The Top 5 Insights from GSMCON 2025 

Posted on by
Reply

At the Government Social Media Conference (GSMCON) 2025, Public Sector communicators, digital strategists and leaders came together to explore the evolving landscape of social media in Government. As a provider and distributor of social media management solutions, Carahsoft and its partners empower Government organizations and enterprises to stay ahead of digital engagement trends and connect with their audiences through innovative, secure and scalable platforms.

Here are our top 5 insights.

GSMCon photo 1

Plain Language and Accessibility for Public Outreach

Government agencies have both a legal and ethical obligation to communicate clearly and accessibly with the public. Legislation such as the Plain Writing Act of 2010 and the Americans with Disabilities Act (ADA) requires that public information be understandable and accessible. Beyond regulatory compliance, the use of plain language fosters greater public trust and enhances engagement. In the session “Stop the Scroll: Advanced Strategies for Using Plain Language in Social Media,” speaker Shuly Babitz, the Digital Engagement/Managing Editor of the Department of Health and Human Services (HHS), discussed how clear communication increases the likelihood that messages will be understood and acted upon, particularly on digital platforms like social media, where users often engage with content quickly and under time constraints. Concise sentences, familiar vocabulary and clearly defined terms make content more accessible, whether viewed on mobile devices or read via assistive technologies such as screen readers.

To ensure clarity, Government communicators should consider key questions:

  • Who is the intended audience?
  • Why is the message relevant to them?
  • What specific action should they take?

Whether it involves defining acronyms upon first use or substituting formal terms, the objective remains to ensure that public information is easy to locate, comprehend and apply to constituents.

GSMCon photo 2

Humanized, Authentic Content and Outbound Engagement to Build Trust

Another key insight from GSMCON was the growing imperative for Government agencies to adopt a more humanized and transparent approach to social media to build public trust. Organizations are finding success by showcasing behind-the-scenes insights, sharing day-to-day experiences and highlighting the individuals behind public service roles. This approach fosters a sense of connection and positions Government not just as an authority, but as an accessible, community-oriented partner.

In the session “Government Social, But Make It Engaging: Cutting Through the Digital Noise,” speaker Ben Cathers, Senior Principal Solutions Consultant at Hootsuite, highlighted how leveraging storytelling, transparency and timely responsiveness helps establish strong relationship foundations with the public. Outbound engagement and active social listening, such as monitoring citizen feedback and responding directly to concerns, demonstrate accountability and attentiveness.

GSMCon photo 4

Strategy and Planning Saves Time and Boosts Impact

For Government organizations operating with budget constraints and small social media teams, strategic content planning is a force multiplier. Implementing a structured content calendar enables teams to batch-schedule posts weekly, saving time and labor resources. This approach not only improves efficiency but also ensures alignment with key civic deadlines, public service announcements and Federal holidays. Centralizing publishing and engagement in a single tool provides a unified interface for scheduling, approvals and performance analytics, streamlining workflows and maintaining consistency across platforms. Moreover, leveraging analytics from these tools empowers teams to refine their strategy over time, focusing on what resonates most with their audiences. With social media management solutions from our partners at Hootsuite, Public Sector social media teams can maximize limited resources and make a significant impact.

GSMCon photo 5

AI is a Valuable Tool, not a Replacement

During the keynote panel “Striking a Balance with AI & Government,” panelists discussed the strategic role of artificial intelligence (AI) in enhancing Government communication and social media engagement. While AI presents significant opportunities to streamline routine content creation, such as drafting social media posts, generating captions and optimizing video content, Public Sector organizations must approach its adoption with clear governance.

As highlighted by panelist Julie Tappendorf, Equity Partner of Ancel Glink, PC, AI should augment rather than replace human expertise, particularly in areas requiring legal oversight or the nuanced voice of public servants. Establishing clear policies around AI application safeguards both the integrity of Government messaging and public confidence.

GSMCon photo 6

Developing a Strategic Crisis Communication Plan

Effective crisis communication in the Public Sector hinges on thorough preparation, clear protocols and agile response strategies. In the session “5 Things to Build Now Before the Next Crisis,” Juan Diasgranados, Public Affairs Manager of Miami-Dade County, emphasized a critical best practice of developing pre-written message templates tailored to common crisis scenarios, which should be pre-approved by legal counsel to ensure compliance and accuracy. These templates must cover internal communication, public messaging and media outreach to provide consistent, timely information across all audiences. Additionally, establishing a comprehensive crisis communication plan, with clearly defined roles and approval workflows is essential. The plan should be concise, easily accessible and regularly reviewed to remain current with organizational changes and emerging risks.

Sarah Loyd, Head of Product Success and Evangelism at Social News Desk emphasized another best practice for crisis engagement, which includes issuing an initial “standby” statement to acknowledge awareness of the situation, pausing routine content and maintaining transparency through timely updates. Continuous monitoring of public feedback and misinformation is crucial to address concerns promptly.

To further explore the tools, trends and strategies shaping digital engagement in Government, visit Carahsoft’s Customer Experience and Engagement Solutions page and see our portfolio of Government Social Media solutions.

Digital Wallets: The Bridge Between Patient and Provider

Posted on by
Reply

Across the nation, healthcare services are indispensable in protecting people. As expectations grow and evolve, the healthcare industry must be ready to innovate to provide the best experience for patients and providers alike. Digital wallets with identity verification are a helpful tool which can establish trust, store data and enable patients to take control of their healthcare.

The Solution to a Divided System

Healthcare providers are spread across multiple companies, cities and states. The lack of a centralized database results in a fractured state of medical records. Patients often lose track of their medical history, and transferring data can be difficult in scenarios that happen across state lines—for example, if a patient needs emergency treatment in a state they do not reside in. Recent standards, such as the Trusted Exchange Framework Common Agreement (TEFCO), a legal consensus that enables network-to-network data sharing, promotes the idea of transferring data regardless of location. Digital wallets allow for a national, unified experience to review and obtain medical records, empowering patients and providers alike.

Bridging Healthcare Sectors Blog Embedded image 2025

Benefits of a Digital Wallet

Digital wallets with verifiable credentials embolden users with a quick, accessible way to deliver their framework across the healthcare sector.

There are numerous benefits to having a digital wallet. They provide:

  • Interoperability: Digital wallets are designed to work well with other systems, promoting a cohesive experience across different providers and geographical distances.
  • Enhanced Security: Patients can take control of their data and decide when it is shared.
  • Improved User Experience: By providing swift user verification without redundancy, users can enjoy a smooth and frictionless experience.
  • Unified Standards: The community driven nature ensures a consistent experience across all use cases.

