Federal Government Archives - Page 10 of 11 - | ̽��Ƶ| ̽��Ƶ

5G: Powering the Government’s Digital Transformation

Posted on by Mark DeMerse

5G technology has the capacity to speed data transfers and connect billions of devices at a time when mission success hinges on fast, secure access to data and people. 5G’s potential to enhance all government activities makes it an indispensable component of efforts to modernize IT systems and service delivery. Because of its low latency and capacity to carry vast amounts of data quickly and efficiently, 5G enables real-time access to information. As a result, it is facilitating the growth of smart cities, the use of artificial intelligence to improve government operations and the adoption of edge computing. The implications are profound for activities as varied as battlefield communications, military logistics and preparedness, and emergency response in situations where critical infrastructure is unavailable. Learn how government agencies can leverage all the resources in play to achieve the goal of open, interoperable and secure 5G networks ̽��Ƶ’s Innovation in Government® report.

The Unifying Nature of 5G Technology��

“5G technology is the first telecommunications standard that is cloud-native, making it critical for the government’s digital transformation. We now have a transport medium that aligns with and supports the flexibility, scalability and efficiency of cloud operating models and containerized functions and services. In addition, all aspects of a digital transformation strategy — including edge computing, artificial intelligence, cloud migration and application rationalization — center on data. With everything level-set architecturally to be cloud-native and containerized, 5G networks enable a common approach to managing data, and they also bring in a new capability for data sovereignty.”

Read more insights from Chris D. Thomas, technical strategist at Dell Technologies.��

��

Why 5G Is Indispensable for Frontline Agencies��

“Private 5G networks have distinct benefits for government, which is why DOD has stated that it is a strategic direction for the department. At Federated Wireless, we custom-build networks for high performance, scale and unlimited capacity using best-of-breed technology from a large ecosystem of suppliers. Private wireless networks provide strong security and control over where the data resides. Unlike a traditional cellular carrier that sends data through an off-site central core, private 5G networks are secure enclaves that are governed by zero trust architectures.”

Read more insights from Paul Battaglia, vice president of public sector at Federated Wireless.��

The Key to Creating More Flexible 5G Networks��

“JMA Wireless embarked on a project a couple of years ago to help bring 5G to the Marine Corps Logistics Base in Albany, GA. We were part of a team that deployed a 5G network and added applications to enable officials to modernize warehousing and logistics at the base. As a result of those improvements, the base has reduced labor costs by 61%. Additionally, it used to take three to five days for items to move from the dock to the shelf. That timeline has been slashed to about 36 minutes as the combination of the 5G network and updated application environment drives major efficiencies in logistics operations.”

Read more insights from Rishi Bhaskar, senior vice president and general manager at JMA Wireless.

Sharing Critical Information in Real Time��

“The deployment of 5G for government agencies requires a security approach that is independent from the underlying transport network. For our public safety and defense customers, we offer a security architecture based on Blackned’s TacticalCORE, which provides an over-the-top multidomain security layer, enabling authentication in contested environments and separate classified information spaces across the same infrastructure. All transport is considered untrusted with the ability to implement agency-specific encryption on the 5G network. This state-of-the-art security approach has already been accredited by the German BSI as NATO-restricted and enhanced security classifications are planned.”��

Read more insights from Richie Obermayer, VP of technical sales at GuardSTACK Technologies.��

How Agencies Can Reap the Benefits of 5G

“5G’s reliability and availability make it possible to build dedicated wireless networks that can be sliced so mission-critical applications run in separate areas while the government maintains full control over that network. Last but certainly not least, 5G networks have carrier-grade, built-in security standards, including SIM cards that are provisioned and activated for a specific network. Users cannot connect to the network without inserting a highly secure SIM into their devices.”��

Read more insights from Derrick Frost, senior vice president of operations and general manager of private wireless at Kajeet.��

Private Networks and the Evolving 5G Ecosystem

“Private networks are well-suited to agency use cases for a number of reasons. First and foremost is security, which is the bedrock of every cellular network. Beyond the built-in security private 5G networks bring, they also have the capacity to add extra layers of security. The other components of a robust network include radio frequency technology and the latest 5G devices and radios. Once that foundation is in place, agencies can explore the wide range of use cases that a private 5G network can address. Deployments include standalone networks for first responders, border patrol agents and tactical response units, as well as secure, reliable networks for telemedicine providers.”

Read more insights from Derek Gallagher, CTO at Druid Software.��

Download the full Innovation in Government® report for more insights from 5G thought leaders and additional industry research from FCW.��

Drones Revolutionize First Response: Search & Rescue and Accident Investigations

Posted on by Lacey Wean

In the fast-evolving landscape of public safety, a silent revolution has emerged with the concept of drones as first responders (DFR), search and rescue (SAR) life-savers and accident investigation accelerators. Incidents can happen anytime, anywhere. Whether it is a 911 call to the police, a missing person case or a traffic collision, time is of the essence. DFRs improve traditional response and investigation methods to save resources and time as well as reduce risk for first responders. With the emergence of drones as a public safety tool for initial response, DFR, SAR and accident investigations, a new era of efficiency and effectiveness has dawned.��

Utilizing Drones as First Responders

In the past, arriving at the scene after any 911 call required precious minutes to mobilize personnel and equipment. The DFR model has changed this by significantly cutting response times. Equipped with high-resolution cameras, thermal imaging or other advanced sensors, drones can swiftly survey any scene from the skies and provide crucial data to first responders.

