Maximizing Service by Engaging Employees as Customers

Posted on by Tiffany Goddard

At the end of 2021, the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government stated, “Our Government must recommit to being ‘of the people, by the people, [and] for the people’ in order to solve the complex 21st century challenges our Nation faces. Government must be held accountable for designing and delivering services with a focus on the actual experience of the people whom it is meant to serve.” Panelists at Carahsoft’s 2023 Government Customer Experience and Engagement Summit agreed that this mission begins with an organization’s employee experience.

A New Approach in Customer Experience Over Time

With the recent introduction of mandates and the new executive order, Government agencies have increased momentum to move customer experience (CX) from being a standalone initiative to weaving it into every facet of daily operations. Jill Leighton, Vice President of Public Sector Strategy and Solutions at Qualtrics, said that today, agencies are not just singularly improving a particular service or touch point. Now, they are taking that insight and implementing it into policymaking, strategic planning, reporting success and designing programs, while also learning where to invest and prioritize.

Untapped Resources

Using the best resources and constantly staying on top of innovation is an undertaking for any agency. Employees can be the most underutilized asset for organizations, so it is important for agencies to understand what employees need for peak performance. An immense amount of change has happened throughout the pandemic in working environments, and organizations need to take full advantage of the newer talent capacity and building opportunities within teams and employee talent pools. Additionally, agencies can unlock insights from employee and CX satisfaction through data gathering tools like conversational analytics, natural language processing and machine learning.

Artificial Intelligence in CX

Ironically, the possibilities presented by AI technology are critical to a human-centered CX strategy, Leighton said. With the implementation of AI, agencies are able to automate data analysis in various formats, perform automatic cataloging categorization and background filtering. For example, employees on the front lines of call centers can benefit from weekly, even daily summary reports showing the customer’s most pressing problems, their satisfaction levels and other aspects of their experiences. Using AI for the purpose of collecting qualitative and experience data, call operators can gain valuable insight into how to improve their human-centered CX approach and learn how to personalize each interaction they have. Additionally, using that data to optimize efficiency will improve service delivery. These solutions help move employees away from manual processes so they may focus more on interactions with customers.

What Is Impacting the Work Force?

Many aspects of Government operations can be difficult to navigate. Panelists referenced a general talent shortage, lack of funding and outdated solutions as barriers for the CX workforce. One panelist said they encounter homegrown identity and access management solutions and piecemeal fixes throughout their organization’s CX efforts, which makes it challenging to provide a seamless experience for customers and employees. Another problem CX professionals face is increased expectations from those consuming Government services.

Ron Vickery, Area Vice President of Customer and Industry Workflows, Government Health and Higher Education at ServiceNow, expressed, “We are putting employees in a really tough situation if we are not empowering them to deliver against that expectation. So, I think that, across the board, is a big trend; rising expectations of the way service should be received and making sure that we have empowered these employees to deliver that level of service.”

Translating the Employee Experience to Customer Experience

Government agencies must prepare employees to provide excellence service with a mission-driven mindset as well as proper resources and technology to deliver it. Benefits such as flexibility in the workplace, operational efficiency, training and easy access to tools and resources can attract new talent as well as retain existing employees. If they feel supported by and invested in their agency, workers will be more inclined to provide the quality of service expected by their leadership.

Nicky French, Customer Service Branch Manager for the Transportation Security Administration (TSA), said that the TSA’s security mission presents a unique challenge as this agency must balance national cybersecurity with customer experience. She stated, “Our officers in the front lines have to enforce rules, and sometimes that can come across as a little more militant than we would like. So, we try to make sure that the officers are professional and polite. We spend a lot of time just level setting what customer service means.”

Employees need to know that their organization pays attention to their needs. When positive change is made, employees know their voice is valued and has an impact. Addressing challenges within operations enables employees to make a difference and move their agency’s CX mission forward.

Read the previous blog and check back soon to read the rest of Carahsoft’s insights from CX industry thought leaders at the summit.

To learn more about the latest in the CX landscape and how Carahsoft’s industry-leading partners can support your Customer Experience initiatives, please visit our resource hub to access all on demand recordings and information from the 2023 Government Customer Experience and Engagement Summit.

Empowering Public Sector Technical Teams With Generative AI in a Secure Collaboration Platform

Posted on by Ian Tien

Recent advances in generative artificial intelligence (AI) – with its seemingly limitless potential use cases – have captured the public imagination. And they’re just as compelling to government agencies and the military. Organizations across the public and private sectors are racing to identify the most effective applications of the technology and to implement robust and secure solutions enabled by generative AI.

