Mobilizing Law Enforcement Agencies Through Technology and Security Innovations at IACP 2023

Posted on by George Vit

Law enforcement professionals provide a crucial function in society. By leveraging modern technology advancements, agencies can achieve that quality of service and keep the American people safe from ongoing threats. The International Association of Chiefs of Police (IACP) Annual Conference and Exposition 2023 offered law enforcement agencies and security professionals the opportunity to learn from experts in the top fields, develop partnerships and get access to technologies that will aid in navigating the current landscape.

Securing Sensitive Law Enforcement Data

A reoccurring challenge for law enforcement is an increase in ransomware attacks against them. Agencies reported a significant jump in attacks in the last two years, from 34% of departments reporting a ransomware hack in 2021, to nearly 69% in 2023. The average ransomware payment increased 500% in 2023 to over $1 million and over 25% of these attacks began with a phishing or malicious email. To combat this, agencies and departments must strengthen their cybersecurity postures and align with the NIST Cybersecurity Framework. Speakers at IACP provided five themes of questions agencies should ask to evaluate their cyber readiness:

Identify: Is our agency able to find weak spots, prioritize our response to them and track them? Have we done asset management, risk assessments and supply chain risk management?
Protect: Is our “front door” locked? Are we taking proactive measures to protect our data today? Have we implemented identity and access management (IAM), awareness and training and overall data security procedures?
Detect: Can we tell when something goes wrong? Can we identify issues confidently and quickly in the case of an anomaly?
Respond: How do we respond when bad things happen? Have we instituted clear communication, analysis, mitigation and response planning?
Recover: Are we ready to recover and learn from an incident and make the necessary changes to ensure it does not happen again?

Addressing these questions and acting on them means committing to fostering a culture of security and secure best practices. There are many technologies that can aid in this endeavor including artificial intelligence (AI) Ops, which assesses system patterns and behaviors to identify and surface anomalies; IAM, which provides an extra layer of authentication through biometrics and contextual authorization; and cloud and virtual environments, which agencies can employ in combination with infrastructure-as-a-service to enhance security.

The Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) has released two new updates to its security policy, Versions 5.9.1 and 5.9.2, based on the key pillars of data confidentiality, integrity and availability. These policies now require initial security training for personnel who need access to Department of Justice (DOJ) materials as well as the completion of yearly training for the extent of their access time. In conjunction with these policies are key technologies to safeguard data such as IAM, multi-factor authentication (MFA), system monitoring and others. Employing these solutions and safety measures boost community trust in law enforcement and the security of digital evidence. CJIS policies also reiterate to law enforcement officers the importance of doing their due diligence in securing both the data and their vital tools that otherwise could be rendered obsolete in the event of an attack. The Cybersecurity and Infrastructure Security Agency (CISA) has dedicated funding for state agencies to help with this endeavor of protecting the LE cyber space.

Rising Innovative Technologies for Law Enforcement Agencies

Implementation of body worn cameras (BWC) has been a growing initiative for law enforcement (LE) agencies for the last several years. With the Bureau of Justice Assistance’s Body Worn Camera Policy and Implementation Program (BWCPIP) more departments are able to receive grant funding and training for BWCs allowing more widespread usage of the technology especially in small, rural or tribal LE agencies. So far, this program has provided over $180 million in funding towards this effort. To support these BWC data advancements and further the technology benefits, LE agencies are looking for cloud storage and organization solutions, interoperability for data sharing, AI algorithms to efficiently tag videos and analytics software to pull relevant insights.

AI in the law enforcement field also provides many other time saving benefits including automating some procedures and everyday tasks like report writing. Before implementing AI, agencies must audit their current processes to assess the specific use cases and preemptively address any challenges. Establishing guidelines for AI usage by law enforcement, not only assists internally with governance and accountability, but also helps build public trust by delineating the technology capabilities.

Drones are another up-and-coming technology displaying value across public safety and emergency response. In the aftermath of Hurricane Ian in 2022, LE agencies deployed unmanned aircraft systems (UAS) and, through these drones, were able to conduct situation assessments, wide area searches, mapping of critical roadways to expedite the movement of resources and more. This UAS teaming approach has increased the speed and efficiency of first responders, as well as the ability to easily share the information with other agencies.

Whether it is body worn cameras and drones, or AI, cloud and other solutions, security must be baked into the technology and operational processes. As partners in this current landscape, every party involved both in law enforcement and industry has the responsibility to educate themselves and maximize collaboration and the technologies available to continue to make the United States a safe place.

To learn more about Carahsoft’s Law Enforcement Technology Solutions, visit our vertical portfolio and start your journey to enabling a safer tomorrow.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at the IACP Annual Conference and Exposition 2023.*

Revitalizing FedRAMP: Navigating the Shift to a Modernized Cloud Security Framework

Posted on by John Lee

The Federal Risk and Authorization Management Program (FedRAMP) was created over a decade ago to provide a standardized approach to security assessment, authorization and continuous monitoring for cloud products and service used by Federal agencies. Embracing the dynamic advancements in cloud technology, FedRAMP has recognized the importance of modernizing to keep pace with the rapid developments in the cloud landscape. The Office of Management and Budget (OMB) released a draft memorandum in October 2023 that outlined a comprehensive FedRAMP framework, emphasizing adaptability, automation and cooperation to address evolving cloud service requirements.