In December 2015, the Chula Vista Police Department (CVPD) established the Unmanned Aircraft Systems (UAS) Committee with the primary aim of evaluating the integration of UAS into its public safety operations.^[1] The subsequent drone program represents a groundbreaking milestone, as the nation’s first instance of employing drones as first responders. Since then, the initiative has reached a total of 16,736 calls responded to, 2,273 assisted arrests and an average response time of 96.66 seconds from dispatch to on-scene arrival.^[2]

In addition to speed, drones offer a unique aerial perspective and allow public safety professionals to understand the extent of the incident, identify potential hazards and allocate resources more effectively. This improved situational awareness helps first responders make informed decisions, while enhancing the safety of both citizens and personnel.��

Enabling Search and Rescue Missions

SAR operations often involve difficult terrains and adverse weather conditions. These challenges have seen a remarkable transformation with the integration of drones. Drones can cover vast areas quickly and efficiently, greatly improving the chances of locating missing persons or survivors.

For example, the Weber County Search and Rescue (WCSAR) has taken a significant stride towards augmenting safety and efficiency through the establishment of a Small Unmanned Aircraft Systems (sUAS) program which provides invaluable aerial support to ground personnel. Prior to the sUAS program, the average search time for a person in distress was 4 hours and 35 minutes. Since the program’s inception, this time has been drastically reduced to 58 minutes.^[3] These statistics underscore the impact of UAS technology on SAR operations, greatly enhancing response times and ultimately increasing the chances of successful outcomes.��

Offering More Efficient and Effective Investigations��

Accident investigations play a crucial role in determining the causes and contributing factors behind incidents, especially for traffic-related mishaps. Drones equipped with 3D mapping technology have revolutionized manual measurements and reconstructions by creating accurate digital reconstructions of accident scenes in record time. With a drone, a process that sometimes can take 6-8 hours by investigators can be accomplished in 3-4.^[4]

What sets this modern approach apart is its data-driven essence. Drones, armed with their high-resolution cameras and advanced sensors, facilitate the collection of intricate data from accident scenes. This wealth of information serves as the bedrock for constructing precise digital reconstructions, offering investigators unprecedented insights into the unfolding of events. The Tippecanoe County Sheriff’s Office in Indiana reported a 60% reduction in overall scene time thanks to UAS deployment, allowing them to efficiently measure an 800-foot scene in just 22 minutes.^[5]��

Similarly, the Oro Valley Police Department in Arizona and the Houston Fire Department in Texas witnessed significant improvements in incident response times, with the former achieving a 32% reduction in roadway and incident clearance times, and the latter experiencing a 40% reduction in scene time, ultimately enhancing safety and efficiency in their operations.^[6]

Looking Ahead��

The journey of drones from being mere recreational gadgets to becoming indispensable tools for the public safety community has been truly remarkable. With advancements in technology, it can be expected that drones will become even more sophisticated and versatile in the future. The potential for integrating Artificial Intelligence (AI) to enhance drone capabilities, such as real-time object recognition or predictive analytics, holds exciting possibilities for improving emergency response, SAR and accident investigations.��

In the near future, industry can anticipate drones with enhanced autonomy to work in coordinated swarms, learn from past missions and employ advanced object recognition. Fully autonomous drones will include on-demand deployment, emergency alert response, target tracking, obstacle avoidance, indoor flight, AI capabilities, GPS connectivity, voice commands, patrol vehicle integration, advanced threat detection and real-time situational awareness through live feeds.^[7]��

The concept of DFR and drones utilized in SAR and accident investigations is no longer a distant dream but a reality reshaping the landscape of public safety. These flying machines have proven to be first responders’ best allies, aiding them in saving lives, conducting efficient accident investigations and navigating challenging rescue missions. As regulations evolve and technology continues to advance, drones will play an even more pivotal role in protecting and defending the public.��

To learn more about how ̽��Ƶ can support your drones technology initiatives, visit our Autonomy and Robotics technology solutions portfolio.��

��

References:

[1] “Chula Vista Police Department Drone Program,” Chula Vista Police Department,

[2] “Dawn of Drones Podcast,” Dawn Zoldi,

[3] Credit: Captain Kyle Nordfors, Mountain Rescue Association (MRA) UAS Chairman Weber County Sheriff’s Office (Utah) Captain – Alaska Airlines B737

[4] “Drones For Good: Saving Time And Lives With Faster Crash Scene Reconstruction,” DJI,

[5] “UNMANNED AIRCRAFT SYSTEMS FOR TRAFFIC INCIDENT MANAGEMENT,” U.S. Department of Transportation Federal Highway Administration,

[6] “Next-Generation TIM: Integrating Technology, Data, and Training,” U.S. Department of Transportation Federal Highway Administration,

[7] “Can AI drones help protect officers in these dangerous times?,” Police 1,

Building a Foundation for an AI Future

Posted on by Mike Adams

It might seem like agencies are hesitant to adopt artificial intelligence. But really, it is quite the opposite. As Lori Wade, the Intelligence Community’s chief data officer, put it: “It is no longer just about the volume of data, it is about who can collect, access, exploit and gain actionable insight the fastest.” The realization is clear: Humans alone cannot keep pace. They need AI so they can make decisions based on the most relevant and most current information — and make those decisions in a timely manner. It is really as simple as that. Download the guide, “Building the Foundation for Your AI Future,” to pick up pointers on data management and AI, plus take a glimpse at the latest technology developments, tips for best practices and an explanation of the early value that AI is delivering to agencies across government.��

How to Revolutionize Government Translation with Generative AI

“In situations where accurate and timely translations are crucial, the shortage of qualified and vetted linguists poses significant challenges. Equally, non-linguist analysts are not equipped with secure, at-desk tools to translate foreign language material at the speed of relevance. For example, during the ongoing war in Ukraine, there has been a scarcity of linguists available to provide real-time updates on the ground. This shortage not only has affected the ability to gather vital intelligence but also hindered the timely dissemination of information to national security and defense agencies in the U.S. and abroad.”