For instance, generative AI can be a powerful assistant to technical and operational teams such as those involved in application development and incident response. The technology can help teams gain real-time insights, bring to light solutions to unexpected problems, and help make fast, data-driven decisions.

It’s with those advantages in mind that Mattermost partnered with Ask Sage to integrate the Ask Sage GPT solution with the Mattermost secure collaboration platform. The result is secure, AI-enhanced collaboration for technical teams in the U.S. public sector.

Real-time Insights, Natural-language Format

Mattermost is a secure, workflow-centric collaboration platform for technical and operational teams that need to meet nation-state-level security and trust requirements. Available self-hosted or in the cloud, Mattermost integrates team messaging, audio and screen share, technical tools, workflow automation, and project management in an open-source solution.

Mattermost Generative AI Blog Embedded Image 2023

Ask Sage is a GPT-powered platform provider that specializes in enabling secure access to Generative AI capabilities for both government and commercial teams. With a wide range of use cases, including summarization, coding, code review, code improvement, RFP writing, responding and evaluation, and report writing, Ask Sage is built on cutting-edge AI technologies such as Azure OpenAI GPT, Cohere, Google Bard, and various open-source LLMs. The solution can ingest custom datasets, tap into APIs, and connect to data lakes for real-time data and insights in a natural-language format.

Ask Sage can quickly and automatically process large amounts of structured and unstructured data – including government-related data such as laws, Federal Acquisition Regulation (FAR), Defense Federal Acquisition Regulation Supplement (DFARS), DoD Controlled Unclassified Information (CUI), and DoD policy and governance content. Outputs include summaries, translations, sentiment analysis, deep insights, and coding.

Integration of Ask Sage with Mattermost provides technical teams with secure, real-time access to generative AI to enhance collaboration, operational productivity, and decision quality. Government and contractor teams can now securely leverage the power of OpenAI and collaborate within a single, seamless interface.

Real-time Insights, Natural-language Format

With this strategic integration, Mattermost equips technical teams to leverage generative AI to accelerate processes, increase output, and improve outcomes. It’s ideal for government teams that write code, manage RFPs, analyze large data sets, or develop and translate intelligence reports.

Ask Sage offers rapid data analysis and summarization to help teams gain new insights as circumstances evolve. Team members spend less time and effort on manual research and analysis, giving them more time to focus on higher-priority decision-making and strategic tasks.

Users can improve the accuracy and depth of Ask Sage results by uploading relevant data –which is labeled by classification level, encrypted, and separated from the OpenAI models. Once uploaded, the data can be accessed only by authorized users through granular access controls within Mattermost.

Collaboration Purpose-built for Public Sector

Mattermost is well-suited to technical public sector teams, because it’s available as an on-prem, self-hosted deployment. That means teams can collaborate securely with lower risk of compromise. It’s also an open-source solution, so organizations can tailor security settings to protect information at impact levels up to IL6 for DoD Secret data. That’s protection that general-purpose, cloud-based productivity and instant-message tools can’t match.

The platform allows teams to create as many topic- or project-specific communication channels as they need. These channels allow users to centralize conversations, data, and tools – including Ask Sage – in the right context. That keeps team members focused and productive, without the need to continually context-switch.

Another useful Mattermost feature is built-in, customizable playbooks – essentially digital checklists – that help team members consistently take the right actions at the right times. Mattermost playbooks can now include generative AI to further automate and accelerate project workflows and incident response.

Leveraging Mattermost’s secure collaboration platform combined with Ask Sage’s generative AI capabilities can revolutionize the way government teams work together, manage technical projects, and respond to mission-critical situations. As interest in OpenAI GPT and similar platforms grows, this strategic integration is a gamechanger in enabling U.S. government and military organizations to securely benefit from generative AI.

Speak with a member of our team today and learn more about Mattermost at www.mattermost.com.

Speed Your Agency’s Software Deployments in 6 Easy Steps

Posted on by Jim Dodson

Slow, bottlenecked, and often archaic release methods challenge most government agency software delivery teams. But enterprise feature management can help your agency achieve faster releases with less risk.

Enterprise feature management provides teams with total control over application features, fine-grain release targeting, and detailed audit logs. It starts with feature flags, a powerful tool that allows your development teams to turn features on or off without requiring a code change or deployment. They are a modern solution to traditional hard-coded boolean flags custom-built for each app. With an enterprise feature management platform, you can use a pre-set feature flag enterprise framework to define and operate a simple and seamless experience. This delivers a host of benefits that, among others, dramatically streamlines and accelerates software delivery. It also empowers teams to roll out new functionality gradually and selectively rather than all at once. And, your agency can “dark launch” a feature in production, reducing dependencies on expensive and custom staging environments.

