Emerging Technology
Article | July 16, 2022
Governments and public authorities, like any other part of society, are vulnerable to technological disruption. Many of the issues confronting the government today stem from the fight to combat the global COVID-19 pandemic. Government institutions frequently discover that by employing tactics and strategies similar to those used by industry and the private sector, they, too, could learn to be more flexible and agile in their response.
As a result, they have experienced a faster rate of digital transformation. Artificial intelligence (AI), the internet of things (IoT), and digital twins are now firmly on the agenda of governments and public bodies, whereas they were previously only on the roadmap. Many governments, particularly in more developed countries, have realized that they simply cannot afford to be complacent when there is so much potential for positive change.
So, with that in mind, here's a rundown of some of the most significant tech trends affecting governments in 2022.
Digital Identity:
Biometric measures, can be used in identity schemes to link an individual as a physical entity to their digital identity.
AI and Automation of Public Services:
In the United States, federal, state, and local governments are all ramping up experiments with natural language processing (NLP) technologies to reduce customer friction.
Cyber Security:
Close monitoring of cyber security is a high priority for states. In 2021, the US government announced that it would assist businesses in defending themselves against nation-state attacks.
National Cryptocurrencies:
The benefits of cryptocurrency as a monetary system are clearly compelling enough to pique the interest of governments and central banks, but there are questions that must be addressed, particularly those concerning environmental costs and energy consumption, which may have political ramifications.
The Rise of Govtech Start-ups:
The field is now open for a new breed of start-up known as "govtechs" to bring fresh thinking to the challenge of driving the digital revolution in government.
For example, in the United States, federal, state, and local governments are popular with services that received a high volume of calls during the pandemic. The above discussed trends are the five biggest tech trends transforming government in 2022.
Read More
Government Business, Government Finance
Article | July 12, 2022
It can be challenging to connect government services to Californians who need them most. With a population of nearly 40 million people, the state’s residents have a wide range of experiences, abilities, education, and technical literacy. The California Design System is a collaborative effort between the California Department of Technology and the Office of Digital Innovation to help web developers and designers address common needs to make digital information and services easier to use.
The Design System is an open source project and is in early beta status. Currently in use on websites for the Department of Cannabis Control, California Drought Action, California’s COVID-19 website, and the Broadband for All portal, we invite collaboration and feedback so we can incorporate new design system components into the existing state template.
The California Design System will help build websites and products that put people first and also look great. Whether you’re an individual developer, product owner, web designer or a public employee, we invite you to get involved and help us make improvements. Reach out to the Design System team through our contact form on the home page, or work through the GitHub repository.
This collaborative effort is another example of how state government is innovating to improve state websites and better serve the people of California.
Read More
Article | May 27, 2021
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:
Executive Order 14028: “Improving The Nation’s Cybersecurity”
M-22-09: OMB’s Zero Trust Strategy M-22-09
NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances
Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.
The Shift to Zero Trust
At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk. No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.
Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”
NIST 800-207 aptly
They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.
Management Complexities
Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.
Let’s define a common baseline of enterprise domains seen across traditional IT environments:
Cloud
Data Center
Enterprise Networking
Extended Enterprise (IoT, OT/ICS)
Remote Access
But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:
We can’t have MULTIDOMAIN POLICY without first achieving fuller
We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.
Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.
Summary and Overarching Goals
In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.
Establish Visibility (Administration, Telemetry, Assurance)
Define Straightforward Policy Structure and Hierarchy (Auth Chains)
Perform Multidomain Integrations (API Integrations)
Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
Establish Sensical Automation Runbooks (Day-2 Operations)
We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.
Read More
Article | April 15, 2020
We’re starting to get the first independent analysis of the impact of the measures the U.S. Congress has passed to provide relief will have on the U.S. government’s fiscal situation. The Committee for a Responsible Federal Budget is first out of the gate with its preliminary findings, here is their main takeaway: Our latest projections find that under current law, budget deficits will total more than $3.8 trillion (18.7 percent of GDP) this year and $2.1 trillion (9.7 percent of GDP) in 2021. We project debt held by the public will exceed the size of the economy by the end of Fiscal Year 2020 and eclipse the prior record set after World War II by 2023. Keep in mind that prior to the coronavirus pandemic, the U.S. government was planning to spend $4.8 trillion in its 2020 fiscal year, borrowing $1.1 trillion. With the CRFB’s estimate of $3.8 trillion, the U.S. government will be borrowing more than the $3.7 trillion it had hoped to collect in taxes for the year.
Read More