Equipped with a digital identity, healthcare systems are enabled to provide and receive swift, efficient care.

Building A Unified Experience

The rise of verifiable digital credentials, such as multi-factor authentication (MFA), phishing resistant authenticators and strong identifiers like pass keys, enables end users to reliably tie themselves to a digital identity while protecting against fraud, waste and abuse. It is important to balance strong, accurate authenticators with an accessible end user experience. Patients value simplicity and accessibility, so structures that require numerous logins can be viewed as cumbersome.

Before deploying features of the digital wallet, all participants should agree on the framework for identity verification. Referring to the standards of the World Wide Web Consortium (W3C), TEFCO and 21st Century Cures Act can help involved parties agree on a method of identity verification and credentials that satisfy safety, accessibility and interoperability all at once.  

Functionally, digital wallets independently verify each user. First, the patient submits a digital representation of their identity, whether a passport, license or other form of identification. Next, a data broker verifies the information submitted for validation. This validation is secured and verified with cryptographic keys. Passkeys protect the digital wallet while simultaneously verifying that the party accessing it is correct.

With trust established, users can manage and own their healthcare data.

To learn more about integrating interoperability, security and a unified customer friendly experience through digital wallets, watch 1Kosmos’s webinar Bridging Healthcare Sectors with Digital Wallets.

The Top 6 Insights from GEOINT 2025 

Posted on by
Reply

Geospatial intelligence (GEOINT) stands at the forefront of national security innovation, where cutting-edge technologies are rapidly transforming how decision-makers understand and respond to global threats.  

At GEOINT Symposium 2025, industry experts, Government officials and thought leaders joined to discuss the latest technology innovations. This year’s conference saw discussion centering around several topics, such as the integration of artificial intelligence (AI), workforce development and new innovations.  

Carahsoft and over fifty of our technology partners attended to showcase solutions in AI, cybersecurity and more to support GEOINT mission objectives. 

Here are my top six takeaways. 

Global Intelligence Coordination and Artificial Intelligence Integration 

In the session “Global Intelligence, Local Impact: Source and Analysis at the Speed of Mission,” speakers Gary Dunow, the Executive Vice President at USGIF, Tracy Maloney, the Deputy Director of Source Operations at National Geospatial-Intelligence Agency and Shelby Pierson, the Director of Analysis at National Geospatial-Intelligence Agency discussed tools that maximize efficiency to help fulfill mission objectives. The National Geospatial-Intelligence Agency (NGA) aims to form efficient partnerships that enhance operational effectiveness across all Combatant Commands (COCOMs), and help with the development of streamlined tools that support current DOD intelligence needs. Change detection capabilities, large language models (LLMs) and other AI models are becoming increasingly valuable, with NGA focusing on building confidence in these technologies while curating essential content. The intelligence community is prioritizing geolocated open-source reporting through two active opportunities: metadata tagging to address imagery gaps regardless of source, and cross-domain solutions enabling seamless integration of varied intelligence sources from both domestic and foreign origins. Tulsi Gabbard, the Director of National Intelligence (DNI), emphasized the importance of proactive information sharing rather than waiting for agency requests, while simultaneously building workforce trust in AI through mechanisms for expressing concerns, understanding risks, acknowledging early adoption already underway and cultivating confidence in these emerging technologies. 

Rapid Space-Related Intelligence Sharing 

The U.S. Space Force and NGA signed a memorandum of agreement at GEOINT, which was discussed at the keynote hosted by General Chance Saltzman, the Chief of Space Operation at U.S. Space Force, Vice Admiral Frank Whitworth, Director at the NGA, and Dan Smoot, the Chief Executive Officer at Maxar Intelligence.  

This memorandum comes from the demand for faster access to space-based intelligence for military missions. The agreement enhances intelligence sharing by streamlining coordination between the National Reconnaissance Office (NRO)’s collected commercial satellite imagery, the NGA ‘s data analytics that produce comprehensive intelligence products and the Space Force, who then delivers space-related intelligence to military commanders through its Tactical Surveillance, Reconnaissance and Tracking (TacSRT) program. Through this memorandum, the military gains rapid situational awareness and heightened synergy across Federal agencies. This collaboration streamlines intelligence sharing, enabling faster and more efficient coordination between  

GEOINT Initiatives 

In her keynote address, Tulsi Gabbard, the Director of National Intelligence of the United States, outlined the Federal approach to GEOINT initiatives, which emphasizes peace maintenance and military readiness. According to Gabbard, to maintain excellence, the Federal Sector must maintain pace with trending technology. Gabbard addressed procurement challenges facing small businesses and stressed the administration’s commitment to technology advancement, geospatial funding priorities and cross-agency partnerships. One such technology, AI, represents both a challenge and opportunity to transform geospatial professional roles without replacing human expertise. The Intelligence Community’s primary focus is conflict prevention rather than winning conflicts, with the GEOINT discipline building crucial trust.  

NATO Priorities in Intelligence and Defense 

The North Atlantic Treaty Organization (NATO) is actively investing in cutting-edge technologies across the space and sea. During Major General Paul Lynch, the Deputy Assistant Secretary General of Intelligence and NATO International Military Staff’s keynote address, he discussed Federal priorities to integrate AI to stay ahead of emerging threats. In response to these evolving threats, NATO has launched ambitious military exercises, including STEADFAST Defender 2024. One of NATO’s largest military exercises, STEADFAST Defender 2024 is actively pursuing digital transformation and intelligence sharing across while developing closer partnerships with industry experts. NATO’s recent initiatives with the private sector have launched underwater vehicles to aid in mission objectives of remaining at the forefront of defense.  

Education and Workforce Development in Geospatial Intelligence 

During her keynote address, Tulsi Gabbard emphasized that the geospatial field faces a critical shortage of young talent. Government programs that provide opportunities for new generations are important to inspiring growth. One such program is the United States Geospatial Intelligence Foundation (USGIF)’s “GEOINT Symposium Young Professionals Golden Ticket”, which provides mentoring sessions with GEOINT professionals and opportunities at USGIF events. Carahsoft’s Geospatial Internship Program is another opportunity for incoming professionals. Pathways for further educational curriculum development were discussed at the session “Keynote: Digital Twins and GEOINT – Transforming Intelligence with 3D Analytics.” This keynote offered encouraging developments that will allow the incoming workforce to get involved. The field is becoming increasingly accessible, with open-source data platforms, such as GitHub, significantly lowering entry barriers for newcomers. New opportunities in low-code and no-code environments have been created. While the speakers acknowledged a current pause in Government hiring, the democratization of geospatial technology allows students with creative mindsets to leverage open-source data to enter geospatial careers. 

