Is Congress Spending Enough on Cybersecurity?

A hacker tried to poison a Florida community’s water supply earlier this month by gaining remote access to a water plant’s computer system and attempting to increase sodium hydroxide levels. A vigilant plant operator noticed the breach and stopped the tampering before the community was affected. The intrusion, which could have poisoned thousands, demonstrates the seriousness of the cybersecurity threats facing the United States.

For Congress and the Biden administration, this and other recent cybersecurity incidents should prompt new questions about whether the federal government is investing enough in cybersecurity to address the growing threat.

Investing resources to defend American government and private sector information technology could earn bipartisan support on Capitol Hill given the growing cybersecurity threat. But leaders must answer longstanding concerns about critical federal cybersecurity programs to lay the groundwork for sustained investment. Recent developments—including the massive SolarWinds breach—underscore legitimate concerns about the government’s capacity to defend against growing threats.

Congress has been ‘admiring the problem’ for decades.

In 1997, the nonpartisan Government Accountability Office added “information security” to its annual list of the federal government’s high risk areas. Today, nation-states and other adversaries exploiting cyber vulnerabilities have become one of the nation’s most serious national security threats. China, Russia, Iran, and North Korea increasingly use cyber operations to steal information, to influence citizens, or to disrupt critical infrastructure.

Traditional espionage against government networks, such as the 2015 Office of Personnel Management breach and the recent hack of IT firm SolarWinds, have exposed government secrets and likely jeopardized national security in ways that are impossible to quantify.

Ransomware attacks have disrupted municipalities, school districts, hospitals and other organizations in recent years. Reports of these financially motivated incidents increased by 100 percent last year, according to one estimate.

The federal cybersecurity budget compared to other spending priorities.

For 2021, the Trump administration requested $18.8 billion in reportable cybersecurity funding (level with 2020 budget). The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) had a budget of about $2 billion for 2021.

Considering the relative and immediate threats in the cyber and air domains, should Congress be investing more on cybersecurity than the air or other domains? Are there other areas that should be reprioritized to strengthen the nation’s cyber defenses? These are questions that Congress should be asking.

The federal government has an “intrusion and detection” system known as Einstein that prevents intrusions with a signature-based approach. That’s great for blocking “known fingerprints”—i.e., previously identified patterns of malicious data or malware—but is unable to stop new malware or other exploits that haven’t been used before.

Federal agencies have their own internal problems with cybersecurity. A bipartisan investigation found that the Department of Homeland Security has “failed to address cybersecurity weaknesses for at least a decade” and “continued to use unsupported systems, such as Windows XP and Windows 2003.”

A bipartisan opportunity in the 117th Congress.

The president and his team should acknowledge that reforms are needed across the government and particularly within CISA. A good place to start would be to commit to upgrading the Einstein system to provide better protection for federal agencies and to prioritize the federal government’s cybersecurity among CISA’s many mission areas.

The United States has been playing defense and losing in the cyber domain for the first two decades of the century. It is time that Congress recognizes that cybersecurity is now a top responsibility for securing the common defense and to fund that mission appropriately and efficiently.

Summarized from thedispatch.com

Why best-of-breed cloud apps are the future and what you can do to prepare

The slow adoption of remote-working culture was thrown out the window in 2020 due to the mass work-from-home wave and the identification and adoption of cloud-based apps.

As workers all over the world move away from the office and into their homes, (some, permanently) a mix of best-of-breed cloud apps such as Zoom, Slack, Microsoft Teams, and Google Workspace have become the tools of choice. These best-of-breed technologies are, by definition, the champions of their domains. Whatever they do, they do really well.

Historically, many organizations relied on a single-suite software, like Microsoft, to provide a range of tools in an integrated system so that users have one interface to learn; integration between applications allows for seamless data transfer; and there is only one vendor relationship to manage.

The downsides of a single-suite solution issues of single-suite software include: not all tools are created equal; change requests lag behind more agile providers; and enhancements are always “in the next release.”

Fortunately, best-of-breed technologies address many of these concerns by knowing their role and are designed to connect seamlessly with other key systems. These platforms constantly evolve to meet the needs of the businesses they serve

While the shift away from single-suite tools enables agile communication and collaboration, data readily becomes trapped in silos like Google Workspace, and Dropbox or messaging using Slack or Teams.

Best-of-breed tools are growing at such a rate that going against this new paradigm, rather than with it, simply won’t work. Companies shouldn’t have to sacrifice efficiency and innovation for governance and control. Instead, they need to begin structuring people, process, and technology to gain the best of both worlds.

The following are some key considerations for legal, IT, and other organizational leaders who wish to take a comprehensive, forward-thinking approach to best-of-breed collaboration apps.

  • Giving employees the best of the best along with updated device and app policies may reduce the use of unsanctioned devices and apps, which creates cybersecurity and legal risks. IT should have a place at the table when deciding on which cloud-based apps to implement.
  • Implement best-in-breed apps that emphasize security, enabling the transition to identity-based security.
  • It is now more possible than ever to connect disparate systems in a centralized location.

Summarized from jdsupra.com

Deloitte Launches AI Platform Made for the Public Sector

Hoping to help government make sense of the endless data it collects, Deloitte has launched an AI platform made for the public sector.

CortexAI for Government, which works in on-premise and hybrid environments as well as all the major cloud services, includes a suite of applications, tools, models and data sets, including RegExplorer, a tool already in use in many government agencies which identifies conflicting, redundant, or outdated regulations. Also included are natural language processing tools which help parse through speech and text to pull out meaning and sentiment, model training, and situational awareness functions. Deloitte is also offering ways to audit AI algorithms and report on accuracy and equity.

CortexAI for Government will help agency leaders and frontline public servants introduce new AI solutions and execute their organizations’ missions more effectively and with reduced cost.

Artificial intelligence has already found its way into government in many functions, ranging from automated license plate readers to cybersecurity with much of it part of third-party software and focused on specific use cases. Broad-ranging platforms in the vein of CortexAI for government aren’t as commonly seen at the state and local level.

Summarized from GovTech.com

Protect the Integrity of Your Data with Offsite Backup

ATON Computing’s application of SIRIS, the Datto all-in-one Business Continuity and Disaster Recovery (BCDR) product, covers all continuity & disaster recovery needs, protecting servers, files, PCs, and SaaS applications. Datto works with all sizes of public sector organizations, providing a customized solution tailored to specific needs to prevent data loss and minimize downtime while building margins for growth.

More than just cloud backup, SIRIS can protect Windows-based workstations and laptops from downtime and data loss, and more importantly, rapidly recover data if disaster strikes. The SIRIS platform combines the most important elements of data protection into a single fully integrated package that includes:
• backup capture and verification,
• backup restoration, and
• a complete virtual host for business continuity.

ATON’s application of SIRIS provides:
• data protection with every imaged-based snapshot stored both on-prem and in
secure, CJIS-compliant data
• business continuity products which are designed, assembled and implemented
in the USA;
• award winning technology and innovative solutions.

SIRIS will maintain an online presence in the face of devastating issues including ransomware, malware, natural disasters, network downtime, and costly human error. Restore options range from granular restorations targeting specific files to a full system restore designed to immediately get back up and running.

Datto does not offer its backup solutions directly to municipalities or counties, requiring acquisition of SIRIS through an MSP. ATON computing is positioned to offer the Datto full disaster recovery system in a turnkey solution under contract through SHI.

Government Chatbots Now a Necessity for States, Cities, Counties

Before COVID-19, a few leading governments were dabbling in chatbot technology, using AI to address common resident queries. In 2021, it’s hard to imagine government doing the people’s business without them.

Governments are using chatbots to help handle a massive influx of questions from the public during the pandemic. Chatbots typically use some form of AI algorithm that can handle common questions and leave less common or more complicated questions for human staff to answer.

HOW DO CHATBOTS WORK?

Most jurisdictions that use bots have a definite list of questions they are capable of answering. They are often structured for weeding out of people whose questions can be answered easily. This is especially important during the pandemic because people have been turning to the government more than usual for things like health testing, unemployment benefits, and other kinds of assistance.

In states across the country, chatbots served a vital role in augmenting the capabilities of human staff members to deal with unrelenting waves of questions from applicants of unemployment programs.

MANY PURPOSES

A lot of the jurisdictions surveyed used chatbots for COVID-19-related purposes. Connecticut’s COVID chatbot did the work of four full-time employees during a four-month period.

Placer County, Calif., has a bot capable of answering more than 375 questions. IT agencies San Joaquin County, Calif., and Fairfax County, Va., worked with other departments to figure out what their needs were and what their most frequent questions were so that they could build those into their chatbots.

In May 2020, Minnesota’s chatbot tools, combined with its live chat function, saved an estimated 1,700 hours of staff time.

The Cabarrus County, N.C. chatbot is capable of pulling in information from other systems in order to help the user. Missouri’s Department of Revenue worked with Accenture on a virtual agent named DORA, which answered 100,000 resident questions in its first three months, fielding questions on taxes, driver’s licenses, and motor vehicles.

