March 13, 2018
Federal IT Change and the Leaders Making It Happen
2018 will bring the most change on the federal IT front in the past two decades, with the move to mobile being a major catalyst.
Congress and the White House have made it very clear that they expect federal agencies to increase both IT performance and efficiency by adopting new technologies, including cloud and mobile.
Calls for IT change in the federal space aren't new. But critically, for the first time, there is a potential funding mechanism for upgrading legacy technology. The Modernizing Government Technology Act (MGT) demonstrates how serious Congress is, and would allow agencies to put money saved through improved IT efficiencies into working capital funds. More than $500 million is available through a central IT modernization fund to improve government services, which would then be repaid over a five-year period with the expected savings from IT transformation.
Simultaneously, the White House has put out an aggressive roadmap in an effort to drive IT change this year. Spearheaded by the Office of Science and Technology Policy, this roadmap calls on agencies to consolidate networks, promote cloud adoption, and prioritize critical applications for security upgrades.
Recognized Federal Leaders
Here's some background on three of this year's honorees. It's fitting to start with Rep. Will Hurd (R-TX), since Hurd was the main sponsor of the MGT legislation.
Hurd is a former CIA officer who chairs the House Oversight and Government Reform Committee's IT Subcommittee. He has led efforts by the panel to research and understand recent federal data breaches, and the panel is playing a part in the important debates over commercial encryption and implementation of the Federal IT Acquisition Reform Act. Recently, FCW asked Congressman Hurd what projects federal CIOs should be looking at this year:
"Well the first thing every CIO should be looking at is 'how do I transition to the cloud?' Not only because it makes sense and it's smarter from a business practice, but it allows the savings are realized, that stuff can be put be immediately put into a working capital fund... the other step would be getting the right technology and to understand what kind of software licenses you have. And whether there's an ability to reduce redundancy there. And that's a quick opportunity to save money."
Vincent Sritapan, Mobile Security Program Manager, Cyber Security Division at the Science and Technology Directorate inside the Department of Homeland Security (DHS) is referred to as DHS's "fixer" for mobile device management. Sritapan developed the mobile device management baseline for the agency's approximately 250,000 employees, and he is developing a platform that can test the security of mobile applications across the entire federal government. He recently spoke with Government Computer News (GCN) on best practices around agencies building their own mobile applications:
"There could be a commercial off the shelf capability that is good, but we need it to meet a standard ... [that ensures] the apps are not risky, vulnerable or include additional malware," Sritapan said. "Having an app development platform that integrates security is the next step."
Joshua Franklin is an IT Security Engineer in the Applied Cybersecurity Division at the National Institute of Standards and Technology (NIST). Franklin is a cyber warrior focusing on mobile security, electronic voting, and public safety. He manages the mobile security laboratory at the National Cybersecurity Center of Excellence, and is actively working to update federal guidance on using mobile devices wit
hin agencies. Franklin co-authored NIST's security analysis of Long-Term Evolution (LTE, often referred to as 4G), and participates in many working groups focused on mobile security.
GCN spoke with Franklin late last year on the security of mobile devices, including wearables:"I bet a lot of public safety devices are going to be shipping with old versions of Bluetooth that aren't using the confidentiality protection that law enforcement needs," he told GCN, adding that some devices don't require authentication at setup, allowing anyone to
connect. NIST will also be checking for broken or outdated algorithms."
Promising prognosis for 2018
There are thousands of government IT professionals beyond the Federal 100 who work hard each day promoting the public interest. Now there are additional resources in place, along with clear executive prioritization.
Some particular areas to watch:
- Delineation and increased protection of high value assets (HVAs)
- Streamlining of Trusted Internet Connection (TIC) policies
- Consistent requirements language for security and data access, to be used in government cloud contracts
- Development of more complete security solutions for mobile devices
With leadership provided by individuals like the three highlighted here, 2018 can be the year modernization of federal IT truly turns the corner.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization