraising process accompanied by investor indifference.
Furthermore, the global workforce was not left untouched by the spillover. Start-ups began to lay off employees and reduce pay. According to StartupGenome research, three out of every four employees were letting their employer down.
While 39% of them laid off 20% or more of their workforce, two-thirds admitted to laying off 60% or more of their full-time employees. In the United States, the economy experienced the sharpest decline in employment, with 20.5 million people losing their jobs.
Following that, in order to address this and reduce the pandemic's impact on start-ups, the governments of many countries have stepped in to save their country's start-up ecosystem.
We've listed a few of the government's initiatives to help start-ups during the current cash crunch.
Direct grants and zero-interest loans:
Right now, cash is the most important concern for new businesses. Grants are regarded as the most beneficial policy instrument (29%), followed by loans (12%).
Access to venture capital investment:
If history is any guide, venture capital activity will likely decline in 2020 as well. This creates a quandary for the 18% of start-ups that require access to financing tools to increase investment.
Employment support schemes:
COVID-19 has had an impact on workforces all over the world. The US lost a record 20.5 million jobs in April, the fastest and sharpest drop since the government began tracking the data. Given these circumstances, it's no surprise that 17 percent of start-ups rank immediate employee protection as one of their top priorities.
Read More
Government Business
Article | July 11, 2022
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More
Article | May 26, 2021
A new report offers a five-point framework government agencies can use to maximize the benefits of artificial intelligence while minimizing the risks. “Risk Management in the AI Era,” released by the IBM Center for the Business of Government April 16, proposes a risk management framework that can help agencies use AI to best suit their needs. “Public managers must carefully consider both potential positive and negative outcomes, opportunities, and challenges associated with the use of these tools,” the report states, as well as the relative likelihood of positive or negative outcomes.
Read More
Article | June 19, 2020
The House of Representatives laid out an infrastructure plan on June 18 – an expensive one with a price tag of approximately $1.5 trillion. It will not, of course, pass Congress in its current state, but it promises to start the critical and overdue conversation in Washington about infrastructure.
But, there’s an omission that hopefully will be addressed and debated in Congress. The new plan makes little mention of funding for America’s outdated public technology infrastructure. Yet, the nation’s technology is a critical component of its infrastructure.
Some leaders hope to make Congress aware of the challenges public officials face as they try to manage with old legacy technology systems that should have been replaced a decade ago. Broadband will likely be addressed, but all kinds of other technology assets need attention as well.
When taxpayers think about what infrastructure should include, there is not a consensus. Roads and bridges are certainly considered as public assets and will be included in every discussion of infrastructure. Water, power, schools, health care, and even the Postal Service are named in the new plan that passed the House of Representatives. But, the new bill, which is called the Moving Forward Act, does not mention government’s basic technology infrastructure.
One definition of infrastructure is “the basic physical and organizational structures and facilities needed for the operation of a society or enterprise.” Surely, technology falls into that category.
There’s no argument that America’s global economic future depends on its technology infrastructure as well as its transportation infrastructure.
But, public officials in governmental entities throughout the country attempt to provide services on old legacy systems that are decades past replacement stages. Public databases and networks are vulnerable to cyberattacks. The technology found in cities, counties, school districts, and governmental agencies is more than old and inadequate it is simply unreliable and in some instances could be considered dangerous.
In a world of ‘big data’, artificial intelligence, cloud computing, apps, the Internet of Things (IoT), and extreme security requirements, government technology assets lag too far behind in America.
Public officials don’t have funding to replace the antiquated technology systems. As Congress debates infrastructure reform, technology should be a part of the conversation.
Those in agreement that the national debt does not need another $1.5 trillion hit may advocate for ways to encourage private sector funding for the many needs of infrastructure. Collaborative initiatives could be structured in the final infrastructure bill so that there are incentives for alternative funding and private sector expertise, as well as guidelines to protect taxpayers and public agencies.
The inclusion of technology needs in any infrastructure discussion is, at the very least, worthy of discussion.
Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.
Read More