Read more insights from Jesse Rosenbaum, Vice President of Business Development and National Security at Lilt.��

��

How Graph Databases Drive a Paradigm Shift in Data Platform Technology��

“Federal agencies are awash in data. With recent modernization efforts, including the wide-scale adoption of cloud platforms and applications, it is easier than ever for agencies to receive streaming data on everything from logistics to finances to cybersecurity. But that volume of data requires new solutions to process and analyze it. Older methods like SQL and NoSQL simply are not up to the task of analyzing all of the connections between the government’s many massive databases. That is where the new graph paradigm of data platform technology comes in.”

Read more insights from Michael Moore, Principal for Partner Solutions and Technology at Neo4j.��

��

How Agencies Can Upskill in AI to Achieve a Data Mesh Model��

“Data mesh behavior actually goes a step further. AI has become so easy to use, business owners can actually join in the development alongside the data scientists. Therein lies the challenge: Upskilling subject matter experts across an entire organization is a big lift. The way it works best is to start with a center of excellence, a small group of people who begin working with business owners across the enterprise, office by office. They can then prove the value and evangelize it, and then the agency can move to a hub-and-spoke model, where the data scientists are co-developing alongside business owners. As successes pile up, the data scientists can take a step back and allow frontline workers to do the development, governing the new data products on their own.”

Read more insights from Doug Bryan, Field Chief Data Officer at Dataiku.��

��

How Agencies Can Build a Data Foundation for Generative AI��

“Generative artificial intelligence tools are making waves in the technology world, most famously ChatGPT. Although the code of these tools is significant, their real power stems from the data they are trained on. Gathering and correctly formatting the data, then transforming it to yield accurate predictions, often represents the most challenging aspect of developing these tools. Federal agencies that want to start leveraging generative AI already have massive amounts of data on which to train the technology. But to successfully implement these tools, they need to ensure the quality of their data before trusting any decisions they might make.”

Read more insights from Nasheb Ismaily, Principal Solutions Engineer at Cloudera.��

��

How to Democratize Data as a Catalyst for Effective Decision-Making��

“One of the key best practices in the Office of Management and Budget’s Federal Data Strategy calls for using data to guide decision-making. But that is easier said than done when the ability to analyze the data, much less access it, is limited to an agency’s often overworked and understaffed data science specialists. But now that every line of federal business has their own data silo and a mandate to use that data to guide decisions, agencies need a way to democratize access to that data and empower every federal employee to become an analyst.”

Read more insights from Kevin Woo, Director of Federal Sales at Alteryx.��

��

Download the full Expert Edition for more insights from these artificial intelligence leaders, additional government interviews, historical perspectives and industry research.��

Innovation in Government: How to Change Things Up (and Make it Stick)

Posted on by Mike Adams

In government, we could say that innovation is invention that solves a problem or meets a need — in the community or within an organization undertaking the work. Big changes make government agencies more effective, prepared and useful, and they touch all aspects of agency operations — from IT to employee morale to digital services and more. In recent years, federal agencies such as the Census Bureau, General Services Administration, Department of Homeland Security, Department of Housing and Urban Development, and Office of Personnel Management have launched innovations labs, innovation libraries, and other innovation-focused resources and programs. Cities and states have as well, such as through Philadelphia’s Technology and Innovation group within the city’s Office of Innovation and Technology (OIT). Being innovative is not easy, of course: It requires a little bravery and lots of planning. But local and federal agencies are creating the space and resources to launch innovations that will, in the future, become standard operations. In this guide, we share case studies and best practices regarding some of government’s most pressing issues — workforce, customer experience and data use, to name a few — and we hear from government experts who know a thing or two about helping innovative initiatives succeed.��

Analytics Innovations Draw a Complete Data Picture��

“Spreadsheets are structured things: They have clearly defined lines, cleanly labelled columns, and rules that govern what goes where. Government analytic programs have become skilled at working within those parameters, even if it means spending hours manually manipulating data to fit. Spreadsheets are 30-year-old desktop technology. But other data exists, doesn’t it? The world is full of PDF documents, audio and video files, social media posts and other ‘messy’ data sources — the unstructured data that most agencies overlook. And most agency analytics programs are fragmented and overly manual. Recent innovations seek to change this.”

Read more insights from Alteryx’s Solutions Marketing Director for the Public Sector, Andy MacIsaac.��

Driving Innovation to the Edge

“Across government, innovation is happening at the edge. By leveraging cloud, artificial intelligence (AI), machine learning (ML) and related technologies, agencies can deliver services more quickly and effectively at the far reaches of operations, whether that’s in the battlefield or on the International Space Station (ISS). At the Red Hat Government Symposium held in late 2022, government and industry leaders discussed how agencies were leveraging these technologies to accelerate mission delivery. Their discussions and examples help illuminate how agencies are adapting to make the most of modern technological opportunities.”

Read more insights from Red Hat’s Government Symposium.��

Build an Innovative Ecosystem Through Cloud Architecture��

“In data transformation and innovation, it helps to view things through a different lens. Within the data ecosystem are three core pillars for transformation: people, processes and technology. Simple, singular data platforms should work with an architecture that breaks down information silos rather than creates them. That facility comes through in qualities such as data mesh or a decentralized data architecture that’s organized by business domain and operates through self-service. The architectural design also must help strengthen system security. That’s enormously important for federal data.”

