Article | May 26, 2021
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More
Government Business
Article | March 11, 2022
Unless America and China assume joint leadership for global economic recovery, reconstruction of the post-coronavirus world could take years, with unimaginable consequences for the world’s 7.8 billion inhabitants, including unprecedented levels of global unemployment, famine, and even war.
In the pre-coronavirus world, suggestions for a partnership between the world’s two superpowers would have been met with gales of laughter. But now, despite the two leaders’ daggers drawn posture, hundreds of doctors and scientists in the U.S. and China are already working together on clinical trials of potential coronavirus drugs; and one of China’s biggest property developers has funded a five-year $115 million project between Harvard University and the Guangzhou Institute for Respiratory Health.
But the window of opportunity for acting together is short. The Covid-19 pandemic continues to decimate the world’s economies. Unemployment in the U.S. now tops 22 million, a level not seen since the great-depression of the nineteen-thirties; while China’s economy stopped growing for the first time in four decades as half a million small and mid-size businesses, the backbone of China’s economy closed; and Italy, the second largest manufacturing economy in the EU watches helplessly as the pandemic axe dismembers its economy. Were India and Africa were unable to control the coronavirus the results could be catastrophic.
So, are there issues of such import and mutual benefit that they would convince President’s Trump and Xi Jinping to work together? I believe there are. My two cents worth below.
The two superpowers could leverage China’s vast, trillion-dollar global infrastructure project—the Belt and Road Initiative or BRI, that aims to build infrastructure in over 120 countries of Asia, Europe, and Africa. The BRI is designed to act as a conveyer belt to transmit Chinese investment and technology into these countries to improve their economies, and to link them to China. But now Covid-19 has crimped China’s ability to sustain BRI’s trillion-dollar underwriting tab and President Xi Jinping’s grandiose vision is at risk.
On the other hand, the United States, which has been searching for a counter to BRI, has settled on an initiative called the Blue Dot Network or BDN. The idea behind the BDN is the U.S. would rigorously vet infrastructure project applications in developing countries to ensure high levels of transparency, sustainability, and economic viability before seeding them with startup funds from the U.S. Government. The BDN hallmark would then inspire confidence in the projects to attract private U.S. funding.
But the relatively paltry BDN budget of $60 billion (versus China’s 1000 billion or trillion-dollar BRI budget) and developing countries’ skepticism of Western (read U.S.) dominated standards for infrastructure construction have hobbled the BDN.
If the U.S. and China could find a way to combine BRI and the BDN it would ensure a stream of dollars from private U.S. companies into BRI and ensure its projects remain on track to create jobs and raise living standards around the world. The compromises required by America and China to weld BRI and BDN together would ensure the U.S. gets a seat at the table to influence the adoption of standards for starting and executing BRI projects.
Here’s another idea: The U.S. military is especially qualified to help fight natural disasters. In 2004, for instance, 3,000 U.S. military personnel were deployed to West Africa to help combat a deadly Ebola epidemic. Their work included constructing 17 hospitals, field training, and deploying assistance by air to remote villages. Today the U.S. military is being used to rapidly set up hospitals in U.S. cities to handle the burgeoning coronavirus caseload. The People’s Liberation Army meanwhile seems determined to play a more active global role in peace-keeping projects around the world.
Coronavirus-aid projects delivered to less-off countries through joint U.S.-China military teams would double what the U.S. and China could do on their own. And help establish the military to military connections that the U.S. has tried to foster with China for some time. A working relationship between the two nations’ militaries might even lead to a more stable geopolitical balance of power.
The Chinese word for crisis contains two characters. One signals danger, the other opportunity. Presidents Trump and Xi Jinping should boldly find a way to join forces to convert the deadly Covid-19 crisis into an opportunity that would supercharge global economic recovery and might well change the course of the 21st Century. It is a once in a lifetime opportunity that ought not to be squandered.
Read More
Government Business, Government Finance
Article | July 12, 2022
Motorists and automobile lovers are already noticing rather rapid change. Sustainability goals adopted by elected officials at cities and counties are continuing to promote projects that support walking, biking, and using public transportation. Housing density, walkable communities, technology enhancement and convenient public transportation are the goals.
Parking options are being reduced. Automobiles are being banned on many community streets, and cities are adding parks, entertainment venues, affordable housing, and more retail. Mixed use development, biking lanes, and convenient transportation options for non-motorized travel are the goal. The arguments for such changes are that people will be healthier and safer, the air will be cleaner, and there will be more options for people with disabilities. The trend is called ‘livable and walkable communities,’ and as it sweeps through the country, it opens up thousands of partnering opportunities between public entities and private sector contractors.
Indiana
The city of Indianapolis plans to add more sidewalks throughout the city and has commissioned an inventory to determine how many and which streets don’t have a sidewalk. The results of that study will be published by the end of 2020. The city, which covers 360 square miles, has approximately 8,400 lane miles of streets. Indiana’s Department of Transportation maintains about one-third of the state’s sidewalks, and the cities are responsible for the rest. The study is part of the Indy Moves plan, a long-range planning document that combines walking, biking, and public transportation goals. More than 400 projects are outlined that include building new roads, developing greenways, upgrading existing roads with sidewalks, and constructing more bike lanes. Adding sidewalks to every street without them could cost more than $1 billion. The sidewalks, however, appear to be a high priority because city officials have pledged net zero carbon emissions by 2050 and that requires fewer automobiles in the city.
Texas
In August, the city of Houston approved a plan that is built around walkable places and transit-oriented programs that encourage pedestrian-friendly spaces. The city, like many others throughout the country, will work to promote mixed-use development designed for walkability. For three years, the city has studied ways to make neighborhoods more walkable. Its new plan lists Midtown, Emancipation Avenue, and the Northside as the first places of high focus. Ordinances will be effective beginning October 1. Some of the first initiatives include the construction of facades closer to the road, expansion of sidewalks and relocation of parking lots to the side or rear of buildings. Additionally, the ordinances call for additional bike parking standards in areas that are within a half-mile walking distance from Metro transit station platforms.
New Hampshire
The Southern New Hampshire Planning Commission recently unveiled its Transit-Oriented Development (TOD) Plan. The document outlines projects that include constructing streets and paths that encourage walking and biking. It calls for developing safer intersections and compact and well-signed city blocks. The city of Manchester has applied for a $25 million federal grant to will help fund a pedestrian bridge and the addition of a new street to help alleviate traffic congestion around the Southern New Hampshire University parking garage. City leaders hope to know by November if their grant request has been approved. If so, projects related to improving connectivity and walkability will be launched. The plan calls for an approximate $125 million investment, but the projects could unlock $600 million more in anticipated development. The new developments are expected to include a facility for 1,802 residential units, a hotel with 154 rooms, 785,000 square feet of office space, and 198,000 square feet of retail space.
Illinois
The city of Chicago has announced an initiative called INVEST South/West. This plan commits $750 million of public funds for projects in 12 commercial corridors in 10 neighborhoods. The objective of this plan is to improve streetscapes and public and also strengthening transportation networks and repurposing vacant lots for public amenities and affordable housing. Currently, three solicitation documents have been released for one neighborhood but numerous others will be released in coming months for projects in other neighborhoods. The initial solicitation documents call for proposals by November 24 with construction to begin by the end of 2020. Projects outlined for the various neighborhoods were developed through a months-long community-engagement process, and the developers and contractors will be expected to begin work quickly.
California
The city of Modesto has approved a 20-year plan that calls for bicycle lanes as well as widening and enhancing of sidewalks. Other projects are also planned with the overall objective of making neighborhoods more convenient for non-drivers and encouraging foot traffic and bicycles. City leaders point out that the downtown area has strong office, restaurant, and entertainment sectors, but there is a desire to reduce automobile traffic. Denser housing options and the encouragement of transportation options that include walking and biking are the goal. Construction of new home sites, retail, and other uses will be left to developers. City leaders plan to replace the Stanislaus County Courthouse and adjacent jail to make that property available for new, denser home sites. A pedestrian-friendly route would lead to the Tuolumne River.
