Home > Resources > Articles > Why national preemption has become a technology policy flash point

Why national preemption has become a technology policy flash point

Given our current political divisions, it is not surprising to see federalism debates in the middle of many arguments over technology policy. Advocates are arguing over who should set the rules of the road concerning municipal broadband, privacy, cell tower siting, and drone regulation, among other issues. Should there be national rules that govern new technologies or should states and localities have the power to make the relevant decisions? When I was growing up in the 1960s, states’ rights arguments were associated with segregationists resisting the power of the federal government to impinge on local prerogatives regarding race.

Spotlight

Missouri Department of Economic Development

The Missouri Department of Economic Development works each day to leverage our competitive advantages and deliver strong economic growth for Missouri. Whether you want to start or grow your business, are looking for career assistance, or community development resources, the Missouri Department of Economic Development is here to help you every step of the way.

OTHER ARTICLES
Emerging Technology

Coronavirus Relief Blows Up the Federal Budget

Article | July 16, 2022

We’re starting to get the first independent analysis of the impact of the measures the U.S. Congress has passed to provide relief will have on the U.S. government’s fiscal situation. The Committee for a Responsible Federal Budget is first out of the gate with its preliminary findings, here is their main takeaway: Our latest projections find that under current law, budget deficits will total more than $3.8 trillion (18.7 percent of GDP) this year and $2.1 trillion (9.7 percent of GDP) in 2021. We project debt held by the public will exceed the size of the economy by the end of Fiscal Year 2020 and eclipse the prior record set after World War II by 2023. Keep in mind that prior to the coronavirus pandemic, the U.S. government was planning to spend $4.8 trillion in its 2020 fiscal year, borrowing $1.1 trillion. With the CRFB’s estimate of $3.8 trillion, the U.S. government will be borrowing more than the $3.7 trillion it had hoped to collect in taxes for the year.

Read More
Government Business

FTC Issues Guidance on Using Artificial Intelligence (AI) with Regard to FCRA

Article | July 11, 2022

On April 8, 2020, the Federal Trade Commission (FTC) – a United States government agency that is the nation’s primary privacy and data security enforcer – issued guidance to businesses on the use of Artificial Intelligence (AI) for machine learning technology and automated decision making with regard to federal laws that included the Fair Credit Reporting Act (FCRA) that regulates background checks for employment purposes.

Read More
Government Business

Multidomain Architecture Strategic Definitions: Part One of Multidomain Architectures, the IT Manhattan Project, and Delivering the “Real” Zero Trust

Article | March 11, 2022

“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following: Executive Order 14028: “Improving The Nation’s Cybersecurity” M-22-09: OMB’s Zero Trust Strategy M-22-09 NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility. The Shift to Zero Trust At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in. Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.” NIST 800-207 aptly They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward. Management Complexities Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine. Let’s define a common baseline of enterprise domains seen across traditional IT environments: Cloud Data Center Enterprise Networking Extended Enterprise (IoT, OT/ICS) Remote Access But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach: We can’t have MULTIDOMAIN POLICY without first achieving fuller We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together. Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency. Summary and Overarching Goals In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust. Establish Visibility (Administration, Telemetry, Assurance) Define Straightforward Policy Structure and Hierarchy (Auth Chains) Perform Multidomain Integrations (API Integrations) Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations) Establish Sensical Automation Runbooks (Day-2 Operations) We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.

Read More
Government Business

Revitalization of Economies: Government Supporting Start-ups

Article | July 14, 2022

The pandemic has blown up entrepreneurs and start-up ecosystems, so government support for start-ups has become critical. The majority of them faced cash shortages and a lack of venture capital. For start-ups, cash is the most pressing issue. Furthermore, start-ups experienced a slow fundraising process accompanied by investor indifference. Furthermore, the global workforce was not left untouched by the spillover. Start-ups began to lay off employees and reduce pay. According to StartupGenome research, three out of every four employees were letting their employer down. While 39% of them laid off 20% or more of their workforce, two-thirds admitted to laying off 60% or more of their full-time employees. In the United States, the economy experienced the sharpest decline in employment, with 20.5 million people losing their jobs. Following that, in order to address this and reduce the pandemic's impact on start-ups, the governments of many countries have stepped in to save their country's start-up ecosystem. We've listed a few of the government's initiatives to help start-ups during the current cash crunch. Direct grants and zero-interest loans: Right now, cash is the most important concern for new businesses. Grants are regarded as the most beneficial policy instrument (29%), followed by loans (12%). Access to venture capital investment: If history is any guide, venture capital activity will likely decline in 2020 as well. This creates a quandary for the 18% of start-ups that require access to financing tools to increase investment. Employment support schemes: COVID-19 has had an impact on workforces all over the world. The US lost a record 20.5 million jobs in April, the fastest and sharpest drop since the government began tracking the data. Given these circumstances, it's no surprise that 17 percent of start-ups rank immediate employee protection as one of their top priorities.

Read More
Emerging Technology

The Advantages of Introducing 5G to the Federal Government

Article | July 16, 2022

We’re starting to get the first independent analysis of the impact of the measures the U.S. Congress has passed to provide relief will have on the U.S. government’s fiscal situation. The Committee for a Responsible Federal Budget is first out of the gate with its preliminary findings, here is their main takeaway: Our latest projections find that under current law, budget deficits will total more than $3.8 trillion (18.7 percent of GDP) this year and $2.1 trillion (9.7 percent of GDP) in 2021. We project debt held by the public will exceed the size of the economy by the end of Fiscal Year 2020 and eclipse the prior record set after World War II by 2023. Keep in mind that prior to the coronavirus pandemic, the U.S. government was planning to spend $4.8 trillion in its 2020 fiscal year, borrowing $1.1 trillion. With the CRFB’s estimate of $3.8 trillion, the U.S. government will be borrowing more than the $3.7 trillion it had hoped to collect in taxes for the year.

Read More
Government Business

Tech Trends that Affect Governments in 2022

Article | July 11, 2022

On April 8, 2020, the Federal Trade Commission (FTC) – a United States government agency that is the nation’s primary privacy and data security enforcer – issued guidance to businesses on the use of Artificial Intelligence (AI) for machine learning technology and automated decision making with regard to federal laws that included the Fair Credit Reporting Act (FCRA) that regulates background checks for employment purposes.

Read More
Government Business

Designing a Consistent and Accessible Digital Government

Article | March 11, 2022

“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following: Executive Order 14028: “Improving The Nation’s Cybersecurity” M-22-09: OMB’s Zero Trust Strategy M-22-09 NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility. The Shift to Zero Trust At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in. Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.” NIST 800-207 aptly They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward. Management Complexities Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine. Let’s define a common baseline of enterprise domains seen across traditional IT environments: Cloud Data Center Enterprise Networking Extended Enterprise (IoT, OT/ICS) Remote Access But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach: We can’t have MULTIDOMAIN POLICY without first achieving fuller We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together. Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency. Summary and Overarching Goals In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust. Establish Visibility (Administration, Telemetry, Assurance) Define Straightforward Policy Structure and Hierarchy (Auth Chains) Perform Multidomain Integrations (API Integrations) Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations) Establish Sensical Automation Runbooks (Day-2 Operations) We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.

Read More
Government Business

Revitalization of Economies: Government Supporting Start-ups

Article | July 14, 2022

The pandemic has blown up entrepreneurs and start-up ecosystems, so government support for start-ups has become critical. The majority of them faced cash shortages and a lack of venture capital. For start-ups, cash is the most pressing issue. Furthermore, start-ups experienced a slow fundraising process accompanied by investor indifference. Furthermore, the global workforce was not left untouched by the spillover. Start-ups began to lay off employees and reduce pay. According to StartupGenome research, three out of every four employees were letting their employer down. While 39% of them laid off 20% or more of their workforce, two-thirds admitted to laying off 60% or more of their full-time employees. In the United States, the economy experienced the sharpest decline in employment, with 20.5 million people losing their jobs. Following that, in order to address this and reduce the pandemic's impact on start-ups, the governments of many countries have stepped in to save their country's start-up ecosystem. We've listed a few of the government's initiatives to help start-ups during the current cash crunch. Direct grants and zero-interest loans: Right now, cash is the most important concern for new businesses. Grants are regarded as the most beneficial policy instrument (29%), followed by loans (12%). Access to venture capital investment: If history is any guide, venture capital activity will likely decline in 2020 as well. This creates a quandary for the 18% of start-ups that require access to financing tools to increase investment. Employment support schemes: COVID-19 has had an impact on workforces all over the world. The US lost a record 20.5 million jobs in April, the fastest and sharpest drop since the government began tracking the data. Given these circumstances, it's no surprise that 17 percent of start-ups rank immediate employee protection as one of their top priorities.