A Hub for Geospatial Capabilities 

St. Louis is establishing itself as the epicenter of GEOINT and geospatial efforts. At his keynote session, Senator Eric Schmidt discussed the coordinated statewide university initiative to train the next generation of professionals and anchored with the T-Rex innovation center. This transformation is further enhanced by the new geospatial employment pilot program headquartered at the NGA West, recognizing GEOINT’s critical role in providing commanders with clearer operational pictures. As military leaders increasingly demand more ISR (Intelligence, Surveillance, and Reconnaissance) and GEOINT capabilities, strategic investments in people, partnerships and platforms continue to provide the United States with its competitive edge in the intelligence domain. 

Through developments for the future workforce, marine technology and defense initiatives, the GEOINT community maintains the nation’s security. As industry, Government and academia come together, these efforts ensure the United States remains prepared to meet global challenges with agility, innovation and intelligence-driven precision. 

To learn more about the innovative technologies featured at GEOINT, visit Carahsoft’s Geospatial portfolio.    

Why Cloud, Why Now? Modernizing federal IT: Why the cloud is becoming the new standard

Posted on by
Reply

The shift to Atlassian Government Cloud unlocks new potential for federal agencies

Modernization has been a Federal priority for over a decade, but the realities of legacy systems, compliance mandates and limited resources have forced IT leaders to make hard tradeoffs. The pandemic accelerated digital transformation, proving just how critical resilient, cloud-based systems are to mission continuity and citizen services.

Yet many agencies have remained tethered to on-premises tools not by choice, but by compliance constraints.

Now that Atlassian Government Cloud is FedRAMP Moderate authorized, agencies can confidently shift core collaboration and service delivery workloads to the cloud with security and compliance in place.

The opportunity to modernize is clearer than ever. With compliance barriers removed, cloud adoption becomes not just feasible, but foundational to moving missions forward.

FedRAMP Moderate removes the guesswork

Atlassian Government Cloud is a dedicated environment built specifically for public sector teams and limited to U.S. Government agency and contractor usage. It delivers the performance Federal agencies need, with the security and compliance they require.

This includes:

  • FedRAMP Moderate Authorization for Jira, Confluence and Jira Service Management
  • Dual-region hosting on AWS commercial US East/West regions
  • Continuous monitoring aligned to FedRAMP Moderate standards

Atlassian’s Government cloud platform is built on the same architecture that powers Cloud Enterprise, offering the scale, reliability and control public sector teams need. It’s designed to reduce friction and deliver continuous innovation while maintaining trust and transparency.

From patching systems to powering missions

Agencies that remain on legacy infrastructure are fighting a battle on two fronts: maintaining outdated systems while trying to meet new mission demands. That approach is no longer sustainable.

Modernizing with Atlassian Government Cloud eliminates the distractions of infrastructure maintenance and opens the door to high-impact work. Instead of managing update cycles or responding to fire drills, IT teams can shift their focus to scaling digital services, working with disparate teams and improving citizen-facing outcomes.

For IT administrators, this shift is transformational. Cloud offloads the operational burden they’ve carried for years—manual upgrades, weekend patching, surprise outages. With that weight lifted, teams can focus on enabling smarter service delivery across the agency.

As Jeff Garrett, Technical Product Manager at the California Department of Health Care Services shared, “I’ve had to maintain server infrastructure in the past. It’s not pleasant. Being on Atlassian Cloud Enterprise means we don’t have to do that anymore. Plus, we can add and remove applications quickly.”

This is how mission work moves forward with greater speed, clarity and alignment.

Built-in collaboration, automation, and insight

Atlassian Government Cloud offers more than security and compliance. It enables new ways of working across teams and departments, aligning your entire agency and harnessing your data.

Consider this scenario: A Federal program team launches a new initiative to expand community outreach. Rather than waiting weeks for a custom workflow, they spin up a new Jira project using a pre-built template with no administrator required. HR and legal teams contribute to project planning in Confluence, while real-time insights track progress across departments. No tickets. No silos. Just forward momentum.

The scenario above shows how teams can move faster using features like team-managed projects and templates in Jira, along with native incident management in Jira Service Management.

In addition to streamlining work, Atlassian Government Cloud will soon include Atlassian Analytics, bringing cross-product visibility and supporting data-driven decision-making across teams.

Beyond what’s available in Atlassian Government Cloud today, we’re also committed to delivering the same innovative features you’ll find in our commercial products, like Confluence Whiteboards and Goals. We’re actively developing our roadmap for Atlassian Government Cloud and will share more information soon.

Migration isn’t a barrier. It’s a supported journey

Atlassian has helped thousands of organizations transition to the cloud, including some of the world’s largest enterprises and Government agencies. We have reliable tooling for migrating data from Data Center to Atlassian Government Cloud that has been hardened through years of supporting migrations to commercial cloud. And for those migrating from commercial cloud to AGC, we’re releasing tooling for this soon.

Federal teams benefit from specialized migration support designed to streamline the process and minimize risk. That includes:

  • A Cloud Migration Manager assigned to each Atlassian Government Cloud project
  • Migration guides, training resources and toolkits to support end-user adoption
  • The choice to engage with a network of experienced solution partners if your agency wants even more support.

Agencies already using Atlassian Cloud are seeing measurable results that support faster delivery, smarter governance and stronger collaboration:

  • Utah Department of Technology Services cut Jira project setup time by 90%, enabling faster response to internal and citizen needs
  • California Department of Health Care Services standardized on Atlassian Cloud and reduced one project’s delivery time from 18 months to 6 months, cutting costs from $2.8M to $600K

With Atlassian, cloud migration becomes a guided path to modernization — not an obstacle.

The results are measurable

The shift to Atlassian Government Cloud delivers tangible results. Early adopters, including public sector agencies and private sector enterprises, are already seeing gains in performance, collaboration, and insight.

In a recent customer impact survey, organizations migrating to Atlassian Cloud reported:

  • Up to a 53% increase in productivity
  • 47% improvement in cross-functional collaboration
  • 44% gain in insight-driven decision-making

These outcomes directly support the goals of Federal agencies: improved cross-team collaboration, greater agility and faster progress on mission priorities. In a time when agencies are under pressure to do more with less, results like these make a big impact.

Take the next step

With FedRAMP Moderate authorization in place, Federal agencies can now adopt Atlassian Government Cloud with confidence. It’s time to move from maintaining systems to empowering missions.

Curious about your agency’s migration path to Atlassian Government Cloud? You can become a part of our Early Access Program. Join the waitlist here!