Read more insights from Snowflake’s Chief Technology Officer for the Global Public Sector, Winston Chang.��

Overcoming Challenges With Observability��

“As agencies take steps to innovate — such as expanding reliance on the cloud and adding new apps, integrations, and automations — their IT ecosystems become more complex. There are more places where things can go wrong and more pressure to fix them quickly. The task of monitoring these complex systems gets more complicated, too. ‘The question is, how do I know there’s an issue?’ said Brian Mikkelsen of Datadog. ‘Is it when the tickets start flowing, when complaints increase, when your leadership team asks why something isn’t working?’ None of those options are ideal. Datadog’s application performance management platform provides a real-time window into the digital environment, identifying performance and security issues quickly. Its ‘full stack’ hybrid infrastructure capability means everything from the back end to the front end is monitored and reported via infrastructure metrics, application performance traces, and correlated logs.”

Read more insights from Datadog’s Vice President and General Manager, Brian Mikkelsen.��

Download the full GovLoop Guide for more insights from these digital transformation leaders and additional government interviews, historical perspectives and industry research.��

DevSecOps: Achieving Efficiency and Scale with Automation and Software Factories

Posted on by Rich Savage

In today’s rapidly evolving digital landscape, Government agencies face many challenges in delivering modern, secure software applications to the end-user. DevSecOps is a methodology that combines development, security and operations to create a more streamlined and secure software development process. This concept has emerged as a transformative approach that integrates security practices, automation and software factories into the software development lifecycles from its inception. At the industry experts and innovators shared their knowledge of emerging tools, effective strategies and methodologies in software engineering through several educational sessions.

Unlocking Efficiency: The Power of Automation and AI/ML

Automation helps developers improve the efficiency and quality of code, reduce risk and combat security vulnerabilities. As a key component of DevSecOps, automation allows developers to simplify many of the tasks involved in software development, such as testing, deployment and monitoring. Once automated, developers can focus on writing high-quality code and addressing security vulnerabilities, rather than spending time on redundant manual tasks.

The use of AI has transformed the way developers work, compared to 20 years ago when code was primarily written from scratch. Today, external libraries — software code written by a third-party source — are used frequently which introduces a new set of risks and benefits. The benefits include making software development faster and more efficient as developers use pre-existing code to build their applications. However, if a third-party library has a security vulnerability, it can be exploited by malicious actors to gain access to sensitive data. If not maintained properly, the third-party library can become outdated and incompatible with other software components.

Software Factories

Software development has become an essential part of today’s business operations, and Government agencies are constantly seeking ways to improve their processes. Recently, the concept of the software factory—a structured approach to software development that emphasizes standardization, automation and collaboration—has gained popularity. It establishes a set of tools, processes and best practices that enable teams to develop software more efficiently and effectively. The goal of a software factory is to create a repeatable and scalable process for software development that can be applied across different projects and teams. By implementing this strategy, agencies can improve the quality, speed and consistency of their software development efforts.

One of those best practices, Continuous Integration and Continuous Deployment, are combined in a single process known as CI/CD. CI is the practice of frequently merging code changes from multiple developers into a shared repository, where automated tests are run to address integration issues early in the development cycle. This ensures the code is always in a releasable state and reduces the risk of conflicts and errors when changes are merged. CD, on the other hand, is the practice of automatically deploying code changes to production as soon as they pass the necessary tests and checks. Thus, enabling teams to release software changes quickly and frequently. By utilizing CI/CD, teams can achieve a continuous flow of code changes from development to production, which is imperative for modern software development.

Elevating DevSecOps: A Blueprint for Integrating Early Software Security Measures

Securing software in a containerized environment presents unique challenges due to the dynamic nature of containers and the distributed nature of container orchestration platforms like Kubernetes. Government agencies must ensure that containers are properly configured and secured, as misconfigurations can lead to vulnerabilities that can be exploited by attackers. Another difficulty is detecting and responding to security incidents in a timely manner, as containers can be spun up and down quickly and may be spread across multiple nodes in a cluster. Securing software early can help agencies reduce risk, lower costs, deliver software faster and improve collaboration between development and security teams.

Another crucial component of DevSecOps—continuous delivery—enables teams to deliver software changes quickly, safely and sustainably. This means that teams can release software changes frequently and with confidence, knowing that the changes have been thoroughly tested and are ready for production. Through a combination of automation, collaboration and feedback loops, continuous delivery helps reduce the time and effort required to release software changes.

Agencies can adopt a DevSecOps approach that integrates security into the software development lifecycle from the beginning. This involves using tools and processes to automate security testing and validation, as well as incorporating security requirements into the development process. For instance, agencies can use tools like vulnerability scanners and security-focused container images to detect and remediate vulnerabilities in containers. They can also use automation to validate security requirements and ensure that containers are properly configured and secured.

Securing software early in the development process can lead to several benefits including:

Reduced risk of security incidents: By identifying and addressing security vulnerabilities early in the development process, agencies can minimize the risk of security incidents and data breaches.
Lower costs: Fixing security issues later in the development process is much more expensive than addressing them early on. By integrating security into the development process from the beginning, agencies can reduce the cost of fixing security issues and avoid costly rework.
Faster time to market: Adopting DevSecOps approach can help agencies to deliver software faster by automating security testing and validation. This decreases the time for manual testing and enables faster release cycles.
Improved collaboration: Agencies can strengthen collaboration between development and security teams to ensure requirements are properly understood and incorporated into the development process. This proactive initiative can help foster a culture of security throughout the agency.

The adoption of DevSecOps, along with its fundamental principles, empowers Government agencies to establish a more efficient and secure software development process. This is achieved through the implementation of automation, the adoption of a software factory approach and the early integration of security measures.

To learn more about DevSecOps best practices and trending innovations, visit ̽��Ƶ’s DevSecOps vertical solutions portfolio.��

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at ̽��Ƶ’s annual DevSecOps Conference.*

Critical Infrastructure in Cybersecurity: Innovation for the Transportation Sector

Posted on by Alex Whitworth

In 2021, the presidential administration passed the on Improving Cybersecurity for Critical Infrastructure Control Systems, aiming to bolster the cybersecurity posture of critical infrastructure in the United States. Various agencies, such as the Transportation Security Administration (TSA), Department of Transportation (DOT) and the Cybersecurity Infrastructure Security Agency (CISA), have been working to continuously improve the security of the transportation sector, which oversees the movement of people and goods across the country.

