The Process-Oriented View: CISO Visibility During an OT Attack

Posted on by
Reply

When a cyber incident occurs in an operational technology (OT) environment, understanding what is actually happening can become difficult. Control systems may continue to display normal readings even if attackers have begun manipulating logic or feedback within Programmable Logic Controllers (PLCs) or Human-Machine Interfaces (HMIs). Operators see stable values while underlying conditions start to diverge from what is shown on screen.

If process data at the controller level is falsified, every connected monitoring and cybersecurity tool reflects the same false picture. At that point, the Chief Information Security Officer (CISO) and operations team lose reliable visibility into the physical process that underpins production and safety.

The choices that follow each carry risk:

  • Shutting down operations may prevent escalation but could also cause costly downtime if the intrusion is contained to the network.
  • Continuing to operate may expose critical assets to damage if the manipulation extends to the process layer.

A recent cyber event at Norway’s Risevatnet dam illustrates this limitation.
During the incident, operators lost visibility into parts of the control system, yet intrusion detection and monitoring tools reported no anomalies. The breach was discovered only when on-site personnel noticed irregular behavior in equipment operations.

This outcome speaks to a broader issue in OT cybersecurity. Network-based detection tools can confirm whether communication channels are functioning, but they cannot independently verify whether the process data itself is genuine.  If attackers manipulate information within PLCs or HMIs, every connected dashboard, alarm and analytic layer reflects the same falsified values. In effect, the system becomes blind at the moment visibility is most needed.

The Risevatnet case shows how quickly a cybersecurity failure can become an operational one. When control room data appears normal, incident response slows and decisions depend on incomplete or misleading information. Without a way to validate what is happening at the physical process level, teams must rely on manual observation or external cues, a reactive approach that offers no real protection in complex or distributed environments.

SIGA’s SigaML², available through Carahsoft, addresses this visibility gap by providing an independent, out-of-band view of the industrial process. The system collects unfiltered electrical signals directly from field I/Os (data that cannot be spoofed or altered) and applies multi-level analytics across Purdue Levels 0–4 to detect anomalies and false-data injections in real time.

Its components work together to create an evidence-based view of the process:

  1. SigaGuard sensors capture raw electrical data directly from equipment.
  2. SigaGuardX software correlates Level 0-4 information to identify inconsistencies and possible manipulations.
  3. S-PAS simulation tools allow cybersecurity and operations teams to rehearse attack scenarios and refine incident response playbooks.

These capabilities give CISOs and plant operators verifiable insight during an active incident, helping determine whether an event is operational or cyber in nature and guiding containment or recovery actions.

Regulatory frameworks including Network and Information Security Directive 2 (NIS2), Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and the latest National Institute of Standards and Technology (NIST) guidance highlight the importance of process-level monitoring and validation.

As oversight expands, CISOs and plant operators are expected to provide verifiable evidence of what occurred during an event, more than network logs or alarms.
Meeting that requirement depends on having data sources that remain trustworthy even when control networks are compromised.

SigaML² provides that capability, giving security and operations teams a direct, unaltered view of the physical process when clarity matters most.

Explore how SIGA’s cyber-physical security solutions empower CISOs with greater visibility during OT attacks. Visit Carahsoft’s SIGA solutions page to discover how your agency can enhance its infrastructure resilience.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SIGA, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

From Compliance to Capability: Key Insights from CS5 CMMC Global Conference 2025

Posted on by
Reply

The CS5 CMMC Global Conference 2025, the official conference of The Cyber AB, brought together more than 1,000 senior leaders from the Department of War (DOW), the Cyber AB, Federal agencies and the broader Defense Industrial Base (DIB) in Washington, D.C. The conference served as the essential gathering for defense contractors and DIB suppliers to chart the next phase of Cybersecurity Maturity Model Certification (CMMC) implementation, cyber resilience and supply chain security.  Speakers explored key themes, including:

  • CMMC’s Next Phase: Turning Compliance into Capability and Defending the Digital Nation
  • AI-Driven Compliance
  • Driving Operational Excellence through Documentation
  • Combat Readiness: Scaling Across the Defense Ecosystem
  • Strengthening Supply Chain Resilience

CMMC’s Next Phase

Turning Compliance into Capability

CMMC’s next phase represents precision in action and marks a national shift from policy compliance to operational defense. The United States now views information security as a foundational element of national defense. Safeguarding Controlled Unclassified Information (CUI), whether technical information, operational intelligence or logistical data, is inseparable from mission readiness and warfighter support. The DIB now operates as the digital frontline of national security, where compliance is no longer optional but an essential layer of protection.

Defending the Digital Nation

Contractors demonstrate that they not only meet Federal requirements but also actively share the responsibility of defending the nation’s digital infrastructure. CMMC represents both a compliance framework and a patriotic commitment to protecting critical information, ensuring that data remains secure in an era where proximity to the battlefield no longer determines risk.

AI-Driven Compliance

Artificial Intelligence is transforming the CMMC landscape by acting as a force multiplier for speed, accuracy and operational efficiency. Across the Defense Industrial Base, AI-enabled tools are drafting policies, tagging evidence, detecting anomalies and summarizing documentation that once required extensive manual effort. Large language models (LLMs) can rapidly produce preliminary content that validates cybersecurity readiness and synthesizes complex data, enabling DIB contractors to prepare security readiness at scale. Speakers emphasized the need for human oversight to ensure that AI-generated output is validated and aligned with compliance integrity, as automation without governance creates new vulnerabilities. In practice, organizations should leverage AI to enhance efficiency and maintain traceable audit trails, while reserving decision-making, evidence validation and risk assessment for qualified staff. 

When implemented responsibly, AI enables a balanced model of collaboration between human expertise and machine efficiency, accelerating readiness without compromising accountability or security.

Driving Operational Excellence through Documentation

Governance, Risk and Compliance (GRC) platforms serve as key accelerators by automating version controls, maintaining audit trails, centralizing repositories and linking policies directly to evidence. Updating documentation frequently ensures team alignment and simplifies compliance upkeep as levels role out and evaluations are conducted. Embedding documentation into corporate culture ensures long-term sustainability and empowers teams to focus on meaningful security efforts rather than reactive updates.

Best Practices:

  • Automate version controls and standardizes templates to ensure consistency
  • Use GRC systems to consolidate documentation and eliminate silos
  • Treat documentation as continuous validation: write it, organize it and prove it
  • Integrate compliance reviews into routine workflows to sustain readiness and confidence

Combat Readiness: Scaling Across the Defense Ecosystem

The official enforcement of Title 48 of the Code of Federal Regulations on November 10, 2025, will operationalize CMMC as a mandatory requirement for Federal contracts, transforming cybersecurity from a best practice into an enforceable procurement standard across the DIB.

As CMMC Phase 1 begins, compliance must be achievable and affordable, particularly for small and mid-sized contractors that anchor the defense supply chain. Organizations should use this time to budget to train and develop strategies for compliance, leveraging hyperscalers and automation to accelerate readiness. Speakers emphasized that scalable readiness, supported by harmonized frameworks and the reduction of overlapping requirements, is critical to sustaining momentum toward full certification.

Early preparation is essential, as a limited number of assessors may create scheduling delays once enforcement expands. Companies that act now by documenting, training and aligning their operations with Federal standards will not only meet compliance expectations but also reinforce their resilience, competitiveness and commitment to securing the nation’s defense ecosystem.

Strengthening Supply Chain Resilience

High-profile cyber intrusions reaffirmed a simple truth: supply chain security is the foundation of national security. Every organization must know what it protects, how it protects it and how that protection is verified through certification. Compliance is no longer just a cost of doing business; it is both a competitive advantage and a national defense imperative. Contractors should prepare their teams to understand eligibility requirements, strengthen internal controls and treat certification as an investment in long-term success. By embedding compliance into corporate culture and operational workflows, companies not only safeguard data but also enhance brand credibility, reduce systemic risk and ensure continuity of operations across the DIB.

Each contractor that fortifies its cyber posture strengthens the resilience of the entire supply chain because securing the DIB is securing the nation.

How Carahsoft Can Help

Whether your organization is preparing for its first CMMC assessment or advancing its cybersecurity maturity, there are continuous opportunities to strengthen readiness and collaboration across the Defense Industrial Base.

Explore CMMC Resources

Visit Carahsoft’s CMMC page to access compliance guides, vendor solutions and educational content designed to support Defense Industrial Base organizations at every maturity level. From understanding capability domains to preparing for assessments, our resources help organizations make informed decisions throughout their CMMC journey.

Download our comprehensive Cybersecurity Maturity Model Certification Framework Guide to understand the requirements, assessment processes and best practices for achieving CMMC compliance across all maturity levels.

Connect with CMMC Experts

Gaining CMMC compliance can be a complex and time-consuming process, but Carahsoft can guide your organization through every stage. Partnered with more than 200 cybersecurity vendors, Carahsoft connects DIB organizations with the right technologies, service providers and experts to address every maturity level and capability domain.

Contact the Carahsoft Team at (888) 662-2724 or CMMC@carahsoft.com to discuss your organization’s specific compliance needs and discover tailored solutions from our network of cybersecurity partners.

Attend Upcoming CMMC Events

Stay informed on the latest CMMC developments through Carahsoft-hosted workshops, webinars and training sessions. Through our network of partners, policy insights and educational events, Carahsoft helps organizations advance their cybersecurity maturity and meet evolving compliance requirements. Register to receive updates on upcoming CMMC-focused events and training opportunities.

Building the Future of Higher Education Through Strategic Partnerships

Posted on by
Reply

After more than 20 years of simplifying and facilitating technology procurement for higher education institutions, Carahsoft has developed a unique perspective: the greatest opportunities for innovation emerge when technology providers and campus leaders work together strategically, not just transactionally. Today’s most successful higher education IT initiatives share a common thread — they’re built on partnerships that align institutional needs with provider capabilities from the start.

This collaborative approach is transforming how campuses modernize infrastructure, strengthen cybersecurity and enable research excellence. Here’s what we’ve learned about building partnerships that deliver measurable results.

Understanding the Higher Education Technology Landscape

Campus CIOs are leading one of the most exciting periods of transformation in higher education history. The integration of Artificial Intelligence, machine learning and advanced analytics is opening new possibilities for research, student success and operational efficiency. At the same time, institutions are successfully navigating budget optimization, evolving institutional priorities and the ongoing need to strengthen cybersecurity posture.

From our vantage point as a Public Sector distributor working with hundreds of technology providers, resellers, implementation partners and thousands of institutions, we see tremendous momentum. Campuses are successfully deploying innovative solutions. Providers are developing platforms specifically designed for the unique needs of higher education. The opportunity now is to accelerate this progress through stronger collaboration and shared service.

What Campus Leaders Need to Succeed:

The most effective technology investments share common characteristics. They align with institutional strategy while delivering quick return on investment. They address current staffing realities rather than requiring extensive internal expertise. They integrate seamlessly with existing systems and workflows. Most importantly, they come with implementation support that helps institutions realize value quickly.

What Technology Providers Understand:

Leading providers recognize that higher education is a diverse marketplace with unique needs across institutions. A comprehensive research university has different needs than a liberal arts college or community college system. Successful vendors tailor their offerings to match institutional capacity which provides modular implementations that can scale over time as budgets and expertise grow.

Carahsoft’s Unique Position in Higher Education Technology

Our role as The Trusted Education IT Solutions Provider® and a Public Sector distributor gives us a distinctive perspective that benefits both institutions and providers. We facilitate numerous higher education technology transactions annually through cooperative contracts like OMNIA Partners, NASPO ValuePoint, The Quilt, E&I Cooperative Services and Internet2. This position allows us to see patterns and opportunities that emerge across the entire ecosystem.

View Carahsoft’s comprehensive suite of EdTech Contracts.

Operational Intelligence That Drives Better Outcomes:

Through more than two decades of higher education partnerships, we’ve developed deep knowledge of what drives successful technology adoption. We understand which contract vehicles institutions prefer and why. We know which implementation approaches deliver the fastest time-to-value. We’ve seen which vendor partnerships create the most sustainable long-term relationships.

This intelligence allows us to facilitate introductions and partnerships with a high probability of success. When a campus CIO describes their modernization goals, we can connect them with providers who have delivered similar outcomes for comparable institutions or state systems. When a technology provider wants to expand in higher education, we can share insights about institutional priorities, procurement preferences and implementation best practices.

Portfolio Breadth Enables Better Solutions:

Carahsoft’s portfolio spans Cybersecurity, Artificial Intelligence, MultiCloud, DevSecOps, analytics, identity management and more. This breadth enables us to help institutions build integrated solutions rather than purchasing point products. We can facilitate “Better Together” approaches where complementary technologies from multiple vendors create more comprehensive capabilities.

Accelerating Success Through Strategic Collaboration

Streamlined Procurement Accelerates Deployment:

Higher education institutions can access pre-negotiated pricing and state specific terms through cooperative contracts, satisfying lengthy RFP requirements and negotiations with vendors. This allows IT teams to focus resources on implementation and adoption rather than procurement administration.

Learn more about Carahsoft’s education contract vehicles and how they simplify procurement for your institution.

Implementation Support Addresses Resource Constraints:

Through Carahsoft’s reseller network, institutions can access partners who specialize in higher education deployments. These partners offer managed services, implementation support and ongoing optimization that address staffing challenges. This allows campuses to deploy more sophisticated solutions than internal resources alone would permit.

The Path Forward: Partnership as Strategy

As the higher education technology landscape continues to evolve, the institutions and providers that thrive will be those who embrace strategic partnership as a core operating principle. For campus leaders, this means viewing technology procurement not as a transaction but as relationship-building. For technology providers, this means investing in deep understanding of higher education operations, budget cycles and institutional priorities.

Carahsoft and our reseller partner are committed to facilitating these strategic partnerships. Our team of higher education specialists brings decades of combined experience in both campus IT operations and technology provider relationships. Together, we can ensure that every institution has access to innovative solutions that enable research excellence, student success and operational efficiency.

Ready to explore strategic technology partnerships for your institution? Contact Carahsoft’s higher education team to discuss your modernization goals and discover solutions tailored to your needs.

Technology providers seeking to expand in higher education? Connect with our team to learn how Carahsoft can accelerate your growth through strategic partnerships and streamlined procurement.

Top 5 Insights from IACP Annual 2025 

Posted on by
Reply

The 2025 International Association of Chiefs of Police (IACP) Annual conference served as a premier gathering for law enforcement and partners to share the latest in technology and industry solutions.

Carahsoft and its partners attended to connect on the latest in law enforcement technology.  

Five key themes stood out throughout the sessions:  

1. AI-Assisted Investigations 

In the session “The AI-Powered Investigator: Surfacing Insights in Law Enforcement,” speaker Jeremy Peterson presented on leveraging artificial intelligence (AI) to enhance law enforcement investigations while maintaining compliance and auditability. While AI offers tremendous potential for supercharging investigations, its function as a “black box” means it lacks the transparency required in regulated environments. With the use of multiple specialized AI agents, law enforcement can utilize guardrails and clear audit trails for working within structured workflows, rather than relying on a single generic AI. In one case study, Special Agent Isabella Rossi investigated a multi-state burglary operation, where AI identified connections between stolen crypto-mining hardware and a warehouse fire, helped draft legal documents like subpoenas and generated lookout alerts. Solutions from industry innovators such as Veritone and Tranquility AI are already helping agencies put these concepts into practice, offering AI-powered tools that enable law enforcement agencies to rapidly analyze data and tailor solutions to their specific workflows, expediting investigation processes.

2. Protecting Officers Through Drones 

In the panel “Don’t Let Them Go in Blind: Evolving Drones as First Responders to Protect Every Patrol Officer,” speakers discussed the role of comprehensive Drones as First Responders (DFR) for law enforcement. DFR designed with public safety in mind effectively address critical challenges in the field, including staffing shortages, response times and officer safety. Outdoor DFR systems, which are currently operational across multiple jurisdictions with multiple docks per city responding to thousands of monthly calls, have demonstrated the ability to arrive on scene in under two minutes, reduce crime through rapid visual documentation, decrease use of force incidents and clear 20-40% of calls without officer dispatch. New indoor drones address the situational awareness gap that occurs when officers enter buildings, providing capabilities for confined space navigation, perching for up to three hours, two-way communication replacing traditional throw phones, 4K night vision and obstacle avoidance technology. They are all deployable within 30 seconds from a patrol vehicle. The new technology offers remote piloting, freeing officers to focus on incident command rather than drone operation. 

3. Instant Translation with AI Services 

At the panel “Enhancing Emergency Communications with an End-to-End AI Assistive Platform,” speaker Brad Flanagan, Prepared’s Public Safety Answering Point (PSAP) Ambassador, discussed how AI-powered platforms are improving the efficiency of for 911 emergency call centers by providing comprehensive support and incident resolution. Translation-based AI systems, such as those created by Prepared and Hyper, offer real-time language interpretation in over 240 languages through text, automatic transcription and AI agent conferencing, significantly reducing wait times for interpreters and improving emergency response, including instances where cardiac arrests and domestic violence situations were handled more effectively. The platform consolidates multiple location verification systems into a single interface, reducing address errors from six per month to a timeframe of six months, despite having less experienced staff. AI translators enable rapid incident review and reporting by automatically organizing call recordings, radio traffic and transcripts, reducing review time. The current system includes AI-assisted call triage during high-volume situations, post-call performance analysis within two minutes, live guidance for call-takers on protocol-specific questions and training simulations for staff development. AI platforms provide field responders and administrators with real-time data insights and analytics to improve emergency response quality and efficiency. 