Georgia
Clayton County and the cities of Sandy Springs, Savannah, and Valdosta were selected for funding in Georgia Tech's 2020 Georgia Smart Communities Challenge. Each region will receive $100,000 in grant funding to be used for planning purposes. The Clayton County Smart Pedestrian Planning project outlines plans to promote mobility, equity, and the identification of smart technologies to support walkability in communities. Sidewalk data will be collected, and the county will oversee the selection of pilot projects in locations that represent different neighborhood typologies. The first projects will be studied for future development of additional regions.
Cities and counties throughout the country are rushing to meet sustainability goals and these efforts are resulting in an abundance of contracting opportunities for developers, engineering firms, construction companies, landscape firms, and technology providers.
Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.
Read More
Emerging Technology, Government Business
Article | October 7, 2022
One of the challenges the government faced during the COVID-19 pandemic was keeping operations running. Certain advanced economies and developing nations' business continuity plans gave them an edge over their underdeveloped counterparts. But because of the pandemic, the national economy had suffered the pangs of unemployment to fuel the malicious intents of cyber-attackers, thus, protecting government assets that carried important economic information became a national priority.
National security and staying competitive with other economies worldwide are becoming increasingly crucial in elevating a country’s economy. Keeping all public-sector companies and federal agencies running efficiently is a foundational block for the economy. Companies in public administration, like the Army, Navy, and Marine Corps, as well as different ministries, public sector businesses, and more, need data protection from international cyber-threats. They use disruptive business strategies to make their operations more resilient.
Now, that we know the importance of business continuity in the context of federal government and agencies, let us understand what risks does business continuity management mitigate.
Business Continuity Management in Government Easily Mitigates:
Individuals rely on the government during economic crises and disasters. A crisis or a disaster can be a huge risk to the economy, which can bubble up to an irreversible loss if not handled on a timely basis. Mitigating the risks of crises such as natural disasters, cyber security compromises, power and communication outages, terrorism, wars and military activities, global financial crises and more has become crucial. These crises can cause the loss of physical assets, human safety, and infrastructure that hamper government operations. This is why having a BCM plan in place is the need of the hour.
The government must serve and meet the expectations of economic contributors. If there is a divergence or a timely action constraint, the government must maintain peace and harmony for the common good and economic well-being.
Government Continuity to Support Individuals and Public Organizations:
Resuming operations for public organizations and individuals quickly can be almost impossible without the intervention and support of the government. Government continuity is directly proportional to the level of trust, government reputation, and business resiliency. This is possible because the financial loss can be covered by insurance and financial help, as explained below.
Insurance Policy Claims and Coverage: Making it easy to claim insurance during and after the crisis helps individuals and organizations reclaim their finances, thereby restoring essential functions first and full-fledged functions later. Providing reimbursement of expenses and coverage for losses for public organizations and financial assistance for the public sector remains one of the top priorities as far as resuming business operations is concerned post-disaster. Making sure that the insurance can cover the expenses and losses incurred due to the disaster is a part of the business impact analysis (BIA).
Resiliency: Restoring public sector infrastructure in an operating condition, overcoming operational obstacles such as IT, power, and communication outages in a short span of time, and maintaining due vigilance to keep a check on national security builds business resiliency for the public sector.
Reputation and Recovery Management: Reducing the turn-around time to fix and restore normal operations after a disaster provides operational resiliency through recovery management. This keeps a check on the best interests of the economic contributors and enhances their trust and the government’s reputation in the long run.
Now that we understand the risks that a BCP can help mitigate and the role of government policies to support the economic contributors, let us understand how it improves the overall performance of a public organization.
Business Continuity Management for Better Performing Public Organizations:
The federal governments and public organizations have implemented an agile approach to bounce back from disasters, catastrophes, and crises using BCM. Because of this, the federal government is heavily invested into business continuity plans (BCPs) to improve how well their operations work and keep the economy and government stable.
