Emerging Technology, Government Business
Article | October 7, 2022
During the pandemic, the United States supported the WHO through collaborative operations. Let’s understand in detail below.
The United States government has historically supported WHO financially, through involvement in governance and diplomacy, and through collaborative operations. A new chapter in the U.S. relationship with WHO began in 2020, following the start of the COVID-19 pandemic, when the Trump administration ceased financial support and started the process to withdraw the country from membership.
Financial Support:
The United States has traditionally been the single largest donor to WHO, but in the 2020–2021 period it was the second largest as other donors, particularly Germany, increased their contributions. The U.S. dropped to third place. The United States contributed an anticipated $581 million to the WHO in 2021 as a result of restored funding from the Biden administration, which included both assessed and voluntary contributions.
The assessed contribution for the United States has been set at the maximum permitted rate of 22% of all assessed payments from member states for a number of years. The U.S. assessed contribution has been very consistent between FY 2014 and FY 2022, varying between $110 million and $123 million.
Increased U.S. support for particular WHO initiatives, such as emergency response, may be reflected in higher levels of voluntary contributions. Other WHO initiatives supported by U.S. voluntary donations include the fight against polio, maternal, infant, and child health initiatives, food safety initiatives, and regulatory monitoring of pharmaceuticals.
Governance Activities:
The United States has long been a prominent and involved member of the World Health Assembly, sending a sizable delegation that is typically headed by a delegate from the Department of Health and Human Services and includes representatives from numerous other U.S. agencies and departments.
Technical Support:
Government officials from the United States frequently act as liaisons at WHO regional offices and headquarters, collaborating daily with employees on technical initiatives.
Partnering Activities:
The United States has collaborated with WHO both before and during epidemic responses and other global health emergencies, notably by joining multinational teams that WHO organises to look into and address outbreaks all around the world. For instance, the US collaborated with WHO and the larger global response to the 2014-onset Ebola epidemic in West Africa, and US scientists were a part of the WHO mission that visited China in February 2020 to evaluate their COVID-19 response.
Read More
Emerging Technology
Article | July 16, 2022
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More
Government Business
Article | July 11, 2022
While Americans wait to see if Congress will pass an infrastructure bill, alternative funding and collaborative initiatives are becoming the norm. Even the recent announcement that the U.S. is now in a designated recession has not caused Congress to focus specifically on economic recovery. Economists, financial experts, industry leaders, and elected officials all know that funding large public projects stimulates the economy and creates jobs. They also know that throughout history, infrastructure reform has been a proven path to economic recovery.
Currently, private sector investors stand ready to fund infrastructure projects in America and local government leaders are moving forward to launch projects of all types. Soon, there may be little need for Congress to do anything. The opportunity to lead in this area may soon be usurped by visionary regional leaders and private sector partners.
Destruction brought on by climate change, the devastation resulting from COVID-19, cyber threats on public networks, lack of adequate broadband, and a desperate need for new sources of revenue – these are the problems that have forced visionary leaders to take action and not wait for Congress. Now, change is coming on strong, and that’s a very good thing!
Airports are not waiting to launch critical and long-overdue expansions. State leaders already are combating rising seas and finding ways to install broadband. Wastewater plants are being constructed or upgraded, and various transportation projects are being launched. Because local leaders lacked the luxury of waiting to see if Congress would endorse or partly fund infrastructure projects, they found alternative funding sources.
Congress could have, and should have, already passed an infrastructure bill, even if it only established guidelines or outlined best practices. The Canadian Council for Public Private Partnerships would have been a good model to follow. An endorsement or a statement of support from Congress related to public-private partnerships (P3s) would still be encouraging.
But, with or without encouragement, regional leaders throughout the country are working with industry, nonprofit organizations, academia, and investors to launch large infrastructure projects. And, as that happens, local economies benefit and jobs are created. Entire communities and numbers of citizens benefit from the good that emanates from public safety, quality of life, asset preservation, sustainability, and taxpayer relief.
But, to the surprise of no one, infrastructure projects are costly and many of them require a number of consolidated funding sources. Infrastructure projects also may be funded through a revenue repayment model that compensates private sector investors over a decade or two. Other projects are funded by bonds, grants, and federal programs such as the Tax Cuts and Jobs Act which incentivizes investment into designated Opportunity Zone regions of the country.
