Are you sure that application belongs in the cloud?

Are you sure that application belongs in the cloud?By Sara Friedman Apr 19, 2018

While there is significant pressure for agencies to move systems to the cloud, rushing in without doing the proper homework is likely to produce problems, not savings. 

Mapping legacy applications before moving them into the cloud can be cumbersome, but that information is critical to projecting an accurate return on investment,  Defense Information Systems Agency Cloud Portfolio Office Chief John Hale said. Agencies should also conduct app rationalization and inventory checks before deciding to move into the cloud, he added.

“When you start moving into the cloud, it’s not rocket science.  It is about computers and storage, where infrastructure as a service in the easy part,” Hale said at FCW's April 18 Cloud Summit.  But “all of the vendors offer their special sauce," he added, and while that "creates a lot of functionality,” it also means

10 best practices for bolstering security and increasing ROI


10 best practices for bolstering security and increasing ROI By Slavik Markovich Apr 13, 2018

There is nothing easy about government security operations. Most chief information security officers struggle with countless manual processes, numerous disconnected tools and a shortage of properly trained talent. However, the increasing number of widely publicized breaches, the growing complexity of regulations pertaining to the protection of personal data and the uptick in ransomware attacks have made agencies' top executives acutely aware of the dangers posed by inadequate security.

As a result, those executives have become more willing to approve spending on security operations -- but the increased spending has often not provided the type of returns that agency leaders and financial officers expected. So now CISOs are being asked to provide proof that the money spent -- or that they are asking to be spent -- will lead to greater effectiveness, more efficient operations or

Blockchain, automation and learning to love your legacy systems

Blockchain, automation and learning to love your legacy systemsBy Troy K. Schneider Apr 12, 2018

Jose Arrieta is in love with the data layer.

In his role as the Department of Health and Human Services associate deputy assistant secretary for acquisition, Arrieta oversees the acquisition function across the highly decentralized agency.  Like many government systems, HHS' are often siloed and expensive to integrate, so the business processes are rife with manual tasks.   And since the time and money required to modernize the systems wholesale are prohibitive, the inefficiencies persist. 

Arrieta, however, believes that a robust, well-structured and immutable data layer offers a way out -- allowing HHS and other agencies to automate and improve their business processes while running on top of the legacy systems.  Specifically, he thinks blockchain can power that middleware for a wide range of government operations.

"Modernization historically has been about getting all the user’s requirements,

Modernization takes more than technology


Modernization takes more than technology By Doug Brown Apr 11, 2018

Across government agencies, IT leaders are considering modernization’s possibilities. The combination of the passage of the Modernizing Government Technology Act with the growing conversation on digital transformation, there’s no question that the technology and will to modernize are there. But plans and technology alone are not enough.

When they get down to business, agencies still face many of the same roadblocks that have stalled progress in the past. The government health care space is no stranger to these challenges, but it is starting to see some successes in new approaches to implementation and procurement, offering lessons that apply across agencies.

Consider upfront research and a show-me approach

The traditional RFP process puts unnecessary pressure on agencies to make an up-front choice based on limited information in a rapidly evolving technology environment. If an agency is serious about innovation,

FCC plans online filing system for state emergency alert plans

FCC plans online filing system for state emergency alert plansBy Susan Miller Apr 11, 2018

To address problems in the nation's Emergency Alert System, the Federal Communications Commission has issued rules to modernize recordkeeping on alerts and reduce recurring filing burdens on State Emergency Communications Committees (SECCs).

Established in 1997 to replace the Emergency Broadcast System, the EAS' primary purpose is to allow the quick and reliable communication of weather and emergency information and a way for the president to speak to the entire nation.

Even before the incident where false emergency alerts were issued in Hawaii, the FCC recognized there were weaknesses in some state emergency alert plans, but detecting and tracking problems was challenging because of paper-based processes. By creating a online Alert Reporting System  (ARS) that standardizes the format and terminology of state EAS plan filings, federal officials can "more easily review and identify gaps in the

Election security means much more than just new voting machines

Election security means much more than just new voting machinesBy Jamie Winterton Apr 10, 2018

This article was first posted on The Conversation.