Read More
MORE ARTICLES

Spotlight

Missouri Department of Economic Development

The Missouri Department of Economic Development works each day to leverage our competitive advantages and deliver strong economic growth for Missouri. Whether you want to start or grow your business, are looking for career assistance, or community development resources, the Missouri Department of Economic Development is here to help you every step of the way.

Related News

Emerging Technology, Cybersecurity

Red River Secures Army ITES-3S Contract

Businesswire | March 23, 2023

Red River, a technology transformation company serving government and enterprise customers, today announced that it is now an authorized provider on the U.S. Army’s Information Technology Enterprise Solutions 3 Services (ITES-3S) contract. Awarded by the Computer Hardware, Enterprise Software and Solutions (CHESS) and the Army Contracting Command - Rock Island (ACC-RI), ITES-3S is a nine-year, $12.1 billion, indefinite delivery indefinite quantity (IDIQ) contract. The ITES-3S IDIQ will provide a broad range of enterprise information technology services and support to the U.S. Army and other authorized Federal Government agencies. Types of information technology services available through the ITES-3S IDIQ include Program Management; Cybersecurity/Information Assurance; Enterprise Design, Integration and Consolidation; Network/Systems Operation and Maintenance; Telecommunications; Supply Chain Management; Operation and Maintenance; Business Process Engineering; and Information Technology Education and Training. This award demonstrates Red River’s longstanding commitment to providing superior professional services to the U.S. Army and the opportunity to continue to serve and support the men and women in uniform at home and abroad. Red River has more than 25 years as a trusted technology and services provider to the U.S. government and Department of Defense (DoD). “We are excited to continue our longstanding history of supporting the technology services needs of the Army and other government agencies supported through this contract vehicle,” said Brian Roach, CEO for Red River. “We look forward to collaborating with DoD technology leaders to support their mission requirements in areas such as cybersecurity, managed services, cloud, infrastructure and collaboration. This is a significant addition to our contracts portfolio and strengthens our position as a leading technology and services provider to the DoD and the U.S. government as a whole.” About Red River Red River brings together the ideal combination of talent, partners and products to disrupt the status quo in technology and drive success for business and government in ways previously unattainable. Red River serves organizations well beyond traditional technology integration, bringing more than 25 years of experience and mission-critical expertise in managed services, cybersecurity, infrastructure, collaboration and cloud solutions.