4. Cybersecurity in the Modern Age 

During the session “Cyber Threats to Critical Communications Systems,” speaker Travis Randall discussed the evolving cybersecurity threats that Public Safety organizations face. Agencies are increasingly vulnerable due to their combination of sensitive data and critical high-availability systems, such as dispatch, 911 and radio networks. The primary threat is ransomware groups, who often operate through a sophisticated criminal ecosystem of developers, affiliates and access brokers, conducting attacks at scale that have significantly disrupted emergency communications. Randall details how these attacks typically exploit valid credentials, unpatched vulnerabilities, misconfigured VPNs and weak access controls to compromise networks, often using legitimate system tools rather than obvious malware to evade detection. To stay on top of ransomware groups, agencies must employ essential defensive measures like offline backups, multi-factor authentication, privilege management, vulnerability patching and continuous network monitoring.  

5. Improving Awareness with Real-Time Crime Centers 

In the session “Real-Time Crime Centers: A Real Possibility for Small and Midsize Agencies,” speakers Chris Henningsen, President at the National Real Time Crime Center Association, and Chris Settle, Police Chief of Culpeper Police Department, discussed the operation of real-time crime centers. The speakers emphasize that real-time centers serve as technology hubs providing situational awareness and acting as force multipliers during staffing shortages, are attainable for agencies of all sizes. Centers can start small with minimal resources, such as a computer, radio and analyst, and scale over time based on demonstrated successes and measurable outcomes. Key components include integrating existing resources like traffic cameras, body-worn cameras, license plate readers, drones and community partner camera feeds to provide officers with critical information before arriving at scenes, often achieving response times of seconds rather than minutes.  

Some of the benefits include that real-time crime centers can: 

  • Reduce investigation time with camera networks and LPR technology 
  • Enhance recruitment and retention by demonstrating technological investment and officer safety support 
  • Enables officers to connect with back-up support, who can view footage and provide aid in real-time 

Henningsen and Settle stress that effective implementation requires cross-training staff, tracking progress through data analytics and continuously pursuing partnerships with technology vendors, such as Flock Safety, to share resources and best practices.  

Maintaining pace with the evolving technology landscape ensures that law enforcement and confidential data remains protected. Through AI, real-time crime centers, drones and ransomware protection, law enforcement remains committed to protecting civilians.  

Missed IACP Annual? Attend Carahsoft’s 2026 law enforcement innovation summit to learn more about the latest technology and solutions in law enforcement.  

The Practical Applications of Artificial Intelligence in Government Programs

Posted on by
Reply

A Government’s ability to lead, protect and serve is tied to how boldly it embraces technology. Artificial intelligence (AI) is no longer a distant concept. It’s a force already redefining the way agencies operate, safeguard resources and deliver services. In an era where global competitors are racing ahead with automation and advanced analytics, standing still is not an option. Agencies that adopt AI strategically will not only keep pace but set new standards for effectiveness, transparency and citizen trust.

Key Use Cases for Artificial Intelligence in Government

Across the Public Sector, AI is moving beyond pilot projects into critical programs. Government agencies are weaving AI into their daily operations. They are detecting fraud before it drains budgets, automating compliance that once accounted for many staff hours and analyzing risks too complicated for manual review. The practical applications are real, measurable and growing. What once seemed like gradual innovation is quickly becoming a foundation for modern governance.

Common AI use cases in Government include:

Fraud detection and prevention

The U.S. Government loses between $233 billion and $521 billion a year to fraud. While no agency is immune to fraud, AI is helping the Government fight back. For example:

  • The Treasury Departmentuses machine learning to detect fraud in real time, enabling it to recover over $4 billion in fraudulent funds during fiscal year 2024.
  • The Centers for Medicare & Medicaid Services (CMS)has integrated AI in its fraud prevention system to review claims before payment. Between January and August 2025 alone, it denied over 800,000 fraudulent claims, saving more than $141 million.
  • The IRS uses AI-powered tools, such as the Risk-Based Collection Model, to improve fraud detection and reduce the tax gap.

Compliance reporting

Compliance is time-consuming for agencies, but AI is now automating much of the process. Agencies use AI to monitor real-time data and flag inconsistencies to simplify reporting. With these capabilities, AI enables greater transparency and faster responses to regulatory requirements.

While AI doesn’t replace human oversight, it frees staff to focus on higher-value analysis, cutting the time and costs of compliance. A good example is the Securities and Exchange Commission’s (SEC) use of natural language processing to automate reporting for financial markets. It processes millions of filings and generates compliance reports to improve enforcement efficiency.

Risk management

Government programs face constant risks:

  • Operational
  • Financial
  • Security
  • Environmental
  • Third-party exposure

AI in Government is already helping agencies with minimum risk management practices. For instance, automating third-party risk management with AI-enabled Governance, Risk and Compliance (GRC) platforms helps agencies assess vendor reliability and track compliance to reduce exposure.

Supply chain monitoring

The COVID-19 pandemic revealed the vulnerability of the public supply chain. AI is now helping the Government strengthen resilience with real-time monitoring.

Machine learning models predict bottlenecks to help agencies optimize their logistics. Additionally, enhanced visibility allows policymakers to proactively mitigate third-party risks in the supply chain, as they can monitor vendors and flag vulnerabilities before they escalate.

Policy cycle integration

Public policies move through cycles: setting the agenda, designing solutions, implementing programs and evaluating results. AI has a role at each stage.

Policy cycle stageAI’s roles
Agenda-settingAnalyzes citizen feedback and emerging trends to identify priorities
Solution development Models the likely impact of different policy options
ImplementationAutomates program operations
EvaluationMeasures outcomes against goals

Used thoughtfully, AI makes the policy cycle more evidence-driven and adaptive.

Citizen services

According to a 2024 Salesforce report, 75% of Americans expect Government digital technologies to match the quality of the best private sector organizations. To meet these expectations, U.S. and State Government agencies are using:

  • Chatbots to answer common questions and improve the availability of Government services
  • Digital assistants to provide personalized help and handle more complex inquiries
  • Self-service portals to let citizens complete tasks like renewing licenses on their own

Benefits of Artificial Intelligence in Government

Beyond mere modernization, embracing AI in Government delivers measurable value:

Increased efficiency and productivity

According to a 2023 McKinsey report, generative AI can automate 60%–70% of tasks and add $2.6–4.4 trillion annually to global productivity. Federal and State agencies are using AI to reduce repetitive tasks such as data entry and document reviews to free Government employees’ time for more strategic efforts. This shift in focus raises productivity without adding headcount.