FLEXIBILITY

A key feature of chatbots is that they’re designed to answer a growing number of questions over time. Many governments use data analysis tools to follow the kinds of questions citizens ask so that they can add answers to those questions over time, and so bots can learn how to respond to variations.

Chatbots can also take input in many different forms, which gives them the unique ability to serve citizens across multiple channels. Several jurisdictions got into chatbots by first making them available via text, a more ubiquitous option a few years ago when the technology was first taking off. Jurisdictions have since added web functionality and texting to their bots. San Joaquin County also built its bot to work in three languages.

THE FUTURE

Survey results and the trends of government technology during the pandemic point to a time of growth for government chatbots, especially if they can help make digital services, emergency operations, and telework more workable.

 

Summarized from www.govtech.com

10 Dos and Don’ts for Government Cybersecurity Leaders

As we move into the new decade, keeping track of cyberthreats, acquiring and retaining talented pros, addressing remote working challenges, and the importance of cybersecurity to managing budget priorities in tough economic times, are important issues with the list of responsibilities and expectations growing.

Here are 10 best practices that come from a list of security industry resources, five dos and five don’ts for new and veteran government cyberleaders.

Don’t be “Doctor No”. Be known as an enabler of new technologies, offering alternative solutions that can work at different price points with varying levels of risk.

Don’t stop communicating. Security leaders must constantly provide timely updates and cyber awareness to internal and external departments.

Don’t stay inward-focused. You don’t know what you don’t know, so get involved with outside specialty groups and consider the security committees for the national organizations and vendor partners.

Don’t become overconfident. Surprisingly, a significant number of government security leaders report that everything is fine on the security front. Even if you have been able to successfully navigate your leadership challenges so far, you never know what tomorrow will bring. Bad actors are trying harder than ever to overcome your cyber defenses.

Don’t forget to celebrate success. Since securing the enterprise is never complete, some never stop to enjoy project success. Be sure to thank your staff. Throw a party when key milestones are complete.

And here are five more things you should do:

Do meet with department leaders regularly. Discuss their unique requirements and goals.

Do have a plan. Cyber strategies that work together with wider technology goals are a must.

Do practice. Partner with other governments, criminal justice agencies, nonprofits and others on tabletop exercises surrounding security incident response.

Do find and/or be a mentor. The MS-ISAC mentoring program is a great place to start.

Do persevere. Become a resilient team. You can do this, and there are many people eager to help.

 

Summarized from www.govtech.com

Fostering Contactless Government Beyond the Pandemic

The term “contactless” has become increasingly popular in recent months due to COVID-19. Demand for digital and no-touch services has grown by 20 percent in the U.S., according to the consulting firm McKinsey, with governments ramping up online portals and services, rolling out contactless transit systems, enabling remote visits by social workers, and enlisting chatbots to support surging demand in call centers.

Remote work, virtual hearings, digital identities, and other technologies are reshaping how governments operate and interact with their constituents in ways that will long outlast the pandemic. Government leaders now face new challenges to maintain momentum beyond the pandemic. Ten areas to focus on are:

Leadership commitment.
Throughout the country, governments’ response to COVID-19 has been a success story with agencies that had previously made investments in digital delivery rapidly able to bring additional services online. As the pandemic abates, it will take continued leadership to drive sustained change, making it a top priority and investing political capital.

Thinking beyond digital delivery.
In many communities it took the pandemic to finalize a process for online permit submission and approval. Other government services need to be addressed with leadership developing ways to reduce friction points with building inspections, where much of the groundwork and subsequent follow-ups can be conducted online with the inspector only making the in-person visit. Additionally, recreation and other activities can be scheduled digitally and followed up with surveys to monitor the quality of service.

Developing digital identities.
Unified digital identities, a largely missing element to improving digital government, allows citizens to use a single login to access services across all departments and services.

Refining remote work.
Many state and local governments had invested in technology to allow employees to work remotely before the pandemic, but the rapid shutdown of government buildings forced massive scaling. Following the pandemic, government workplaces will become even more hybrid and adaptive, with systems and processes of today, designed for a pure office model, having to be redesigned to work differently.

Rethinking public meetings.
At the outset of the pandemic many states issued executive orders or rulings that temporarily relaxed open meeting laws to allow governing bodies to convene remotely. During the pandemic, some governments found that shifting public meetings online actually boosted citizen interactions.

Addressing the digital divide.
An important realization after schools shifted to remote learning is how many families lack Internet access at home. As many as 24 million households nationwide lack reliable and affordable Internet access. Many governments and school districts are coordinating private- and public-sector efforts to provide low- and no-cost options for students and citizens.