Read More

Emerging Technology

New Iridium Certus Service Providers to Support U.S. Government Customers

Iridium Communications | October 13, 2022

Iridium Communications Inc. (Nasdaq: IRDM) announced today that Iridium partners MetOcean Telematics, NAL Research, and Trace Systems are now Iridium Certus® service providers for U.S. government customers, joining Satcom Direct, in this capacity. These unique, long-term deals will allow these companies to provide Iridium's secure global satellite broadband and midband connectivity for mobile voice and data services to the U.S. government through a dedicated gateway. By leveraging the inherent advantages of the Iridium® network, including truly global, on-the-move L-band connectivity, MetOcean Telematics, NAL Research, and Trace Systems are now able to deliver enhanced capabilities that meet Communications Security (ComSec) requirements for the Department of Defense (DoD) and warfighter. These capabilities include global and resilient voice, data and 1080 HD live-action video over satcom across all domains (land, maritime and air) on the move. The service also serves as the "ACE in PACE" – alternate, contingent or emergency communications link, supports early entry communications packages and command and control for autonomous or uncrewed systems and data backhaul. Whether in high-risk combat zones or during inclement weather events, the Iridium network provides uncompromising satellite communications that keeps users connected when it's needed most. Iridium Certus™ terminals enable U.S. government users to securely connect remote assets to respective command and control centers in the U.S. in a cost-effective and secure manner, from anywhere in the world. "Iridium Certus continues to provide mission-critical broadband and midband capabilities to the modern warfighter and we're excited to add new service providers to expand the distribution of these offerings, With the addition of Iridium Certus for the government, these partners will play a critical role in supporting DoD personnel as they utilize this value-added service." -Scott Scheimreif, Executive Vice President of Government Programs, Iridium. Unique in the satellite industry, Iridium Certus is the only broadband service that provides highly reliable, truly global, weather-resilient connectivity for on-the-move internet and high-quality voice access. Iridium Certus terminals are low-profile, compared to the competition, and capable of maintaining broadband connectivity in fast-paced, unpredictable environments on land, at sea, in the air — and can do it without landing in or passing through non-U.S. territories. Iridium Communications Inc: Iridium® is the only mobile voice and data satellite communications network that spans the entire globe. Iridium enables connections between people, organizations and assets to and from anywhere, in real time. Together with its ecosystem of partner companies, Iridium delivers an innovative and rich portfolio of reliable solutions for markets that require truly global communications. In 2019, the company completed a generational upgrade of its satellite network and launched its new specialty broadband service, Iridium Certus®. Iridium Communications Inc. is headquartered in McLean, Va., U.S.A., and its common stock trades on the Nasdaq Global Select Market under the ticker symbol IRDM.