Improved strategy

Insights from AI help policymakers see the bigger picture. Agencies use predictive analytics to forecast outcomes and test scenarios so they can design public policies to prevent undesirable outcomes to begin with, instead of just reacting to them.

Greater responsiveness

AI makes public services more responsive. Examples include agencies using chatbots to answer citizens’ questions and sentiment analysis tools to better listen to community concerns.

Implementation Challenges that Hinder the Strategic Use of AI in Government

While AI is already delivering results in Government agencies, several obstacles hinder its broader adoption.

Skill gaps and training

A 2024 Salesforce survey found that 60% of Public Sector IT professionals say limited AI skill is their top challenge in implementing AI.

Data biases and ethics

AI learns from data that often reflects existing societal inequities, which can perpetuate or even amplify bias.

Data management

Many agencies rely on siloed or outdated systems. In fact, the Federal Government faces a $100 billion legacy IT challenge, making it difficult to integrate and secure data effectively.

Public trust

Government agencies are expected to operate with a high degree of accountability and transparency. Public skepticism, shaped with legitimate concerns about bias and privacy, may stall or derail AI initiatives.

The Way Forward: Building Smarter, Trustworthy Public Programs

The potential of AI in Government is huge, but so are the risks. To enjoy the benefits while protecting public trust, it’s important to follow best practices for managing AI risks:

  • Treat AI as a strategic asset that drives smart, citizen-focused outcomes, rather than just a technical tool.
  • Pair AI with human oversight to address biases and provide context in decision-making, so the outcomes remain fair and ethical.
  • Invest in responsible governance frameworks to guide the development and deployment of AI within your agency.
  • Monitor AI continuously after deployment to address any unintended consequences.

Managing AI in GRC Solutions

Building Sustainable Automation: How Government Agencies Can Scale IT Operations for the AI Era

Posted on by
Reply

Despite investing in numerous automation tools, Government agencies still struggle to achieve true operational efficiency. The issue is not a lack of technology, but the need to better align organizational processes with automation strategies. Agencies often find that automation scattered across teams does not equate to automation at scale.

For State and Local Government agencies navigating budget constraints, workforce transitions and mounting pressure to adopt artificial intelligence (AI), understanding how to make automation sustainable is now mission critical.

Understanding the Foundation

The most effective automation transformations begin not with technology selection but with process evaluation. Agencies that achieve lasting results recognize that automation amplifies existing workflows, accelerating efficient processes while exposing areas in need of standardization. The key lies in establishing organizational readiness before scaling solutions.

Experience shows that technical excellence alone does not guarantee adoption. Many organizations implement advanced automation tools only to see them underutilized because processes were not standardized first. This pattern repeats across ticketing, project management and AI initiatives when solutions are deployed before process design. Sustainable change requires equal focus on culture, workflow and collaboration.

The distinction between organizational and technical capability becomes clear during initiatives like enterprise-wide patching. While patching might appear technically simple, it requires coordination across teams, standardized processes and consistent execution. When approached strategically, patching strengthens structures and communication across departments.

Moving Beyond Linear Scaling

Traditional methods for managing IT complexity have centered on workforce expansion, but modern infrastructure requires new thinking. As organizations add personnel to manage new systems, coordination overhead grows, reducing visibility and collaboration, which then drives additional staffing needs. This challenge extends beyond budgets. Larger teams face higher coordination demands, and IT professionals often overlook their time as an organizational resource until capacity constraints emerge. The question is not just about staffing; it is about designing systems that scale efficiently.

For Government agencies, this issue is especially pressing. Retirements and limited hiring flexibility leave positions unfilled, putting institutional knowledge at risk and resulting in expanding workloads for current employees. In this environment, automation becomes a strategic enabler for maintaining service levels and mission delivery. Manual processes scale linearly, while infrastructure complexity grows exponentially. Centralized automation helps break this cycle by handling routine operations, freeing staff to focus on work that demands human expertise.

Creating Connected Workflows

Sustainable automation strategies move beyond isolated, team-specific implementations toward centralized platforms that enable consistent workflows across the organization. Many agencies have distributed automation capabilities, where infrastructure teams automate provisioning, security teams automate compliance validation and network teams automate configuration, but these workflows often lack seamless integration.

Red Hat, Building Sustainable Automation blog, embedded image, 2025

A single application deployment spans multiple domains, such as provisioning, networking, security scanning, compliance validation and monitoring. When automation operates independently, staff must still coordinate manual handoffs between automated steps. According to Conway’s Law, organizations design systems that reflect their communication structures; fragmented communication results in fragmented architecture.

Centralized platforms address this by establishing shared, standardized automation for common tasks. Instead of multiple teams maintaining separate scripts, one validated and documented process can serve all. This approach enhances auditability, improves consistency, enables scalable growth and eliminates redundant development. Updates to shared workflows require modifying a single authoritative source rather than tracking changes across multiple implementations.

Importantly, centralization is as much about culture and process as technology. Success depends on clear communication of the value of standardization, demonstrating tangible benefits and building trust that centralized approaches will serve all teams effectively. When alignment is achieved, automation platforms reach their full potential, transforming disconnected efforts into unified, scalable operations.

Building the Foundation for Advanced Technologies

The growing interest in AI has created momentum for agencies to explore new solutions, but success requires careful groundwork. Agencies realize the greatest benefits from AI when they first established stable, standardized automation foundations. MIT research shows that 95% of enterprise AI solutions encounter challenges not because of model quality but due to integration difficulties and organizational readiness. Effective AI deployment depends on how well technology integrates within existing workflows.

Many agencies have expanded infrastructure incrementally, developing complex architectures held together by manual processes and specialized expertise. Deploying AI on such foundations is difficult. AI cannot effectively optimize systems when the underlying processes lack consistent automation. In practice, agencies deploying AI to optimize Customer Relationship Management (CRM) operations or automate incident response achieve better results when data and workflows are standardized. This consistency enables organizations to act confidently on AI-driven insights.