Maintaining options.
While digital services have largely been ramped up by necessity, it’s important to ensure that citizens continue to have other options. Maintaining multiple options can be part of a longer-term strategy.

Privacy and security.
Headline-grabbing cyber and ransomware attacks are coming at a time when more government operations are reliant on digital systems and more employees are accessing them from home. Beyond the threat of cyberattacks, the remote delivery of services requires governments to think in new ways to ensure that privacy laws are being followed. Efforts to implement next-generation contactless technology, such as the facial recognition systems, could fall afoul of legislation banning their use.

Budgeting priorities.
As government leaders await the full fiscal impact of the pandemic, experts point to how cutbacks following the dot-com crash nearly two decades ago slowed government adoption of technology for years.

Look ahead to “no-touch” government.
Governments’ success in maintaining services during the pandemic has made the public more conscious and aware of the impact public servants have on every minute of their lives. Looking forward, the opportunity will shift to making those services automatic.

Summarized from govtech.com

States, Local Areas See Common Tech Challenges for 2021

A recent webinar by the National Association of State Chief Information Officers (NASCIO) and the Public Technology Institute (PTI)  addressed the reality that technology trends among state and local governments are significantly impacted by COVID-19.

The top issue was cybersecurity based on the increase of state and local employees working remotely and the pandemic creating a whole set of new security challenges. The biggest barriers to improved cybersecurity are insufficient budgets and staffing.

The focus on cybersecurity among cities and counties has intensified as ransomware attacks of the past that may have involved demands for $250 or $500, now criminals often ask for six-figure sums.

While more localities are turning to cyberinsurance, it is cyberinsurance that is actually becoming more of a target because cyberinsurance companies are more willing to pay out.

Accessing digital services is another top trend among state and local governments with the pandemic making such services more of a necessary investment to improve the citizen experience.

Other trends show that state and local governments are increasingly tapping into off-premise and cloud solutions for their technology needs in order to make their footprints smaller or to optimize their environment. Governments are finding that managed service providers might be able to do a better job at a less cost.

Broadband was presented as a much bigger concern going into 2021, with the need for affordability to be addressed from a policy perspective.

Summarized from govtech.com

Four innovations state and local governments spawned during the pandemic

The Pandemic has required state and local governments to transition services that are normally provided in person to virtual events and digital interactions. IT departments have launched new and innovative solutions to provide new functionality, transparency, and support to residents.

In St. Louis officials counteracted financial losses by keeping track of every penny spent to slow the spread of the virus by using a new open data portal that keeps track of purchases of personal protective equipment, additional IT services, COVID-19 test kits, and how much the city is spending on COVID-19 relief areas.

Jackson, Mississippi became one of the first U.S. cities to include a “cough bot” in the corona virus screening platform the enables residents to send a recording of a cough so that a machine learning powered tool can analyze it and distinguish between a regular cold and COVID-19.

In Los Angeles, as the need for resources like food banks, child-care centers, and job placement offices increased, it became more difficult for residents to access these services due to changing locations and transportation issues. To assist residents, the city put together a map of the food banks including hours of operation and who is able to access the food. They also published a “resource hub” to help accessing digital services based on user groups.

The pandemic accelerated the modernization of local governments, pushing them to transition traditional services into automated digital transactions. Suffolk County, New York accessed robotic process automation to free up the county’s nurses from spending an inordinate amount of time doing paperwork required to log coronavirus cases.

Summarized from statescoop.com

How cloud computing can unlock city innovation

Cities are generally slower to embrace emerging technologies to enable innovation than other sectors of the economy because these essential services don’t invite the kind of experimentation and risk-taking that is seen in the private sector.

The growing realization is that emerging technologies coupled with innovative processes can lower the cost of operations, deliver better community experiences, and automate and accelerate many services.

Cloud computing is beginning to deliver on the promise of positive change with “everything as a service” or XaaS.

XaaS cloud services include software applications, storage and identity management, development platforms, communication suites, artificial intelligence, and much more. XaaS provides flexibility, little or no maintenance, peace of mind with built-in disaster recovery, reduced capital expenses and implementation timelines, freed up staff, and better financial terms. Xaas is a core driver of digital transformation and is supporting smart city initiatives across the country.

On the flip side, XaaS means losing some level of control in an architecture in which vendor infrastructure is designed to deliver consistent experiences on the same scale to all users who receive the same services. Additionally, discontinuing services from one vendor to another can present difficulties in moving data smoothly. Lastly, cities are required to ensure compliance with regulatory requirements, meaning that some data must be handled in certain ways.

Summarized from statescoop.com