Read More

Cybersecurity

One Year In, Cyber Executive Order Progress is Under Way, But Early Stage

MeriTalk | May 06, 2022

Ninety-one percent of Federal cybersecurity decision-makers say the 2021 Executive Order (EO) on Improving the Nation’s Cybersecurity has made U.S. data and critical infrastructure safer, but just 28 percent say significantly safer, according to Impact Assessment: Cyber EO Year One, a new study from MeriTalk, a public-private partnership focused on improving the outcomes of government information technology (IT). The report explores perspectives on progress against Cyber EO goals, identifies what successful agencies do differently, and finds the fault lines where agency cyber leaders say they need more help to succeed. Most Federal cyber decision-makers (78 percent) agree the steps outlined in the Cyber EO are necessary to protect our nation. Implementing software supply chain security and migrating to a zero-trust architecture are the two most important factors for national cybersecurity, the research highlights. And, while just 15 percent have seen tangible improvements because of EO efforts to date, a significant portion expects to see an impact within the next year. Federal cyber leaders confirm initial progress in areas including vulnerability detection, software supply chain security, vulnerability response, and investigative and remediation capabilities. Just over half confirm IT management and staff are placing increased priority on cybersecurity, and just over half are collecting more cyber data than in the past. But, across the board, progress against EO goals is still in the early stages. Fewer than half rate their agencies’ progress against key EO goals as “excellent.” For example, 36 percent rate progress toward creating a formal strategy as excellent; 34 percent rate progress toward investing in endpoint detection and response (EDR) as excellent; and, 33 percent rate progress migrating to secure cloud solutions, as excellent. When asked about the importance of zero trust, 82 percent agree that allocating staff and budget resources to zero trust is vital to national security and almost all, 96 percent, agree the Federal zero trust strategy is somewhat or very helpful. Despite the high priority, just 30 percent of Federal cyber decision-makers rate their zero trust progress as “excellent” and many, 67 percent, say the EO’s three-year window for implementing a zero trust architecture is not realistic. Zero Trust is the gold standard for cybersecurity, so we're encouraged to see the EO is prioritizing that approach. In addition, cloud-native endpoint detection and response capabilities can significantly strengthen the cybersecurity posture for the federal government, especially when integrated with other security capabilities including identity security, threat intelligence, and managed threat hunting. These concepts have become cybersecurity best practices for the private sector’s most technologically advanced businesses, and we encourage the public sector to continue to embrace these technologies and strategies.” Drew Bagley, vice president and counsel for Privacy and Cyber Policy, CrowdStrike “Getting to zero trust is not easy. The detail provided in the multi-step guidance from OMB provides a path, but there is no single box you can buy to meet the varied needs of the five zero trust pillars,” says Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs, Zscaler. “You need multiple solutions from varying vendors that work together with seamless integration to achieve true zero trust – it is a team sport. OMB has done a good job in helping to define those rules, with rule one being to keep users off the network. If they can’t reach you, they can’t breach you.” Funding is another roadblock. Just 14 percent report they have all funding needed to meet Cyber EO requirements. One-third say they have half, or less than half, of the funding needed. “The sea change is the focus on comprehensive cyber resiliency,” says Nicole Burdette, principal, MeriTalk. “The EO provided direction, and Federal cyber leaders are now doing the hard work. But progress requires sustained funding and resource commitment. The research shows the gaps.” “The U.S. federal government is taking important steps to improve the nation’s cybersecurity posture,” said Dave Levy, Vice President of U.S. Government, Nonprofit, and Healthcare at Amazon Web Services (AWS). “In the Cyber EO, the White House directs federal agencies to adopt security best practices, implement zero trust architectures, and accelerate migration to secure cloud services. Organizations of all sizes should consider similar principles and practices to enhance their cybersecurity and protect employees and sensitive data against cyberattack.” What are the leaders doing differently? Cyber EO champions (leaders who give their agency’s EO progress an A) are predictably more likely than their peers to say they have all the funding they need. They are also more likely to have their chief information officer (CIO) leading their zero-trust implementation (67 percent to 28 percent). When asked for perspectives on what’s needed to achieve cyber progress, the research identified the Federal wish list: Workforce training and expertise Stronger executive buy-in Detailed direction from agency IT leadership Centers of Excellence (COEs) in the government to lend expertise Three-fourths of Federal cyber decision-makers also say the EO should have been more authoritative with private-sector directives. The Impact Assessment: Cyber EO Year One report is based on an online survey of more than 150 Federal cybersecurity decision-makers familiar with their agencies’ cybersecurity initiatives, including zero trust strategies, in March 2022 and is underwritten by Amazon Web Services (AWS), CrowdStrike, and Zscaler. The report has a margin of error of ±7.7 percent at a 95 percent confidence level. About MeriTalk The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Our award-winning editorial team and world-class events and research staff produces unmatched news, analysis, and insight. The goal: a more efficient, responsive, and citizen-centric government. MeriTalk connects with an audience of 160,000 Federal community contacts.

Read More

Emerging Technology, Cybersecurity

Red River Secures Army ITES-3S Contract

Businesswire | March 23, 2023

Red River, a technology transformation company serving government and enterprise customers, today announced that it is now an authorized provider on the U.S. Army’s Information Technology Enterprise Solutions 3 Services (ITES-3S) contract. Awarded by the Computer Hardware, Enterprise Software and Solutions (CHESS) and the Army Contracting Command - Rock Island (ACC-RI), ITES-3S is a nine-year, $12.1 billion, indefinite delivery indefinite quantity (IDIQ) contract. The ITES-3S IDIQ will provide a broad range of enterprise information technology services and support to the U.S. Army and other authorized Federal Government agencies. Types of information technology services available through the ITES-3S IDIQ include Program Management; Cybersecurity/Information Assurance; Enterprise Design, Integration and Consolidation; Network/Systems Operation and Maintenance; Telecommunications; Supply Chain Management; Operation and Maintenance; Business Process Engineering; and Information Technology Education and Training. This award demonstrates Red River’s longstanding commitment to providing superior professional services to the U.S. Army and the opportunity to continue to serve and support the men and women in uniform at home and abroad. Red River has more than 25 years as a trusted technology and services provider to the U.S. government and Department of Defense (DoD). “We are excited to continue our longstanding history of supporting the technology services needs of the Army and other government agencies supported through this contract vehicle,” said Brian Roach, CEO for Red River. “We look forward to collaborating with DoD technology leaders to support their mission requirements in areas such as cybersecurity, managed services, cloud, infrastructure and collaboration. This is a significant addition to our contracts portfolio and strengthens our position as a leading technology and services provider to the DoD and the U.S. government as a whole.” About Red River Red River brings together the ideal combination of talent, partners and products to disrupt the status quo in technology and drive success for business and government in ways previously unattainable. Red River serves organizations well beyond traditional technology integration, bringing more than 25 years of experience and mission-critical expertise in managed services, cybersecurity, infrastructure, collaboration and cloud solutions.