An Opportunity for Modernization

As technology continues to evolve, so do the advancement opportunities in the realm of cloud security for Federal agencies. With the expansion of cloud offerings and the increasing demand for cloud-based services, FedRAMP is undergoing a significant overhaul to meet the changing landscape. The new OMB FedRAMP guidance will replace the original guidance published in 2011, a year in which the cloud security climate looked drastically different and less complex than today. Changes to address the evolving threat landscape include tools for enterprise collaboration, product development and improving an enterprise’s own cybersecurity. Having already authorized more than 300 authorized services in the FedRAMP Marketplace, FedRAMP recognizes the need to add more solutions for agencies to have all the required capabilities to deliver on their missions.[1]

OMB aims to address these challenges by establishing a plan to scale the program, bolster security reviews of cloud solutions and accelerate Federal adoption. Drew Myklegard, the Deputy Federal CIO, said during CyberTalks, a gathering of the most influential leaders in cybersecurity and digital privacy, “There’s a lot of room in the FedRAMP process with friction and [manual] steps that are causing too long of times from when people identify a product that they need until they can employ it.” [2]

The New FedRAMP Guidance

Automation and Continuous Monitoring (ConMon) stand at the forefront of FedRAMP modernization as the memo underscores the significance of automation and the use of machine-readable formats for authorization and ConMon artifacts. The new guidance will create a system for automating security assessments and reviews, as well as expand on the initiative to obtain FedRAMP security artifacts solely through automated, machine-readable processes. The General Services Administration (GSA) also plans to update ConMon processes within 180 days and exclusively accepting machine-readable artifacts within 18 months.

By automating security assessments and reviews, FedRAMP is looking to streamline the authorization process, reduce the time and cost of compliance, and improve the accuracy and consistency of security assessments. An added benefit is that automation will help identify and mitigate security risks more quickly and effectively, improving the overall security posture of cloud-based services used by the Federal Government.

The key changes proposed in the new guidance will:

Reaffirm the presumption of adequacy established in the FedRAMP Authorization Act. This provision establishes that once a CSO achieves FedRAMP Authorization, Federal agencies must presume the offering has adequate security measures for a streamlined reauthorization.
Recognize the transformation of the cloud marketplace and the need for FedRAMP to adjust its processes, originally tailored to a limited number of Infrastructure as a Service (IaaS) solutions, to now accommodate a vast and growing amount of Software as a Service (SaaS) solutions.
Introduce a fast-track authorization program for agencies that have demonstrated mature authorization processes and frequently provide the PMO with high-quality authorization packages.
Propose new authorization types: Joint-Agency and Program authorizations. The Joint Authorization Board (JAB) authorization option is evolving, with all existing JAB authorizations automatically transitioning to Joint-Agency authorizations upon the memorandum’s issuance. Joint-Agency authorizations can pool the resources of any Federal agency to review an authorization package, expanding beyond the DoD, DHS and GSA to include all relevant agencies.
Define the roles and responsibilities of the newly established FedRAMP Board. The FedRAMP Authorization Act empowered OMB to assume a more active and leading role in FedRAMP, and this memo serves as a notable illustration of that increased involvement.
Establish a preliminary “pilot” authorization category allowing agencies to test new cloud services for up to twelve months. This authorization pathway would provide agencies and CSPs with an expedited route to market, accelerating the availability of CSOs.
Streamline authorizations for products that leverage FedRAMP-authorized Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) solutions and for products which have obtained external security frameworks that evaluate relevant risks.
Establish the Technical Advisory Group (TAG) to act as an independent source of Federal Government employees for best practices to enhance the efficiency of FedRAMP’s operations.

Benefits for Federal Agencies

By scaling the program, more cloud service providers will be able to obtain FedRAMP authorization, increasing the availability of authorized cloud services for Federal agencies to use. This will enable agencies to more easily and quickly adopt cloud-based services that meet their specific needs.

Through enhanced security reviews of cloud service offerings, Federal agencies can gain increased confidence in the adherence of the cloud services they utilize to rigorous security standards. Therefore, improving the overall security posture of Federal agencies and reducing the risk of data breaches.

Streamlining the authorization process and offering a broader range of authorized cloud services can help Federal agencies alleviate the costs and administrative burden linked to duplicative security assessments. Overall, agencies will be able to more efficiently and effectively leverage cloud-based services to support their mission and better serve its citizens.

The Future of FedRAMP

Stakeholders are optimistic the new OMB guidance will pave a future for the program that will be more comprehensive, efficient and tailored to the current security environment. As more commercial providers become incentivized to pursue FedRAMP authorization, Federal agencies will have more options when it comes to cloud, and technology vendors will be more suited to achieve FedRAMP authorization success.

To explore more in-depth insights into the OMB Memo view the Carahsoft Guide to Modernizing the Federal Risk Authorization Management Program (FedRAMP). To learn more about Carahsoft’s partner marketplace for FedRAMP certified cloud solutions visit our FedRAMP portfolio and speak to a member of our team today.

Resources:

[1] “Office of Management and Budget Releases Draft Memorandum for Modernizing the Federal Risk and Authorization Management Program (FedRAMP).” The White House, https://www.whitehouse.gov/omb/briefing-room/2023/10/27/office-of-management-and-budget-releases-draft-memorandum-for-modernizing-the-federal-risk-and-authorization-management-program-fedramp/.

[2] “OMB extends comment period for new FedRAMP guidance.” FedScoop, https://fedscoop.com/omb-extends-comment-period-for-new-fedramp-guidance/

EdTech Talks: Exploring the Impact of Technology on Student Growth and Development

Posted on by Tim Boltz

Schools and universities strive every day to give their students an effective, fulfilling, successful personal growth and academic learning experience. Harnessing technology innovations can pave the way to achieving those goals. During Carahsoft’s annual EdTech Talks Summit, experts in education and the IT industry discussed how existing and emerging solutions such as observability, the ‘secure by design’ approach and analytics can enhance education to personalize experiences, provide developmental insights on learning approaches and achieve maximum support for all students.

