Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

It sure looks like the federal government is starting to recognize data is a strategic asset; managing that asset given today’s pace of volume and complexity forces leaders to examine a more systematic approach to handling data.  Let’s review in 2021 there was an Executive Order called the Federal Data Strategy.  That same year, the State Department deployed its data strategy.  The DoD developed the Joint All-Domain Command and Control (JDAC2) to utilize data in today’s contested environments.  The Chief Data Officers Council now lists 90 members.   Today’s interview is with Rob Carey, the well-known expert who boasts twenty-five years of increasing management authority in the United States Navy.  He begins with an observation that focusing on the platform or the infrastructure will miss direct systems administrators.  Effectively securing the data over a hybrid cloud will allow one to optimize this data stream in a fast and secure manner. During the interview, Rob defines concepts like data lakes, data warehouses, and data lake houses. The focus is not to produce a tech glossary, the reason for the differentiation is to give federal leaders data-driven insights.  He argues that today’s hybrid world must be bridged by a system that can leverage machine learning and artificial intelligence to classify and tag data in a fast-moving world. 

Software vendors will talk about an increase in productivity once the system is in place; one aspect that doesn’t get mentioned is the whole process of learning the system.  Right now, the federal government is in the middle of a drastic increase in activity.  Billion-dollar programs are being deployed and federal technology professionals will, most certainly, launch new systems to manage these initiatives. One aspect of digital transformation is the basic one – learning the new system.  These new systems can be specialized scientific applications of more general tools, like project management.  Billy Biggs from WalkMe suggests we look at a solution that has helped over 2,000 corporate customers. It is an overlay on a browser that can anticipate questions that come up when a person needs to be onboarded or learn a new system.  Before COVID, there may have been some informal knowledge-sharing “around the water cooler.” Today, there is a high likelihood that a person may be hired and be expected to learn a new project management system while working at home, alone.  In the new variation of “Home Alone,” this person may get stuck- and drive-up support tickets, losing valuable time.  Further, there is a much more diverse workforce, where assumptions about systems knowledge may not be even balanced throughout the team. WalkMe uses artificial intelligence to see how most people would use a digital system and provides prompts to help in that change. Listen to the interview as Billy details how his solution increases productivity, and visibility, and allows users to scale.

Magicians work by misdirection.  The same is true in managing federal in federal information technology. Let’s say you have done your work with compliance on your Infrastructure as a Service Platform and your Platform as a Service. Malicious actors know this all too well.  As a result, they look at the weak spot – the apps themselves.  It is possible that your eyes were on the wrong part of the system. Some pay lip service to app security.  For example, when an Authority to Operate is granted, security of your apps may be given an overview, then ignored.  Sometimes, a review of app security does not take place until the three-year expiration. If not continuously monitored, mismanag3ed apps can put your agency’s system out of control.  Line of business users may decide to sign up for a SaaS product without the security people being informed.  Systems can be misconfigured. Data can be misclassified. You may have people who have left your agency and there are unnecessary user accounts extant. Securing apps on a hybrid cloud needs regular posture assessment.  In the commercial world there are products classified as SaaS Security Resource Management systems.  During the interview, Brandon Conley, details how a platform that examines apps can eliminate configuration issues, structure user permissions, and assist with changed in compliance requirements.  

They stopped building castles with moats and walls when technology made them useless.  Today, our notions of perimeter defense are being negated by technology as well. This time, the network has expanded the number of threat vectors to the point where it is almost impossible to even catalog the endpoints. Because federal networks are being accessed from mobile devices, there is an increased federal focus on enhancing cyber defense.  We don’t have to look further than the Office of Management and Budget to see them requiring Zero Trust Architecture.  ZTA’s first pillar is identity; identity is increasingly dependent on edge devices like laptops and phones. Facts about cybersecurity are fascinating. Recently, Verizon released its Data Breach Investigations Report, a well-respected study of cyber security concerns.  They state that 62% of breaches were caused by partners to organizations, not from internal threats.  This fact alone is an interesting twist on the concept of the supply chain. Federal information professionals now must worry about external threats on mobile devices of contractors.  During the interview, Tony D’Angelo provides suggestions for increasing Mobile Endpoint Security.  He suggests that humans may be more vulnerable with a phone because we typically drop our guard with something like a text message with a link. Tony D’Angelo turns the table in the middle of the interview – he mentions a tool that is used to attack phones called “Pegasus.”  It can embed on a phone without any user action.  Lookout has become adept at identifying malicious code on phones. So good, they claim they can recognize a zero-day attack before it occurs.

The federal government is subjected to thousands of cyberattacks a day.  When you combine that statistic with the tremendous gap in people that need to be hired for cyber defense, you can see the problem that is developing. One way is to gain a better understanding of malicious actors move from network to cloud and then expand into a system.  The log information is all there, the problem is that there is so much of it, a human doesn’t have a chance of trying to get a handle on the attack vectors taking place. When it comes to processing enormous amounts of information, the classic Central Processing Unit has limitations.  One way around this limiting factor is to use a Graphical Processing Unit, or a GPU.  Today, systems architects are designing systems that can cluster thousands of GPUs to accomplish this tremendous task.  There are some systems with 10,000 GPUs processing large amounts of data. During the interview, Bartley Richarson talks about the role nVidia has in understanding the people attacking the federal government.  He outlines basic concepts like data preparation, model training, and visualization.  When presented with mountains of data and an incredible demand on compute, systems can be structured to help federal managers accelerate time to insight. The basic example used is determining a best path for a firefighter to follow.  There is a better example in outer space.  For example, a traditional satellite will gather data and relay that data to a ground station. From there, it will be relayed to a place where the analysis is done. Each step along the way takes time. One approach is to have a satellite that can do autonomous board data fusion in space.  From there, it can use artificial intelligence to relay information to the federal government.  This can be as pedestrian as a traffic report to a wide range of military intelligence.   