Read More

Emerging Technology

New Iridium Certus Service Providers to Support U.S. Government Customers

Iridium Communications | October 13, 2022

Iridium Communications Inc. (Nasdaq: IRDM) announced today that Iridium partners MetOcean Telematics, NAL Research, and Trace Systems are now Iridium Certus® service providers for U.S. government customers, joining Satcom Direct, in this capacity. These unique, long-term deals will allow these companies to provide Iridium's secure global satellite broadband and midband connectivity for mobile voice and data services to the U.S. government through a dedicated gateway. By leveraging the inherent advantages of the Iridium® network, including truly global, on-the-move L-band connectivity, MetOcean Telematics, NAL Research, and Trace Systems are now able to deliver enhanced capabilities that meet Communications Security (ComSec) requirements for the Department of Defense (DoD) and warfighter. These capabilities include global and resilient voice, data and 1080 HD live-action video over satcom across all domains (land, maritime and air) on the move. The service also serves as the "ACE in PACE" – alternate, contingent or emergency communications link, supports early entry communications packages and command and control for autonomous or uncrewed systems and data backhaul. Whether in high-risk combat zones or during inclement weather events, the Iridium network provides uncompromising satellite communications that keeps users connected when it's needed most. Iridium Certus™ terminals enable U.S. government users to securely connect remote assets to respective command and control centers in the U.S. in a cost-effective and secure manner, from anywhere in the world. "Iridium Certus continues to provide mission-critical broadband and midband capabilities to the modern warfighter and we're excited to add new service providers to expand the distribution of these offerings, With the addition of Iridium Certus for the government, these partners will play a critical role in supporting DoD personnel as they utilize this value-added service." -Scott Scheimreif, Executive Vice President of Government Programs, Iridium. Unique in the satellite industry, Iridium Certus is the only broadband service that provides highly reliable, truly global, weather-resilient connectivity for on-the-move internet and high-quality voice access. Iridium Certus terminals are low-profile, compared to the competition, and capable of maintaining broadband connectivity in fast-paced, unpredictable environments on land, at sea, in the air — and can do it without landing in or passing through non-U.S. territories. Iridium Communications Inc: Iridium® is the only mobile voice and data satellite communications network that spans the entire globe. Iridium enables connections between people, organizations and assets to and from anywhere, in real time. Together with its ecosystem of partner companies, Iridium delivers an innovative and rich portfolio of reliable solutions for markets that require truly global communications. In 2019, the company completed a generational upgrade of its satellite network and launched its new specialty broadband service, Iridium Certus®. Iridium Communications Inc. is headquartered in McLean, Va., U.S.A., and its common stock trades on the Nasdaq Global Select Market under the ticker symbol IRDM.

