Home > Resources > Articles > What Lies at the Foundation of Cyber Security of the U.S. Government?

What Lies at the Foundation of Cyber Security of the U.S. Government?

Today, I wanted to take a brief moment to share another simple fact with you that impacts national and global security. At the very foundation of cyber security of the entire United States Government lies a single technology - Active Directory. From the White House to the U.S. Senate and from the Department of Defense to the Department of Justice, virtually every agency in the United States Government operates on Active Directory, as do the CIA, the NSA, the FBI etc. etc. That's right - virtually every federal, state and local agency in the United States Government operates on Active Directory, and today, collectively hundreds of millions of security permissions specified in the access control lists (ACLs) of millions of Active Directory objects collectively serve to secure and protect the entire United States Government.

Spotlight

City of Lawrence, KS

Lawrence is a diverse and multifaceted city that provides many of the amenities of a large metropolitan area, while still maintaining a strong sense of community. Located in Northeast Kansas, Lawrence is just 45 minutes west of Kansas City, and 30 minutes east of Topeka, the state capital. Lawrence offers a rich and fascinating history, a wide range of exciting cultural experiences, nationally recognized educational institutions, and some of the most unique and enjoyable shopping opportunities in the Midwest.

OTHER ARTICLES
Government Business

What the US-Iran war might look like

Article | July 14, 2022

With Iran in escalation mood to get n to "Holy War" or "War For Survival of Islam" with Air Striking US and Allied Bases in Iraq which though has hardly given any blow to US Confidence and its Marines deployed there,Iran is going to architect a full blown war which as we know it would feature a series of moves and countermoves, we know it’d be very messy and confusing, and we know it’d be extremely deadly. But unlike with the path to war, it’s less useful to offer a play-by-play of what could happen. So with that in mind, it’s better to look at what the US and Iranian war plans would likely be — to better understand the devastation each could exact. How the US might try to win the war The US strategy would almost certainly involve using overwhelming air and naval power to beat Iran into submission early on. “You don’t poke the beehive, you take the whole thing down,” Goldenberg said. The US military would bomb Iranian ships, parked warplanes, missile sites, nuclear facilities, and training grounds, as well as launch cyberattacks on much of the country’s military infrastructure. The goal would be to degrade Iran’s conventional forces within the first few days and weeks, making it even harder for Tehran to resist American strength. That plan definitely makes sense as an opening salvo, experts say, but it will come nowhere close to winning the war. “It’s very unlikely that the Iranians would capitulate,” Michael Hanna, a Middle East expert at the Century Foundation in New York, told me. “It’s almost impossible to imagine that a massive air campaign will produce the desired result. It’s only going to produce escalation, not surrender.” It won’t help that a sustained barrage of airstrikes will likely lead to thousands of Iranians dead, among them innocent civilians. That, among other things, could galvanize Iranian society against the US and put it firmly behind the regime, even though it has in many ways treated the population horribly over decades in power. There’s another risk: A 2002 war game showed that Iran could sink an American ship and kill US sailors, even though the US Navy is far more powerful. If the Islamic Republic’s forces succeeded in doing that, it could provide a searing image that could serve as a propaganda coup for the Iranians. Washington won’t garner the same amount of enthusiasm for destroying Iranian warships — that’s what’s supposed to happen. An Iranian Army soldier stands guard on a military speedboat, passing by a submarine during the “Velayat-90” navy exercises in the Strait of Hormuz on December 28, 2011. Ali Mohammadi/AFP/Getty Images Trump has already signaled he doesn’t want to send ground troops into Iran or even spend a long time fighting the country. That tracks with his own inclinations to keep the US out of foreign wars, particularly in the Middle East. But with hawkish aides at his side, like Secretary of State Mike Pompeo, there’s a chance they could convince him not to look weak and to go all-in and grasp victory. But the options facing the president at that point will be extremely problematic, experts say. The riskiest one — by far — would be to invade Iran. The logistics alone boggle the mind, and any attempt to try it would be seen from miles away. “There’s no surprise invasion of Iran,” Brewer, who is now at the Center for Strategic and International Studies think tank in Washington, told me. Iran has nearly three times the amount of people Iraq did in 2003, when the war began, and is about three and a half times as big. In fact, it’s the world’s 17th-largest country, with territory greater than France, Germany, the Netherlands, Belgium, Spain, and Portugal combined. The geography is also treacherous. It has small mountain ranges along some of its borders. Entering from the Afghanistan side in the east would mean traversing two deserts. Trying to get in from the west could also prove difficult even with Turkey — a NATO ally — as a bordering nation. After all, Ankara wouldn’t let the US use Turkey to invade Iraq, and its relations with Washington have only soured since. “IT’S ALMOST IMPOSSIBLE TO IMAGINE THAT A MASSIVE AIR CAMPAIGN WILL PRODUCE THE DESIRED RESULT. IT’S ONLY GOING TO PRODUCE ESCALATION, NOT SURRENDER.” —MICHAEL HANNA, A MIDDLE EAST EXPERT AT THE CENTURY FOUNDATION The US could try to enter Iran the way Saddam Hussein did during the Iran-Iraq war, near a water pass bordering Iran’s southwest. But it’s swampy — the Tigris and Euphrates rivers meet there — and relatively easy to protect. Plus, an invading force would run up against the Zagros Mountains after passing through, just like Saddam’s forces did. It’s for these reasons that the private intelligence firm Stratfor called Iran a “fortress” back in 2011. If Trump chose to launch an incursion, he’d likely need around 1.6 million troops to take control of the capital and country, a force so big it would overwhelm America’s ability to host them in regional bases. By contrast, America never had more than 180,000 service members in Iraq. And there’s the human cost. A US-Iran war would likely lead to thousands or hundreds of thousands of dead. Trying to forcibly remove the country’s leadership, experts say, might drive that total into the millions. That helps explain why nations in the region hope they won’t see a fight. Goldenberg, who traveled recently to meet with officials in the Gulf, said that none of them wanted a US-Iran war. European nations will also worry greatly about millions of refugees streaming into the continent, which would put immense pressure on governments already dealing with the fallout of the Syrian refugee crisis. Israel also would worry about Iranian proxies targeting it (more on that below). Meanwhile, countries like Russia and China — both friendly to Iran — would try to curtail the fighting and exploit it at the same time, the Century Foundation’s Hanna told me. China depends heavily on its goods traveling through the Strait of Hormuz, so it would probably call for calm and for Tehran not to close down the waterway. Russia would likely demand restraint as well, but use the opportunity to solidify its ties with the Islamic Republic. President Donald Trump and Mohammed bin Salman, the crown prince of Saudi Arabia, stand side by side in the group picture at the G20 summit on June 28, 2019. Bernd von Jutrczenka/picture alliance via Getty Images And since both countries have veto power on the UN Security Council, they could ruin any political legitimacy for the war that the US may aim to gain through that body. The hope for the Trump administration would therefore be that the conflict ends soon after the opening salvos begin. If it doesn’t, and Iran resists, all that’d really be left are a slew of bad options to make a horrid situation much, much worse. How Iran might try to win the war Retired Marine Lt. Gen. Vincent Stewart left his post as the No. 2 at US Cyber Command in 2019, ending a decorated four-decade career. Toward the end of it, he spent his time at the forefront of the military intelligence and cybersecurity communities. If anyone has the most up-to-date information on how Iran may fight the US, then, it’s Stewart. “The Iranian strategy would be to avoid, where possible, direct conventional force-on-force operations,” he wrote for the Cipher Brief on July 2, 2019. “They would attempt to impose cost on a global scale, striking at US interests through cyber operations and targeted terrorism with the intent of expanding the conflict, while encouraging the international community to restrain America’s actions.” In other words, Tehran can’t match Washington’s firepower. But it can spread chaos in the Middle East and around the world, hoping that a war-weary US public, an intervention-skeptical president, and an angered international community cause America to stand down. That may seem like a huge task — and it is — but experts believe the Islamic Republic has the capability, knowhow, and will to pull off such an ambitious campaign. “The Iranians can escalate the situation in a lot of different ways and in a lot of different places,” Hanna told me. “They have the capacity to do a lot of damage.” Take what it could do in the Middle East. Iran’s vast network of proxies and elite units — like Soleimani’s Islamic Revolutionary Guard Corps — could be activated to kill American troops, diplomats, and citizens throughout the region. US troops in Syria are poorly defended and have little support, making them easy targets, experts say. America also has thousands of civilians, troops, and contractors in Iraq, many of whom work in areas near where Iranian militias operate within the country. US allies would also be prime targets. Hezbollah, an Iran-backed terrorist group in Lebanon, might attack Israel with rockets and start its own brutal fight. We’ve heard this story before: In 2006, they battled in a month-long war where the militant group fired more than 4,000 rockets into Israel, and Israeli forces fired around 7,000 bombs and missiles into Lebanon. About 160 Israelis troops and civilians died, according to the Israel Ministry of Foreign Affairs, and about 1,100 Lebanese — most of them civilians — perished, per Human Rights Watch, a US-headquartered advocacy organization. It also reports about 4,400 Lebanese were injured, and around 1 million people were displaced. But that’s not all. Iran could encourage terrorist organizations or other proxies to strike inside Saudi Arabia, the United Arab Emirates, and other Gulf nations. Last year, it planned and executed drone strikes on two major Saudi oil facilities deep inside the kingdom, convulsing world markets. Its support for Houthis rebels in Yemen would mostly certainly increase, offering them more weapons and funds to attack Saudi Arabia’s airports, military bases, and energy plants. The US government on April 8, 2019, said it had designated the IRGC as a terrorist organization, marking the first time a US government has made such a designation on a foreign government’s organization. Rouzbeh Fouladi/NurPhoto via Getty Images Experts note that the Islamic Republic likely has sleeper cells in Europe and Latin America, and they could resurface in dramatic and violent ways. In 1994, for example, Iranian-linked terrorists bombed the hub of the Jewish community in Argentina’s capital, Buenos Aires, killing 85 people and injuring roughly 300 more. That remains the largest terrorist attack in Latin America’s history, and the possibility for an even bigger one exists. In 2018, Argentina arrested two men suspected of having ties with Hezbollah. But Chris Musselman, formerly the National Security Council’s counterterrorism director under Trump, told me the US and its allies may have the most trouble containing the proxy swarm in Western Africa. “We could see a conflict that spread quickly to places the US may not be able to protect people, and it’s a fight that we are grossly unprepared for,” he said, adding that there’s a strong Hezbollah presence in the region and American embassy security there isn’t great. Making matters worse, he continued, the US isn’t particularly good at collecting intelligence there, meaning some militants could operate relatively under the radar. “This isn’t really a law enforcement function that US can take on a global scale,” he said. It would require that countries unwittingly hosting proxies to lead on defeating the Iranian-linked fighters, with US support when needed. The chaos would also extend into the cyber realm. Iran is a major threat to the US in cyberspace. Starting in 2011, Iran attacked more than 40 American banks, including JPMorgan Chase and Bank of America. The attack made it so the banks had trouble serving its customers and customers had trouble using the bank’s services. In 2012, Iran released malware into the networks of Saudi Aramco, a major oil company, which erased documents, emails, and other files on around 75 percent of the company’s computers — replacing them with an image of a burning American flag. In the middle of a war, one could imagine Tehran’s hackers wreaking even more havoc. “WE COULD SEE A CONFLICT THAT SPREAD QUICKLY TO PLACES THE US MAY NOT BE ABLE TO PROTECT PEOPLE, AND IT’S A FIGHT THAT WE ARE GROSSLY UNPREPARED FOR” —CHRIS MUSSELMAN, FORMERLY THE NATIONAL SECURITY COUNCIL’S COUNTERTERRORISM DIRECTOR UNDER TRUMP “I would expect them to have begun selected targeting through socially-engineered phishing activities focused on the oil and gas sector, the financial sector and the electric power grid in that order,” Stewart wrote. “There may be instances now where they already have some persistent access. If they do, I expect they would use it, or risk losing the access and employ that capability early in the escalation of the crisis.” Recent reports indicate that Iranian cyberwarriors have stepped up their online operations, with a particular emphasis on preparing to attack US firms. Among other moves, they’re aiming to trick employees at major businesses to hand over passwords and other vital information, giving them greater access to a firm’s networks. “When you combine this increase with past destructive attacks launched by Iranian-linked actors, we’re concerned enough about the potential for new destructive attacks to continue sounding the alarm,” Christopher Krebs, a top cybersecurity official at the Department of Homeland Security, told Foreign Policy last July. Iranian Supreme Leader Ayatollah Ali Khamenei attends a graduation ceremony of the Iranian Navy cadets in the city of Noshahr on September 30, 2015. Office of the Iranian Supreme Leader/Anadolu Agency/Getty Images All of this — proxies striking around the world, cyberattacks on enterprise — would happen while Iran continued to resist conventional American forces. In the Strait of Hormuz, for instance, Iranian sailors could use speedboats to place bombs on oil tankers or place mines in the water to destroy US warships. The Islamic Republic’s submarines would also play a huge part in trying to sink an American vessel. And the nation’s anti-ship missiles and drones could prove constant and deadly nuisances. Should US troops try to enter Iranian territory on land, Iranian ground forces would also push back on them fiercely using insurgent-like tactics while the US painfully marches toward Tehran. Put together, Brewer notes succinctly, a US-Iran war would be “a nasty, brutal fight.” Aftermath: “The worst-case scenarios here are quite serious” Imagine, as we already have, that the earlier stages of strife escalate to a major war. That’s already bad enough. But assume for a moment not only that the fighting takes place, but that the US does the unlikely and near impossible: It invades and overthrows the Iranian regime (which Trump’s former National Security Adviser John Bolton, at least, has openly called for in the past). If that happens, it’s worth keeping two things in mind. First, experts say upward of a million people — troops from both sides as well as Iranian men, women, and children, and American diplomats and contractors — likely will have died by that point. Cities will burn and smolder. Those who survived the conflict will mainly live in a state of economic devastation for years and some, perhaps, will pick up arms and form insurgent groups to fight the invading US force. Second, power abhors a vacuum. With no entrenched regime in place, multiple authority figures from Iran’s clerical and military circles, among others, will jockey for control. Those sides could split into violent factions, initiating a civil war that would bring more carnage to the country. Millions more refugees might flock out of the country, overwhelming already taxed nations nearby, and ungoverned pockets will give terrorist groups new safe havens from which to operate. Iran would be on the verge of being a failed state, if it wasn’t already by that point, and the US would be the main reason why. To turn the tide, America may feel compelled to help rebuild the country at the cost of billions of dollars, years of effort, and likely more dead. It could also choose to withdraw, leaving behind a gaping wound in the center of the Middle East. In some ways, then, what comes after the war could be worse than the war itself. It should therefore not be lost on anyone: A US-Iran war would be a bloody hell during and after the fighting. It’s a good thing neither Trump nor Iran’s leadership currently wants a conflict. But if they change their minds, only carnage follows. “The worst-case scenarios here are quite serious,” Hanna told me.

