menu

Archived Government Notes
Published in 2020
Permanent URL

Cybersecurity Must Be Embedded in Every Aspect of Government Technology

by Allison Patrick, Senior Vice President, MAXIMUS Federal

While cybersecurity has evolved, it has not kept pace with cyber threats that have become increasingly sophisticated.

Cybersecurity has never been more important for every level of our government.

The hacking attempts at major federal agencies have raised the profile of nefarious actors who use their highly advanced cyber skills to exploit both security and the vulnerabilities created by human error. Just last month, the Department of Defense confirmed that computer systems controlled by the Defense Information Systems Agency had been hacked, exposing the personal data of about 200,000 people.

Additionally, the Department of Justice recently charged four members of the Chinese military for their roles in the 2017 Equifax breach that exposed the information of 145 million Americans. The hackers were accused of exploiting software vulnerability to gain access to Equifax’s computers. They are charged with obtaining log-in credentials that they used to navigate databases and review records.

 Read full story at NextGov

first published week of:   03/23/2020

Permanent URL

DARPA's New Hardware Proves Tough to Crack

by  Lauren C. Williams

The Defense Department's top research body is betting big on the theory that better cybersecurity starts with hardware, and so far it's proving to be right.

About halfway into its three-month bug bounty program called Finding Exploits to Thwart Tampering (FETT), crowd-sourced hackers haven't yet been able to crack the Defense Advanced Research Projects Agency's System Security Integrated Through Hardware and Firmware (SSITH) program.

 "I'm happy to report, as of today, no one has successfully penetrated our SSITH defenses Keith Rebello, DARPA

"I'm happy to report, as of today, no one has successfully penetrated our SSITH defenses," Keith Rebello, the program manager for the microsystems technology office at DARPA, said during the agency's microelectronics conference Aug. 18.

DARPA is moving to incorporate the system to fit DOD's needs, and the technology is now being used in commercial application-specific integrated circuit designs, Rebello said. DARPA is planning to create SSITH application-specific chips for DOD applications.

Rebello said continuous monitoring for software vulnerabilities, which can often target underlying hardware, can hinder computer systems' performance while better hardware that can detect and prevent cyberattacks would "obviate the need for software patches," he said.

 Read full story at FCW

first published week of:   08/31/2020

Permanent URL

Deputy Fed CIO Roat Makes the Case for Data Investments to Drive Decision Making

by Katie Malone

Since the COVID-19 pandemic brought new attention to the need for a “faster path to maturing data sharing protocols,” government leaders must look ahead to how data can continue to inform decision making as capabilities mature and improve, Deputy Federal CIO Maria Roat said today.

“The amount of data that was shared across the Federal government, how we use it, how we leverage each other’s capabilities was significant,” she said at FCW’s Department of Defense Cloud Workshop. “But how do we do that and how do we mature that capability, where data is frequently updated, and it’s incorporated into decision making models?”

The accelerated investments in data helped government agency use emerging technology and apply advanced analytics to inform decision making, Roat explained. Ultimately, the data investments led to improved consistency, clarity of results, project transparency, and mission stories that demonstrate value across agencies. Now, Roat is pivoting to looking ahead at how the Federal government can “continue informing decision making using better data and as we mature and improve our data capabilities.”

 Read full story at MeriTalk

first published week of:   07/27/2020

Permanent URL

DHS Officials Discuss Latest Cyber Tools, Insist Knowing the Network is Key

by Katie Malone

As government cybersecurity practices shifted to adjust to the increase in telework during the COVID-19 pandemic, officials from the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) previewed cyber tools offered by the agencies, but reminded Feds that knowing the network architecture is an early and necessary step toward selecting the correct protections.

“The key here is … the ability to manage your risk profile,” DHS CIO Karen Evans said at the August 5 Securing the Telework Workforce event. “You have to really know what is the risk tolerance of what your leadership, what your users, what they need to be able to sustain and then engineer solutions to that.”

Evans and CISA CTO Brian Gattoni discussed the importance of understanding the cyber environment and risk tolerance in terms of Continuous Diagnostics and Mitigation (CDM) program application. As a user of CDM, Evans explained that they must understand what the agency is managing to see what can be monitored on a continuous basis from a technical perspective.

 Read full story at MeriTalk

first published week of:   08/10/2020

Permanent URL

Dispatch Centers Upgrade 911 Systems in the Face of Cyberthreats

by wylie wong


Officials focus on new and developing measures to protect against DDoS attacks, hackers and ransomware.

When a local teenage hacker wrote malware that caused iPhones to automatically and repeatedly dial 911, the Maricopa County (Ariz.) Sheriff’s Office experienced firsthand the damage a cyberattack can inflict on call centers.

The distributed denial of service attack flooded emergency call centers last October with bogus calls, in Arizona as well as 11 other states, nearly crashing several systems over a 12-hour period.

The hacker initially spread the malware through a link in a tweet. The malicious code propagated as others shared the link. MCSO deputies stopped the attack when they figured out its origin, arrested the hacker and contacted Twitter to delete the tweets. Apple then patched its iOS software.

While the DDoS attack exploited an Apple software flaw and was not the fault of 911 technology, it reveals the vulnerability of dispatch centers everywhere to cyberthreats.