Here are six steps that government agencies can take to get started with LaunchDarkly Federal, the only FedRAMP-authorized feature management platform. These steps will help you understand how to use feature management for high-speed, low-risk software releases of legacy and new applications:

1. Put in place the LaunchDarkly SDK to enable feature flagging

LaunchDarkly’s Software Development Kits (SDKs) allow your developers to implement and share feature flags quickly and easily across software applications. They provide an easy way to connect new and existing applications to the LaunchDarkly SaaS platform. Simply include your programming language-specific LaunchDarkly SDK into your application to get started. The SDK initializes to a specific environment, manages default values and targeting contexts, handles any connectivity issues, and listens for feature status and rule changes. SDKs provide the support for real-time application updates without the need to deploy new code.

2. Identify your environment(s)

In traditional release motions, government agencies identify and set up numerous development, testing, and production environments. Not only is each environment often expensive, but running a release through so many gates can be a significant challenge for resource-strapped teams. It is almost impossible to simulate a production level environment in staging and so when you release to production, you are testing in production anyways. Why not do it safely with granular targeting to reduce risk? With an enterprise feature management solution, you can reduce the number of environments and focus more on safely and securely testing in production.

3. Target, or even micro-target, your release

The next step is determining exactly where you will release individual features, and when. With feature flags, your development teams can release features in a highly customized way. By creating targeting rules, teams can easily target individual releases to a subset of users, resources, or even infrastructure, before making them widely available to all end-users. It’s possible to even micro-target a single user.

Targeting makes it simple to progressively release a new feature to a QA team or to project sponsors for feedback. The granular control over features and release targeting that LaunchDarkly Federal provides will enable more control than traditional blue/green deployments alone.

4. Flip a switch, and release whenever you want

With enterprise feature management, your development teams can separate deployment and release processes. Engineering teams can deploy code, and non-engineering teams can trigger the release with a simple flip of the switch. Decoupling these processes reduces the risk of failure and allows teams to release new features quickly and efficiently. Your development teams can keep progressing on their software development projects and release new features at the best time for their program or department. And, enterprise feature management also allows your project and program teams to develop, test, and deploy features using custom workflows with enterprise-level management capabilities.

By using low-risk continuous integration/continuous development (CI/CD) development processes with incident resolution times of less than 200ms, teams can improve developer productivity and reduce the time it takes to release new features to production.

5. Quickly disable features if issues or errors occur

In the event of an issue or error, teams need to be able to quickly disable features to avoid any issues affecting the application in production. Issues could range from something major such as security vulnerabilities to minor usability and cosmetic problems. With traditional processes, a team would have to roll back to a previous release losing everything they just deployed or take down an entire application to address issues or errors. However, with enterprise feature management solutions, teams can quickly disable the individual problematic feature leaving the rest of the application unchanged. Instead of the lengthy and cumbersome rollback and redeployment processes, this limits the impact to the application with zero downtime. DevSecOps teams would then typically perform a “patch forward” for the fix.

6. Track the release with detailed analytics

Using analytics, monitoring tools, and processes helps guarantee that your software meets government guidelines and agency policies. Using enterprise feature management, your agency can gather detailed audit logs and analytics to inform your decision-making and improve software delivery processes across your mission-critical programs.

Following these six simple steps can help you shrink your agency’s release time from years and months, to days and hours, just like it did for the Centers for Medicare (CMS). Using LaunchDarkly and the six steps above, CMS went from one launch once per quarter, to completing six launches within a single day to support a global rollout.

Feature management is a powerful DevSecOps tool that can truly accelerate the delivery of transformative software. With detailed control over features, release targeting, and detailed audit logs, your agency can reduce risk and deliver software at the speed of the commercial world.

Download our eBook to learn more about LaunchDarkly, and view our our public sector webinar to learn more about DevSecOps best practices.

Letting Data and Leadership Inspire Change

Posted on by Tiffany Goddard

Every agency strives to provide quality customer service, but learning and executing new ways to do so can be daunting. Attendees at Carahsoft’s annual Government Customer Experience and Engagement Summit learned that while the process may differ for each agency, there are a few main principles each group should follow in providing an excellent customer experience (CX).

Expounding On Census Data

Over the past few years, agencies have changed the way they collect data to find the best way to reach customers. For some audiences, this may include both electronic and paper forms. If both methods are deployed every so often, agencies can better understand which customers still need that physical conversation or mail-in form, and which prefer online methods. Agencies must embrace observability in both controlled and uncontrolled environments to collect the most effective data on customer experience. One such uncontrolled feedback forum is social media. Previously thought to be uncorrelated to constructive feedback, agencies are finding that customers use social media as a feedback mechanism. By monitoring responses on social media, government organizations can find action items for the way they serve the public.