Read More
Government Business

COVID-19: How do we get out of this quagmire?

Article | March 11, 2022

The COVID-19 virus (C19) pandemic is turning out to be the event of the century. Even World War seems timid in comparison. We are in the 4th month of the virus (in non-China countries) and have gone past the lockdown in many places. Isn’t it time we re-think the approach? What if there is another wave of C19 coming soon? What if C19 is the first of many such events in the future? Before we get into analysis and solution design, summarizing the C19 quirks: While a large section of the affected population is asymptomatic, for some it can be lethal There isn’t clarity on all the ways C19 spreads It’s known to affect the lungs, heart, and kidneys in patients with weak immunity It has been hard to identify a definitive pattern of the virus. Some observations in managing the C19 situation are: With no vaccine in sight, the end of this epidemic looks months or years away Health care personnel in hospitals need additional protection to treat patients Lockdowns lead to severe economic hardship and its repeated application can be damaging Quarantining people has an economic cost, especially in the weaker sections of society If one takes a step back to re-think about this, we are primarily solving 2 problems: Minimise deaths: Minimise the death of C19 and non-C19 patients in this period Maximise economic growth: The GDP output/growth should equal or higher than pre-C19 levels One needs to achieve the 2 goals in an environment of rising number of C19 cases. Minimise deaths An approach that can be applied to achieve this is: Data driven health care capacity planning Build a health repository of all the citizens with details like pre-existing diseases, comorbidity, health status, etc. The repository needs to be updated quarterly to account for patient data changes This health repository data is combined with the C19 profile (disease susceptibility) and/or other seasonal diseases to determine the healthcare capacity (medicines, doctors, etc.) needed The healthcare capacity deficit/excess needs to be analysed in categories (beds, equipment, medicine, personnel, etc.) and regions (city, state, etc.) and actions taken accordingly Regular capacity management will ensure patients aren’t deprived of timely treatment. In addition, such planning helps in the equitable distribution of healthcare across regions and optimising health care costs. Healthcare sector is better prepared to scale-up/down their operations Based on the analysis citizens can be informed about their probability of needing hospitalisation on contracting C19. Citizens with a higher health risk on C19 infection should be personally trained on prevention and tips to manage the disease on occurrence The diagram below explains the process Mechanism to increase hospital capacity without cost escalation Due to the nature of C19, health personnel are prone to infection and their safety is a big issue. There is also a shortage of hospitable beds available. Even non-C19 patients aren’t getting the required treatment because health personnel seek it as a risk. This resulted in, healthcare costs going up and availability reducing. To mitigate such issues, hospital layouts may need to be altered (as shown in the diagram below). The altered layout improves hospital capacity and availability of health care personnel. It also reduces the need for the arduous C19 protection procedures. Such procedures reduce the patient treatment capacity and puts a toll on hospital management. Over a period, the number of recovered C19 persons are going to increase significantly. We need to start tapping into their services to reduce the burden on the system. The hospitals need to be divided into 3 zones. The hospital zoning illustration shown below explains how this could be done. In the diagram, patients are shown in green and health care personnel are in light red. **Assumption: Infected and recovered C19 patients are immune to the disease. This is not clearly established Better enforcement of social factors The other reason for high number of infections in countries like India is a glaring disregard in following C19 rules in public places and the laxity in enforcement. Enforcement covers 2 parts, tracking incidents of violation and penalising the behaviour. Government should use modern mechanisms like crowd sourcing to track incidents and ride on the growing public fear to ensure penalty enforcement succeeds. The C19 pandemic has exposed governance limitations in not just following C19 rules, but also in other areas of public safety like road travel, sanitation, dietary habits, etc. Maximise economic growth The earlier lockdown has strained the economy. Adequate measures need to be taken to get the economy back on track. Some of the areas that need to be addressed are: One needs to evaluate the development needs of the country in different categories like growth impetus factors (e.g. building roads, electricity capacity increase), social factors (e.g. waste water treatment plants, health care capacity), and environmental factors (e.g. solar energy generation, EV charging stations). Governments need to accelerate funding in such projects so that that large numbers of unemployed people are hired and trained. Besides giving an immediate boost to the ailing economy such projects have a future payback. The governments should not get bogged down by the huge fiscal deficit such measures can create. Such a mechanism to get money out in the economy is far than better measures like QE (Quantitative Easing) or free money transfer into people’s bank accounts Certain items like smartphone, internet, masks, etc. have become critical (for work, education, critical government announcements). It’s essential to subsidise or reduce taxes so that these items are affordable and accessible to everyone without a financial impact The government shouldn’t put too many C19 related controls on service offerings (e.g. shops, schools, restaurants, cabs). Putting many controls increases the cost of the service which neither the seller not buyer is willing or able to pay. Where controls are put, the Govt should bear the costs or reduce taxes or figure out a mechanism so that the cost can be absorbed. An event like the C19 pandemic is a great opportunity to rationalise development imbalances in the country. Government funding should be channelized more to under-developed regions. This drives growth in regions that need it most. It also prevents excess migration that has resulted in uncontrolled and bad urbanisation that has made C19 management hard (guidelines like social distance are impossible to follow) Post-C19 lockdown, the business environment (need for sanitizers, masks, home furniture) has changed. To make people employable in new flourishing businesses there could be a need to re-skill people. Such an initiative can be taken up by the public/private sector The number of C19 infected asymptomatic patients is going to keep increasing. Building an economy around them (existing, recovered C19 patients) may not be a far-fetched idea. E.g. jobs for C19 infected daily wage earners, C19 infected taxi drivers to transport C19 patients, etc. In the last 100 years, mankind has conquered the destructive aspects of many a disease and natural mishap (hurricanes, floods, etc.). Human lives lost in such events has dramatically dropped over the years and our preparedness has never been this good. Nature seems to have caught up with mankind’s big strides in science and technology. C19 has been hard to reign in with no breakthrough yet. The C19 pandemic is here to stay for the near future. The more we accept this reality and change ourselves to live with it amidst us, the faster we can return to a new normal. A quote from Edward Jenner (inventor of Small Pox) seems apt in the situation – “The deviation of man from the state in which he was originally placed by nature seems to have proved to him a prolific source of diseases”.