Addressing Post-Pandemic Digital Transformation with Observability

Following the COVID-19 pandemic, there were many education challenges including a rapid shift to remote learning, the need to adapt quickly to new technologies and evolving cybersecurity threats. Schools and universities play a major role in the nation’s critical infrastructure along with the transportation sector, water and pipeline management, utilities and more making them vulnerable to cyberattacks. Bolstering the strength of cybersecurity infrastructure is a key component of the student experience as schools are responsible for safeguarding student’s educational, health and personal identification records.

One step towards achieving cybersecurity is observability. In a time when education leaders are asked to do more with less, observability allows institutions to understand what is happening within their networks and why. Observability should be used to empower education IT teams and in conjunction with active monitoring platforms, which will help them understand the full scope of the data in their network management systems to then apply actionable intelligence to solve issues. When exploring this data, IT staff should consider these questions:

Is the network following the proper compliance rules that are in place? If not, what change was made to take the network out of compliance?
What is the user experience like right now?
What vulnerabilities are there within the network?
Are students able to reliably access what they need and are those systems performing correctly?
Are the internal safeguards working as efficiently as external safeguards?
Do students have proper online safety awareness to aid in avoiding potential risks?

Implementing observability best practices can boost the security and manageability of schools’ network infrastructures, leading to improved experiences for students, faculty and cross-campus communities.

Secure by Design for Education

One of the leading ways manufacturers, developers and education institutions can ensure their products are safe and efficient for students and staff is to create and utilize products that are secure by design. This holistic approach establishes that each product code, solution bundle and packages is tested and validated before an end user receives them, and therefore, contains a built-in cybersecurity insurance policy. In the future, this will save schools time and costs by decreasing the number of cyber threats they face. Students and faculty will experience an increased learning capacity. For example, these solutions help keep students in schools and experiencing less interruption and downtime because of ransomware attacks. This approach empowers faculty to seamlessly adopt and integrate the use of secure solutions into their curriculum and lesson plans. With secure by design solutions, educators and students can rely on the fact that their data will be protected by modernized products tailored with them in mind.

The Importance of Analytics in Higher Education

Data plays a crucial role in educational infrastructure, offering valuable insights into the ever-evolving trends in learning. Most schools have siloed data in multiple areas such as learning management systems, enrollment systems and alumni engagement systems. Some colleges and universities within the Public Sector are only able to perform localized, descriptive analytics such as running spreadsheets and creating dashboards to see enrollment and graduation rates. The key to valuable, actionable and intelligent analytics is being able to discern how data intersects and correlates for more predictive and prescriptive analytics across the various digital spaces where institution data is stored. To do this, schools can leverage the power of automation through artificial intelligence (AI) and machine learning to augment data and use the insights gained to improve analytic maturity, helping faculty and administrators better serve students and their education missions.

From increased security through observability and intentional technology designs to data-driven insights, the impact of these solutions on student growth is reshaping the educational landscape and creating an environment where students can thrive both academically and personally.

Visit the EdTech Talks Conference Resource Center to view panel discussions and other innovative insights surrounding security, AI and student success from Carahsoft and our partners.

About Carahsoft in the Education Market

Carahsoft Technology Corp. is The Trusted Education IT Solutions Provider™.

Together with our technology manufacturers and reseller partners, we are committed to providing IT products, services and training to support Education organizations.

Carahsoft is a leading IT distributor and top-performing E&I Cooperative Services, Golden State Technology Solutions, Internet2, NJSBA, OMNIA Partners and The Quilt contract holder, enhancing student learning and enabling faculty to meet the needs of Higher Education institutions.

Learn more at http://www.carahsoft.com/education.

5G: Powering the Government’s Digital Transformation

Posted on by Mark DeMerse

5G technology has the capacity to speed data transfers and connect billions of devices at a time when mission success hinges on fast, secure access to data and people. 5G’s potential to enhance all government activities makes it an indispensable component of efforts to modernize IT systems and service delivery. Because of its low latency and capacity to carry vast amounts of data quickly and efficiently, 5G enables real-time access to information. As a result, it is facilitating the growth of smart cities, the use of artificial intelligence to improve government operations and the adoption of edge computing. The implications are profound for activities as varied as battlefield communications, military logistics and preparedness, and emergency response in situations where critical infrastructure is unavailable. Learn how government agencies can leverage all the resources in play to achieve the goal of open, interoperable and secure 5G networks Carahsoft’s Innovation in Government® report.

The Unifying Nature of 5G Technology

“5G technology is the first telecommunications standard that is cloud-native, making it critical for the government’s digital transformation. We now have a transport medium that aligns with and supports the flexibility, scalability and efficiency of cloud operating models and containerized functions and services. In addition, all aspects of a digital transformation strategy — including edge computing, artificial intelligence, cloud migration and application rationalization — center on data. With everything level-set architecturally to be cloud-native and containerized, 5G networks enable a common approach to managing data, and they also bring in a new capability for data sovereignty.”

Read more insights from Chris D. Thomas, technical strategist at Dell Technologies.

Why 5G Is Indispensable for Frontline Agencies

“Private 5G networks have distinct benefits for government, which is why DOD has stated that it is a strategic direction for the department. At Federated Wireless, we custom-build networks for high performance, scale and unlimited capacity using best-of-breed technology from a large ecosystem of suppliers. Private wireless networks provide strong security and control over where the data resides. Unlike a traditional cellular carrier that sends data through an off-site central core, private 5G networks are secure enclaves that are governed by zero trust architectures.”

Read more insights from Paul Battaglia, vice president of public sector at Federated Wireless.

The Key to Creating More Flexible 5G Networks

“JMA Wireless embarked on a project a couple of years ago to help bring 5G to the Marine Corps Logistics Base in Albany, GA. We were part of a team that deployed a 5G network and added applications to enable officials to modernize warehousing and logistics at the base. As a result of those improvements, the base has reduced labor costs by 61%. Additionally, it used to take three to five days for items to move from the dock to the shelf. That timeline has been slashed to about 36 minutes as the combination of the 5G network and updated application environment drives major efficiencies in logistics operations.”