Everyone reading this knows that the typical federal agency runs thousands of apps. We have seen reports that range from 600 apps to 2,400 apps. The number of apps is debatable, and the managing of these apps is the real concern. According to Beau Hutto from Netskope, only 3% of these apps are managed. You can attribute that to a lack of funding, trained system managers, or a constant state of transition, but the fact remains that each one of these apps can develop into an attack point for the system. During the interview, Beau Hutto talks about an innovative way to manage a network – through something called a Secure Access Edge Service. This is an approach where an intermediary platform can provide a manager with knowledge about the user, the device, and the app. This allows for the automation of task management in disparate systems. Beau Hutto argues that a system like this will reduce complexity, provide universal access, and be cost-effective. In a related development, Netskope is organizing a group of network experts into the Netksope Network Visionaries. They will take years of combined experience to give observations about recent attacks and potential remediation efforts. Netskope recently partnered with the U.S. Patent and Trade Office to upgrade its network management system. The USPTO understood that, even with a system that performing at an optimal capacity, technical changes were happening so rapidly they needed to move the idea of zero trust to the edge of their cloud-spanning system.

A simple Google search will tell you that we now have seven billion people and over twelve million active endpoints. These are devices that are moving on the ground and even in outer space. It is unfortunate that the basis for managing endpoints on a network began as controlling individual desktop computers in a single building. Oh, for the simplicity of those days. Today’s federal network has hundreds of endpoints to manage. Employees, contractors, phones, remote workers, identity management challenges – they all add to the complexity of understanding who is on your network. Many federal systems rely on “inherited” credentials for a person using the system, a sure recipe for failure in security. “Non-Person Entities” sure sounds like it comes out of a science fiction movie. Managing devices on a system will have to incorporate understanding robotic process automation and its implications. Malicious actors will treat each point as an opportunity to evaluate and attack. One of the most popular ways to attack today is with ransomware. Ivanti regularly releases its Ransomware Index. The report from 2022 indicated a rise I of 7.6% in ransomware. The war in Ukraine has increased wariness for all federal systems. During the interview, Bill Harrod from Ivanti suggests that mobile end points could have high potential for allowing malicious code into a system. Systems called Unified Endpoint Management are becoming increasingly relevant for federal protection. Bill Harrod explains that there is no perfect tool, best practices for containing this threat is to microsegment a system to control the “blast radius” of an attack. This resiliency should be based on a deep knowledge of what is on your network.        

Ep. 18 Splunk’s SURGe: How to get immense value from a small group A convincing argument can be made that Splunk is a leader in analyzing machine data for enterprise systems; ninety-two of the Fortune 100 use Splunk. They apply this skill set to the federal world and help enhance security and drive resilience. Because of this wide experience, they have seen many kinds of attacks like the infamous Solar Winds incident. There are many ways to respond to this amalgamation of knowledge. One can hold that knowledge behind a paywall and charge people. What is interesting is Spunk’s Ryan Kovar decided to get a group of veteran vulnerability specialists and share that information with the Spunk community. They call it SURge. Their goal is to be a timely advisor and provide research into cybersecurity challenges for large federal systems. Their first free white paper was, “Detecting Supply Chain Attacks.” They also have a podcast and a video series on YouTube. For the federal IT community, the most important member of SURge is Mick Baccio, Global Security Strategist. He began his career in the federal government and has shown his expertise over two decades, culminating in being the Branch Chief, Threat Intelligence at the Executive Office of the President. During this interview, Mick reviews the main challenges of securing federal technology:  unifying logs standards, multifactor authentication, ubiquitous encryption, and reliable asset inventory. He suggests that a platform can assist federal agencies in reaching the much-vaunted goals. One of the best quotes from the interview is, “Security is a data problem.”  

Digital transformation in federal information technology includes improving the citizen experience. It seems like everything you need from the federal government needs a form. This is most obvious in areas related to health and taxes but has application across most federal sectors. Improved citizen experience means forms completion reduces friction and gives federal agencies benefits like faster rendition, ease of scale, 24/7 service, and increased security. This was obvious four years ago. In 2018, the U.S. Congress recognized that transitioning away from paper into a digitized form would reduce cost and increase citizen experience. That was the year they passed the Integrated Digital Experience Act that required agencies to make a transition from paper to digitized forms that were accessible on desktop computers and phones.

It is unusual to find someone with twenty years of experience in the U.S. Army culminating in a position as the Chief Data Officer of the United States Army Futures Command. However, even rarer to find a person with a PhD. in systems engineering and multiple awards for systems engineering achievement. Yet, we did. Today, we are joined by Dr. Portia Crowe, Chief Data Strategist, Defense, and Applied Intelligence Accenture Federal Services. We are going to try to take that mountain of experience and distill it into a thirty-minute interview. The discussion focused on federal data strategy and best practices to achieve digital transformation in the federal government. Dr. Crowe’s challenges have not been insignificant – she had to work in environments where bandwidth is severely limited, even without communications. As a result, her lessons are even more applicable in a federal environment where cloud capabilities and high-speed Internet abound.