Read More
Government Business

2021 will be an excellent year for technology firms

Article | July 11, 2022

Cities, counties, and states are being forced to upgrade or purchase new technology. The old legacy systems are now inadequate, inefficient, and somewhat dangerous because of their vulnerability to hacking. Many of the old systems are almost completely obsolete. They are unable to accommodate new applications. In today’s data driven world, technology modernization leads to less cost, increases in efficiency, fewer requirements for human resources, and huge increases in convenience for citizens. Research on numerous capital improvement plans for cities, counties, and states reveals that funding is being allocated for major technology purchases and upgrades throughout the country. Massachusetts In a bill just signed by the governor, the Act Financing the General Governmental Infrastructure of the Commonwealth, $660 million has been allocated for information technology (IT) needs. Community colleges are scheduled to receive $140 million for cybersecurity, software, hardware, and infrastructure upgrades. Public schools will be eligible for competitive matching grants from a program that received $50 million. Much of the education funding will be used for access to broadband and other digital learning curricula. The IT funding includes $10 million for a statewide data sharing system for all criminal justice agencies and $10 million for the state’s Department of Health. Cities and counties in Massachusetts also will receive funding. Sommerville’s need to acquire modern backup IT appliances and disaster and cybersecurity projects will get funding. The county of Berkshire is granted funding for a study to determine the cost of constructing a municipal broadband network. Avon will receive funding to move the township’s financial software to the cloud for increased security, and Easton will get funding for an e-permitting geographic information system and some technology-based service delivery software. Texas City leaders in Houston plan to spend millions to upgrade some outdated technology. The current computer-aided dispatch (CAD) system is more than 13 years old and has limited functionalities. The city's public safety department is in need of a new system to efficiently respond to police, fire, and medical calls for services. Funding allocations are outlined in the city’s 2021-2025 Capital Improvement Plan. The public safety CAD replacement is scheduled to receive $1 million, and the city has allocated $2.2 million for new budgeting software. Nevada The Las Vegas Public Works Department plans to procure a software solution for the city’s capital improvement project program management system (CPMS). The department is challenged with aging IT infrastructure, reduced resources, and currently, each phase of the CPMS uses separate software applications. This is labor intensive and ineffective. The plan is to have one software solution that tracks and manages all phases of the CPMS, including concept, planning, design, permitting, construction, and closeout. The city has budgeted $350,000 each year from 2021-2025 to complete this project. Virginia The city of Norfolk plans to upgrade its Department of Utilities’ billing system at a cost of $2 million. Over two years, city leaders plan to spend $4 million per year to purchase IT infrastructure. Purchases will include public safety radios, courthouse equipment, an electronic health record system, security appliances, a cybersecurity assessment, and upgrades to e-services platform. The city of Portsmouth will upgrade its financial software beginning in 2021 with full implementation by 2024. The project will include software and hardware upgrades and the streamlining of third-party software. Beginning in 2022, the city will purchase record retention software to house permanent, and eventually all, citywide digital records. Plans also call for updating the city’s public safety records management/computer aided dispatch system at a cost of $900,000. New software will improve mobile computing and analysis tools, management dashboards, and multijurisdictional expandable capabilities for future potential collaborations with surrounding communities. Pennsylvania The city of Philadelphia’s Office of Innovation and Technology has a total of $153.6 million in city tax-supported funding programmed over its six-year FY21-FY26 capital program. Of the $22.5 million recommended, $8.67 million is for major upgrades for network infrastructure stabilization and enhancement. Another $13.83 million will support citywide departmental applications. This funding will be used for replacement of an old tax legacy system, a new personnel accountability system for the fire department, an integrated jail management system, and an enterprise resource platform modernization effort for procurement, accounting, and logistics. In 2021, the city also will design and implement a new fare collection system at a cost of $1.54 million to replace or enhance the current revenue collection equipment. North Carolina The Forsyth County Board of County Commissioners has approved a 2020-2021 annual budget which includes a $6.2 million enterprise resource planning system. The county’s budget, finance, and human resources software programs are in critical need of replacement. In Chatham County, there are plans to replace the current tax office software at a cost of $1 million, and the current software is being evaluated for new purchases. Oregon The city of Salem’s Information Technology Department has announced plans to update its financial system at a cost of $650,000. This upgrade is needed to maintain support of the application and increase functionality. The city also plans to update its enterprise storage array at a cost of $250,000. This equipment is primarily used for enterprise applications including financial services, cash handling, parking, utility billing, police records, and other city records flagged for retention purchases. There is absolutely no doubt – 2021 will be a good year for companies that have new technology to sell to public officials. Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.

Read More

Bond elections catalyze numerous contracting opportunities

Article | September 9, 2020

People often believe that bond elections only fund construction projects. Although it’s true that construction opportunities do occur when bond packages are approved, sales of certificates of obligation or general obligation spawn hundreds of other contracting opportunities. Companies that provide services related to technology, energy systems, furniture, landscaping, and security also benefit. Voters already have approved an abundance of bond packages this year, and more are pending in November elections. Although it’s true that construction opportunities do occur when bond packages are approved, sales of certificates of obligation or general obligation spawn hundreds of other contracting opportunities. Georgia The state of Georgia has funding of $1.133 billion that will be used for new projects, the purchasing of equipment, repairs and renovations to existing facilities. Some of it will also be used to launch new construction projects. School districts have been allocated approximately $378 million and $302 million is available for projects at the University System of Georgia. The Department of Transportation will receive over $152 million for roads, bridges, and rail projects, and the Technical College System of Georgia will receive approximately $99 million for various projects. The state also allocated $20 million for a new conference center at Lake Lanier Island and $12 million for infrastructure improvements at the Georgia World Congress Center in Atlanta. West Virginia The Cabell County Board of Education authorized the issuance of $87.5 million in public school bonds after it was approved by voters in August. Architectural firms and design teams will be in high demand soon as construction is planned for early 2021. Projects include rebuilding Meadows Elementary and Milton Elementary and construction of a new Davis Creek Elementary facility. Other school buildings will receive major renovations including new windows, doors, roofing, HVAC systems, sprinkler systems, and security upgrades. New York Bond funds were approved in Lewis County for a $33 million capital project to construct a new surgical pavilion and renovation of the existing Medical-Surgical floor. Bidding will be solicited in January and February 2021 with construction to begin immediately. The project includes construction of a 36,224 square-foot surgical pavilion as well as the renovation of about 18,889 square feet of the existing Medical-Surgical inpatient floor. California The state of California recently announced the sale of $2.65 billion of revenue bonds to benefit various projects at the University of California (UC). About $1.15 billion will be spent on campus projects. Regents for the university system announced that about than 50 construction projects at all 10 UC campuses are planned. Projects include improvements to the Agriculture and Natural Resources Research and Extension Center and Franz Hall. Seismic upgrades are planned for the Irvine Campus, the engineering tower, four gateway quad buildings, and the social sciences buildings. More earthquake-resistant improvements will be made at a number of additional facilities. Louisiana In August, $140 million in bonds were approved for construction of a new high school and the completion of 13 other construction and improvement projects for Ascension Parish Public Schools. Approximately $79.5 million has been set aside for a new high school which will be located in Prairieville. Solicitation documents for contractors will be released in 2021. Other projects that have been approved include $27 million in renovations at East Ascension High School, $7.5 million for artificial turf at four high school stadiums plus the stadium at the new high school, $4.4 million for a classroom addition at St. Amant Primary, and $2.3 million for improvements at Donaldsonville High School. Texas Voters recently approved $76.6 million for the Plainview Independent School District and this funding will be used to consolidate and restructure elementary and middle school facilities. Some of the revenue will also be used to update security and technology. The proposed building plan consolidates six elementary campuses into three with pre-K programs and increased capacity at each campus. Some solicitation documents are expected in November, and others are planned for early 2021. Hawaii The state of Hawaii successfully sold $995 million of general obligation bonds, and the funding will be used to finance capital improvements for various public buildings, elementary and secondary schools, community college and university facilities, public libraries, and parks. As 2020 draws to a close over the next few months, millions more in funding for all types of projects will result as November bond packages are placed on the ballot for voter approval. Even in the midst of a pandemic, public assets must be maintained, expanded, and made safe for citizens. The activity generated by the bond elections stimulates local economies, and the projects that result create thousands of jobs as well. Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.

Read More
Government Business

Revitalization of Economies: Government Supporting Start-ups

Article | July 14, 2022

With Iran in escalation mood to get n to "Holy War" or "War For Survival of Islam" with Air Striking US and Allied Bases in Iraq which though has hardly given any blow to US Confidence and its Marines deployed there,Iran is going to architect a full blown war which as we know it would feature a series of moves and countermoves, we know it’d be very messy and confusing, and we know it’d be extremely deadly. But unlike with the path to war, it’s less useful to offer a play-by-play of what could happen. So with that in mind, it’s better to look at what the US and Iranian war plans would likely be — to better understand the devastation each could exact. How the US might try to win the war The US strategy would almost certainly involve using overwhelming air and naval power to beat Iran into submission early on. “You don’t poke the beehive, you take the whole thing down,” Goldenberg said. The US military would bomb Iranian ships, parked warplanes, missile sites, nuclear facilities, and training grounds, as well as launch cyberattacks on much of the country’s military infrastructure. The goal would be to degrade Iran’s conventional forces within the first few days and weeks, making it even harder for Tehran to resist American strength. That plan definitely makes sense as an opening salvo, experts say, but it will come nowhere close to winning the war. “It’s very unlikely that the Iranians would capitulate,” Michael Hanna, a Middle East expert at the Century Foundation in New York, told me. “It’s almost impossible to imagine that a massive air campaign will produce the desired result. It’s only going to produce escalation, not surrender.” It won’t help that a sustained barrage of airstrikes will likely lead to thousands of Iranians dead, among them innocent civilians. That, among other things, could galvanize Iranian society against the US and put it firmly behind the regime, even though it has in many ways treated the population horribly over decades in power. There’s another risk: A 2002 war game showed that Iran could sink an American ship and kill US sailors, even though the US Navy is far more powerful. If the Islamic Republic’s forces succeeded in doing that, it could provide a searing image that could serve as a propaganda coup for the Iranians. Washington won’t garner the same amount of enthusiasm for destroying Iranian warships — that’s what’s supposed to happen. An Iranian Army soldier stands guard on a military speedboat, passing by a submarine during the “Velayat-90” navy exercises in the Strait of Hormuz on December 28, 2011. Ali Mohammadi/AFP/Getty Images Trump has already signaled he doesn’t want to send ground troops into Iran or even spend a long time fighting the country. That tracks with his own inclinations to keep the US out of foreign wars, particularly in the Middle East. But with hawkish aides at his side, like Secretary of State Mike Pompeo, there’s a chance they could convince him not to look weak and to go all-in and grasp victory. But the options facing the president at that point will be extremely problematic, experts say. The riskiest one — by far — would be to invade Iran. The logistics alone boggle the mind, and any attempt to try it would be seen from miles away. “There’s no surprise invasion of Iran,” Brewer, who is now at the Center for Strategic and International Studies think tank in Washington, told me. Iran has nearly three times the amount of people Iraq did in 2003, when the war began, and is about three and a half times as big. In fact, it’s the world’s 17th-largest country, with territory greater than France, Germany, the Netherlands, Belgium, Spain, and Portugal combined. The geography is also treacherous. It has small mountain ranges along some of its borders. Entering from the Afghanistan side in the east would mean traversing two deserts. Trying to get in from the west could also prove difficult even with Turkey — a NATO ally — as a bordering nation. After all, Ankara wouldn’t let the US use Turkey to invade Iraq, and its relations with Washington have only soured since. “IT’S ALMOST IMPOSSIBLE TO IMAGINE THAT A MASSIVE AIR CAMPAIGN WILL PRODUCE THE DESIRED RESULT. IT’S ONLY GOING TO PRODUCE ESCALATION, NOT SURRENDER.” —MICHAEL HANNA, A MIDDLE EAST EXPERT AT THE CENTURY FOUNDATION The US could try to enter Iran the way Saddam Hussein did during the Iran-Iraq war, near a water pass bordering Iran’s southwest. But it’s swampy — the Tigris and Euphrates rivers meet there — and relatively easy to protect. Plus, an invading force would run up against the Zagros Mountains after passing through, just like Saddam’s forces did. It’s for these reasons that the private intelligence firm Stratfor called Iran a “fortress” back in 2011. If Trump chose to launch an incursion, he’d likely need around 1.6 million troops to take control of the capital and country, a force so big it would overwhelm America’s ability to host them in regional bases. By contrast, America never had more than 180,000 service members in Iraq. And there’s the human cost. A US-Iran war would likely lead to thousands or hundreds of thousands of dead. Trying to forcibly remove the country’s leadership, experts say, might drive that total into the millions. That helps explain why nations in the region hope they won’t see a fight. Goldenberg, who traveled recently to meet with officials in the Gulf, said that none of them wanted a US-Iran war. European nations will also worry greatly about millions of refugees streaming into the continent, which would put immense pressure on governments already dealing with the fallout of the Syrian refugee crisis. Israel also would worry about Iranian proxies targeting it (more on that below). Meanwhile, countries like Russia and China — both friendly to Iran — would try to curtail the fighting and exploit it at the same time, the Century Foundation’s Hanna told me. China depends heavily on its goods traveling through the Strait of Hormuz, so it would probably call for calm and for Tehran not to close down the waterway. Russia would likely demand restraint as well, but use the opportunity to solidify its ties with the Islamic Republic. President Donald Trump and Mohammed bin Salman, the crown prince of Saudi Arabia, stand side by side in the group picture at the G20 summit on June 28, 2019. Bernd von Jutrczenka/picture alliance via Getty Images And since both countries have veto power on the UN Security Council, they could ruin any political legitimacy for the war that the US may aim to gain through that body. The hope for the Trump administration would therefore be that the conflict ends soon after the opening salvos begin. If it doesn’t, and Iran resists, all that’d really be left are a slew of bad options to make a horrid situation much, much worse. How Iran might try to win the war Retired Marine Lt. Gen. Vincent Stewart left his post as the No. 2 at US Cyber Command in 2019, ending a decorated four-decade career. Toward the end of it, he spent his time at the forefront of the military intelligence and cybersecurity communities. If anyone has the most up-to-date information on how Iran may fight the US, then, it’s Stewart. “The Iranian strategy would be to avoid, where possible, direct conventional force-on-force operations,” he wrote for the Cipher Brief on July 2, 2019. “They would attempt to impose cost on a global scale, striking at US interests through cyber operations and targeted terrorism with the intent of expanding the conflict, while encouraging the international community to restrain America’s actions.” In other words, Tehran can’t match Washington’s firepower. But it can spread chaos in the Middle East and around the world, hoping that a war-weary US public, an intervention-skeptical president, and an angered international community cause America to stand down. That may seem like a huge task — and it is — but experts believe the Islamic Republic has the capability, knowhow, and will to pull off such an ambitious campaign. “The Iranians can escalate the situation in a lot of different ways and in a lot of different places,” Hanna told me. “They have the capacity to do a lot of damage.” Take what it could do in the Middle East. Iran’s vast network of proxies and elite units — like Soleimani’s Islamic Revolutionary Guard Corps — could be activated to kill American troops, diplomats, and citizens throughout the region. US troops in Syria are poorly defended and have little support, making them easy targets, experts say. America also has thousands of civilians, troops, and contractors in Iraq, many of whom work in areas near where Iranian militias operate within the country. US allies would also be prime targets. Hezbollah, an Iran-backed terrorist group in Lebanon, might attack Israel with rockets and start its own brutal fight. We’ve heard this story before: In 2006, they battled in a month-long war where the militant group fired more than 4,000 rockets into Israel, and Israeli forces fired around 7,000 bombs and missiles into Lebanon. About 160 Israelis troops and civilians died, according to the Israel Ministry of Foreign Affairs, and about 1,100 Lebanese — most of them civilians — perished, per Human Rights Watch, a US-headquartered advocacy organization. It also reports about 4,400 Lebanese were injured, and around 1 million people were displaced. But that’s not all. Iran could encourage terrorist organizations or other proxies to strike inside Saudi Arabia, the United Arab Emirates, and other Gulf nations. Last year, it planned and executed drone strikes on two major Saudi oil facilities deep inside the kingdom, convulsing world markets. Its support for Houthis rebels in Yemen would mostly certainly increase, offering them more weapons and funds to attack Saudi Arabia’s airports, military bases, and energy plants. The US government on April 8, 2019, said it had designated the IRGC as a terrorist organization, marking the first time a US government has made such a designation on a foreign government’s organization. Rouzbeh Fouladi/NurPhoto via Getty Images Experts note that the Islamic Republic likely has sleeper cells in Europe and Latin America, and they could resurface in dramatic and violent ways. In 1994, for example, Iranian-linked terrorists bombed the hub of the Jewish community in Argentina’s capital, Buenos Aires, killing 85 people and injuring roughly 300 more. That remains the largest terrorist attack in Latin America’s history, and the possibility for an even bigger one exists. In 2018, Argentina arrested two men suspected of having ties with Hezbollah. But Chris Musselman, formerly the National Security Council’s counterterrorism director under Trump, told me the US and its allies may have the most trouble containing the proxy swarm in Western Africa. “We could see a conflict that spread quickly to places the US may not be able to protect people, and it’s a fight that we are grossly unprepared for,” he said, adding that there’s a strong Hezbollah presence in the region and American embassy security there isn’t great. Making matters worse, he continued, the US isn’t particularly good at collecting intelligence there, meaning some militants could operate relatively under the radar. “This isn’t really a law enforcement function that US can take on a global scale,” he said. It would require that countries unwittingly hosting proxies to lead on defeating the Iranian-linked fighters, with US support when needed. The chaos would also extend into the cyber realm. Iran is a major threat to the US in cyberspace. Starting in 2011, Iran attacked more than 40 American banks, including JPMorgan Chase and Bank of America. The attack made it so the banks had trouble serving its customers and customers had trouble using the bank’s services. In 2012, Iran released malware into the networks of Saudi Aramco, a major oil company, which erased documents, emails, and other files on around 75 percent of the company’s computers — replacing them with an image of a burning American flag. In the middle of a war, one could imagine Tehran’s hackers wreaking even more havoc. “WE COULD SEE A CONFLICT THAT SPREAD QUICKLY TO PLACES THE US MAY NOT BE ABLE TO PROTECT PEOPLE, AND IT’S A FIGHT THAT WE ARE GROSSLY UNPREPARED FOR” —CHRIS MUSSELMAN, FORMERLY THE NATIONAL SECURITY COUNCIL’S COUNTERTERRORISM DIRECTOR UNDER TRUMP “I would expect them to have begun selected targeting through socially-engineered phishing activities focused on the oil and gas sector, the financial sector and the electric power grid in that order,” Stewart wrote. “There may be instances now where they already have some persistent access. If they do, I expect they would use it, or risk losing the access and employ that capability early in the escalation of the crisis.” Recent reports indicate that Iranian cyberwarriors have stepped up their online operations, with a particular emphasis on preparing to attack US firms. Among other moves, they’re aiming to trick employees at major businesses to hand over passwords and other vital information, giving them greater access to a firm’s networks. “When you combine this increase with past destructive attacks launched by Iranian-linked actors, we’re concerned enough about the potential for new destructive attacks to continue sounding the alarm,” Christopher Krebs, a top cybersecurity official at the Department of Homeland Security, told Foreign Policy last July. Iranian Supreme Leader Ayatollah Ali Khamenei attends a graduation ceremony of the Iranian Navy cadets in the city of Noshahr on September 30, 2015. Office of the Iranian Supreme Leader/Anadolu Agency/Getty Images All of this — proxies striking around the world, cyberattacks on enterprise — would happen while Iran continued to resist conventional American forces. In the Strait of Hormuz, for instance, Iranian sailors could use speedboats to place bombs on oil tankers or place mines in the water to destroy US warships. The Islamic Republic’s submarines would also play a huge part in trying to sink an American vessel. And the nation’s anti-ship missiles and drones could prove constant and deadly nuisances. Should US troops try to enter Iranian territory on land, Iranian ground forces would also push back on them fiercely using insurgent-like tactics while the US painfully marches toward Tehran. Put together, Brewer notes succinctly, a US-Iran war would be “a nasty, brutal fight.” Aftermath: “The worst-case scenarios here are quite serious” Imagine, as we already have, that the earlier stages of strife escalate to a major war. That’s already bad enough. But assume for a moment not only that the fighting takes place, but that the US does the unlikely and near impossible: It invades and overthrows the Iranian regime (which Trump’s former National Security Adviser John Bolton, at least, has openly called for in the past). If that happens, it’s worth keeping two things in mind. First, experts say upward of a million people — troops from both sides as well as Iranian men, women, and children, and American diplomats and contractors — likely will have died by that point. Cities will burn and smolder. Those who survived the conflict will mainly live in a state of economic devastation for years and some, perhaps, will pick up arms and form insurgent groups to fight the invading US force. Second, power abhors a vacuum. With no entrenched regime in place, multiple authority figures from Iran’s clerical and military circles, among others, will jockey for control. Those sides could split into violent factions, initiating a civil war that would bring more carnage to the country. Millions more refugees might flock out of the country, overwhelming already taxed nations nearby, and ungoverned pockets will give terrorist groups new safe havens from which to operate. Iran would be on the verge of being a failed state, if it wasn’t already by that point, and the US would be the main reason why. To turn the tide, America may feel compelled to help rebuild the country at the cost of billions of dollars, years of effort, and likely more dead. It could also choose to withdraw, leaving behind a gaping wound in the center of the Middle East. In some ways, then, what comes after the war could be worse than the war itself. It should therefore not be lost on anyone: A US-Iran war would be a bloody hell during and after the fighting. It’s a good thing neither Trump nor Iran’s leadership currently wants a conflict. But if they change their minds, only carnage follows. “The worst-case scenarios here are quite serious,” Hanna told me.