Read more insights from Rishi Bhaskar, senior vice president and general manager at JMA Wireless.

Sharing Critical Information in Real Time

“The deployment of 5G for government agencies requires a security approach that is independent from the underlying transport network. For our public safety and defense customers, we offer a security architecture based on Blackned’s TacticalCORE, which provides an over-the-top multidomain security layer, enabling authentication in contested environments and separate classified information spaces across the same infrastructure. All transport is considered untrusted with the ability to implement agency-specific encryption on the 5G network. This state-of-the-art security approach has already been accredited by the German BSI as NATO-restricted and enhanced security classifications are planned.”

Read more insights from Richie Obermayer, VP of technical sales at GuardSTACK Technologies.

How Agencies Can Reap the Benefits of 5G

“5G’s reliability and availability make it possible to build dedicated wireless networks that can be sliced so mission-critical applications run in separate areas while the government maintains full control over that network. Last but certainly not least, 5G networks have carrier-grade, built-in security standards, including SIM cards that are provisioned and activated for a specific network. Users cannot connect to the network without inserting a highly secure SIM into their devices.”

Read more insights from Derrick Frost, senior vice president of operations and general manager of private wireless at Kajeet.

Private Networks and the Evolving 5G Ecosystem

“Private networks are well-suited to agency use cases for a number of reasons. First and foremost is security, which is the bedrock of every cellular network. Beyond the built-in security private 5G networks bring, they also have the capacity to add extra layers of security. The other components of a robust network include radio frequency technology and the latest 5G devices and radios. Once that foundation is in place, agencies can explore the wide range of use cases that a private 5G network can address. Deployments include standalone networks for first responders, border patrol agents and tactical response units, as well as secure, reliable networks for telemedicine providers.”

Read more insights from Derek Gallagher, CTO at Druid Software.

Download the full Innovation in Government® report for more insights from 5G thought leaders and additional industry research from FCW.

Drones Revolutionize First Response: Search & Rescue and Accident Investigations

Posted on by Lacey Wean

In the fast-evolving landscape of public safety, a silent revolution has emerged with the concept of drones as first responders (DFR), search and rescue (SAR) life-savers and accident investigation accelerators. Incidents can happen anytime, anywhere. Whether it is a 911 call to the police, a missing person case or a traffic collision, time is of the essence. DFRs improve traditional response and investigation methods to save resources and time as well as reduce risk for first responders. With the emergence of drones as a public safety tool for initial response, DFR, SAR and accident investigations, a new era of efficiency and effectiveness has dawned.

Utilizing Drones as First Responders

In the past, arriving at the scene after any 911 call required precious minutes to mobilize personnel and equipment. The DFR model has changed this by significantly cutting response times. Equipped with high-resolution cameras, thermal imaging or other advanced sensors, drones can swiftly survey any scene from the skies and provide crucial data to first responders.

In December 2015, the Chula Vista Police Department (CVPD) established the Unmanned Aircraft Systems (UAS) Committee with the primary aim of evaluating the integration of UAS into its public safety operations.^[1] The subsequent drone program represents a groundbreaking milestone, as the nation’s first instance of employing drones as first responders. Since then, the initiative has reached a total of 16,736 calls responded to, 2,273 assisted arrests and an average response time of 96.66 seconds from dispatch to on-scene arrival.^[2]

In addition to speed, drones offer a unique aerial perspective and allow public safety professionals to understand the extent of the incident, identify potential hazards and allocate resources more effectively. This improved situational awareness helps first responders make informed decisions, while enhancing the safety of both citizens and personnel.

Enabling Search and Rescue Missions

SAR operations often involve difficult terrains and adverse weather conditions. These challenges have seen a remarkable transformation with the integration of drones. Drones can cover vast areas quickly and efficiently, greatly improving the chances of locating missing persons or survivors.

For example, the Weber County Search and Rescue (WCSAR) has taken a significant stride towards augmenting safety and efficiency through the establishment of a Small Unmanned Aircraft Systems (sUAS) program which provides invaluable aerial support to ground personnel. Prior to the sUAS program, the average search time for a person in distress was 4 hours and 35 minutes. Since the program’s inception, this time has been drastically reduced to 58 minutes.^[3] These statistics underscore the impact of UAS technology on SAR operations, greatly enhancing response times and ultimately increasing the chances of successful outcomes.

Offering More Efficient and Effective Investigations

Accident investigations play a crucial role in determining the causes and contributing factors behind incidents, especially for traffic-related mishaps. Drones equipped with 3D mapping technology have revolutionized manual measurements and reconstructions by creating accurate digital reconstructions of accident scenes in record time. With a drone, a process that sometimes can take 6-8 hours by investigators can be accomplished in 3-4.^[4]

What sets this modern approach apart is its data-driven essence. Drones, armed with their high-resolution cameras and advanced sensors, facilitate the collection of intricate data from accident scenes. This wealth of information serves as the bedrock for constructing precise digital reconstructions, offering investigators unprecedented insights into the unfolding of events. The Tippecanoe County Sheriff’s Office in Indiana reported a 60% reduction in overall scene time thanks to UAS deployment, allowing them to efficiently measure an 800-foot scene in just 22 minutes.^[5]

Similarly, the Oro Valley Police Department in Arizona and the Houston Fire Department in Texas witnessed significant improvements in incident response times, with the former achieving a 32% reduction in roadway and incident clearance times, and the latter experiencing a 40% reduction in scene time, ultimately enhancing safety and efficiency in their operations.^[6]

Looking Ahead

The journey of drones from being mere recreational gadgets to becoming indispensable tools for the public safety community has been truly remarkable. With advancements in technology, it can be expected that drones will become even more sophisticated and versatile in the future. The potential for integrating Artificial Intelligence (AI) to enhance drone capabilities, such as real-time object recognition or predictive analytics, holds exciting possibilities for improving emergency response, SAR and accident investigations.