After collecting data, agencies need to know how to sift through it to find relative action items. To provide better customer service, agencies need to find measurable results from these initiatives. Actionable plans should be formed around the data results. Ultimately, the customer’s experience must guide agency programs.

Leadership in Action

Data can be utilized in practice through strong and guided leadership. A government agency may be the sole provider for a particular service, such as taxes with the Federal government, or issuing drivers’ licenses through the local government. Therefore, it is increasingly important that the government provides excellent service. Government agencies must center their service around empathy. By connecting and understanding customer needs, employees can balance data insights and other priority goals such as cybersecurity and regulatory framework in light of its main goal of centering services around the customer. Agencies can utilize journey mapping and analytics to find predictive routing for continued customer service improvement.

Addressing CX can benefit other service priorities, too. By focusing on each individual customer interaction, handling time and average transaction time will decrease, while overall satisfaction between employer and customer will be higher. During Carahsoft’s 2023 Customer Experience and Engagement Summit, Abraham Marinas, the Product Design Director at Federal Student Aid, attested, “…as you focus on the customer experience, all those metrics eventually will fall in line.”

Technology can be utilized to fulfill innovation in customer service. Technology has improved vastly in the past several years. While agencies may have previously structured themselves around technology, now, technology should be formatted to fit the agency’s specific needs. By investing in strong partnerships with the IT industry, agencies can create better solutions and technology for their organization.

As the government strives to better serve its people, agencies must continue to update their processes and services for positive change by considering the following:

Have a clear, focused image of the change it wants to make.
Decide how to will demonstrate the benefits of that change.
Share that image with each individual team; even when an organization has a shared vision, it might need to change the implementation process depending on the structure of each team.
Upscale existing talent or hire new experts to specialize and understand new changes.

By engaging in genuine and emphatic conversations and utilizing data to influence leadership and progress, employees can form bonds with their customers to help foster trust and respect for the Government.

Read the previous blog and check back soon to read the rest of Carahsoft’s insights from CX industry thought leaders at the summit.

5 Essential Applications of AI Technology in Education

Posted on by Tim Boltz

When growing up and sitting through math class, students often heard teachers say that students should not rely on a calculator to do their math for them. After all, they would never have a calculator in their pockets. Today, that statement could not be farther from the truth. Now, many students have an entire computer in their pockets with a calculator just a click of a button away. The growth of artificial intelligence (AI) has increased exponentially within the last few decades, and students and educators alike must embrace the latest in AI and education technology to keep up with the pace.

In all learning environments, students and teachers rely on modern technologies to enhance their experiences to be as informational, productive and efficient as possible. In recent years, hybrid learning and collaborative digital spaces became essential components of education for both K-12 and higher education organizations. With this development, education technology has evolved and expanded to include new and more advanced AI systems inside and outside the classroom.

The needs of students are always changing, and educators must constantly adapt to progressive ways of teaching and learn different technologies or platforms that can assist with their daily lessons. With the implementation of AI and numerous benefits of digital learning, all students and instructors can achieve a more wholistic and innovative education. These five topics demonstrate how AI is an essential tool in the learning process for various types of learners across K-12 and higher education.

Communication

Innovative trends in education technology have made it possible for students and staff to stay connected, whether through remote online learning or collaborative learning in the classroom. AI tools like SMS bots, predictive technology and ChatGPT can assist students in tasks such as navigating their school’s learning platforms, researching and preparing information for assignments and getting real-time answers to their questions. AI can also help teachers and professors orchestrate discussion points between students and guide next steps within small group collaborative projects.^[¹^]

Automation

For teachers, implementing AI can help automate repetitive daily tasks like grading tests and quizzes, and catching minor mistakes within written essays. This way they have more freedom and time to focus on in-depth feedback, creating comprehensive lesson plans and spending one-on-one time with their students. Additionally, AI tools can give students instant feedback on their work, allowing them to be more independent in identifying inaccuracies and recognizing successful projects.^[²^]

Immersive Learning

Augmented reality (AR) and virtual reality (VR) are becoming increasingly more popular in students’ everyday lives, so using these technologies as a learning tool is familiar and compelling for them to gain valuable experiences in the classroom. Immersive technologies can simulate real-world scenarios for students to gain hands-on experience with low risk, like medical simulations and technical experiments. It also can allow students to break the barrier between their physical space and complex concepts like observing the planets up close or enlarging and examining something microscopic.^[³^]Not only do AR and VR create expansive opportunities for students to view and understand concepts in new and captivating ways, but they also create an additional, interactive and collaborative avenue of learning for students who may not be as responsive to traditional tools like textbooks and study guides.^[⁴^]