The Transportation Sector

Within the transportation sector, initiatives have been taken to help fund cybersecurity improvements in an array of subsectors. The transportation sector includes:

Aviation: Approximately 450 commercial airports, 19,000 airfields, air traffic control systems, heliports, landing strips, joint-use military airports, sea plane bases, manned and unmanned recreational aircraft and flight schools^[1]
Highway and motor carriers: Managing roadways, bridges, tunnels and commercial vehicles such as motorcoaches and school buses traffic management systems
The maritime transportation system: Approximately 95,000 miles of coastline, 361 ports and over 10,000 miles of navigable waterways
Mass transit and passenger rail: Terminals, operational systems, transit buses, monorails, trolleys and rideshares
Pipeline systems: Carriers of natural gas, hazardous liquids and various chemicals
Freight rail: Major carriers, smaller, active railroads, freight cars and locomotives
Postal and shipping: Regional and local couriers, mail management firms, charters and delivery services^[2]

Security Directives

Due to persistent threats to the cybersecurity of critical infrastructure, including the transportation sector, the TSA issued multiple security directives for various transportation types, including railways and pipelines. These new directives require agencies to develop approved implementation plans that will help improve cybersecurity resilience, proactively assess the effectiveness of cybersecurity measures and prevent the deterioration of infrastructure.

The directive also requires that entities regulated by the TSA proactively work to implement amendments in the directive, including to:

Develop network segmentation policies so that Operational Technology (OT) can continue working, even when compromised
Prevent unauthorized access to critical infrastructure systems by enabling control access measures
Identify vulnerabilities and implement security patches for operating systems, applications, drivers and firmware to reduce the risk of exploitation
Detect malicious software and unauthorized access on Information Technology (IT) or OT systems and report designated incidents to CISA
Isolate infected systems from uninfected systems to limit the spread of malware, deny further access and to preserve evidence of compromise^[3]

A similar initiative, introduced by the DOT in 2022, aims to improve security awareness amongst employees. All DOT network users are required to complete the DOT’s Security Awareness Training, which is inspired by various federal requirements and the DOT Order on Department Cybersecurity Policy. The training measures employees’ knowledge in cybersecurity, including password and PIN protection and basic security for information systems.^[4]

By striving to improve the security posture of the transportation sector, the TSA, DOT and CISA endeavor to protect the safety of the nation.

Cybersecurity Funding for the Future

The DOT has also introduced measures to improve the national security posture. To leverage funding from bipartisan infrastructure, the U.S. Transportation Secretary Pete Buttigieg announced up to $45 million in grants for various University Transportation Centers (UTC). These grants will be utilized to improve the cybersecurity resilience of agencies affiliated with roads, bridges, rail, shipping and airspace. One of these grants will go to Clemson University to lead a consortium focused on cybersecurity research and development. Another of these grants will go to Prairie View A&M University to improve technology in the transportation system, including data related to artificial intelligence and environmental resilience.^[5]

Ever since the Colonial Pipeline attack of 2021, as well as other attacks on the cybersecurity of critical infrastructure of the United States, various agencies have done their part to improve the nation’s security. Through CISA’s hard work to create cybersecurity guidelines and cross-sector performance goals and the Federal Government’s generous grants, the nation’s critical infrastructure is postured to increase security and resolve potential crises.

This blog is the final installment in our four-part series, which examines cybersecurity initiatives inspired by The White House’s National Security Memorandum. The first three parts covered the basics of critical infrastructure cybersecurity, an overview of the Water and Wastewater Sector, and an overview of the Electric and Utility Sector.

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit ̽��Ƶ’s Cybersecurity Solutions Portfolio.��

Resources:

[1] “National Infrastructure Protection Plan,” Transportation Systems Sector,

[2] “Transportation Systems Sector,” Cybersecurity and Infrastructure Security Agency,

[3] “Security Directives and Emergency Amendments,” Transportation Security Administration,

[4] “FY 2022 Department of Transportation Security Awareness Training,” Federal Motor Carrier Safety Administration,

[5] “U.S. Department of Transportation Funds Innovative Research Providing Vital Training for Next Generation of Transportation Leaders,” U.S. Department of Transportation,

Building a DevSecOps Culture

Posted on by Rich Savage

As software becomes more sophisticated, it plays an increasingly important role in all aspects of government operations. However, given the complexity and intertwined nature of modern software, any vulnerability could have wide-ranging consequences, which makes security of vital importance. The federal government has taken notice. A number of recent policy directives address issues related to the software supply chain, and key agencies are leading a governmentwide effort to promote secure software development, including the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust and the Executive Order on Improving the Nation’s Cybersecurity. Learn how you can implement DevSecOps to support your journey to secure, innovative software in ̽��Ƶ’s Innovation in Government® report.

The Mindset Shift that Enables DevSecOps

“In an ideal world, technology and processes support team members’ ability to deliver on their particular talents. Before agencies implement DevSecOps methodologies, they should identify where their processes are getting bottlenecked and forcing people to either work around them or fundamentally change their behavior. Instead, we want to make it easy for employees to do the right thing. The goal is to enable people to focus on what they do best — regardless of where they operate in the stack or the tools they are using — so that agencies can build and deploy secure, modern apps.”

Read more insights from Alex Barbato, Public Sector Solutions Engineer at VMware.