In the near future, industry can anticipate drones with enhanced autonomy to work in coordinated swarms, learn from past missions and employ advanced object recognition. Fully autonomous drones will include on-demand deployment, emergency alert response, target tracking, obstacle avoidance, indoor flight, AI capabilities, GPS connectivity, voice commands, patrol vehicle integration, advanced threat detection and real-time situational awareness through live feeds.^[7]

The concept of DFR and drones utilized in SAR and accident investigations is no longer a distant dream but a reality reshaping the landscape of public safety. These flying machines have proven to be first responders’ best allies, aiding them in saving lives, conducting efficient accident investigations and navigating challenging rescue missions. As regulations evolve and technology continues to advance, drones will play an even more pivotal role in protecting and defending the public.

To learn more about how Carahsoft can support your drones technology initiatives, visit our Autonomy and Robotics technology solutions portfolio.

References:

[1] “Chula Vista Police Department Drone Program,” Chula Vista Police Department, https://www.chulavistaca.gov/departments/police-department/programs/uas-drone-program

[2] “Dawn of Drones Podcast,” Dawn Zoldi, https://www.auvsi.org/dawn-drones-episode-81-miriam-foxx-captain-chula-vista-police-department

[3] Credit: Captain Kyle Nordfors, Mountain Rescue Association (MRA) UAS Chairman Weber County Sheriff’s Office (Utah) Captain – Alaska Airlines B737

[4] “Drones For Good: Saving Time And Lives With Faster Crash Scene Reconstruction,” DJI, https://www.dji.com/newsroom/news/drones-for-good-planting-crash-scene-reconstruction-photogrammetry-purdue

[5] “UNMANNED AIRCRAFT SYSTEMS FOR TRAFFIC INCIDENT MANAGEMENT,” U.S. Department of Transportation Federal Highway Administration, https://ops.fhwa.dot.gov/tim/docs/EDC-6_Factsheet_TIM_UnmannedAircraft_v2_508.pdf

[6] “Next-Generation TIM: Integrating Technology, Data, and Training,” U.S. Department of Transportation Federal Highway Administration, https://www.fhwa.dot.gov/innovation/everydaycounts/edc_6/nextgen_tim.cfm

[7] “Can AI drones help protect officers in these dangerous times?,” Police 1, https://www.police1.com/officer-survival-guide/articles/can-ai-drones-help-protect-officers-in-these-dangerous-times-Ii9BujqaIeEB0hkZ/

The Evolving Landscape of Cybersecurity in the Healthcare Sector

Posted on by Tim Boltz

As the nation becomes increasingly interconnected through technology, industries are also utilizing new technology to meet patient expectations for quick diagnoses and access to results. However, when this technology usage includes personal or healthcare data that may be sensitive for patients or health systems, cybersecurity becomes paramount and necessitates the implementation of new cyber standards. The Healthcare Information and Management Systems Society (HIMSS), a global society focused on information and technology in the health ecosystem, held its annual HIMSS 2023 Healthcare Cybersecurity Forum in September. Here, industry professionals converged to innovate and discuss strategies for safeguarding the healthcare sector against cyber-attacks. To protect against breaches, the healthcare system must integrate and scale to achieve a more connected technological landscape across the industry to better serve patients.

Ransomware and Cybersecurity in Healthcare

By connecting and improving interoperability between healthcare systems/EHR platforms, overall patient service is improved; however, with features such as digital integration, migration to the cloud and the incorporation of remote workers, cyber vulnerability has simultaneously increased. Bad actors oftentimes target healthcare agencies with ransomware for hire. With the increased capabilities of artificial intelligence (AI), even inexperienced bad actors can create sophisticated and dangerous attacks. Due to the immense financial loss of these attacks, it is vital that agencies prioritize cybersecurity. Hospitals, other healthcare centers, and especially their third-party stakeholders, now face a new barrage of ransomware attacks and data breaches.

There are a couple of steps administrators can take to protect hospital systems, patients and stakeholders.

Implement ‘Security-by-Design,’ a strategy where providers ensure that all products are secure by design and default, with all IT solutions and enterprise environments.
Maintain pace with the evolution of artificial intelligence (AI) and utilize it to defend against bad actors.
Standardize a detailed incident response plan that includes a thorough business continuity plan.
Exchange defense strategies between stakeholders — a united front is stronger than trying to face threats alone.
Implement multi-factor authentication and zero trust on all end users so information is accessed by the parties that need to know.
Apply data encryption to systems to protect sensitive information against hackers.

AI in the Healthcare Industry

While bad actors have utilized the capabilities of AI, the healthcare industry can also use it to improve cybersecurity. AI does not need breaks, and therefore can run all day reducing the time needed to identify a security breach by analyzing large amounts of data in real time. On a similar note, AI can identify multiple devices and manage network endpoint detection for large networks. AI has been used to predict Domain Name System (DNS) attacks before occurrence, preventing and mitigating these attacks. It can implement Secure Access Service Edge (SASE), analyze identities and manage risk. With its strength of detecting patterns, AI can distinguish subtle patterns of attack that would otherwise go unnoticed by people.

Due to the nature of this new technology, the healthcare industry must carefully decide whether it wants to implement AI, and to what extent it will be used. In terms of cybersecurity, AI may be the answer to providing a secure standard for an interconnected healthcare industry.