In late March, Congress passed a significant spending bill that included US $380 million in state grants to improve election infrastructure. As the U.S. ramps up for the 2018 midterm elections, that may seem like a huge amount of money, but it’s really only a start at securing the country’s voting systems.

A 2015 report by the Brennan Center law and policy institute at New York University estimates overhauling the nation’s voting system could cost more than $1 billion -- though the price could be partially offset by more efficient contracting. Most voting equipment hasn’t been updated since the early 2000s. At times, election officials must buy voting machine hardware on eBay, because the companies that made them are no longer in business. Even when working properly, those machines are not secure:

NIST details software security assessment process

NIST details software security assessment processBy GCN Staff Apr 10, 2018

To help organizations manage the risk from attackers who take advantage of unmanaged software on a network, the National Institute of Standards and Technology has released a draft operational approach for automating the assessment of SP 800-53 security controls that manage software.

Attackers search for and exploit unauthorized or unmanaged software -- either for the content the software manages (i.e. personally identifiable information ) or as a platform from which to roam across a network. Software asset management (SWAM) reduces vulnerabilities by giving organizations visibility into the software running on all devices on their networks so they can better defend themselves.

SWAM identifies software currently on a network and compares it to an organization's software inventory to determine if its installation has been authorized. If not, it is assigned to a person or team for management and authorization.


Tiny towns, small states bet on bitcoin even as some shun its miners

Tiny towns, small states bet on bitcoin even as some shun its minersBy Jen Fifield Apr 06, 2018

This article originally appeared in Stateline, an initiative of the Pew Charitable Trusts.

Things have been kind of crazy in Massena, N.Y.,  since the bitcoin miners came to town. So crazy that Steve O’Shaughnessy, the new town supervisor, says he hasn’t unpacked his office since he started his job in January.

O’Shaughnessy says it’s a good thing, though. In the past decade, his town of about 13,000 on the St. Lawrence River has lost much of its main industry -- as a powertrain plant closed and an aluminum manufacturing plant downsized. But now, one and possibly two bitcoin mining companies are moving in, and they have promised to create dozens of jobs.

Across the United States, bitcoin miners -- who set up computers to solve complex math programs and unlock new bitcoin -- are

FEMA seeks help integrating IT systems

FEMA seeks help integrating IT systemsBy Mark Rockwell Apr 05, 2018

The Federal Emergency Management Agency wants the private sector to help it coordinate disaster response in states and local communities and help it modernize its siloed, legacy IT, said one of the agency's top managers.

The problems integrating the 200-odd IT systems that FEMA uses to help state and local emergency responders, governments and private citizens, "are not unknown to leadership," Deputy Administrator Daniel Kaniewski said in an April 4 presentation on the agency's recently released strategic plan for 2018-2022. Those hundreds of systems "aren't communicating with each other," he added.While a key part of FEMA's disaster response help to state and local governments is delivered through its grants programs, the agency has 10 systems supporting those grant programs, Kaniewski said.

"We're in the middle of a multi-year effort" to solve those difficulties, he said. Part of that effort, he said

Pennsylvania rolls out risk-based authentication to agencies

Pennsylvania rolls out risk-based authentication to agenciesBy Sara Friedman Apr 05, 2018

To bring enterprisewide security to all its agencies, leaders in Pennsylvania's Office of Administration deployed a risk-based multifactor authentication (RBFMA) system for identity management.

To access cloud-based email or Office 365, commonwealth employees working remotely may be required to provide additional information in the form of a PIN sent via text or email.  The decision to require multifactor authentication is based on various factors including the sensitivity of the data or application, the geographical location of the request, the nature of the device being used and the number of times that user has sought access in a given time period.

Adding RBMFA to agency systems began with a pilot at Pennsylvania's Department of Human Services in 2015. Once the technology proved itself at the large agency, the state began rolling out to other agencies starting in June 2016.