 Read full story at StateTech

first published week of:   01/13/2020

Permanent URL

DOD Awards Microsoft Its JEDI Cloud Contract

by phil goldstein

The DOD calls JEDI a “general purpose” cloud for Infrastructure as a Service and Platform as a Service, which sits at the top of its cloud hierarchy.

At long last, on Oct. 25, the Defense Department awarded its Joint Enterprise Defense Infrastructure cloud contract to Microsoft. In awarding the contract to Microsoft over rival Amazon Web Services, the DOD is seeking to move beyond the long-running acquisition saga and actually start deploying commercial cloud capabilities for Infrastructure as a Service and Platform as a Service.

The first request for information on JEDI was released to industry nearly two years ago. The 10-year contract is expected to be worth up to $10 billion over 10 years if all of the options are exercised. The DOD says that it projects that user adoption will drive an estimated $210 million of spending during the two-year base period. “The DOD will rigorously review contract performance prior to the exercise of any options,” the department said in a statement.

As The New York Times reports:

 The contract has an outsize importance because it is central to the Pentagon’s efforts to modernize its technology. Much of the military operates on 1980s and 1990s computer systems, and the Defense Department has spent billions of dollars trying to make them talk to one another. 

“The National Defense Strategy dictates that we must improve the speed and effectiveness with which we develop and deploy modernized technical capabilities to our women and men in uniform,” DOD CIO Dana Deasy said in a statement

 Read full story at FedTech

first published week of:   11/09/2020

Permanent URL

DoJ Will Reportedly Limit Social Media Companies' Speech Protections

by igor bonifacic

The Justice Department plans to announce a proposed rollback of Section 230 of the 1996 Communications Decency Act as early as today, according to The Wall Street Journal. If adopted by Congress, the legislation would reportedly push internet companies like Twitter, Facebook and Google to be more proactive in removing harmful and illegal content from their platforms, as well as be "fairer and more consistent" in how they take down content they say is questionable.

The proposal comes just weeks after President Donald Trump signed an executive order in which he directed the Federal Communications Commission to clarify the scope of Section 230. In the same order, he also called on the Federal Trade Commission to take action against companies that limit their users' speech in ways that aren't detailed in their terms of service. According to Wall Street Journal, the proposal touches on some of the same concerns as President Trump's executive order, while also recommending more broadly weakening some of the legal protections tech companies have enjoyed over the past two decades.

 Read full story at Engadget

first published week of:   06/22/2020

Permanent URL

Drones Are Helping Texas First Responders Plan for the Worst

by ashley rose


( Shutterstock/Tyler Olson )

A new undertaking by the North Central Texas Emergency Communications District is relying on drones to create 3-D models of certain areas, like schools, to enable a better response should a threat arise.

School officials say keeping students safe is their No. 1 priority. One local emergency telecommunications agency is hoping to help them.

The North Central Texas Emergency Communications District is using unmanned aerial systems — also known as drones — to create 3D models of certain areas to help first responders find exactly where 911 callers or threats are located, even down to the floor the person is on. Their first stop was at Rio Vista ISD.

NCT911 is engaged in the planning, implementation and maintenance of an emergency 911 system for more than 40 public safety answering points in 13 counties surrounding the Dallas-Fort Worth Metroplex, according to its website.

 Read full story at GovTech

first published week of:   02/03/2020

Permanent URL

Election Security 2020: States Secure Election Systems with Help from Feds

by jen miller

The Department of Homeland Security and the U.S. Election Assistance Commission help states mitigate potential cybersecurity threats.

In 2017, the U.S. Department of Homeland Security designated voting systems as critical infrastructure, which has made a big difference in the resources available to states to secure elections.

Paul Pate, Iowa Secretary of State and president of the National Association of Secretaries of State, says, “with a little work, we were able to make the connection to federal resources,” although things were bumpy at the start.

State and local election officials aren’t being left in the dark, despite the general decentralized nature of elections in the U.S. With key federal agencies giving states tools they never had before and allowing states to share information and potential threats with federal agencies, officials all over the country are working together to make sure voting is technically secure.

For states, the DHS’ Cybersecurity and Infrastructure Security Agency can conduct cybersecurity assessments on local election systems, attack detection and prevention; share information about attacks and threats; and train cybersecurity personnel on election matters. The “tabletop in a box” cybersecurity exercises — a 58-page guide that lets states run their own scenarios — became available in 2018.

 Read full story at StateTech

first published week of:   05/04/2020

Permanent URL

Everything You Ever Wanted to Know About Mobile Mapping

by  Sean Higgins

Explaining the tools and technology behind mobile mapping devices for experienced laser scanning professionals looking to make the jump to this new technology.

In its short life, the market for 3D as-built documentation technology has seen considerable innovation. Among the myriad new tools to hit this market, nothing has changed the way we capture buildings as much as mobile mapping devices.

For experienced laser scanning professionals looking to make the jump to mobile mapping, this article will provide all the answers. We’ll explain what a mobile mapper is, talk about how it’s different from a terrestrial laser scanner, and explore the technology that makes reality capture at a walking speed possible.

We’ll also explore the unique benefits of these tools for as-built documentation – with some hard numbers that quantify exactly how much these tools can help your projects – and then talk about the ways these benefits can transform your business and improve your competitive edge.

 Read full story at xyHt

first published week of:   10/05/2020

current issue