Partnerships to Strengthen Cybersecurity in the Healthcare Industry

To provide the best security for patients and stakeholders in the healthcare sector, the federal government and technology industry have joined the battle against bad actors in healthcare. Several federal agencies including the Administration for Strategic Preparedness and Response (ASPR), will lend a hand in bolstering the cyber posture of the American health system. The ASPR is working alongside Cybersecurity and Infrastructure Security Agency (CISA) and private sector partners to analyze the cyber threat landscape of the healthcare sector. Over the next year, the agency hopes to create a cyber division, introduce a cyber risk identification tool, track cyber incident reports and gain resources and buy-in from senior leadership. Another agency, the Department of Health and Human Services (HHS) will strengthen cybersecurity by partnering with hospitals, health organizations and federal agencies, including CISA, that have additional information on cyber threats. Under the HHS, the Health Industry Cybersecurity Practices (HICP), a publication in response to the Cybersecurity Act of 2015, provides practical cybersecurity guidelines for the healthcare industry.

HICP covers several major threats that the industry faces, including:

Social engineering
Ransomware
Payment fraud
Loss or theft of equipment
Insider, accidental, or malicious data loss
Attacks against network connected medical devices

To counter said threats, the HICP has listed its top ten best cybersecurity practices. It advises to:

Protect email systems from phishing breaches
Implement endpoint protection systems to all hardware devices
Utilize identity and access management, regardless of the size of the health care organization
Check cyber posture to prevent data loss
Manage IT assets
Execute network management for wireless or wired connections before interoperating systems
Enact vulnerability management
Take advantage of incident response plans to discover network cyberattacks
Extend relevant cybersecurity practices to network connected medical devices
Establish and implement cybersecurity and governance policies^[1]

By enabling organizations to evaluate capability against cybersecurity attacks, HICP aims to protect patients and stakeholders from private data loss.

While cyber attacks are always growing in complexity, the healthcare industry can evolve and provide superior service for its patients through the use of tested security strategies, AI and federal aid.

Visit Carahsoft’s Healthcare Solutions Portfolio to learn more about improving cybersecurity practices in the healthcare sector.

Resources:

^[1] “HICP’s 10 Mitigating Practices,” Department of Health and Human Services, https://405d.hhs.gov/best-practices

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at the HIMSS Fall Forum in September 2023.*

Building a Foundation for an AI Future

Posted on by Mike Adams

It might seem like agencies are hesitant to adopt artificial intelligence. But really, it is quite the opposite. As Lori Wade, the Intelligence Community’s chief data officer, put it: “It is no longer just about the volume of data, it is about who can collect, access, exploit and gain actionable insight the fastest.” The realization is clear: Humans alone cannot keep pace. They need AI so they can make decisions based on the most relevant and most current information — and make those decisions in a timely manner. It is really as simple as that. Download the guide, “Building the Foundation for Your AI Future,” to pick up pointers on data management and AI, plus take a glimpse at the latest technology developments, tips for best practices and an explanation of the early value that AI is delivering to agencies across government.

How to Revolutionize Government Translation with Generative AI

“In situations where accurate and timely translations are crucial, the shortage of qualified and vetted linguists poses significant challenges. Equally, non-linguist analysts are not equipped with secure, at-desk tools to translate foreign language material at the speed of relevance. For example, during the ongoing war in Ukraine, there has been a scarcity of linguists available to provide real-time updates on the ground. This shortage not only has affected the ability to gather vital intelligence but also hindered the timely dissemination of information to national security and defense agencies in the U.S. and abroad.”

Read more insights from Jesse Rosenbaum, Vice President of Business Development and National Security at Lilt.

How Graph Databases Drive a Paradigm Shift in Data Platform Technology

“Federal agencies are awash in data. With recent modernization efforts, including the wide-scale adoption of cloud platforms and applications, it is easier than ever for agencies to receive streaming data on everything from logistics to finances to cybersecurity. But that volume of data requires new solutions to process and analyze it. Older methods like SQL and NoSQL simply are not up to the task of analyzing all of the connections between the government’s many massive databases. That is where the new graph paradigm of data platform technology comes in.”

Read more insights from Michael Moore, Principal for Partner Solutions and Technology at Neo4j.

How Agencies Can Upskill in AI to Achieve a Data Mesh Model

“Data mesh behavior actually goes a step further. AI has become so easy to use, business owners can actually join in the development alongside the data scientists. Therein lies the challenge: Upskilling subject matter experts across an entire organization is a big lift. The way it works best is to start with a center of excellence, a small group of people who begin working with business owners across the enterprise, office by office. They can then prove the value and evangelize it, and then the agency can move to a hub-and-spoke model, where the data scientists are co-developing alongside business owners. As successes pile up, the data scientists can take a step back and allow frontline workers to do the development, governing the new data products on their own.”

Read more insights from Doug Bryan, Field Chief Data Officer at Dataiku.

How Agencies Can Build a Data Foundation for Generative AI

“Generative artificial intelligence tools are making waves in the technology world, most famously ChatGPT. Although the code of these tools is significant, their real power stems from the data they are trained on. Gathering and correctly formatting the data, then transforming it to yield accurate predictions, often represents the most challenging aspect of developing these tools. Federal agencies that want to start leveraging generative AI already have massive amounts of data on which to train the technology. But to successfully implement these tools, they need to ensure the quality of their data before trusting any decisions they might make.”

Read more insights from Nasheb Ismaily, Principal Solutions Engineer at Cloudera.

How to Democratize Data as a Catalyst for Effective Decision-Making

“One of the key best practices in the Office of Management and Budget’s Federal Data Strategy calls for using data to guide decision-making. But that is easier said than done when the ability to analyze the data, much less access it, is limited to an agency’s often overworked and understaffed data science specialists. But now that every line of federal business has their own data silo and a mandate to use that data to guide decisions, agencies need a way to democratize access to that data and empower every federal employee to become an analyst.”