Read More
Government Business

Designing a Consistent and Accessible Digital Government

Article | March 11, 2022

The COVID-19 virus (C19) pandemic is turning out to be the event of the century. Even World War seems timid in comparison. We are in the 4th month of the virus (in non-China countries) and have gone past the lockdown in many places. Isn’t it time we re-think the approach? What if there is another wave of C19 coming soon? What if C19 is the first of many such events in the future? Before we get into analysis and solution design, summarizing the C19 quirks: While a large section of the affected population is asymptomatic, for some it can be lethal There isn’t clarity on all the ways C19 spreads It’s known to affect the lungs, heart, and kidneys in patients with weak immunity It has been hard to identify a definitive pattern of the virus. Some observations in managing the C19 situation are: With no vaccine in sight, the end of this epidemic looks months or years away Health care personnel in hospitals need additional protection to treat patients Lockdowns lead to severe economic hardship and its repeated application can be damaging Quarantining people has an economic cost, especially in the weaker sections of society If one takes a step back to re-think about this, we are primarily solving 2 problems: Minimise deaths: Minimise the death of C19 and non-C19 patients in this period Maximise economic growth: The GDP output/growth should equal or higher than pre-C19 levels One needs to achieve the 2 goals in an environment of rising number of C19 cases. Minimise deaths An approach that can be applied to achieve this is: Data driven health care capacity planning Build a health repository of all the citizens with details like pre-existing diseases, comorbidity, health status, etc. The repository needs to be updated quarterly to account for patient data changes This health repository data is combined with the C19 profile (disease susceptibility) and/or other seasonal diseases to determine the healthcare capacity (medicines, doctors, etc.) needed The healthcare capacity deficit/excess needs to be analysed in categories (beds, equipment, medicine, personnel, etc.) and regions (city, state, etc.) and actions taken accordingly Regular capacity management will ensure patients aren’t deprived of timely treatment. In addition, such planning helps in the equitable distribution of healthcare across regions and optimising health care costs. Healthcare sector is better prepared to scale-up/down their operations Based on the analysis citizens can be informed about their probability of needing hospitalisation on contracting C19. Citizens with a higher health risk on C19 infection should be personally trained on prevention and tips to manage the disease on occurrence The diagram below explains the process Mechanism to increase hospital capacity without cost escalation Due to the nature of C19, health personnel are prone to infection and their safety is a big issue. There is also a shortage of hospitable beds available. Even non-C19 patients aren’t getting the required treatment because health personnel seek it as a risk. This resulted in, healthcare costs going up and availability reducing. To mitigate such issues, hospital layouts may need to be altered (as shown in the diagram below). The altered layout improves hospital capacity and availability of health care personnel. It also reduces the need for the arduous C19 protection procedures. Such procedures reduce the patient treatment capacity and puts a toll on hospital management. Over a period, the number of recovered C19 persons are going to increase significantly. We need to start tapping into their services to reduce the burden on the system. The hospitals need to be divided into 3 zones. The hospital zoning illustration shown below explains how this could be done. In the diagram, patients are shown in green and health care personnel are in light red. **Assumption: Infected and recovered C19 patients are immune to the disease. This is not clearly established Better enforcement of social factors The other reason for high number of infections in countries like India is a glaring disregard in following C19 rules in public places and the laxity in enforcement. Enforcement covers 2 parts, tracking incidents of violation and penalising the behaviour. Government should use modern mechanisms like crowd sourcing to track incidents and ride on the growing public fear to ensure penalty enforcement succeeds. The C19 pandemic has exposed governance limitations in not just following C19 rules, but also in other areas of public safety like road travel, sanitation, dietary habits, etc. Maximise economic growth The earlier lockdown has strained the economy. Adequate measures need to be taken to get the economy back on track. Some of the areas that need to be addressed are: One needs to evaluate the development needs of the country in different categories like growth impetus factors (e.g. building roads, electricity capacity increase), social factors (e.g. waste water treatment plants, health care capacity), and environmental factors (e.g. solar energy generation, EV charging stations). Governments need to accelerate funding in such projects so that that large numbers of unemployed people are hired and trained. Besides giving an immediate boost to the ailing economy such projects have a future payback. The governments should not get bogged down by the huge fiscal deficit such measures can create. Such a mechanism to get money out in the economy is far than better measures like QE (Quantitative Easing) or free money transfer into people’s bank accounts Certain items like smartphone, internet, masks, etc. have become critical (for work, education, critical government announcements). It’s essential to subsidise or reduce taxes so that these items are affordable and accessible to everyone without a financial impact The government shouldn’t put too many C19 related controls on service offerings (e.g. shops, schools, restaurants, cabs). Putting many controls increases the cost of the service which neither the seller not buyer is willing or able to pay. Where controls are put, the Govt should bear the costs or reduce taxes or figure out a mechanism so that the cost can be absorbed. An event like the C19 pandemic is a great opportunity to rationalise development imbalances in the country. Government funding should be channelized more to under-developed regions. This drives growth in regions that need it most. It also prevents excess migration that has resulted in uncontrolled and bad urbanisation that has made C19 management hard (guidelines like social distance are impossible to follow) Post-C19 lockdown, the business environment (need for sanitizers, masks, home furniture) has changed. To make people employable in new flourishing businesses there could be a need to re-skill people. Such an initiative can be taken up by the public/private sector The number of C19 infected asymptomatic patients is going to keep increasing. Building an economy around them (existing, recovered C19 patients) may not be a far-fetched idea. E.g. jobs for C19 infected daily wage earners, C19 infected taxi drivers to transport C19 patients, etc. In the last 100 years, mankind has conquered the destructive aspects of many a disease and natural mishap (hurricanes, floods, etc.). Human lives lost in such events has dramatically dropped over the years and our preparedness has never been this good. Nature seems to have caught up with mankind’s big strides in science and technology. C19 has been hard to reign in with no breakthrough yet. The C19 pandemic is here to stay for the near future. The more we accept this reality and change ourselves to live with it amidst us, the faster we can return to a new normal. A quote from Edward Jenner (inventor of Small Pox) seems apt in the situation – “The deviation of man from the state in which he was originally placed by nature seems to have proved to him a prolific source of diseases”.