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Innovative Care for Shadow Warriors: How ORF is Providing Life-Changing Treatment

Posted on by
Reply

The Operator Relief Fund (ORF) is a nonprofit that supports shadow warriors—members and veterans of Special Operations Forces (SOF) and the Central Intelligence Agency (CIA) Special Mission Unit (SMU)—who struggle with the mental and physical challenges of Operator Syndrome (PTS) and other trauma-related conditions. These warriors face unique challenges due to the nature of their missions, and the physical and psychological scars of service extend beyond the battlefield, affecting not only their mind, body and spirit but also their families.

Carahsoft-Innovative Care for Shadow Warriors-blog-embedded image-2025

How Carahsoft Supports ORF

Carahsoft is a proud, long-time supporter and strategic partner of ORF and its mission to provide life-changing care for the nation’s shadow warriors. As part of its ongoing commitment to the military community, Carahsoft partners with ORF to raise awareness, provide essential resources and offer critical behind-the-scenes support. This includes financial contributions, coordinating travel services for ORF beneficiaries and strengthening connections across the Intelligence Community and The United States Special Operations Command (SOCOM) to expand ORF’s reach. Through these efforts, Carahsoft remains dedicated to ensuring that operators and their families receive the highest quality of care.

Join Us in Supporting the ORF Golf Classic

In addition to continued support, Carahsoft is excited to be involved in the ORF Golf Classic. This event provides an opportunity for the community to come together and make a lasting impact. Participation, whether through registration or a donation, directly supports ORF’s mission to provide life-changing care to the nation’s heroes and helps ensure that those who have dedicated so much receive the support they need.

You can visit our website to learn more about ORF Golf Classic. For more specific questions, please reach out to jeff@operatorrelieffund.org with any questions.

SOF Week 2025: Top 5 Insights on Interoperability, Artificial Intelligence and More

Posted on by
Reply

Effective defense often relies on operations that are agile, adaptable and focused. Special Operations Forces (SOF) Week 2025 is an international conference for thought leaders, Government representatives and key military decision-makers involved in the Department of Defense (DoD). Jointly hosted by the United States Special Operations Command (SOCOM) and Global SOF, the conference platformed discussions surrounding the improvement of cybersecurity and technology within SOF.

This year, Carahsoft and over fifty of our technology partners attended to showcase solutions in artificial intelligence (AI), cybersecurity and much more, supporting SOCOM and DoD mission objectives.

The SOF Week conference featured five key themes for attendees to learn about.

Leveraging Artificial Intelligence to Achieve SOF Objectives

One of SOCOM’s innovation priorities is to onboard products that have AI integrations, uncrewed and autonomous systems, power computing and quantum capabilities. In the session “Keynote Address: U.S. Special Operations Command Team,” speakers General Bryan P. Fenton, Commander of USSOCOM and the Command Sergeant Major Shane Shorter, Senior Enlisted Leader of the USSOCOM, discussed optimizing the computing power of adapted technology to maintain pace with adversaries. By providing the needed tools, SOCOM can help reduce the cognitive load placed on personnel.

In the session “PEO Overview: Tactical Information Systems,” speaker Chad Skiendsiel, the PM for Transport Systems, PEO TiS, requested multiple AI capabilities that would be useful to SOCOM operations. These are:

  • Automation of data and containerization
  • Software infrastructure that enables more containerization of data and configuration.
  • Commercial solutions that can enable classified data computing as well as compute power out to the edge
  • Embedded computing that can be attached to the warfighter to achieve better situational awareness

In the session “Fireside Chat: AI Innovation and Integration in National Security,” speaker Akash Jain, CTO of Palantir discussed SOF’s efforts to implement AI into SOCOM operations. One key area that requires special attention is AI integration into legacy systems, many of which have existed for years and cannot easily have AI added to enhance the work SOF does. This is why vendors with solutions, such as Hewlett Packard Enterprise, can be utilized to integrate AI into existing infrastructure.

Bolstering Cybersecurity in SOCOM Operations

One of the key themes present in SOCOM’s evolving cybersecurity efforts is the adoption of a Zero Trust architecture, particularly within the Enterprise Information Systems directorate. It is referenced across multiple capability areas as essential to aligning with broader DoD cybersecurity mandates. To advance this strategy, SOCOM is actively engaging with industry and conducting assessments to define mission-driven requirements. Technology experts such as Dell Technologies, Red Hat and VMware are constantly working to be at the forefront of Zero Trust efforts.

Following this focus, the Professional Employer Organizations (PEO) is implementing cybersecurity initiatives in its contracting services. All solicitations will include cyber discipline and hygiene requirements, supply chain risk management and cybersecurity risk management requirements. Across the portfolio within SOCOM, post-quantum encryption is being looked at as the future strategy for cyber and will continue to develop as time goes on. The PEO SOF Digital Applications (SDA) also notes that CISA’s Software Bill of Materials (SBOMs) will continue to be added to its cybersecurity pipeline to ensure software is open and honest. These initiatives work to fortify existing and future cyber structures to protect the effectiveness of missions and the safety of personnel.

As supply chains, SOF and the Defense Industrial Base (DIB) continue to be under threat from adversarial cyber-attacks, PEO Services continue working to fully implement CMMC guidelines in their procedures. For unclassified solicitations, SOCOM will implement CMMC Level One, while any classified solicitations will be level two or higher.

Industry Partnerships to Meet Demand

In the session “Keynote Address: U.S. Special Operations Command Team,” Major General Bryan P. Fenton heavily emphasized that partnerships are key to meeting industry needs. While SOF is maintaining pace with current requirements, to stay ahead in the future, SOCOM must look to industry partners for their specialty and assistance.

One such category of offerings is autonomous, unmanned systems promote efficiency by saving time on menial, repetitive tasks. SOCOM is looking to implement dual-usage, capable autonomous products, such as self-driving cars, drones and robots. Modeled after the Private Sector’s success with unmanned systems, SOCOM agencies aim to evolve at the same speed. To enact this, all onboarded unmanned systems must be interchangeable, adaptable and successful within any region of the world to meet mission requirements.

The Importance of a Modular Open Systems Approach (MOSA)

For the military, multi-domain connectivity is the way forward. Military agencies are focusing on modular open-mission systems that can be interoperable, as they are the key to staying ahead of future conflicts. Depending on industry trends and the latest in cybersecurity, equipment may need to be changed on the fly. Some technologies will need to be found preemptively; in these scenarios, industry experts can provide assistance.

In the session “PEO Overview: SOF Digital Applications session,” Modular Open Systems Approach (MOSA) was noted by every program manager as a solution. This approach is desired as it allows systems and products to remain agile when new software is added.