Read more insights from Kevin Woo, Director of Federal Sales at Alteryx.

Download the full Expert Edition for more insights from these artificial intelligence leaders, additional government interviews, historical perspectives and industry research.

Becker’s 2023: Optimizing the Medical Field and User Experience Through AI

Posted on by Tim Boltz

Medical practices are quickly entering an age where Artificial Intelligence (AI) is growing and expanding to help improve user and patient experience, as well as increase automation in the work environment. During the Becker’s Health IT + Digital Health + RCM conference, healthcare and IT leaders came together to discuss how to adapt to the latest trends in the field, including telehealth, cybersecurity, diversity and the simplification of healthcare through AI.

The implementation of AI in the medical world is increasing as doctors and researchers explore ways to make healthcare as seamless as possible for both doctors and patients. Telehealth, the ability to meet with a healthcare provider virtually rather than in-person, is an important process that doctors are utilizing as the patient population and their needs continue to grow. Doctors and medical staff will soon be able to:

Use AI for administrative tasks to increase healthcare staff efficiency
Continue to consolidate electronic medical records (EMR) onto a singular platform, making it easier for providers across a health system to access up-to-date patient information
Close the access gap in more rural and underserved areas to collect data and maximize face time with patients
Utilize technology to focus on holistic health and increase discussion about behavioral nudges, for example a smart watch mentioning that it is ‘time to stand’
Improve the digital experience for patients of all demographics through easy access medical records and utilization of telehealth for older populations

Diversity in Telehealth Technology

With the progression of AI and telehealth, hearing diverse voices on the implementation of these tools cannot be overlooked as medical professionals change the way they utilize technology. It is imperative that new technology is working to make medical support and processes simple for communities that may not have as many resources when it comes to telehealth and digital medical records. For example, a chat box that pops up on a medical practice’s website may have been created to help patients, but non-English speaking patients do not benefit if the box is not programmed to display and understand other languages.

Skillset diversity must also be considered when doing research. Instead of finding medical staff and researchers based only on a certain educational background, it is beneficial to consider candidates with a range of experience as well. Inviting different voices into the medical field can only benefit the way healthcare progresses and provides better outcomes to patients.

A Platform-First Approach: Creating Maximum Value for Enterprises

It is important for medical companies to create maximum value within the applications and systems that they are paying for. Technology is evolving at such a rapid pace that often, by the time a new technology has been implemented by an enterprise, it is already basically obsolete and needs to be replaced. This is where the platform-first approach comes into play. With this approach, companies prioritize getting the most value from existing applications that are already purchased and installed in the enterprise. For example, ensuring that there is no overlap between the use cases of multiple apps a company is paying for.

The platform-first approach includes:

Leveraging platforms that are already currently in use
Adding features that are easy to use with easily accessible interfaces
Focusing less on training and more on hands-on experience
Being selective in what tools and platforms are implemented
Being agile and looking at a platform strategy instead of individualistic needs
Ensuring that what an organization already has makes sense in regard to the bigger picture and is not being underutilized

Moving Forward: Maximizing Every Tool and Every Person

Even with today’s fast-paced changes, there are processes and elements of healthcare that AI cannot replace. AI is rapidly growing and evolving, but it cannot take away the qualities of being a human, especially in the medical field. If a bot can do a simple task, such as filing paperwork, it is best to let the bot do it, and allow doctors to spend more personalized time with patients. It is ideal to offer digital opportunities in the workplace, but not to the extent that it hinders user experience. Technology can alleviate pressures and remove friction from a workforce, but at the end of the day, AI cannot replace the personal human element of care that a doctor provides to a patient.

AI is not something to fear, but rather something to embrace in the areas where it meets providers and patients’ needs. It is also important that every voice is heard while technology advances, and minority groups are not left behind in the fast-moving AI path. Companies and researchers are focusing on where the demand is and either changing or providing additional technology as frictionless and simple as possible.

Visit Carahsoft’s Healthcare Solutions Portfolio to learn more information and key insights for the IT and Healthcare industries.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at the Becker’s Healthcare Summit 2023.*

Innovation in Government: How to Change Things Up (and Make it Stick)

Posted on by Mike Adams

In government, we could say that innovation is invention that solves a problem or meets a need — in the community or within an organization undertaking the work. Big changes make government agencies more effective, prepared and useful, and they touch all aspects of agency operations — from IT to employee morale to digital services and more. In recent years, federal agencies such as the Census Bureau, General Services Administration, Department of Homeland Security, Department of Housing and Urban Development, and Office of Personnel Management have launched innovations labs, innovation libraries, and other innovation-focused resources and programs. Cities and states have as well, such as through Philadelphia’s Technology and Innovation group within the city’s Office of Innovation and Technology (OIT). Being innovative is not easy, of course: It requires a little bravery and lots of planning. But local and federal agencies are creating the space and resources to launch innovations that will, in the future, become standard operations. In this guide, we share case studies and best practices regarding some of government’s most pressing issues — workforce, customer experience and data use, to name a few — and we hear from government experts who know a thing or two about helping innovative initiatives succeed.

Analytics Innovations Draw a Complete Data Picture

“Spreadsheets are structured things: They have clearly defined lines, cleanly labelled columns, and rules that govern what goes where. Government analytic programs have become skilled at working within those parameters, even if it means spending hours manually manipulating data to fit. Spreadsheets are 30-year-old desktop technology. But other data exists, doesn’t it? The world is full of PDF documents, audio and video files, social media posts and other ‘messy’ data sources — the unstructured data that most agencies overlook. And most agency analytics programs are fragmented and overly manual. Recent innovations seek to change this.”

Read more insights from Alteryx’s Solutions Marketing Director for the Public Sector, Andy MacIsaac.