Read More
Government Business

Tech Trends that Affect Governments in 2022

Article | July 11, 2022

Cities, counties, and states are being forced to upgrade or purchase new technology. The old legacy systems are now inadequate, inefficient, and somewhat dangerous because of their vulnerability to hacking. Many of the old systems are almost completely obsolete. They are unable to accommodate new applications. In today’s data driven world, technology modernization leads to less cost, increases in efficiency, fewer requirements for human resources, and huge increases in convenience for citizens. Research on numerous capital improvement plans for cities, counties, and states reveals that funding is being allocated for major technology purchases and upgrades throughout the country. Massachusetts In a bill just signed by the governor, the Act Financing the General Governmental Infrastructure of the Commonwealth, $660 million has been allocated for information technology (IT) needs. Community colleges are scheduled to receive $140 million for cybersecurity, software, hardware, and infrastructure upgrades. Public schools will be eligible for competitive matching grants from a program that received $50 million. Much of the education funding will be used for access to broadband and other digital learning curricula. The IT funding includes $10 million for a statewide data sharing system for all criminal justice agencies and $10 million for the state’s Department of Health. Cities and counties in Massachusetts also will receive funding. Sommerville’s need to acquire modern backup IT appliances and disaster and cybersecurity projects will get funding. The county of Berkshire is granted funding for a study to determine the cost of constructing a municipal broadband network. Avon will receive funding to move the township’s financial software to the cloud for increased security, and Easton will get funding for an e-permitting geographic information system and some technology-based service delivery software. Texas City leaders in Houston plan to spend millions to upgrade some outdated technology. The current computer-aided dispatch (CAD) system is more than 13 years old and has limited functionalities. The city's public safety department is in need of a new system to efficiently respond to police, fire, and medical calls for services. Funding allocations are outlined in the city’s 2021-2025 Capital Improvement Plan. The public safety CAD replacement is scheduled to receive $1 million, and the city has allocated $2.2 million for new budgeting software. Nevada The Las Vegas Public Works Department plans to procure a software solution for the city’s capital improvement project program management system (CPMS). The department is challenged with aging IT infrastructure, reduced resources, and currently, each phase of the CPMS uses separate software applications. This is labor intensive and ineffective. The plan is to have one software solution that tracks and manages all phases of the CPMS, including concept, planning, design, permitting, construction, and closeout. The city has budgeted $350,000 each year from 2021-2025 to complete this project. Virginia The city of Norfolk plans to upgrade its Department of Utilities’ billing system at a cost of $2 million. Over two years, city leaders plan to spend $4 million per year to purchase IT infrastructure. Purchases will include public safety radios, courthouse equipment, an electronic health record system, security appliances, a cybersecurity assessment, and upgrades to e-services platform. The city of Portsmouth will upgrade its financial software beginning in 2021 with full implementation by 2024. The project will include software and hardware upgrades and the streamlining of third-party software. Beginning in 2022, the city will purchase record retention software to house permanent, and eventually all, citywide digital records. Plans also call for updating the city’s public safety records management/computer aided dispatch system at a cost of $900,000. New software will improve mobile computing and analysis tools, management dashboards, and multijurisdictional expandable capabilities for future potential collaborations with surrounding communities. Pennsylvania The city of Philadelphia’s Office of Innovation and Technology has a total of $153.6 million in city tax-supported funding programmed over its six-year FY21-FY26 capital program. Of the $22.5 million recommended, $8.67 million is for major upgrades for network infrastructure stabilization and enhancement. Another $13.83 million will support citywide departmental applications. This funding will be used for replacement of an old tax legacy system, a new personnel accountability system for the fire department, an integrated jail management system, and an enterprise resource platform modernization effort for procurement, accounting, and logistics. In 2021, the city also will design and implement a new fare collection system at a cost of $1.54 million to replace or enhance the current revenue collection equipment. North Carolina The Forsyth County Board of County Commissioners has approved a 2020-2021 annual budget which includes a $6.2 million enterprise resource planning system. The county’s budget, finance, and human resources software programs are in critical need of replacement. In Chatham County, there are plans to replace the current tax office software at a cost of $1 million, and the current software is being evaluated for new purchases. Oregon The city of Salem’s Information Technology Department has announced plans to update its financial system at a cost of $650,000. This upgrade is needed to maintain support of the application and increase functionality. The city also plans to update its enterprise storage array at a cost of $250,000. This equipment is primarily used for enterprise applications including financial services, cash handling, parking, utility billing, police records, and other city records flagged for retention purchases. There is absolutely no doubt – 2021 will be a good year for companies that have new technology to sell to public officials. Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.

Read More

Bond elections catalyze numerous contracting opportunities

Article | September 9, 2020

People often believe that bond elections only fund construction projects. Although it’s true that construction opportunities do occur when bond packages are approved, sales of certificates of obligation or general obligation spawn hundreds of other contracting opportunities. Companies that provide services related to technology, energy systems, furniture, landscaping, and security also benefit. Voters already have approved an abundance of bond packages this year, and more are pending in November elections. Although it’s true that construction opportunities do occur when bond packages are approved, sales of certificates of obligation or general obligation spawn hundreds of other contracting opportunities. Georgia The state of Georgia has funding of $1.133 billion that will be used for new projects, the purchasing of equipment, repairs and renovations to existing facilities. Some of it will also be used to launch new construction projects. School districts have been allocated approximately $378 million and $302 million is available for projects at the University System of Georgia. The Department of Transportation will receive over $152 million for roads, bridges, and rail projects, and the Technical College System of Georgia will receive approximately $99 million for various projects. The state also allocated $20 million for a new conference center at Lake Lanier Island and $12 million for infrastructure improvements at the Georgia World Congress Center in Atlanta. West Virginia The Cabell County Board of Education authorized the issuance of $87.5 million in public school bonds after it was approved by voters in August. Architectural firms and design teams will be in high demand soon as construction is planned for early 2021. Projects include rebuilding Meadows Elementary and Milton Elementary and construction of a new Davis Creek Elementary facility. Other school buildings will receive major renovations including new windows, doors, roofing, HVAC systems, sprinkler systems, and security upgrades. New York Bond funds were approved in Lewis County for a $33 million capital project to construct a new surgical pavilion and renovation of the existing Medical-Surgical floor. Bidding will be solicited in January and February 2021 with construction to begin immediately. The project includes construction of a 36,224 square-foot surgical pavilion as well as the renovation of about 18,889 square feet of the existing Medical-Surgical inpatient floor. California The state of California recently announced the sale of $2.65 billion of revenue bonds to benefit various projects at the University of California (UC). About $1.15 billion will be spent on campus projects. Regents for the university system announced that about than 50 construction projects at all 10 UC campuses are planned. Projects include improvements to the Agriculture and Natural Resources Research and Extension Center and Franz Hall. Seismic upgrades are planned for the Irvine Campus, the engineering tower, four gateway quad buildings, and the social sciences buildings. More earthquake-resistant improvements will be made at a number of additional facilities. Louisiana In August, $140 million in bonds were approved for construction of a new high school and the completion of 13 other construction and improvement projects for Ascension Parish Public Schools. Approximately $79.5 million has been set aside for a new high school which will be located in Prairieville. Solicitation documents for contractors will be released in 2021. Other projects that have been approved include $27 million in renovations at East Ascension High School, $7.5 million for artificial turf at four high school stadiums plus the stadium at the new high school, $4.4 million for a classroom addition at St. Amant Primary, and $2.3 million for improvements at Donaldsonville High School. Texas Voters recently approved $76.6 million for the Plainview Independent School District and this funding will be used to consolidate and restructure elementary and middle school facilities. Some of the revenue will also be used to update security and technology. The proposed building plan consolidates six elementary campuses into three with pre-K programs and increased capacity at each campus. Some solicitation documents are expected in November, and others are planned for early 2021. Hawaii The state of Hawaii successfully sold $995 million of general obligation bonds, and the funding will be used to finance capital improvements for various public buildings, elementary and secondary schools, community college and university facilities, public libraries, and parks. As 2020 draws to a close over the next few months, millions more in funding for all types of projects will result as November bond packages are placed on the ballot for voter approval. Even in the midst of a pandemic, public assets must be maintained, expanded, and made safe for citizens. The activity generated by the bond elections stimulates local economies, and the projects that result create thousands of jobs as well. Mary Scott Nabers is president and CEO of Strategic Partnerships Inc., a business development company specializing in government contracting and procurement consulting throughout the U.S. Her recently released book, Inside the Infrastructure Revolution: A Roadmap for Building America, is a handbook for contractors, investors and the public at large seeking to explore how public-private partnerships or joint ventures can help finance their infrastructure projects.