MOSA consists of three main components:

  • Infrastructure and Deployment: Hybrid deployment of cloud, multi-vendor capabilities, Open-source technologies and COTS integration
  • Data Centricity & Interoperability: Messaging & EDA, Black Box interfaces, Ontology Support, preferences on containerization and VMs
  • AI Implementation & Sustainment: Low-cost and remotely maintainable solutions, lifecycle management and updates, AI support for LLMs and at the edge and adaptability on mission needs

By enabling agencies within SOCOM to implement software updates, MOSA promotes interoperability and the speedy onboarding of key technologies.

Humans Over Hardware

While technology is vital to SOCOM Operations, humans are the backbone of the agency. In the session “Keynote Address: US Secretary of Defense,” Secretary of Defense Pete Hegseth spoke on the three pillars for success within the DoD and how SOCOM can reiterate and emphasize them. Among these three, the warrior ethos is targeted with the slogan, “humans are more important than hardware.” Secretary of Defense Pete Hegseth, USSOCOM Commander General Fenton, and the Chairman of the JCOS Dan Caine all echoed this point that warfighters are the most important aspect within SOF. Any person that meets warfighter standards can serve, and all purchases and developments should center the safety and wellbeing of the warfighter in mind.

Through the collaboration between people and technology, SOF is able to work securely, quickly and smoothly. With top cybersecurity, automation integrations and industry partnerships, SOCOM continues to fulfill DoD mission objectives and keep personnel safe.

To learn more about technologies featured at SOF Week, visit Carahsoft’s defense portfolio. For additional research into the key takeaways that industry and Government leaders presented at SOF Week, view Carahsoft’s full recap. 

SOC of the Future: Advanced Strategies for Modern Cybersecurity Challenges

Posted on by
Reply
Carahsoft-Innovative Care for Shadow Warriors-blog-embedded image-2025

In today’s fast-paced digital world, security teams are under immense pressure to defend against a surge in sophisticated cyber threats. Expanding attack surfaces, driven by new technologies, cloud adoption, remote work and interconnected devices, create countless entry points for attackers. Security Operations Centers (SOCs) must evolve by leveraging automation, AI and machine learning (ML) to stay ahead—cutting through the noise, accelerating threat detection and streamlining responses to provide scalable, real-time defense against ever-evolving risks.

Modern SOC Challenges

As cyber threats continue to rise in both frequency and sophistication, SOCs are coping with an overwhelming volume of security incidents. Check Point Software’s 2025 Security Report reveals a staggering 44% year-over-year increase in cyberattacks, highlighting the urgent need for stronger, more scalable defenses.

Organizations are no longer operating within clearly defined perimeters. Today’s digital environments are sprawling and dynamic, spanning on-premises infrastructure, multi-cloud deployments, software as a service (SaaS) platforms, Internet of Things (IoT) devices and a remote workforce. Each layer adds complexity—and with it, new vulnerabilities. The expanding attack surface increases not only the number of potential entry points but also the volume of activity that must be monitored.

This leads to another major challenge: organizations are now generating unprecedented volumes of security data. SOCs are tasked with analyzing vast, continuous streams of telemetry to detect threats in real time but extracting meaningful insights from this flood of data has become increasingly difficult.

While traditional Security Information and Event Management (SIEM) systems remain a core component of enterprise security, they are struggling to keep up. Many SIEM platforms are constrained by schema designs, database capacity and a limit on the number of detection rules that can be ingested.

As a result, SOCs are often forced to make difficult trade-offs, choosing which data to collect and analyze based on storage and processing limitations. This selective approach creates blind spots, potentially allowing critical threats to go undetected. In fact, 56% of organizations report coverage gaps directly linked to the limitations of legacy SIEM systems, underscoring the need for modernization.

Alert fatigue is compounding the issue. Even well-configured SOCs can generate thousands of alerts daily, overwhelming analysts and increasing the risk of real threats being missed. According to a 2023 RSA survey by Gurucul, 61.37% of security teams report receiving more than 1,000 alerts per day, while 4.29% deal with over 100,000. Alarmingly, 19.74% say the volume is so high they cannot even quantify it.

SOC Prime-SOC of the Future-blog-embedded image-2025

Beyond the operational strain, cost is another major barrier. A medium-sized organization can produce terabytes of log data every day, and storing and processing this information—especially at the scale required for comprehensive threat detection—can cost hundreds of thousands annually. SOC leaders are under constant pressure to strike a balance between broad visibility and tight budget constraints.

In this high-volume, high-velocity environment, traditional manual analysis simply cannot keep up. To close visibility gaps, reduce alert overload and operate efficiently at scale, organizations must adopt intelligent automation. Advanced analytics, ML and AI-driven detection can dramatically reduce noise, prioritize critical alerts and help SOC teams focus on what matters most—responding to real threats in real time.

The Role of Automation in SOC

Automation is a key force multiplier for SOC teams, enhancing threat response speed and accuracy. Over the past decade, security orchestration, automation and response (SOAR) solutions have had mixed success. While these solutions streamline workflows and incident response, they require significant maintenance, including scripting, playbook development and continuous security stack integration. The high total cost of ownership often outweighs initial investments, making long-term sustainability a challenge.

To address these limitations, SOCs are adopting telemetry pipelines, which intercept and filter traffic before SIEM processing, ensuring only relevant security data is analyzed. Advanced enrichment reduces redundant data, improving efficiency while lowering cloud storage costs.

Extended detection and response (XDR) solutions are also gaining traction. XDR integrates multiple security layers, correlates alerts locally and reduces reliance on centralized SIEMs. Vendor-specific XDR stacks work best within their own ecosystems but streamline threat detection and response.

Data lakes are becoming essential for long-term threat hunting, enabling analysts to detect subtle, prolonged attacks by retaining historical data for extended periods. This allows analysts to uncover patterns that might otherwise go unnoticed.

As SOC automation evolves toward autonomous SOC models and “SOCless” SIEM architectures, ML-driven algorithms will handle much of the processing and correlation, facilitating faster threat detection and response. By automating repetitive tasks like log analysis and low-level alert triage, SOC analysts can focus on complex investigations, enhancing security while addressing the skills gap.

Still, Gartner predicts that by 2030, 75% of SOC teams will see a decline in core security analysis skills as they grow too reliant on automation and AI. Therefore, deployments aimed at both augmenting human tasks and adding precision and speed to human investigations will be more effective than single-technique AI analytics. Striking the right balance between machine-driven speed and human insight seems like a feasible solution that keeps security teams agile, informed and in control of threats.