Driving Innovation to the Edge

“Across government, innovation is happening at the edge. By leveraging cloud, artificial intelligence (AI), machine learning (ML) and related technologies, agencies can deliver services more quickly and effectively at the far reaches of operations, whether that’s in the battlefield or on the International Space Station (ISS). At the Red Hat Government Symposium held in late 2022, government and industry leaders discussed how agencies were leveraging these technologies to accelerate mission delivery. Their discussions and examples help illuminate how agencies are adapting to make the most of modern technological opportunities.”

Read more insights from Red Hat’s Government Symposium.

Build an Innovative Ecosystem Through Cloud Architecture

“In data transformation and innovation, it helps to view things through a different lens. Within the data ecosystem are three core pillars for transformation: people, processes and technology. Simple, singular data platforms should work with an architecture that breaks down information silos rather than creates them. That facility comes through in qualities such as data mesh or a decentralized data architecture that’s organized by business domain and operates through self-service. The architectural design also must help strengthen system security. That’s enormously important for federal data.”

Read more insights from Snowflake’s Chief Technology Officer for the Global Public Sector, Winston Chang.

Overcoming Challenges With Observability

“As agencies take steps to innovate — such as expanding reliance on the cloud and adding new apps, integrations, and automations — their IT ecosystems become more complex. There are more places where things can go wrong and more pressure to fix them quickly. The task of monitoring these complex systems gets more complicated, too. ‘The question is, how do I know there’s an issue?’ said Brian Mikkelsen of Datadog. ‘Is it when the tickets start flowing, when complaints increase, when your leadership team asks why something isn’t working?’ None of those options are ideal. Datadog’s application performance management platform provides a real-time window into the digital environment, identifying performance and security issues quickly. Its ‘full stack’ hybrid infrastructure capability means everything from the back end to the front end is monitored and reported via infrastructure metrics, application performance traces, and correlated logs.”

Read more insights from Datadog’s Vice President and General Manager, Brian Mikkelsen.

Download the full GovLoop Guide for more insights from these digital transformation leaders and additional government interviews, historical perspectives and industry research.

Revolutionizing Communication with 5G

Posted on by Mark DeMerse

As technology progresses, communication is revolutionized worldwide. To maintain pace with cybersecurity and technology standards, the United States Government can utilize the transformative features of 5G, the fifth-generation global wireless technology standard for cellular networks.

Transforming Network Standards with O-RAN

With the development of Open Radio Access Networks (O-RAN,) a feature that allows interoperability between cellular network equipment providers, the development and integration of 5G has greatly expanded. The role of O-RAN has important applications in the Department of Defense (DoD), whose goal is to promote national and economic security. By integrating 5G networks into the defense sector, different departments can quickly communicate with each other. With the usage of O-RAN and 5G combined, agencies have a much larger, diverse ecosystem of vendors to choose from.

As with any new feature, there are costs to the implementation process. In the 2021 National Defense Authorization Act, Congress put aside $1.5 billion dollars which is being utilized to develop a unified vision and strategy towards O-RAN and 5G. The congressional statutory language calls out seven big-picture objectives, most of which are centered around promoting the deployment of 5G. These are to:

Add network virtualization
Authorize new security features
Accelerate the development of technology
Promoting the deployment of 5G within the DoD
Develop standards to enable a multi-vendor ecosystem
Create open, interoperable telecommunication networks
Allow interoperability to manage multi-vendor situations

While the act provides ten years to carry out its strategy, these standards should be added as soon as possible due to the fast-paced development of technology.

Aiding the DoD

The DoD and 5G form a mutually beneficial relationship. 5G is created with security built in, so an investment in 5G is an investment in cybersecurity. By utilizing 5G at bases, the DoD can test its capabilities, as well as streamline and amplify the effectiveness of non-combat operations. This can include supply chain efficiency, large scale IoT networks, asset tracking and logistics management all while reducing costs. In return, the DoD tests and further funds 5G. The addition of 5G can provide lower mission costs, enhanced speed and provide higher quality operations. It also factors in risk reduction to each operation, by taking the cumbersome human process out of the equation and making certain operations less complex.

For the DoD, the key motivations in testing and using 5G are threefold. One, it aims to achieve streamlined and functioning interoperability, where individuals can handle operations from a single tablet. Two, it aims to reduce the amount of manual handling in operations. Since 5G has the latency to compute such artificial intelligence (AI) and machine learning (ML) capabilities, it can perform time consuming tasks such as perimeter security. And three, the usage of 5G allows the DoD to gather data about 5G to utilize predictive analytics in the future.

The Future of 5G

There is more that 5G can do for military applications. With the advantage of 5G, there may be a paradigm shift in the usage of private wireless and on-demand communication. One of the biggest advancements of using 5G in a military context is the flexibility that comes with 5G being cloud native. 5G provides more capacity than traditional Wi-Fi or hotspots as it focuses on transport networks. With 5G, international communication could be streamlined, as frequency coordination between departments and consumers would no longer be required. 5G comes with the benefits of mobile edge computing and being O-RAN compliant, meaning it is up to Federal standards. This could even be helpful in residential rural and remote environments, where internet and satellite access is limited. There have been tests across various United States bases, aiming to utilize ML to tailor 5G to each user’s needs. To get these features, consistent testing is vital, even if it is not immediately profitable.

With all the changes to the way combatants use technology, it is important to enable the military to integrate 5G operations. By codifying new strategies and usage methods, agencies can reference, read and follow through with new procurements. With the addition of 5G, communication within the DoD and nation can be revolutionized in nearly unimaginable ways.

Visit Carahsoft’s 5G technology solutions portfolio to learn more about Carahsoft’s 5G Summit event and how we, along with our partners, can leverage the best and most reliable services to support your organization’s 5G mission.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Carahsoft’s annual 5G Conference.*