Building AI readiness involves working backward from AI’s requirements: integrated systems that share data reliably, standardized processes that AI can learn from and consistent execution that produces trustworthy patterns. Agencies that mature their automation capabilities create the foundation AI needs to succeed, significantly improving the likelihood of achieving meaningful results from AI investments.

Partnering for Success

Achieving sustainable automation is a progressive journey best supported by experienced partners. Leading strategies emphasize a “crawl, walk, run” approach:

  1. Start with a manageable scope
  2. Expand systematically
  3. Build organizational capability over time

This measured progression ensures transformation occurs sustainably for the teams implementing and maintaining these systems.

Many agencies are undertaking comprehensive automation for the first time, making guidance from experienced organizations like Red Hat particularly valuable. Effective partnerships emphasize knowledge transfer over dependency, helping agencies build autonomous, capable teams rather than relying on long-term external support.

The results of this approach are measurable. Red Hat customers have achieved 50% faster networking provisioning, 65% reductions in certain provisioning activities and 67% improvements in other operational areas, freeing staff for innovation and strategic initiatives. These gains also reduce unplanned downtime and improve the overall quality of life for IT teams.

This journey addresses multiple organizational objectives simultaneously. Leadership achieves cost optimization and stronger security, while practitioners gain time, efficiency and better work-life balance. Sustainable automation delivers across these dimensions because the same standardization that drives efficiency also enhances security and empowers staff to focus on meaningful challenges.

Government agencies have reached a pivotal moment where growing infrastructure complexity demands a more evolved approach to IT operations. The path forward lies in fundamentally integrating automation into organizational processes and culture. By prioritizing standardization, embracing centralization and partnering for sustainable transformation, agencies can develop scalable automation strategies that prepare the organizations to leverage emerging technologies like AI.To discover proven strategies for building sustainable automation foundations that prepare your agency for advanced technology adoption, watch Red Hat’s webinar, “The Backbone of Modern Government: Sustainable Automation at Scale.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Red Hat, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Billington CyberSecurity Summit: AI Takes Center Stage

Posted on by
Reply

Premier U.S. Government cyber conference previews AI on offense, on defense and as a target

  • While adversaries can boost the quality and volume of attacks with artificial intelligence (AI), defenders will apply AI to counter attacks with predictive and proactive defenses.
  • The advent of Agentic AIs will accelerate this trend and provide more avenues for attack, but defenders will always have the advantage by being able to train AIs with proprietary information and use them to identify vulnerabilities before attackers do.
  • The transition to post-quantum cryptography will be an industry-wide heavy lift, with extensive rewriting of code to meet post-quantum standards.

Recently, I had the opportunity to share some of my experience and insights at the Billington CyberSecurity Summit in Washington, D.C. Moderated by Chris Townsend, Global Vice President of Public Sector at Elastic, our panel session, “The Future of Cyber Threat: Anticipating Threat Actors’ Next Steps,” explored how threat actors are evolving and what organizations can do now to prepare. Not surprisingly, AI was a hot topic. We also discussed quantum computing, emerging threats and the cybersecurity staffing shortage.

How Attackers Will Leverage AI

Attackers are already using AI to power their attacks, but it is important not to over-sensationalize the impact that AI is having because the proportion of AI-driven attacks is still quite small relative to the overall amount of malicious activity we are seeing. However, we expect that proportion to grow quickly.

One of the main ways attackers are using it now is to create phishing materials, because it addresses what is a weak point for many threat actors, who often are not native English speakers. Attacks that are technically sophisticated can fail because they begin with a spear phishing email whose spelling or grammar is wrong. Large Language Models (LLMs) solve that problem brilliantly because if there is one thing they are good at, it is creating plausible narratives in perfect English.

The other area we see attackers using it is to automate their work. We have already documented examples of code that appears to have been written by an AI.

In the short term, AI will not enable adversaries to do anything new, but we expect it to enhance the quality and volume of their attacks. AI is lowering the entry bar for threat actors. They do not even need to know how to code anymore. Naturally, the number of attacks will begin to go up.

In the medium term, the arrival of Agentic AI is likely to accelerate malicious activity levels, since agents can act autonomously, further minimizing the level of input needed from attackers.

We have already done some research on how agents could be abused and proven that they can already be used to carry out a basic spear phishing attack and deliver malicious code to a target. Agents are still in their infancy, and it is only a matter of time before they become capable of carrying out more sophisticated attacks with minimal instruction.

Preparing For the Quantum Era

The advent of quantum computing presents another significant challenge for cybersecurity. Quantum computers have the potential to break current encryption standards, making it imperative for organizations to transition to post-quantum encryption algorithms.

Adversaries are already preparing for this shift. The “harvest now, decrypt later” strategy involves stealing encrypted data today with the intention of decrypting it once quantum computing becomes viable.

This process of transitioning to post-quantum encryption is not without its challenges. Decades of work have gone into refining and protecting the implementation of existing encryption methods, and we now face the task of revising and rewriting code using new, post-quantum standards. This will inevitably introduce a new generation of bugs, but we will have the benefit of AI to mitigate them.

It Does Not Stop Here

Conferences such as Billington are essential as we navigate this complex landscape. It embodies the Public and Private Sector collaboration that will be key to realizing better cyber defense outcomes moving forward. Together, with partners like Carahsoft delivering mission-critical industry expertise to U.S. Federal and Public Sector agencies, we can anticipate and counter the next generation of cyber threats, ensuring the safety and resilience of our digital ecosystems.

Learn more about how industry icons like Symantec and Carbon Black are putting AI on the front lines of cybersecurity.

Want to learn how Symantec, Carbon Black and Carahsoft can strengthen your cybersecurity posture? Contact us at Broadcom@Carahsoft.com for more information.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Broadcom, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

This post originally appeared on security.com, and is re-published with permission.