How Generative AI Improves Software Security ��

“Generative AI tools are becoming increasingly prevalent, providing interactive experiences that captivate the public’s imagination. These tools are accessible to anyone, offering a unique opportunity to engage and explore the creative possibilities enabled by AI technology. The technology doesn’t just train a model to recognize patterns. It can create things that are easy to understand: images, text, even videos. Sometimes the results are hilariously wrong, but other times the results are quite impressive, such as clear, concise answers to complex questions. Generative pre-trained transformer (GPT) technology, such as ChatGPT, has opened the doors for everyone to be an evaluator because the output is accessible and easy to critique.”

Read more insights from Robert Larkin, Senior Solutions Architect at Veracode.

��

Open Source is at the Heart of Software Innovation

“Embedding security into applications from the start is essential for streamlining and strengthening the entire development life cycle. Securing the software supply chain is a related effort that is of vast importance to government operations. Beyond securing individual applications, the ultimate goal is to build security into the pipeline itself. At each step and every handoff, we must be able to verify who has touched the software and who did what to ensure that the end result is what we intended to build and that nothing malicious has been injected along the way.”

Read more insights from Chris Mays, Staff Specialist Solutions Architect at Red Hat.

DevSecOps Needs Tool Diversity and Collaboration

“As DevSecOps methodologies and software factories grow in prevalence, agencies are recognizing that software development is a team sport — inside the agency, across departments and with external stakeholders. It touches many different teams, but getting everyone on the same page with tooling can be difficult. Different teams prefer different tools, and that makes collaboration hard. Modern software development brings security practices forward in the timeline while reducing duplication of efforts and improving real-time accountability. Success hinges on removing blockers, creating visibility and making sure collaboration is happening at every stage. In addition, encouraging input from different areas of the organization from the beginning and throughout development is vital for innovation.”

Read more insights from Ben Straub, Head of Public Sector at Atlassian.

Observability Speeds Zero Trust and Application Security

“In response to increasing cyberthreats, the government is speeding up the move to zero trust. This security model assumes that every user, request, application and non-human entity is not to be trusted until its identity can be verified. Zero trust principles require a layered defense that is more effective when rooted in observability. To develop an architecture that validates and revalidates every entity on the network, it is necessary to know what those entities are, how they’re communicating and how they typically behave so we can recognize deviations. Zero trust and observability technologies work together to create a more secure and resilient network environment by assuming that all requests for access are untrusted and continuously monitoring the network to detect and respond to potential threats.”

Read more insights from Willie Hicks, Public Sector Chief Technologist at Dynatrace.

The Role of a Service Mesh in Zero Trust Success

“For large companies and government agencies, it’s safe to assume that a committed attacker is already inside their networks. Executive Order 14028 mandates that every federal agency develop a Zero Trust architecture because it is the most effective approach to mitigating what attackers can do once they’ve made their way inside. What does Zero Trust look like at runtime? One of the key considerations is identity-based segmentation, which involves conducting five policy checks for every request in the system: encrypted connection between service endpoints, service authentication, service-to-service authorization, end user authentication, and end user-to-resource authorization.”

Read more insights from Zack Butcher, Founding Engineer at Tetrate and co-author of the NIST SP 800-200 series and SP 800-207A.

AI and the Journey to Secure Software Development

“By automating and optimizing DevSecOps workflows, we can still shift security left while relieving developers from the burden of some complex remediation. It begins with a workflow that leverages fully automated security scanning to rapidly identify vulnerabilities as well as providing suggested remediation for vulnerabilities and on-demand remediation training to educate developers on what they are getting into. The rapid evolution of artificial intelligence is making new advances possible. The opportunities go well beyond AI-assisted code creation. AI features are being expanded across the entire software development life cycle. When it comes to security, having AI assist by making code functionality clear or explaining a vulnerability in detail reduces the time required to remediate risk.”

Read more insights from Joel Krooswyk, Federal CTO at GitLab.

Scaling App Development While Meeting Security Standards

“The dream for any software development team is constant, stable releases. The faster teams get the work they’ve created into production, the faster the agency can derive value from that work. When app development is stymied by cumbersome security reviews and stability testing and by the need to wait for a deployment window, innovation is stifled and the return on investment is delayed. If agencies want to have efficient, value-driving software development teams, those teams must be able to move with agility. A trustworthy, scalable DevOps pipeline that brings together testing and security in a seamless way allows teams to push out new apps and improvements quickly so government employees and citizens can have a seamless digital experience and the most up-to-date tools and information.”

Read more insights from Kyle Tobener, Head of Security and IT at Copado.

—an exciting day of exhibits, speaking sessions, and networking events. We look forward to showcasing new DevSecOps updates from our supporting panels featuring government, systems integrators, and industry thought leaders.

Download the full Innovation in Government® report for more insights from DevSecOps thought leaders and additional industry research from FCW.

Diversity, Equity and Inclusion as a Pillar of CX Service Delivery

Posted on by Tiffany Goddard

Integrating DEIA Into the Larger CX Picture

The Whitehouse Executive Order on Diversity, Equity, Inclusion and Accessibility (DEIA) in the Federal Workforce promotes standards that can be applied to improving Government customer experience (CX). These include strengthening the ability to recruit, hire, develop, promote and retain the nation’s talent, removing barriers to equal opportunity and creating a space where all employees and customers are treated with dignity and respect. The standards offer Federal and State and Local Government agencies the opportunity to move toward equitable service delivery.

Developing a DEIA strategy involves a multitude of moving pieces like analyzing data, enforcing requirements, measuring effectiveness and ensuring progress. All of these areas culminate in sustainable cultural intelligence for organizations. Starting the conversation around DEIA in the context of CX begins with the on-going theme of communication rooted in trust—especially employee and customer trust in the Government. During ̽��Ƶ’s 2023 Customer Experience and Engagement Summit, panelists examined how their organizations are creating more trusting, inclusive and resilient workplace environments which translates to improved services for customers.