Additionally, funding is still available from federal programs that have been in existence for decades. The Federal Emergency Management Agency (FEMA), Army Corps of Engineers, Department of Housing and Urban Development (HUD), and Community Development Block Grant programs all have funding that may be merged with other alternative funding sources.
Many state legislatures have allocated funding for ‘rainy days’, emergencies and/or ‘resiliency’ efforts. Special Districts also may be created by cities, a process that authorizes citizens to tax themselves for critical infrastructure projects. Finding numerous funding sources is not difficult and not a hurdle that stops infrastructure reform.
Two rather important issues, however, have slowed public acceptance of alternative funding and public-private partnerships – a lack of understanding by citizens about the cost and danger of not doing anything and the fact that the public at large does not completely understand the history or the success of P3s. Too many citizens view private sector investment into public projects as a new or risky concept, which is not the case. Collaborative initiatives have been responsible for the building of America’s infrastructure for more than 100 years. And, the public-private partnership model is common throughout the world and has been tested over many decades.
Here are but a few examples of visionary infrastructure initiatives happening now in America.
In Virginia, the Greene County Board of Supervisors has approved guidelines for establishing strategic public-private partnerships to develop numerous types of P3 projects in the county. This action will enable the Greene County School Board to enter P3s for the purpose of building educational facilities. Other possible projects likely will include landfills, drinking water production, and distribution systems. Projects also may include fire department facilities, education construction including stadiums, public safety buildings, utility and telecommunications initiatives, and broadband infrastructure.
The University of California (UC) has provided a 2019-2025 Capital Finance Plan (CFP) that represents $52 billion of capital that will be required by the campuses and its medical centers. The CFP outlines plans for proposed capital projects, P3s and the acquisition of real property. UC has found the P3 model to be efficient, especially for campus housing. The Irvine campus has a long history of partnering with third-party entities to advance its strategic goals.
The Yuma, Arizona City Council has approved a $51.4 million increase from last year for a Capital Improvement Program (CIP) budget. The city expects 45 percent of the costs to be obtained through grants, reimbursements, and P3s. The plan outlines 54 projects and funding plans of $20.3 million for projects in the Yuma Crossing National Heritage Area. The city also plans to augment funding with a federal grant and possibly private sector investment. It has scheduled a regional fiber optic infrastructure project for 2021 and has announced interest in a P3 engagement as the delivery model.
Florida’s Palm Beach Town Council recently approved $316,380 for a water supply feasibility study. An engineering firm will address the town’s need to explore different ways to provide residents potable water. A plan to determine how to meet future water demand is the objective. One option under consideration is to enter into a public-private-partnership to accomplish this objective.
Iowa State University is taking steps to become coal-free and reduce greenhouse gas emissions by 35 percent over the next three years. A P3 is being considered for the operation of its utility system. The university’s Board of Regents this month gave approval for a planning process to begin.
The state of Nebraska is considering a public-private partnership to build a new 1,600-bed prison to deal with overcrowding and staffing issues. Cost of the new prison has been projected to be in the $200 million range or higher, and the state anticipates that a P3 will be the delivery method. The department announced that the project would potentially meet space needs for the next 100 years.
These projects offer just a sampling of what is happening throughout America. State and local leaders are moving forward and not waiting for guidance or encouragement. Instead, most have grabbed the reins of America’s race to the future, and started to address the country’s infrastructure needs. That’s comforting, because there is much to be done.
America’s global competitiveness truly hangs in the balance along with the well-being of millions of families impacted by unemployment. A recession is never good, but this one could be short. Here’s hoping the media, citizens at large, and others who understand the country’s critical infrastructure problems will find ways locally to step up and encourage other elected leaders to support this clear path out of the current recession.
Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.
Read More
Article | June 11, 2020
As federal agencies continue to support large numbers of remote workers, IT leaders have started to evolve their thinking on zero-trust security architectures. Increasingly, they are becoming more comfortable with the concept and are seeking to lay the foundation for deployments. Zero trust represents a mindset shift in cybersecurity in which every transaction is verified before access is granted to users and devices. In the federal government, it is still a relatively nascent approach, with some pilot programs here and there. However, IT leaders seem to recognize that cybersecurity models are increasingly going to be defined by a zero-trust architecture.
Read More