Warnings from the White House about potential cyber attacks by a hostile nation-state. Security risks in third-party software code. Ransomware paralyzing schools and hospitals. Phishing schemes targeting employees. Talk of cyberwar. It is a very tough time to be a cybersecurity professional. Success in this ecosystem depends on more than technical expertise and knowledge of specific attack countermeasures. Security and IT leaders need a clear...

The Russian invasion of Ukraine started with cyber attacks shortly before tanks crossed the border. Data-wiping malware infected a number of government systems, while many official websites were downed by DDoS attacks. The problem is, malware released into the wild rarely stays in one place. While Ukrainian systems may have been the target, it did not take long for the malware to show up in Latvia and Lithuania. Times of uncertainty trigger he...

The pandemic of the last two years has changed the federal workplace. As employees begin a cautious return to their offices, the federal government’ Safer Federal Workforce Task Force is exploring how to balance reopening with the employees’ desire to keep some of the flexibility they discovered while working remotely. Key priorities such as hoteling, workplace/building services, visitor management, and the potential for understand...

When the pandemic drove millions of government employees out of their offices and into remote work two years ago, the need to overhaul legacy identity and access management (IAM) processes became apparent. President Biden’s Executive Order and National Security Memorandum on cybersecurity pushed this further by embedding Zero Trust architecture at their core, and January’s memorandum from the Office of Management and Budget (M-22-0...

Everyone has seen media reports that Russian soldiers are using personal cellphones, rather than encrypted communications, because they made the mistake of destroying 4G and 5G towers. In military terms, they find themselves operating in a “denied environment,” because they accidentally rendered their comms network inoperable.All soldiers in a combat situation are operating at the “tactical edge,” where things like limi...

Ever since the White House issued its Cybersecurity Executive Order in May 2021, a lot of attention has been paid to the concept of zero trust embedded as its core objective. But the reason to get to zero trust is to protect the data – after all, what do system intruders want? To read, or alter, or copy the data, which they can then use for their own purposes, from monetizing intellectual property to stealing someone’s identity to...

Safeguarding customer access yields better service Federal agencies have faced unprecedented demands over the past few years, as the pandemic shut down physical offices, forcing employees to work from home and requiring agencies to completely rethink how to provide services. Data breaches and accelerating ransomware attacks have harmed agencies’ operations just as they became dependent on online delivery of services. Now agencies are bei...

Last year, the U.S. healthcare system faced unimaginable demands created by the pandemic. Unfortunately, 2021 also was a banner year for healthcare data breaches – more than 40 million individuals’ health records were exposed. Nor are the cyber threats limited to personal records. Ransomware attacks locked down and encrypted hospitals’ and health departments’ data, and the Food and Drug Administration issued a Class I r...

Words like “bureaucracy” and “red tape” often come to mind when folks think about government, but the quality of customer service is changing – for the better. In December 2021, the White House issued its "Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government." In conjunction with the President's Management Agenda addressing customer experience, agencies ha...

On January 19, 2022, the White House issued National Security Memorandum 8 (NSM) to improve the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. The memorandum requires National Security Systems to employ network cybersecurity measures equal to or greater than those required of federal civilian networks in Executive Order 14028, issued in May 2021. The NSM builds on several parts of the EO, includi...