Read More

Cybersecurity

One Year In, Cyber Executive Order Progress is Under Way, But Early Stage

MeriTalk | May 06, 2022

Ninety-one percent of Federal cybersecurity decision-makers say the 2021 Executive Order (EO) on Improving the Nation’s Cybersecurity has made U.S. data and critical infrastructure safer, but just 28 percent say significantly safer, according to Impact Assessment: Cyber EO Year One, a new study from MeriTalk, a public-private partnership focused on improving the outcomes of government information technology (IT). The report explores perspectives on progress against Cyber EO goals, identifies what successful agencies do differently, and finds the fault lines where agency cyber leaders say they need more help to succeed. Most Federal cyber decision-makers (78 percent) agree the steps outlined in the Cyber EO are necessary to protect our nation. Implementing software supply chain security and migrating to a zero-trust architecture are the two most important factors for national cybersecurity, the research highlights. And, while just 15 percent have seen tangible improvements because of EO efforts to date, a significant portion expects to see an impact within the next year. Federal cyber leaders confirm initial progress in areas including vulnerability detection, software supply chain security, vulnerability response, and investigative and remediation capabilities. Just over half confirm IT management and staff are placing increased priority on cybersecurity, and just over half are collecting more cyber data than in the past. But, across the board, progress against EO goals is still in the early stages. Fewer than half rate their agencies’ progress against key EO goals as “excellent.” For example, 36 percent rate progress toward creating a formal strategy as excellent; 34 percent rate progress toward investing in endpoint detection and response (EDR) as excellent; and, 33 percent rate progress migrating to secure cloud solutions, as excellent. When asked about the importance of zero trust, 82 percent agree that allocating staff and budget resources to zero trust is vital to national security and almost all, 96 percent, agree the Federal zero trust strategy is somewhat or very helpful. Despite the high priority, just 30 percent of Federal cyber decision-makers rate their zero trust progress as “excellent” and many, 67 percent, say the EO’s three-year window for implementing a zero trust architecture is not realistic. Zero Trust is the gold standard for cybersecurity, so we're encouraged to see the EO is prioritizing that approach. In addition, cloud-native endpoint detection and response capabilities can significantly strengthen the cybersecurity posture for the federal government, especially when integrated with other security capabilities including identity security, threat intelligence, and managed threat hunting. These concepts have become cybersecurity best practices for the private sector’s most technologically advanced businesses, and we encourage the public sector to continue to embrace these technologies and strategies.” Drew Bagley, vice president and counsel for Privacy and Cyber Policy, CrowdStrike “Getting to zero trust is not easy. The detail provided in the multi-step guidance from OMB provides a path, but there is no single box you can buy to meet the varied needs of the five zero trust pillars,” says Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs, Zscaler. “You need multiple solutions from varying vendors that work together with seamless integration to achieve true zero trust – it is a team sport. OMB has done a good job in helping to define those rules, with rule one being to keep users off the network. If they can’t reach you, they can’t breach you.” Funding is another roadblock. Just 14 percent report they have all funding needed to meet Cyber EO requirements. One-third say they have half, or less than half, of the funding needed. “The sea change is the focus on comprehensive cyber resiliency,” says Nicole Burdette, principal, MeriTalk. “The EO provided direction, and Federal cyber leaders are now doing the hard work. But progress requires sustained funding and resource commitment. The research shows the gaps.” “The U.S. federal government is taking important steps to improve the nation’s cybersecurity posture,” said Dave Levy, Vice President of U.S. Government, Nonprofit, and Healthcare at Amazon Web Services (AWS). “In the Cyber EO, the White House directs federal agencies to adopt security best practices, implement zero trust architectures, and accelerate migration to secure cloud services. Organizations of all sizes should consider similar principles and practices to enhance their cybersecurity and protect employees and sensitive data against cyberattack.” What are the leaders doing differently? Cyber EO champions (leaders who give their agency’s EO progress an A) are predictably more likely than their peers to say they have all the funding they need. They are also more likely to have their chief information officer (CIO) leading their zero-trust implementation (67 percent to 28 percent). When asked for perspectives on what’s needed to achieve cyber progress, the research identified the Federal wish list: Workforce training and expertise Stronger executive buy-in Detailed direction from agency IT leadership Centers of Excellence (COEs) in the government to lend expertise Three-fourths of Federal cyber decision-makers also say the EO should have been more authoritative with private-sector directives. The Impact Assessment: Cyber EO Year One report is based on an online survey of more than 150 Federal cybersecurity decision-makers familiar with their agencies’ cybersecurity initiatives, including zero trust strategies, in March 2022 and is underwritten by Amazon Web Services (AWS), CrowdStrike, and Zscaler. The report has a margin of error of ±7.7 percent at a 95 percent confidence level. About MeriTalk The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Our award-winning editorial team and world-class events and research staff produces unmatched news, analysis, and insight. The goal: a more efficient, responsive, and citizen-centric government. MeriTalk connects with an audience of 160,000 Federal community contacts.

Read More

Events