Evolving Technologies and Solutions

AI and ML capabilities enhance predictive analytics and threat-hunting capabilities, keeping SOC teams ahead of attackers. According to Gartner, by 2026, advancements like “action transformers” and the continued evolution of Generative AI (GenAI) will power semi-autonomous platforms that can greatly enhance and support the day-to-day operations of cybersecurity teams.

As cybersecurity AI assistants evolve, they will be used as more sophisticated tools for interactive support and investigation, covering tasks like incident response, risk assessment and code reviews. These tools are expected to boost efficiency and reduce response times, whether in organizations just building their security programs or in mature teams with established processes. These innovations improve threat detection and SOC readiness to withstand modern cyber risks.

Future SOC Operations

Progressive organizations understand the real value of AI/ML-powered SOC technologies that can be reasonably used and shift their focus from single-technique tools to building integrated systems that fuse software, AI and human expertise. Achieving scalable impact means having a clear strategy that targets the most meaningful opportunities.

Additionally, investment in workforce development and upskilling will be essential to bridging the cybersecurity talent gap. Organizations that invest in these areas will elevate their SOC effectiveness, better safeguard critical assets and build a resilient, future-ready cybersecurity posture.

To gain deeper insights into these strategies and hear directly from industry experts, watch SOC Prime’s webinar, solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Modern Fraud Threats in Government Relief Programs: How Agencies Can Defend Against Cybercrime

Posted on by
Reply

A recent investigation by CBS News’ “60 Minutes” has highlighted a significant issue: organized crime rings, often operating from overseas, are using stolen identities to steal billions of dollars from the U.S. Federal and State programs. These sophisticated fraud schemes specifically target public assistance initiatives, taking advantage of digital vulnerabilities and overwhelmed systems. The COVID-19 pandemic accelerated the delivery of relief funds, presenting new challenges for security systems still being implemented.

As these cyber-enabled crimes grow in complexity and scale, Public Sector organizations must evolve their defenses. HUMAN Security offers a modern solution that aligns with Public Sector standards and frameworks, like the NIST Cybersecurity Framework, to protect against automated fraud, account takeovers and bot-driven exploitation.

The Expanding Threat Landscape: Government Fraud at Scale

The fraud rings described in the CBS report do not fit the Hollywood stereotype of a lone hacker in a basement. These are industrial-scale operations run by criminal syndicates that:

  • Use stolen or synthetic identities to apply for public benefits such as unemployment insurance, COVID relief, food assistance and housing vouchers.

  • Leverage bots and automated scripts to rapidly test stolen credentials against Government login portals.

  • Host phishing websites and fake document generators to fool verification systems.

  • Exploit the lack of robust digital defenses in legacy Public Sector infrastructure.

At the height of the pandemic, the U.S. prioritized the rapid distribution of trillions in relief funds to support individuals and businesses in crisis. In the urgency to deliver aid quickly, some agencies adjusted standard fraud controls—creating unforeseen opportunities for bad actors. According to the CBS report, an estimated $280 billion was lost to fraud, with an additional $123 billion categorized as wasted or misused.

The tactics employed have now evolved into permanent tools of financial exploitation. Many cybercriminals continue to exploit social welfare and Government programs by leveraging automation and AI. Fraud isn’t slowing down—it’s scaling up.

Why Public Sector Agencies Are Attractive Targets

Government systems present a unique target profile for attackers due to a combination of high-value data, broad user bases and strained IT resources. Here’s why the Public Sector is particularly vulnerable:

1. High Payout Potential

Each successful fraudulent claim can yield thousands of dollars in benefits. Fraudsters often operate in bulk, submitting thousands of applications using stolen identities.

2. Legacy Infrastructure

Many State and Local agencies still operate on outdated software stacks that lack modern bot detection or behavior-based threat analysis.

3. Lack of Real-Time Monitoring

Fraudulent applications often go undetected until after funds are dispersed. Manual review processes are insufficient to handle the volume of claims.

4. Increased Script & API Vulnerabilities

Fraudsters exploit front-end vulnerabilities, such as JavaScript manipulation or misuse of APIs, to simulate real user activity, bypass verification checks and deploy fake documents.

HUMAN Security: A Modern Solution for a Modern Threat

Carahsoft, HUMAN 60 min, blog, embedded image, 2025

HUMAN Security specializes in protecting organizations from automated attacks, fraud and abuse by distinguishing between real users and malicious bots. HUMAN’s solutions are uniquely positioned to help Public Sector agencies address the specific types of fraud exposed by 60 Minutes.

1. Bot and Automation Mitigation

Fraudsters frequently use bots to submit applications at scale, probe systems for weaknesses and conduct credential stuffing attacks. The HUNAN Defense Platform analyzes over 20 trillion digital interactions weekly to identify real-time anomalies.

Through behavioral analysis, device fingerprinting, and machine learning, we can help public sector clients:

  • Detect non-human interaction patterns
  • Prevent fake accounts from being created
  • Block bot-driven denial-of-service or overload attempts

2. Account Takeover & Credential Abuse Defense

Many fraud schemes begin with access to a real person’s Government credentials. We prevent account takeovers by identifying compromised credentials in real time and helping clients stop  unauthorized login attempts.

Our Application Protection Package also integrates into public-facing login portals to block brute-force attempts and detect unusual login behavior.

3. Fake Identity and Synthetic Account Prevention

Fraudsters use fake IDs or generated synthetic identities to bypass identity checks. Our behavior-based analytics distinguish real users from fabricated personas—stopping fake account creation before it starts.

4. Real-Time Threat Intelligence:

By continuously monitoring emerging threats, we equip Public Sector clients with up-to-date information to counteract evolving fraud tactics.

5. Integration with Public Sector Frameworks:

Leading-edge solutions that align with standards like the NIST Cybersecurity Framework, HUMAN facilitates seamless integration into existing Government infrastructures and helps public sector clients with compliance and regulatory requirements.

Real-World Benefits to Government Agencies

By adopting fraud protection solutions, public agencies can:

  • Minimize Fraud Risk: Real-time prevention minimizes the risk of sending funds to bad actors.

  • Protect Citizens: Reduce identity theft and unauthorized access to sensitive citizen data.

  • Build Trust: Demonstrating robust cybersecurity fosters public trust in digital Government systems.

  • Streamline Compliance: Meet modern standards like PCI DSS 4.0 requirements 6.4.3. & 11.6.1 and NIST CSF with confidence.

  • Save Taxpayer Dollars: Every fraudulent dollar blocked is money that can be returned to real beneficiaries or saved for future programs.

A Call to Action for Government Leaders

The fraud revealed in the CBS 60 Minutes report isn’t an isolated event—it’s a warning sign. Digital transformation has accelerated across public agencies, but fraud defenses haven’t always kept pace.