The factors impacting the performance of public organizations using a BCM are as below:
Public organizations must know how BCM components influence performance in public sector organizations.
They must be aware of BCM and the successful implementation of effective BCM. However, some governments that do not invest in a BCM have a much lower level of awareness due to a lack of human resources, finance, and management.
They are allocating enough budget for disaster prevention, preparedness, management, and relief considering the government's initiatives. But not getting enough help from the government can make people unhappy, which can hurt the ruling party and lead to people protesting for their rights.
Even though there is no direct financial benefit or gain from investing in a BCM, BCM testing helps to improve performance significantly.
For governments to consider investing in the successful implementation of BCM and get funding for it, BCM professionals need to predict and evaluate the potential loss due to idle service time and its results.
Each government entity must identify the likelihood of risks, define the best rescue objectives, and indicate the most cost-effective clarification and knowledge about BCM.
Another challenge is using BCM in organizations that cut across several business groups or completing it with collective business-wide support.
These situations show that old management responsibility and regulation are useful for making sure that all members of an organization prefer BCM actions.
Recognizing the potential impacts of BCM on organizational performance is required in order to provide accurate value to the BCM powers, attract consideration, and, finally, obtain adequate assistance from senior management.
In the journey to optimizing the performance of your public sector company using BCM, there are many hurdles that you need to overcome. Let us discuss them further.
Challenges in Maintaining BCPs and Performance Growth in the Public Sector:
Maintaining a business continuity plan as per the recommended guidelines is crucial to optimize its performance and efficacy. Your public sector organization's BCP will need to overcome some of the challenges to enable their performance growth as follows:
Dedication of time from the top management of the public organizations, the ministry, and leaders towards deciding which functions are essential to maintain the BCP.
Lack of complete understanding of all the business functions and their dependencies on other public sector organizations.
Comparing the business functions on the level of criticality.
Not implementing the BCM approach completely.
Tweaking the BCM approach to show everything is taken care of
Inaccurate assumptions are used to create a business continuity plan.
Business Impact Analysis (BIA) - Determining how long a business process can be rendered inoperable without affecting performance.
The Business Continuity Plan (BCP) takes care of aspects such as:
Who will be affected by the business operations disruption?
How and when will customers be notified?
What issues are to be addressed in the first 48 hours?
From the initial response to restoration, unique access roles and functions are assigned.
Testing of BCP should be done regularly with the help of table-top exercises, walkthroughs, crisis communications, emergency enactments
The importance of a BCP cannot be undermined as it minimizes the cost of business disruptions on the operations of public organizations. Let us discuss them in-depth.
The Cost of Not Having a Crisis Plan like a BCP for All Sizes of Public Organizations:
Although the costs involved during times of crisis may be difficult to calculate, there may be significant infrastructure and data recovery charges that can have a long-term impact on business revenue. Monetary loss, revenue loss due to idle time, reputation loss, productivity loss are some of the consequences that small, medium, and large enterprises have to go through. The major losses among them are as under:
Loss of time and revenue for recovery and resuming operations.
The company's brand image and reputation are at stake.
Financial instability and loss
Productivity loss
Customer satisfaction is hampered.
Some laws and regulations are violated during idle time.
Distrust and loss of faith among investors
Employee safety is at risk with the consequences of injury and death.
Loss of infrastructure
A business continuity plan has four strategies to boost business resilience. These include crisis and risk management; disaster recovery; incident response management; and business continuity planning.
Acting quickly to mitigate the risks of loss as per incident response management during the event of distress is the first step. Crisis and risk management take care of the plan of action during the event of distress. The disaster recovery plan takes care of resuming the business operations to their normal condition after the disaster has subsided, whereas the business continuity plan takes care of all these aspects to minimize loss during distress as well as the time required to resume normal operations with the help of dedicated software.
Conclusion:
Performance optimization for public organizations is the number one priority for economic growth. A business continuity plan can directly boost performance as it encourages organizations to identify essential functions and maintain their operations during uncertain times. It helps save time, money, and safeguards people, processes, and technologies in the long run.
Read More