Forecasting Resilience: How Atlas 14 Strengthens Stormwater and Sewer Design

Posted on by
Reply

What forward-leaning State and Local agencies are doing to turn risk into readiness.

Most of us in public works know exactly what the National Oceanic and Atmospheric Administration’s (NOAA) Atlas 14 is, where it is used and why it matters. What has changed lately is not the definition, it is the urgency.

Across jurisdictions, we are seeing the same trend: Flood risk is up, funding scrutiny is rising and legacy assumptions are hitting resistance. The Federal Emergency Management Agency (FEMA) reports that over 75% of federally declared disasters are flood-related, and NOAA’s latest data shows record-setting rainfall intensity increasing across several states.

So, it is no surprise that design criteria anchored in decades-old rainfall estimates are facing hard questions during permitting and public review. For teams navigating FEMA, the National Flood Insurance Program (NFIP) and local requirements, the gap between historical design standards and current expectations has never been more apparent.

That is where updated Atlas 14 data is reshaping workflows—not in concept, but in practice.

A Familiar Tool, New Pressures

Atlas 14 has always been foundational, but recent updates and regulatory emphasis have made it non-negotiable in many contexts. Whether it is used to update a stormwater ordinance or justify capital investments, the message is clear: Designs that do not reflect this data face uphill battles—especially when tied to Federal funding.

In North Carolina, for example, several jurisdictions have already adjusted their stormwater management ordinances to explicitly require Atlas 14 integration. Fairfax County’s own guidelines mandate its use in culvert sizing and detention basin design. And in Texas, new flood risk mitigation plans are using Atlas 14 data as a baseline for grant applications under FEMA’s Building Resilient Infrastructure and Communities (BRIC) program. The bottom line: If your designs are not grounded in this data, your funding case—and your technical case—can be hard to defend.

With rainfall intensity trending higher across multiple regions, stormwater programs that once relied on 10- or 25-year benchmarks are now expected to model 50- and 100-year events—or even higher.

Design For What Is Likely, Defend Against What Is Possible

Colleagues across State and Local Government (SLG) are asking the same question: How can we use this data not just for box-checking, but for making better decisions? How do we defend design assumptions in permit review? How do we model flood events that reflect local topography and future rainfall patterns? How can we show that our Capital Improvement Plan (CIP) priorities align with resilience goals, rather than just meeting regulatory minimums?

That is where predictive modeling comes in. Teams using tools like Bentley OpenFlows Sewer or Bentley OpenFlows Storm are leveraging Atlas 14 as a referenced input to:

  • Run scenario comparisons based on updated precipitation probabilities
  • Assess cascading impacts across watershed and sewer networks

The result? Models that are both technically sound and strategically aligned—with funding cycles, risk standards and permitting expectations.

Join Leading Experts to Learn More

But even with strong tools and solid data, the path forward is not always clear. We have heard from agencies weighing how to phase in new standards across legacy systems, how to navigate inconsistencies between State and Federal expectations and how to model flood risk in a way that resonates with both engineers and elected officials.

It is time to take a practical look at how SLG agencies are integrating Atlas 14 into their workflows, especially as new standards and funding opportunities continue to evolve.

Join us on November 13, 2025, to learn more.

If your team is mapping out what is next—or preparing to defend the next infrastructure request—this session will offer insight into what is working across the sector.

Conclusion

We do not need to be convinced of the value of Atlas 14. We use it every day. But as expectations shift and standards evolve, how we apply it matters more than ever.

This is not about reintroducing the data. It is about strengthening the decisions built on it.

Join us for Bentley and Carahsoft’s webinar, “Future-Proofing Flood Modeling: Meeting Today’s Federal Standards and Tomorrow’s Flood Risks,” on November 13, 2025. Register Now.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Bentley, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Tightening Federal OT Cyber Incident Reporting For Critical Infrastructure

Posted on by
Reply

Process-Oriented OT Cybersecurity with SIGA

Federal agencies and regulated operators of critical infrastructure are entering a new phase in operational technology (OT) cybersecurity. While many sectors have long followed voluntary guidance such as the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Revision 3, recent years have seen a steady tightening of Federal cyber incident reporting requirements for critical infrastructure. This trend continues in 2025 with additional sector-specific rules taking effect and the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) moving toward its final rule.

From Guidance to Requirements

Federal oversight of OT cybersecurity has moved beyond broad guidelines into a phase where specific reporting obligations are being set by sector. The shift reflects a growing emphasis on timely and consistent incident data that can be used for coordinated national response.

In 2025, several key developments are shaping the landscape:

Federal OT Cyber Incident Reporting, blog, embedded image, 2025
  • Pipelines: The Transportation Security Administration (TSA) Security Directive Pipeline-2021-02F, effective May 3, 2025, continues to require mitigation measures, testing and contingency planning for pipeline operators. These measures have been in place since the Colonial Pipeline incident and are now firmly embedded in regulatory practice.
  • Water and Wastewater: The EPA Water Sector Cybersecurity Program has updated its technical assistance and incident-response guidance. While participation is voluntary, the program mirrors many of the practices found in regulated sectors, indicating where expectations are headed.
  • CIRCIA: The Act is expected to be finalized in late 2025. Once in effect, it will require reporting significant incidents within 72 hours and ransomware payments within 24 hours, creating a cross-sector Federal baseline for incident reporting.

For Public Sector operators in energy, transportation, water and other essential services, these actions confirm that Federal expectations are moving toward consistent, evidence-based incident reporting across critical infrastructure.

The Reporting Challenge in OT Environments

Meeting Federal reporting requirements depends not only on having the right policies in place but also on the ability to detect and verify incidents quickly. In OT environments, many cyber events start as small changes in process behavior that do not appear in traditional network monitoring. When these early signs go unnoticed, agencies may be unable to confirm the incident, assess its impact or provide the detailed operational evidence that regulators require.

In the Purdue Enterprise Reference Architecture (commonly referred to as the Purdue Model), Level Zero refers to the lowest layer of an industrial control system. This is where raw input and output (I/O) signals from field devices report the actual status of equipment such as pumps, valves, circuit breakers and turbines. These electrical signals are the first and most reliable indicators of what is happening in a physical process, and they exist independently of the network data that higher levels use.