Government leaders must take a proactive stance by:

  • Modernizing fraud detection capabilities

  • Closing visibility gaps across digital infrastructure

  • Adopting behavior-based, real-time defenses like HUMAN Security

  • Aligning security strategy with established frameworks (NIST, PCI DSS)

Fraud is no longer just a compliance risk—it’s a national security issue. As public trust and taxpayer funds hang in the balance, Government agencies must embrace modern, intelligent and automated defense systems to keep fraudsters out.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Importance of Data, AI and More Within Law Enforcement at IACP Technology Conference 2025 

Posted on by
Reply

The International Association of Chiefs of Police (IACP) Technology Conference 2025 is an annual law enforcement conference that hosts public safety professionals and technology thought leaders to discuss new solutions, techniques and trainings to equip the industry for success. With a strong law enforcement portfolio and deep industry ties, Carahsoft offers unmatched insight into the challenges agencies face today. 

By bridging the gap between top software providers and law enforcement agencies, Carahsoft’s Law Enforcement Technology Team helps both sworn and civilian personnel streamline operations, enhance decision-making and drive greater efficiency across all aspects of public safety.  

Carahsoft and over 20 of our vendors, including Cellebrite, Zebra, Saferwatch, Blackberry and Magnet Forensics, attended and ran demos of their solutions across data management and analytics, artificial intelligence (AI), emerging technology, forensics, and device security. 

Here are the 5 most relevant themes featured at the IACP Technology Conference 2025. 

Integrating Artificial Intelligence into Law Enforcement 

At IACP Tech, discussions centered around integrating AI into law enforcement to increase efficiency while balancing transparency and accountability to real-time threats. In the panel “Transforming Policing with AI: Efficiency, Accuracy and Ethical Considerations for Report Writing,” panelists underscored how AI can streamline administrative tasks, reduce the time officers spend on documentation and improve the overall accuracy and quality of police reports. Speakers also highlighted that the integration of AI must be accompanied by transparency and accountability. They stressed the importance of clearly disclosing when reports are generated or supported by AI to maintain public trust and uphold ethical standards. In the panel “Curb Your AI Through Privacy Impact Assessments,” speaker Nora Kurzova, the State Auditor of the State of Utah Office, explored the ethical implications that come with predictive AI in law enforcement. Kurzova drew attention to bias present in predictive tools, stressing the importance of human oversight to correct potential biases. With rigorous evaluations of the decisions that automated systems enact, law enforcement can ensure fairness and a positive impact on communities. 

Carahsoft, IACP 2025, blog, embedded image, 2025

Emerging Technologies in Law Enforcement 

For modern criminal investigations, law enforcement faces growing complexity in managing and analyzing mass volumes of digital data. As the volume of data generated by connected devices continues to surge, investigators must adapt software that enables timely and efficient data recovery. Critical evidence can come from a variety of sources, such as Nest cameras, smart rings, thermostats and even gaming consoles. Human augmentation technologies, including smart glasses, brain-computer interfaces and mixed reality devices, were all identified as new frontiers that officers could utilize during investigations. By utilizing unconventional data points as corroborative tools and avenues for new leads, law enforcement can increase its investigative awareness.  

Breakthroughs in Digital Forensics 

At the panel “Advancements in Criminal Investigations: Increasing Solve Rates with Technology,” speaker Ed O’Carroll, a retired Major of the Crimes Bureau from the Fairfax County Police Department, emphasized the transformative impact of advanced investigative technologies in resolving challenging criminal cases. Advancements in digital forensics, genetic genealogy and rapid DNA testing have all transcended the abilities of law enforcement, enabling the solving of difficult cases. As IT continues to evolve, law enforcement can utilize strategic partnerships with technology organizations to improve its digital forensics capabilities and reduce backlogs. With recent technological breakthroughs, skilled crime analysts and forensic professionals can maximize their potential through these revolutionary tools. 

The Importance of Interoperable Data in Public Safety 

Law enforcement depends on thorough and accurate analytics to improve and maintain capabilities. In the panel “Breaking the Data Chains: Advocating Open and Interoperable Solutions in Public Safety,” speakers explored the evolving role of data in public safety, with a strong emphasis on the importance of interoperability and open standards. Adopting open data standards enables seamless data exchange across systems and jurisdictions. Panelists called for greater vendor transparency and urged public safety agencies to include open data access provisions in their contracts to avoid vendor lock-in. Ultimately, by strengthening data sharing practices, public safety agencies can enhance operational effectiveness and fulfill mission objectives.  

Tailored, Interactive Training with Artificial Intelligence 

Law enforcement agencies are increasingly utilizing AI and virtual reality technologies to address resource constraints during training. In the panel “How Your Records Management Process Can Work for You—Leveraging RMS Functional Standards,” speaker Jeff Smythe discussed a statewide effort to revise curriculum by embedding AI tools into courses. By synthesizing practical data and automation, law enforcement can improve training and service quality.

Examples of this include: 

  • Utilizing real-world body camera footage to create simulated scenarios for training 
  • Collecting best practices to develop AI-powered virtual reality scenarios that feature immediate feedback and debriefing capabilities 
  • Implementing automated virtual reality scenarios to train soft skills, such as employee counseling and community engagement 

By simulating realistic, frequent tech-enhanced training, employers can significantly improve officer readiness and skill retention. AI and virtual tools offer scalable solutions to deliver consistent, high-quality training in an evolving public safety environment. 

As law enforcement professionals handle sensitive and vital information, the protection of that information and data is essential to carrying out fair and accurate investigations and procedures. Through tailored training, data analytics and AI, law enforcement can improve capabilities and focus resources on protecting civilians.  

To learn more about public safety related technology, visit Carahsoft’s law enforcement portfolio to explore solutions showcased at IACP Technology Conference. For additional research into the key takeaways that industry and Government leaders presented at IACP Technology Conference, view Carahsoft’s full synopsis of key sessions from the tradeshow.  

TechNet Cyber 2025: Top 5 Insights on Zero Trust, Interoperability and More 

Posted on by
Reply

Technology is a vital part of the United States Department of Defense (DoD)’s capabilities, making security and enhancements essential to the nation’s stability and growth. AFCEA International’s flagship event, TechNet Cyber, emphasizes the role of cybersecurity and IT within the DoD. Alongside its partners, such as such as Amazon Web Services (AWS), Everfox and Ciena, Carahsoft attended TechNet Cyber to support DoD mission objectives. Carahsoft maintains a unique position in the defense industry with the ability to connect DoD and intelligence community (IC) personnel, Government IT decision-makers, thought leaders and industry and vendor partners. At this year’s conference, leaders and operators in the IT and Defense Department joined to network, facilitate problem solving and explore ways to expedite and secure the procurement process.