A Focus on Human-Centered Design

In the realm of CX, trust is one of the most important aspects of customer, employee and leadership interactions. One panelist found that previously coming from a background in the user experience (UX) transformation space, all human-centered design exclusively existed within UX. In furthering their understanding of the broader CX spectrum, they discovered that UX is only a small part of the CX journey. While UX refers to the way users interact with an organization’s specific products, CX is how users view an organization’s brand and experiences with the business. The critical missing component to elevate CX is communication and transparency to build trust. Much of the progress made through DEIA initiatives aims to rebuild trust with undervalued communities so they feel secure receiving assistance both personally and virtually.

To truly develop more equitable service delivery models, organizations must be able to manage workplace tension by building both internal and external progress. For example, the National Science Foundation (NSF) has worked to provide tools for success in both areas through various touchpoints. Externally, NSF teams launched a redesign of the agency’s website that allowed them to collect information from several demographic communities. In doing so, the NSF was able to redesign language inputs and outputs to better serve their website visitors. Internally, the NSF has implemented a call-listening program that analyzes empathy, psychological safety and compassion to protect not only customers, but employees as well. The NSF has also designed a DEIA maturity model, which helps to measure the efficacy of DEIA capabilities, identify critical barriers and benefits to employee advancement and operationalize a sense of inclusion and belonging across the foundation.

Moderating Workforce Development for the Future

Recruiting, hiring and retaining employees is successful when an organization considers a wide range of talent representation. Also, being data-informed is critical for an agency’s mission. Collecting data via methods like staff surveys to identify members’ interests and strengths as well as understand where that talent can best serve the agency is imperative for progress. Baking this into daily processes by working with human resources counterparts ensures the DNA of the organization is varied. Ultimately, diversity within CX talent can positively set one organization and the way its employees interact with customers apart from another.

Read the previous blog and check back soon to read the rest of ̽��Ƶ’s insights from CX industry thought leaders at the summit.

To learn more about the latest in the CX landscape and how ̽��Ƶ’s industry-leading partners can support your Customer Experience initiatives, please visit our resource hub to access all on demand recordings and information from the 2023 Government Customer Experience and Engagement Summit.

Speed Your Agency’s Software Deployments in 6 Easy Steps

Posted on by Jim Dodson

Slow, bottlenecked, and often archaic release methods challenge most government agency software delivery teams. But can help your agency achieve faster releases with less risk.

Enterprise feature management provides teams with total control over application features, fine-grain release targeting, and detailed audit logs. It starts with feature flags, a powerful tool that allows your development teams to turn features on or off without requiring a code change or deployment. They are a modern solution to traditional hard-coded boolean flags custom-built for each app. With an enterprise feature management platform, you can use a pre-set feature flag enterprise framework to define and operate a simple and seamless experience. This delivers a that, among others, dramatically streamlines and accelerates software delivery. It also empowers teams to roll out new functionality gradually and selectively rather than all at once. And, your agency can “dark launch” a feature in production, reducing dependencies on expensive and custom staging environments.

Here are six steps that government agencies can take to get started with LaunchDarkly Federal, the only FedRAMP-authorized feature management platform. These steps will help you understand how to use feature management for high-speed, low-risk software releases of legacy and new applications:

1. Put in place the LaunchDarkly SDK to enable feature flagging

��ܲԳ��ٲ��’s&�Բ��; allow your developers to implement and share feature flags quickly and easily across software applications. They provide an easy way to connect new and existing applications to the LaunchDarkly SaaS platform. Simply include your programming language-specific LaunchDarkly SDK into your application to get started. The SDK initializes to a specific environment, manages default values and targeting contexts, handles any connectivity issues, and listens for feature status and rule changes. SDKs provide the support for real-time application updates without the need to deploy new code.

2. Identify your environment(s)

In traditional release motions, government agencies identify and set up numerous development, testing, and production environments. Not only is each environment often expensive, but running a release through so many gates can be a significant challenge for resource-strapped teams. It is almost impossible to simulate a production level environment in staging and so when you release to production, you are testing in production anyways. Why not do it safely with granular targeting to reduce risk? With an enterprise feature management solution, you can reduce the number of environments and focus more on safely and securely testing in production.

3. Target, or even micro-target, your release

The next step is determining exactly where you will release individual features, and when. With feature flags, your development teams can release features in a highly customized way. By creating targeting rules, teams can easily target individual releases to a subset of users, resources, or even infrastructure, before making them widely available to all end-users. It’s possible to even micro-target a single user.

Targeting makes it simple to progressively release a new feature to a QA team or to project sponsors for feedback. The granular control over features and release targeting that LaunchDarkly Federal provides will enable more control than traditional blue/green deployments alone.

4. Flip a switch, and release whenever you want

With enterprise feature management, your development teams can separate deployment and release processes. Engineering teams can deploy code, and non-engineering teams can trigger the release with a simple flip of the switch. Decoupling these processes reduces the risk of failure and allows teams to release new features quickly and efficiently. Your development teams can keep progressing on their software development projects and release new features at the best time for their program or department. And, enterprise feature management also allows your project and program teams to develop, test, and deploy features using custom workflows with enterprise-level management capabilities.

By using low-risk continuous integration/continuous development (CI/CD) development processes with incident resolution times of less than 200ms, teams can improve developer productivity and reduce the time it takes to release new features to production.

5. Quickly disable features if issues or errors occur

In the event of an issue or error, teams need to be able to quickly disable features to avoid any issues affecting the application in production. Issues could range from something major such as security vulnerabilities to minor usability and cosmetic problems. With traditional processes, a team would have to roll back to a previous release losing everything they just deployed or take down an entire application to address issues or errors. However, with enterprise feature management solutions, teams can quickly disable the individual problematic feature leaving the rest of the application unchanged. Instead of the lengthy and cumbersome rollback and redeployment processes, this limits the impact to the application with zero downtime. DevSecOps teams would then typically perform a “patch forward” for the fix.

