Government Business, Government Finance
Article | July 12, 2022
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More
Cybersecurity
Article | March 23, 2022
We know that an infrastructure bill is coming, and the debate in Congress will likely begin in July. Industry leaders, public officials, think tanks, and economic development organizations have provided lots of input. They know that some of their messages have been heard.
There is no consensus between Democrats and Republicans about how the bill will be structured, but one thing appears certain – Congress must deliver an economic recovery bill. Because infrastructure is considered to be the quickest route to economic recovery, it is safe to assume that large amounts of funding will be allocated to infrastructure projects. Depending on how the final infrastructure bill is structured, the funding could come completely from government or it could be delivered from various types of alternative funding sources.
And, when an infrastructure bill passes, it will almost certainly include funding for the country’s seaports. That’s because America’s sea and inland ports are essential cogs in the country’s economic recovery. Ports have played an incredibly important role in our short-term emergency response to COVID-19. The delivery of vital commodities and products reached recipients through ports. And, despite very difficult times, a vast majority of ports managed to remain open to cargo operations.
Data is always lagging but according to the American Association of Port Authorities, cargo activities at U.S. seaports accounted for 26 percent of the U.S. economy in 2018. A study released by the organization outlines approximately $5.4 trillion in total economic activity and more than $378 billion in federal, state, and local taxes that resulted from economic activity related to ports.
The anticipation of large amounts of revenue through an infrastructure bill is encouraging, but the reality is that there’s already a great amount of activity at most seaports. Planning documents have been completed or updated and contracting opportunities are abundant. Additionally, the potential for public-private partnerships is great.
Florida
The world’s third largest cruise port, Port Everglades, recently received approval from the Broward County Board of County Commissioners for its 20-Year Master/Vision Plan. The county manages the port’s operations, and the plan outlines 50 projects for delivery through 2028. Currently, the projects are projected to cost approximately $3.02 billion. Immediate opportunities include: Terminal 21 redevelopment at a cost of $124 million; the Ro-Ro Yard relocation and expansion for $10 million; upgrades to the Entrance Channel North Wall for $12 million; and other projects estimated at $26 million.
California
The Los Angeles Board of Harbor Commissioners has approved a $1.5 billion budget for Fiscal Year 2020-2021 that includes a $163.6 million capital improvement plan that provides funding for numerous terminal upgrades. Projects include an allocation of $38.1 million for improvements at the Everport Container Terminal and a $4.8 million project designated for the Pasha Terminal. The port’s waterfront public access projects include work at the San Pedro Public Market estimated at approximately $42.3 million. Smaller projects are set for the Wilmington Waterfront Promenade. Security related projects, whichinclude the development of a Port Cyber Resilience Center, are funded at $7.8 million. This port is considered to be North America’s leading seaport by container volume and cargo value, and it facilitated $276 billion in trade during 2019.
Oklahoma
The U.S. Department of Transportation in June awarded a $6.1 million grant to the Tulsa-Rogers County Port Authority for the Tulsa Port of Catoosa. Funding was obtained from the federal Infrastructure for Rebuilding America (INFRA) Program. which provides approximately 50 percent of funding for projects such as the port’s rail switching project. Work will include the improvement of an existing 3-mile industrial rail spur. The completed project is estimated to cost $12.1 million. In 2019, the Public Service Company of Oklahoma entrusted the Tulsa Port Authority with future development of the Inola industrial site by granting an historic land transfer of 2,000 acres. In May 2020, a firm was hired to process survey data so that the project could move forward.
Ohio
A $16 million federal grant was received recently by the Toledo-Lucas County Port Authority. The revenue is designated for a project that will receive an additional $4 million to rebuild and upgrade a mile-long dock wall. The dock-wall reconstruction is expected to take three years to complete and will be done in phases so that port operations can continue unabated. About $6 million of the funding is allocated for construction of a bulk-liquid transfer and storage facility. Currently, the port authority cannot perform liquid cargo movements, but the completion of this project will remedy that as well as allow for multiple sources of commodities.
Texas
The Port of Houston Authority was recently awarded $79.5 million in federal funding to improve 2,700 linear feet of wharf and upgrade 84 acres of yard space at the Barbours Cut Container Terminal. Total cost of the project is $198.7 million. The upgrades will reduce ship delay by providing additional berthing capacity and will decrease truck turn times, idling, and congestion. The port has several other projects planned including an inspection and repair design of wharves at Turning Basin South. Another upcoming project is for construction at the Bayport Terminal Wharf 6. In the fourth quarter of 2020 construction is scheduled to begin on a new maintenance facility at the Barbours Cut terminal.
Washington
A study has been approved by the Port of Woodland to evaluate the potential of a railroad-dependent development on recently acquired port land along Kuhnis Road. The study will provide critical engineering information required for funding applications as well as future port investments. Once funding is secured, contracting opportunities will be available.
There is no doubt that America’s seaports will continue to generate an abundance of contracting opportunities in the future. but contractors now may find projects of interest at almost every port in the nation.
Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.
Read More
Government Business
Article | July 14, 2022
The General Services Administration plans to run an artificial-intelligence-based pilot program to help speed up how agencies procure innovative and commercial solutions. The pilot will use a combination of artificial intelligence, machine learning and robotic process automation to help GSA learn how to streamline the acquisition process, fast-track vendor selection timelines, simplify contract administration for innovative commercial items. FEDSIM is working with GSA’s Technology Transformation Service and the Centers for Medicare and Medicaid Services, the sponsoring customer, to find a software-as-a-service solution that CMS regulatory staff can use to modernize regulatory workflows.
Read More
Article | April 16, 2020
On April 8, 2020, the Federal Trade Commission (FTC) – a United States government agency that is the nation’s primary privacy and data security enforcer – issued guidance to businesses on the use of Artificial Intelligence (AI) for machine learning technology and automated decision making with regard to federal laws that included the Fair Credit Reporting Act (FCRA) that regulates background checks for employment purposes.
Read More