Expanding Zero Trust: “Flank Speed” is Ready to Scale 

To safeguard against potential cybersecurity attacks, the DoD is working to secure its networks with Zero Trust, a security strategy focused on identity, credential and access management. In the session “DoD Zero Trust Success Stories,” David Voelker, Zero Trust Architecture Lead for the Department of the Navy, discussed recent initiatives to bolster Zero Trust within Flank Speed, the Navy’s single enterprise Microsoft 365 solution that provides productivity tools, collaboration tools and OneDrive storage. The Department of the Navy is planning to conduct autonomous penetration testing to determine the quality of Zero Trust capability implementation. Last year Flank Speed met 151 of 152 Zero Trust activities, meeting target far ahead of schedule. Flank Speed is the Navy’s single enterprise Microsoft 365 solution that provides productivity tools, collaboration tools and OneDrive storage.

Another speaker, Ian Leatherman, the Zero Trust Strategy Lead for Microsoft U.S. Federal, discussed key takeaways from Microsoft’s work with Flank Speed. Visibility into agency networks is critical to emboldening existing Zero Trust strategies. Mr. Leatherman stated, “When in doubt, collect the telemetry: you never know what new or novel adversary techniques you may find.” Knowing exactly how many endpoints, applications and users are on the network at any given time positions the DoD to swiftly deal with incoming threats. 

Leatherman also discussed recent initiatives to involve all Navy personnel in a cybersecurity strategy; security is more than a technology solution, but a way to ensure safety within the agency. David Voelker, Zero Trust Architecture Lead at the Department of the Navy echoes this statement. While the Zero Trust Portfolio Office set their DoD-wide Zero Trust adoption target as the end of fiscal year 2027, Flank Speed is already operational. Voelker notes that the Flank Speed configuration could be lifted and shifted to other customers in the DoD, with a quick deployment time of under 24 hours. Mr. Voelker also recommends automating this shift.  

Carahsoft and our vendor partners offer several cybersecurity solutions to help Government agencies implement Zero Trust architectures that protect critical information and reduce national security risk. Our offerings align with Public Sector Zero Trust maturity models developed by NIST, the DoD and CISA.  

Carahsoft, TechNet, blog, embedded image, 2025

How Mission Objectives Drive Acquisition  

Acquiring powerful, up-to-date technology enables the DoD to protect against persistent and increasingly sophisticated cyber-attacks. The DoD aims to streamline its procurement process to maintain pace and safeguard against attacks. In the session “DoD Software Modernization Senior Steering Group,” speaker Sean Brady, Senior Lead for Software Acquisition Enablers at the Office of the Undersecretary of Defense (Acquisition and Sustainment), explained that there are two key drivers to this transformation. The first is mission objectives; software should be tailored to allow the DoD to adapt its systems to rapidly changing threats. The second is access to commercial innovation, which allows the DoD to access products in weeks or months rather than years.  

Digital Transformation for Operational Effectiveness 

Digital transformation in the DoD is crucial for maintaining pace with an increasingly technology-driven security environment. Thomas W. Simms, Principal Deputy Executive Director for Systems Engineering and Architecture at the Office of the Under Secretary of Defense for Research and Engineering, discussed the major digital transformation efforts within the DoD. 

The main four are: 

  1. Modular Open Systems Approach (MOSA), a congressional requirement that integrates technical and business strategies to promote acquisition and drives modular designs 
  1. The DoD’s Digital Engineering Instruction, which requires programs to use digital engineering in their design process 
  1. Application Program Interfaces (APIs), a ruleset that allows communication between software applications and is driven by the DoD’s API guidebook, which enables the DoD to become more data-centric   
  1. The DoD’s System Engineering Guidebook, which is currently undergoing an update to incorporate guidance from the Secretary of Defense’s latest memos  

By modernizing legacy systems and enabling the DoD to acquire the newest and greatest in IT, these initiatives enhance operational effectiveness and improve decision-making speed.

Fast-Tracking Authority to Operate (ATO) 

In the defense industry, technology must be approved to mitigate security risks. The Software Fast Track (SWFT), a process that expedites software verification within the U.S. Government, is changing the way the DoD manages risks and conducts Authority to Operate (ATO). Contractors can get involved with the latest software acquisition and risk management changes by participating in the three recently released requests for information (RFIs).  

These RFIs, which close May 20th, are: 

Katie Arrington, the Acting DoD Chief Information Officer (CIO), also discussed the Software Fast Track (SWFT) set to launch on June 1st of this year. The initiative will replace the traditional Authority to Operate (ATO) structure and add a few requirements, such as third-party Software Bill of Materials (SBOM), third-party risk assessments and the population of Enterprise Mission Assurance Support Service (eMASS) with artifacts. Once these guidelines are in place, contractors will gain a Provisional ATO. 

Ms. Arrington attests that these changes will revolutionize the Risk Management Framework (RMF) by allowing industry experts to provide feedback to the DoD. Paper compliance isn’t enough anymore, Ms. Arrington says. The DoD is looking for “continuous monitoring, red-teaming and people to continually evaluate their capability.”  

She also added that the DoD will be sunsetting the Approved Products List (APL). Additional sponsor additions are no longer being accepted. Instead, the SWFT initiative will take over, establishing a “trust, but verify” procedure, promoting both security and swift ATO action.

Using Interoperability to Pitch to DoD 

As operations increasingly move online, interoperability becomes increasingly important to efficiency and accessibility. Venice Goodwin, the outgoing CIO for the Department of the Air Force, offered advice to industry professionals on navigating changes within DoD. Goodwin recommends that the industry practice “extreme teaming;” rather than service each department individually: vendors should focus on servicing the DoD as a whole. As the DoD prioritizes capabilities that have cross-departmental benefits, industry experts should demonstrate the effectiveness of their capabilities and solutions in every domain across land, sea, air and space. With this collaboration, both the Private and Public Sector can get the results they need.

The digital transformation journey within the Department of Defense represents not just an evolution of systems, but a commitment to defending interests at home and abroad. Acquisition, ATO and Zero Trust are all valuable assets to maintaining pace with the current, constantly evolving technological climate, ensuring the United States carries out its mission of protecting the nation. 

To learn more about mission-critical technology, visit Carahsoft’s defense portfolio to explore solutions showcased at TechNet Cyber. For additional research into the key takeaways that industry and Government leaders presented at TechNet Cyber, view Carahsoft’s full synopsis of key sessions from the tradeshow.