Cybersecurity is usually framed in terms of IT – from malware to phishing to ransomware, federal agencies are paying attention to securing their networks and endpoints. But leaders often overlook security measures for operational technology (OT) and industrial control systems (ICS), such as building automation systems, physical access control systems, physical environment monitoring systems, and implementing a zero trust architecture. In...

The advent of the pandemic in early 2020 demonstrates the truth of the old saying, “necessity is the mother of invention.” State and local governments that had been hesitant to adopt artificial intelligence (AI) and machine learning (ML) in their IT suddenly had to cope with huge citizen demand for services such as unemployment assistance, while simultaneously providing the capability for their own employees to work remotely. A sur...

When the White House issued Executive Order 14028, “Improving the Nation's Cybersecurity” in May 2021, it established the framework for the Office of Management and Budget’s January 2022 memorandum directing all agencies to implement a Federal Zero Trust Strategy. The Department of Defense has now released its own Zero Trust Strategy and Roadmap, which spells out its four high-level, integrated strategic goals in achieving ze...

Much of cybersecurity is focused on protecting users’ identities and personal information. This approach has numerous benefits, not just for the individual users but for the systems with which they interact – it protects people from malicious activities such as identity theft, while it also cuts down on bad actors stealing credentials to enter IT systems and wreak havoc, from ransomware to data exfiltration. The National Institute...

Many federal agencies, especially – but not limited to – the Department of Defense rely on warehousing as an essential part of their logistics operations and asset management strategies. The pandemic highlighted how quickly supply chain issues, especially with regard to IT, can snarl the availability of parts and finished products. Agencies dependent on the smooth flow of parts and finished products suffered in meeting their missio...

Government agencies below the federal level – whether state, local, tribal, or territorial (SLTT) – face the same cyber threats as their national counterparts, but without the same level of resources dedicated to their protection. To help address this problem, in September the Department of Homeland Security announced two new grant programs specifically to boost cybersecurity for SLTT agencies, and published the Notice of Funding O...

One of the major challenges for IT administrators and staff during the recent pandemic was the explosion of the network as working from home became the norm. Agencies that didn’t already have a good handle on the number of devices connected to their networks or how those devices were configured found themselves overwhelmed by the vast expansion of their vulnerable attack surface. Since that time, the attack surface has continued to expan...

The push for digital modernization by government at all levels has been under way for several years now. State and local governments had to scramble during the pandemic to find ways to support employees working remotely, adding momentum to the modernization push. Despite the need, IT budgets haven’t kept up – from staffing issues to costly legacy infrastructure, state and local agencies are struggling to find ways to maximize the v...

As agencies pursue their zero trust goals in line with Executive Order 14028, “Improving the Nation’s Cybersecurity,” and the Office of Management and Budget’s memorandum setting a Federal Zero Trust Strategy, it is easy to focus on technology solutions. But that overlooks something fundamental about both the challenge and the purpose of moving to zero trust – the human beings that actually will use the redesigned...

Delivering excellent, equitable, and secure federal services for an outstanding customer experience is a priority that comes from the President’s Management Agenda. Achieving that goal can be helped by learning from a different mindset found mostly in the private sector – product management. Excellent experiences don’t just happen—they need to be designed in a deliberate manner. In a traditional software build, long per...