Read More
MORE ARTICLES

Spotlight

City of Lawrence, KS

Lawrence is a diverse and multifaceted city that provides many of the amenities of a large metropolitan area, while still maintaining a strong sense of community. Located in Northeast Kansas, Lawrence is just 45 minutes west of Kansas City, and 30 minutes east of Topeka, the state capital. Lawrence offers a rich and fascinating history, a wide range of exciting cultural experiences, nationally recognized educational institutions, and some of the most unique and enjoyable shopping opportunities in the Midwest.

Related News

Emerging Technology, Cybersecurity

Red River Secures Army ITES-3S Contract

Businesswire | March 23, 2023

Red River, a technology transformation company serving government and enterprise customers, today announced that it is now an authorized provider on the U.S. Army’s Information Technology Enterprise Solutions 3 Services (ITES-3S) contract. Awarded by the Computer Hardware, Enterprise Software and Solutions (CHESS) and the Army Contracting Command - Rock Island (ACC-RI), ITES-3S is a nine-year, $12.1 billion, indefinite delivery indefinite quantity (IDIQ) contract. The ITES-3S IDIQ will provide a broad range of enterprise information technology services and support to the U.S. Army and other authorized Federal Government agencies. Types of information technology services available through the ITES-3S IDIQ include Program Management; Cybersecurity/Information Assurance; Enterprise Design, Integration and Consolidation; Network/Systems Operation and Maintenance; Telecommunications; Supply Chain Management; Operation and Maintenance; Business Process Engineering; and Information Technology Education and Training. This award demonstrates Red River’s longstanding commitment to providing superior professional services to the U.S. Army and the opportunity to continue to serve and support the men and women in uniform at home and abroad. Red River has more than 25 years as a trusted technology and services provider to the U.S. government and Department of Defense (DoD). “We are excited to continue our longstanding history of supporting the technology services needs of the Army and other government agencies supported through this contract vehicle,” said Brian Roach, CEO for Red River. “We look forward to collaborating with DoD technology leaders to support their mission requirements in areas such as cybersecurity, managed services, cloud, infrastructure and collaboration. This is a significant addition to our contracts portfolio and strengthens our position as a leading technology and services provider to the DoD and the U.S. government as a whole.” About Red River Red River brings together the ideal combination of talent, partners and products to disrupt the status quo in technology and drive success for business and government in ways previously unattainable. Red River serves organizations well beyond traditional technology integration, bringing more than 25 years of experience and mission-critical expertise in managed services, cybersecurity, infrastructure, collaboration and cloud solutions.

Read More

Emerging Technology

New Iridium Certus Service Providers to Support U.S. Government Customers

Iridium Communications | October 13, 2022

Iridium Communications Inc. (Nasdaq: IRDM) announced today that Iridium partners MetOcean Telematics, NAL Research, and Trace Systems are now Iridium Certus® service providers for U.S. government customers, joining Satcom Direct, in this capacity. These unique, long-term deals will allow these companies to provide Iridium's secure global satellite broadband and midband connectivity for mobile voice and data services to the U.S. government through a dedicated gateway. By leveraging the inherent advantages of the Iridium® network, including truly global, on-the-move L-band connectivity, MetOcean Telematics, NAL Research, and Trace Systems are now able to deliver enhanced capabilities that meet Communications Security (ComSec) requirements for the Department of Defense (DoD) and warfighter. These capabilities include global and resilient voice, data and 1080 HD live-action video over satcom across all domains (land, maritime and air) on the move. The service also serves as the "ACE in PACE" – alternate, contingent or emergency communications link, supports early entry communications packages and command and control for autonomous or uncrewed systems and data backhaul. Whether in high-risk combat zones or during inclement weather events, the Iridium network provides uncompromising satellite communications that keeps users connected when it's needed most. Iridium Certus™ terminals enable U.S. government users to securely connect remote assets to respective command and control centers in the U.S. in a cost-effective and secure manner, from anywhere in the world. "Iridium Certus continues to provide mission-critical broadband and midband capabilities to the modern warfighter and we're excited to add new service providers to expand the distribution of these offerings, With the addition of Iridium Certus for the government, these partners will play a critical role in supporting DoD personnel as they utilize this value-added service." -Scott Scheimreif, Executive Vice President of Government Programs, Iridium. Unique in the satellite industry, Iridium Certus is the only broadband service that provides highly reliable, truly global, weather-resilient connectivity for on-the-move internet and high-quality voice access. Iridium Certus terminals are low-profile, compared to the competition, and capable of maintaining broadband connectivity in fast-paced, unpredictable environments on land, at sea, in the air — and can do it without landing in or passing through non-U.S. territories. Iridium Communications Inc: Iridium® is the only mobile voice and data satellite communications network that spans the entire globe. Iridium enables connections between people, organizations and assets to and from anywhere, in real time. Together with its ecosystem of partner companies, Iridium delivers an innovative and rich portfolio of reliable solutions for markets that require truly global communications. In 2019, the company completed a generational upgrade of its satellite network and launched its new specialty broadband service, Iridium Certus®. Iridium Communications Inc. is headquartered in McLean, Va., U.S.A., and its common stock trades on the Nasdaq Global Select Market under the ticker symbol IRDM.

Read More

Cybersecurity

One Year In, Cyber Executive Order Progress is Under Way, But Early Stage

MeriTalk | May 06, 2022

Ninety-one percent of Federal cybersecurity decision-makers say the 2021 Executive Order (EO) on Improving the Nation’s Cybersecurity has made U.S. data and critical infrastructure safer, but just 28 percent say significantly safer, according to Impact Assessment: Cyber EO Year One, a new study from MeriTalk, a public-private partnership focused on improving the outcomes of government information technology (IT). The report explores perspectives on progress against Cyber EO goals, identifies what successful agencies do differently, and finds the fault lines where agency cyber leaders say they need more help to succeed. Most Federal cyber decision-makers (78 percent) agree the steps outlined in the Cyber EO are necessary to protect our nation. Implementing software supply chain security and migrating to a zero-trust architecture are the two most important factors for national cybersecurity, the research highlights. And, while just 15 percent have seen tangible improvements because of EO efforts to date, a significant portion expects to see an impact within the next year. Federal cyber leaders confirm initial progress in areas including vulnerability detection, software supply chain security, vulnerability response, and investigative and remediation capabilities. Just over half confirm IT management and staff are placing increased priority on cybersecurity, and just over half are collecting more cyber data than in the past. But, across the board, progress against EO goals is still in the early stages. Fewer than half rate their agencies’ progress against key EO goals as “excellent.” For example, 36 percent rate progress toward creating a formal strategy as excellent; 34 percent rate progress toward investing in endpoint detection and response (EDR) as excellent; and, 33 percent rate progress migrating to secure cloud solutions, as excellent. When asked about the importance of zero trust, 82 percent agree that allocating staff and budget resources to zero trust is vital to national security and almost all, 96 percent, agree the Federal zero trust strategy is somewhat or very helpful. Despite the high priority, just 30 percent of Federal cyber decision-makers rate their zero trust progress as “excellent” and many, 67 percent, say the EO’s three-year window for implementing a zero trust architecture is not realistic. Zero Trust is the gold standard for cybersecurity, so we're encouraged to see the EO is prioritizing that approach. In addition, cloud-native endpoint detection and response capabilities can significantly strengthen the cybersecurity posture for the federal government, especially when integrated with other security capabilities including identity security, threat intelligence, and managed threat hunting. These concepts have become cybersecurity best practices for the private sector’s most technologically advanced businesses, and we encourage the public sector to continue to embrace these technologies and strategies.” Drew Bagley, vice president and counsel for Privacy and Cyber Policy, CrowdStrike “Getting to zero trust is not easy. The detail provided in the multi-step guidance from OMB provides a path, but there is no single box you can buy to meet the varied needs of the five zero trust pillars,” says Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs, Zscaler. “You need multiple solutions from varying vendors that work together with seamless integration to achieve true zero trust – it is a team sport. OMB has done a good job in helping to define those rules, with rule one being to keep users off the network. If they can’t reach you, they can’t breach you.” Funding is another roadblock. Just 14 percent report they have all funding needed to meet Cyber EO requirements. One-third say they have half, or less than half, of the funding needed. “The sea change is the focus on comprehensive cyber resiliency,” says Nicole Burdette, principal, MeriTalk. “The EO provided direction, and Federal cyber leaders are now doing the hard work. But progress requires sustained funding and resource commitment. The research shows the gaps.” “The U.S. federal government is taking important steps to improve the nation’s cybersecurity posture,” said Dave Levy, Vice President of U.S. Government, Nonprofit, and Healthcare at Amazon Web Services (AWS). “In the Cyber EO, the White House directs federal agencies to adopt security best practices, implement zero trust architectures, and accelerate migration to secure cloud services. Organizations of all sizes should consider similar principles and practices to enhance their cybersecurity and protect employees and sensitive data against cyberattack.” What are the leaders doing differently? Cyber EO champions (leaders who give their agency’s EO progress an A) are predictably more likely than their peers to say they have all the funding they need. They are also more likely to have their chief information officer (CIO) leading their zero-trust implementation (67 percent to 28 percent). When asked for perspectives on what’s needed to achieve cyber progress, the research identified the Federal wish list: Workforce training and expertise Stronger executive buy-in Detailed direction from agency IT leadership Centers of Excellence (COEs) in the government to lend expertise Three-fourths of Federal cyber decision-makers also say the EO should have been more authoritative with private-sector directives. The Impact Assessment: Cyber EO Year One report is based on an online survey of more than 150 Federal cybersecurity decision-makers familiar with their agencies’ cybersecurity initiatives, including zero trust strategies, in March 2022 and is underwritten by Amazon Web Services (AWS), CrowdStrike, and Zscaler. The report has a margin of error of ±7.7 percent at a 95 percent confidence level. About MeriTalk The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Our award-winning editorial team and world-class events and research staff produces unmatched news, analysis, and insight. The goal: a more efficient, responsive, and citizen-centric government. MeriTalk connects with an audience of 160,000 Federal community contacts.