6. Track the release with detailed analytics

Using analytics, monitoring tools, and processes helps guarantee that your software meets government guidelines and agency policies. Using enterprise feature management, your agency can gather detailed audit logs and analytics to inform your decision-making and improve software delivery processes across your mission-critical programs.

Following these six simple steps can help you shrink your agency’s release time from years and months, to days and hours, just like it did for the Using LaunchDarkly and the six steps above, CMS went from one launch once per quarter, to completing six launches within a single day to support a global rollout.

Feature management is a powerful DevSecOps tool that can truly accelerate the delivery of transformative software. With detailed control over features, release targeting, and detailed audit logs, your agency can reduce risk and deliver software at the speed of the commercial world.

to learn more about LaunchDarkly, and view our our public sector webinar to learn more about DevSecOps best practices.

Safely Modernize Legacy Systems with Palantir Foundry Container Engine (FCE)

Posted on by Madeline Zimmerman

Missile warnings. Airplane flight statuses. Satellite observation alerts. Much of the U.S. Government’s most critical digital infrastructure is dependent on software built during the Cold War, written in archaic languages (e.g., Fortran, COBOL, ADA), and/or installed exclusively on mainframe computers. While the infrastructure is old and may struggle to keep up with the needs of today, the core logic often works well. Yet re-writing decades of work and millions of lines of code to try to modernize just isn’t feasible.

Introducing Foundry Container Engine (FCE): FCE runs containerized legacy code in Foundry, enabling government agencies to leverage what’s working and safely leave behind what isn’t. For an analogy, consider AWS Lambda, which revolutionized how engineers run code by abstracting away the hardware infrastructure required — no more worrying about servers and clusters. In a similar fashion, FCE is revolutionizing how engineers integrate and orchestrate legacy investments in their modern software architectures. FCE streamlines your modernization journey, allowing you to incrementally rebuild millions of lines of legacy code while continuously delivering new value to the organization.

The Challenge: Operationalizing legacy code is hard

Code that is decades old is not inherently bad. On the contrary, it’s been battle-tested over decades and written by people with deep expertise in highly specialized fields. Yet aligning old software to the changing operational realities of today is both daunting and necessary. It’s often untenable work to re-write and scale up the satellite model that was built to detect 100 satellites in the 1980s and now needs to detect 30,000 satellites in 2023.

Our customers who rely on legacy code and infrastructure frequently face the following challenges:

Modernizing is disruptive: Too often, the only options presented for modernization are highly disruptive — data lakes, code base overhauls, and multi-year roadmaps. These run the risk of taking critical systems offline without ever accomplishing the necessary operational outcomes.
Unscalable: There is a long lead time for up-sizing environments to meet computation requirements, and scaling replicas of instances of products is often impossible. Forget about doing this in real-time to meet today’s critical deadlines.
Siloed logic: Sophisticated legacy models are much more valuable when integrated with other data sources. In our satellite example, this might include observation data, surveillance networks, sensors, and more. Adding new data feeds, data processes, outputs, and interfaces is unfeasible or too slow to be valuable.
Closed ecosystem: The data pipelines associated with legacy code are often a black box. There is no way for other platform and development teams to securely collaborate, effectively limiting upside by restricting the number of people able to interact with the code and provide novel analyses.
Divorced from operational decisions: Legacy models produce compelling insights, but the outputs are not actionable. There is no easy way to automatically create an intuitive visualization or useful alerting logic. A collision model might show satellites are about to collide, but users cannot action this information to re-orient where those satellites are flying.

Solution: Use FCE to lift and shift logic to Foundry and make it 100x more valuable

As a centrally-managed, cloud-based SaaS platform, Foundry offers instant access to cutting edge modern software implementation, including streaming pipelines, live API-driven inference, and autoscaling. Now that FCE allows containerized code to run in Foundry, unlocking the full value of legacy systems has never been easier.

Day 1 benefits include:

Safely and incrementally modernize: Immediately start your modernization journey with the assurance that critical systems will continue to function, and deprecation of old components will do no harm.
Rapidly scalable infrastructure: Achieve on-demand expansion of your compute and storage environment as capabilities evolve and expand. This provides resiliency and redundancy to avoid a single point of failure. in the FAA’s flight software should not cause flights to be grounded nationwide.
Flexibility and interoperability: Seamless addition of future data feeds, data processes, objects, schemas, and interfaces. Fuse disparate data to quickly produce new analyses.
Secure collaboration: Built-in security access control features enable secure collaboration among combined platform and development teams. When combined with pipeline transparency and DevSecOps iteration, customers can securely democratize outputs over open, extensible APIs.
Modern and dynamic user interfaces for rapid and automated decision-making: Users easily configure alerting logic and produce new applications with low-code/no-code tooling. Translate the complex output of a satellite physics model into an operationally relevant Space Domain Awareness application.

In a silo, legacy software can still be improved, but those small gains come at the expense of the significant, compounding benefits of modernization. FCE enables agencies to rapidly speed up progress towards their software-driven outcomes by integrating anything run by FCE with other Foundry products (e.g., pipeline builder, streaming, workshop). With Foundry’s core principles of modularity and interoperability, agencies can selectively deprecate legacy software components without disrupting their data sources, ontology, and actions. In a world where the missiles are parabolic one month and hypersonic the next, innovation in bits must outpace innovation in atoms.

This post originally appeared on and is re-published with permission.

Download our Resource, to learn more about how Palantir Technologies can support your organization.