Without visibility into Level Zero, operators face several obstacles:

  • Difficulty confirming whether a cyber event has actually affected operations
  • Limited ability to quantify operational and safety impacts with precision
  • Gaps in the time-stamped evidence needed to meet short Federal reporting windows

The challenge is heightened in environments that mix aging legacy systems with modernized control platforms. These environments often lack unified monitoring, making it harder to capture the unaltered operational data regulators now expect.

Why Process-Oriented OT Cybersecurity Matters

In the Purdue Model, Level Zero is the process interface where the control system reads and drives raw I/O signals. Those unprocessed signals provide the closest, most reliable view of real operating conditions, so early signs of a cyber-physical impact frequently show up there first.

Process-oriented OT cybersecurity focuses on monitoring these raw signals in real time. By capturing them out of band from the operational network, agencies gain a trusted source of truth that cannot be spoofed or altered by a network-based attack. This data enables:

  • Clear timelines of operational changes before, during and after an incident
  • Early detection of anomalies that may indicate tampering or failure
  • Reliable forensic evidence for post-incident reporting and compliance audits

This approach bridges the gap between traditional IT security tools and the operational realities of critical infrastructure, ensuring that reporting requirements can be met with both speed and accuracy.

SIGA’s Role in Compliance Readiness

SIGA delivers process-oriented OT cybersecurity for critical infrastructure. SigaGuard connects directly to control-system I/O modules and continuously monitors raw electrical signals at Level 0, entirely out of band from the operational network. This preserves system performance and provides a tamper-proof view of operational data.

SigaGuardX: Early Threat Detection
SigaGuardX supports evidence-based determination of when a cyber event is underway. It classifies whether activity reflects normal operations or an OT cyber breach by applying multiple artificial intelligence (AI) models and cross-referencing the MITRE database of known attacks. It also performs real-time comparisons between Level 0 signal behavior and data from Levels 1 through 4 to surface possible false-data injection attacks, including Stuxnet-like patterns.

Siga-PAS: Process Attack Simulation
Software-based simulated anomalies replicate real-world attack scenarios. Siga-PAS enables agencies to prepare for and respond to OT-specific threats without disrupting ongoing operations, while validating detection logic, incident playbooks and reporting workflows.

Compliance Outcomes

  • High-fidelity operational evidence that aligns with CIRCIA and sector-specific reporting requirements
  • Regulator-ready forensic records of sequence, scope and impact
  • Faster reporting through actionable alerts with operational context
  • Rapid verification of whether a cyber event affected critical processes

By integrating SIGA’s Level 0 monitoring into existing security operations, agencies can meet tightening Federal reporting requirements and improve their ability to detect, contain and recover from OT cyber incidents. This strengthens both regulatory compliance and the continuity of essential public services.

Visit Carahsoft’s SIGA solutions page to learn more about how SIGA’s cyber-physical security solutions can strengthen your agency’s infrastructure.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SIGA, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Transforming Public Services: A Digital Approach to Efficiency and Trust

Posted on by
Reply

Since the founding of the U.S. Government Accountability Office (GAO) in 1921, efficiency has been a focus of the Federal Government. According to the legislation, the GAO aims to provide “greater economy and efficiency in the conduct of public service” and has been integral in the effort to aid our Government to do more with less. Today, this mission continues with the adoption of modern technologies to expand Government outreach. The adoption of modern technology allows for increases in interactions such as website visits, applications for services and public outreach. The hope is that building on these foundations of new technology will meet and improve public expectations (Pew Research).

Designing Trusted Digital Services

Today’s digital world has brought about a rising set of expectations from the constituents that public agencies work with. People now expect their Public Sector experiences to be on par with their favorite online retailers. This is likely why digital services are a priority of both the “America by Design” Executive Order and State CIOs (NASCIO 2025). To meet these expectations and create trusted services, Government websites need their digital offerings to be intuitive, personalized and responsive to the needs of every user. Making every interaction count is what is important. Everything from the smallest information request to the most complex, multi-year service transactions should be built with the user in mind. These user-centered designs can ensure that agencies construct the kinds of welcoming, trusted experiences that users want.

The potential for citizens to interact with their Governments in the digital space is limitless, and creating personalized content is pivotal to meeting those expectations. Trusted, engaging experiences are built on equal pillars of data, content and meaningful delivery. However, they begin with a modern foundation to meet the demands necessary for true personalization.

Technology and Workforce Modernization

Modernization is about streamlining outdated processes that have long hindered efficiency. Many Government websites still struggle with outdated designs and inconsistent content, yet the website of a Government agency is often the first point of contact for constituents seeking information or services. Therefore, the America by Design EO requires agencies to “prioritize improving websites…that have a major impact on Americans’ everyday lives” (Executive Order). With a well-designed website that is easy to navigate, constituents can quickly find the information that they need.

After agencies inform constituents about services, they must enroll them in the appropriate ones. Enrollment processes have traditionally been slow and time-consuming, often relying on paper-intensive systems. To reduce administrative burdens and improve data collection accuracy, agencies must transition from manual, paper-centric workflows to digital tools. When employees aren’t bogged down by administrative cleanup work, they have more time to work on tasks that make a bigger impact on their agencies’ missions.

This means that modernization is also about enabling the workforce to adapt to this new digital foundation. Efficiency here involves enhancing communication between employees, aligning project tasks with agency goals and providing transparency into this progress. Agencies that foster a culture of collaboration and trust in their workforce will see that workforce more empowered to deliver efficient results that align better with overall goals.

Looking Forward

Today, efficiency has expanded beyond the scope of the GAO itself and has been integrated into nearly every aspect of the Public Sector and how residents think about it. By prioritizing intuitive, personalized and efficient digital services that meet public expectations, agencies can increase trust in our Government.

Check out this on-demand webinar series to learn how Adobe’s digital experience solutions can help your agency modernize public services, digitize internal workflows and accelerate content delivery, while ensuring compliance and protecting sensitive data.