Read More

Emerging Technology, Cybersecurity

Red River Secures Army ITES-3S Contract

Businesswire | March 23, 2023

Red River, a technology transformation company serving government and enterprise customers, today announced that it is now an authorized provider on the U.S. Army’s Information Technology Enterprise Solutions 3 Services (ITES-3S) contract. Awarded by the Computer Hardware, Enterprise Software and Solutions (CHESS) and the Army Contracting Command - Rock Island (ACC-RI), ITES-3S is a nine-year, $12.1 billion, indefinite delivery indefinite quantity (IDIQ) contract. The ITES-3S IDIQ will provide a broad range of enterprise information technology services and support to the U.S. Army and other authorized Federal Government agencies. Types of information technology services available through the ITES-3S IDIQ include Program Management; Cybersecurity/Information Assurance; Enterprise Design, Integration and Consolidation; Network/Systems Operation and Maintenance; Telecommunications; Supply Chain Management; Operation and Maintenance; Business Process Engineering; and Information Technology Education and Training. This award demonstrates Red River’s longstanding commitment to providing superior professional services to the U.S. Army and the opportunity to continue to serve and support the men and women in uniform at home and abroad. Red River has more than 25 years as a trusted technology and services provider to the U.S. government and Department of Defense (DoD). “We are excited to continue our longstanding history of supporting the technology services needs of the Army and other government agencies supported through this contract vehicle,” said Brian Roach, CEO for Red River. “We look forward to collaborating with DoD technology leaders to support their mission requirements in areas such as cybersecurity, managed services, cloud, infrastructure and collaboration. This is a significant addition to our contracts portfolio and strengthens our position as a leading technology and services provider to the DoD and the U.S. government as a whole.” About Red River Red River brings together the ideal combination of talent, partners and products to disrupt the status quo in technology and drive success for business and government in ways previously unattainable. Red River serves organizations well beyond traditional technology integration, bringing more than 25 years of experience and mission-critical expertise in managed services, cybersecurity, infrastructure, collaboration and cloud solutions.

Read More

Emerging Technology

New Iridium Certus Service Providers to Support U.S. Government Customers

Iridium Communications | October 13, 2022

Iridium Communications Inc. (Nasdaq: IRDM) announced today that Iridium partners MetOcean Telematics, NAL Research, and Trace Systems are now Iridium Certus® service providers for U.S. government customers, joining Satcom Direct, in this capacity. These unique, long-term deals will allow these companies to provide Iridium's secure global satellite broadband and midband connectivity for mobile voice and data services to the U.S. government through a dedicated gateway. By leveraging the inherent advantages of the Iridium® network, including truly global, on-the-move L-band connectivity, MetOcean Telematics, NAL Research, and Trace Systems are now able to deliver enhanced capabilities that meet Communications Security (ComSec) requirements for the Department of Defense (DoD) and warfighter. These capabilities include global and resilient voice, data and 1080 HD live-action video over satcom across all domains (land, maritime and air) on the move. The service also serves as the "ACE in PACE" – alternate, contingent or emergency communications link, supports early entry communications packages and command and control for autonomous or uncrewed systems and data backhaul. Whether in high-risk combat zones or during inclement weather events, the Iridium network provides uncompromising satellite communications that keeps users connected when it's needed most. Iridium Certus™ terminals enable U.S. government users to securely connect remote assets to respective command and control centers in the U.S. in a cost-effective and secure manner, from anywhere in the world. "Iridium Certus continues to provide mission-critical broadband and midband capabilities to the modern warfighter and we're excited to add new service providers to expand the distribution of these offerings, With the addition of Iridium Certus for the government, these partners will play a critical role in supporting DoD personnel as they utilize this value-added service." -Scott Scheimreif, Executive Vice President of Government Programs, Iridium. Unique in the satellite industry, Iridium Certus is the only broadband service that provides highly reliable, truly global, weather-resilient connectivity for on-the-move internet and high-quality voice access. Iridium Certus terminals are low-profile, compared to the competition, and capable of maintaining broadband connectivity in fast-paced, unpredictable environments on land, at sea, in the air — and can do it without landing in or passing through non-U.S. territories. Iridium Communications Inc: Iridium® is the only mobile voice and data satellite communications network that spans the entire globe. Iridium enables connections between people, organizations and assets to and from anywhere, in real time. Together with its ecosystem of partner companies, Iridium delivers an innovative and rich portfolio of reliable solutions for markets that require truly global communications. In 2019, the company completed a generational upgrade of its satellite network and launched its new specialty broadband service, Iridium Certus®. Iridium Communications Inc. is headquartered in McLean, Va., U.S.A., and its common stock trades on the Nasdaq Global Select Market under the ticker symbol IRDM.

Read More

Cybersecurity

One Year In, Cyber Executive Order Progress is Under Way, But Early Stage

MeriTalk | May 06, 2022

Ninety-one percent of Federal cybersecurity decision-makers say the 2021 Executive Order (EO) on Improving the Nation’s Cybersecurity has made U.S. data and critical infrastructure safer, but just 28 percent say significantly safer, according to Impact Assessment: Cyber EO Year One, a new study from MeriTalk, a public-private partnership focused on improving the outcomes of government information technology (IT). The report explores perspectives on progress against Cyber EO goals, identifies what successful agencies do differently, and finds the fault lines where agency cyber leaders say they need more help to succeed. Most Federal cyber decision-makers (78 percent) agree the steps outlined in the Cyber EO are necessary to protect our nation. Implementing software supply chain security and migrating to a zero-trust architecture are the two most important factors for national cybersecurity, the research highlights. And, while just 15 percent have seen tangible improvements because of EO efforts to date, a significant portion expects to see an impact within the next year. Federal cyber leaders confirm initial progress in areas including vulnerability detection, software supply chain security, vulnerability response, and investigative and remediation capabilities. Just over half confirm IT management and staff are placing increased priority on cybersecurity, and just over half are collecting more cyber data than in the past. But, across the board, progress against EO goals is still in the early stages. Fewer than half rate their agencies’ progress against key EO goals as “excellent.” For example, 36 percent rate progress toward creating a formal strategy as excellent; 34 percent rate progress toward investing in endpoint detection and response (EDR) as excellent; and, 33 percent rate progress migrating to secure cloud solutions, as excellent. When asked about the importance of zero trust, 82 percent agree that allocating staff and budget resources to zero trust is vital to national security and almost all, 96 percent, agree the Federal zero trust strategy is somewhat or very helpful. Despite the high priority, just 30 percent of Federal cyber decision-makers rate their zero trust progress as “excellent” and many, 67 percent, say the EO’s three-year window for implementing a zero trust architecture is not realistic. Zero Trust is the gold standard for cybersecurity, so we're encouraged to see the EO is prioritizing that approach. In addition, cloud-native endpoint detection and response capabilities can significantly strengthen the cybersecurity posture for the federal government, especially when integrated with other security capabilities including identity security, threat intelligence, and managed threat hunting. These concepts have become cybersecurity best practices for the private sector’s most technologically advanced businesses, and we encourage the public sector to continue to embrace these technologies and strategies.” Drew Bagley, vice president and counsel for Privacy and Cyber Policy, CrowdStrike “Getting to zero trust is not easy. The detail provided in the multi-step guidance from OMB provides a path, but there is no single box you can buy to meet the varied needs of the five zero trust pillars,” says Stephen Kovac, Chief Compliance Officer and Head of Global Government Affairs, Zscaler. “You need multiple solutions from varying vendors that work together with seamless integration to achieve true zero trust – it is a team sport. OMB has done a good job in helping to define those rules, with rule one being to keep users off the network. If they can’t reach you, they can’t breach you.” Funding is another roadblock. Just 14 percent report they have all funding needed to meet Cyber EO requirements. One-third say they have half, or less than half, of the funding needed. “The sea change is the focus on comprehensive cyber resiliency,” says Nicole Burdette, principal, MeriTalk. “The EO provided direction, and Federal cyber leaders are now doing the hard work. But progress requires sustained funding and resource commitment. The research shows the gaps.” “The U.S. federal government is taking important steps to improve the nation’s cybersecurity posture,” said Dave Levy, Vice President of U.S. Government, Nonprofit, and Healthcare at Amazon Web Services (AWS). “In the Cyber EO, the White House directs federal agencies to adopt security best practices, implement zero trust architectures, and accelerate migration to secure cloud services. Organizations of all sizes should consider similar principles and practices to enhance their cybersecurity and protect employees and sensitive data against cyberattack.” What are the leaders doing differently? Cyber EO champions (leaders who give their agency’s EO progress an A) are predictably more likely than their peers to say they have all the funding they need. They are also more likely to have their chief information officer (CIO) leading their zero-trust implementation (67 percent to 28 percent). When asked for perspectives on what’s needed to achieve cyber progress, the research identified the Federal wish list: Workforce training and expertise Stronger executive buy-in Detailed direction from agency IT leadership Centers of Excellence (COEs) in the government to lend expertise Three-fourths of Federal cyber decision-makers also say the EO should have been more authoritative with private-sector directives. The Impact Assessment: Cyber EO Year One report is based on an online survey of more than 150 Federal cybersecurity decision-makers familiar with their agencies’ cybersecurity initiatives, including zero trust strategies, in March 2022 and is underwritten by Amazon Web Services (AWS), CrowdStrike, and Zscaler. The report has a margin of error of ±7.7 percent at a 95 percent confidence level. About MeriTalk The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Our award-winning editorial team and world-class events and research staff produces unmatched news, analysis, and insight. The goal: a more efficient, responsive, and citizen-centric government. MeriTalk connects with an audience of 160,000 Federal community contacts.

Read More

Events