Data-Driven Results

Throughout a student’s education, data is continually collected to better understand and predict their developing needs and most effective learning strategies. AI technologies can quickly and automatically analyze and report on this data, allowing teachers and professors to evaluate trends in an individual student’s or an entire class’s performance. Empowered with this knowledge, educators can tailor their lesson plans and take a more proactive approach to supporting students’ needs, ultimately increasing academic improvement for all.^[⁵^]

Personalized Learning

Student’s learning styles can vary depending on many factors. For example, some students learn best through more visual and interactive experiences, while others may learn best through memorization and flashcards. Analyzing data collected by AI can help teachers be more informed and prepared educators for different kinds of learners. By applying the insights gathered from AI algorithms, educators can create personalized tracks for individual students, including aspects like adjusting the types of content, working with their comfortability, tailoring to their pace of learning and understanding their comprehension of learning objectives.^[⁶^] Additionally, AI technologies can help teachers plan, schedule and produce suggested lesson ideas more efficiently so they can target instruction and reduce the time it takes to create activities that best support each student.^[⁵^]

As AI becomes more common in education, maintaining academic integrity and validity within assignments of any kind will remain top of mind for educators. While earlier AI systems are designed to help students achieve academic success, newer AI systems are intended to empower teachers to optimize the use of artificial intelligence for students and encourage positive, ethical engagement with AI technologies.^[⁷^] Fostering trust among educators to cultivate the most prosperous learning environment through the implementation of AI can further personal, social and educational growth for all students.

Explore Carahsoft’s education technology solutions to learn how your organization can work together with our top innovative EdTech vendors to bridge the digital divide and meet the demands of modern education.

Resources:

[1] Office of Ed Tech. “AI and the Future of Teaching and Learning: New Interactions, New Choices.” Medium, https://medium.com/ai-and-the-future-of-teaching-and-learning/ai-and-the-future-of-teaching-and-learning-new-interactions-new-choices-c726bcf03012

[2] Shonubi, Olufemi. “Council Post: AI in the Classroom: Pros, Cons and the Role of Edtech Companies.” https://www.forbes.com/sites/theyec/2023/02/21/ai-in-the-classroom-pros-cons-and-the-role-of-edtech-companies/?sh=2cb4a227feb4

[3] Dick, Ellysse. “The Promise of Immersive Learning: Augmented and Virtual Reality’s Potential in Education.” Information Technology and Innovation Foundation. https://itif.org/publications/2021/08/30/promise-immersive-learning-augmented-and-virtual-reality-potential/

[4] Dani, Vishal. “How Augmented Reality Creates Interactive and Engaging Classrooms.” Kitaboo, https://kitaboo.com/augmented-reality-creates-interactive-and-engaging-classrooms/

[5] Gururaj, Tejasri. “10 Examples of Artificial Intelligence Improving Education.” Interesting Engineering, https://interestingengineering.com/innovation/examples-how-artificial-intelligence-improving-education

[6] Dani, Vishal. “9 Trends in Education Technology That Will Have a Major Impact.” Kitaboo, https://kitaboo.com/trends-in-education-technology/

[7] Office of Ed Tech. “AI and the Future of Teaching and Learning: Engaging Educators.” Medium, https://medium.com/ai-and-the-future-of-teaching-and-learning/ai-and-the-future-of-teaching-and-learning-engaging-educators-141e90c5e29f

Returning to the Heart of Customer Experience: A Government for the People

Posted on by Tiffany Goddard

At Carahsoft’s annual Government Customer Experience and Engagement Summit hosted in June, experts from industry and Federal, State, and Local Government came together to discuss stewardship, innovation and paths forward in customer experience (CX). At the one-day event, the thought-provoking sessions examined trends regarding two main themes in the CX journey: culture and technology. The culture track explored ideas for effective leadership, understanding and supporting employees and the importance of diversity, equity and inclusion. The technology track considered goals within IT modernization, artificial intelligence and automation and the digitization of services. This blog series highlights lessons learned from the 2023 Summit and unpacks strategies for achieving excellence in Government CX and engagement.

The Big Picture of Customer Experience

During the opening keynote session, President of GovExec360, Troy Schneider, held a discussion with Barbara Morton, Deputy Chief Veterans Experience Officer, Veterans Experience Office (VEO) at the Department of Veterans Affairs (VA), emphasizing the importance of accessibility and accountability in service delivery. Morton said that purpose is at the heart of customer experiences. Whether they are in the government or supporting from the outside, public servants must consider the barriers along with the opportunities that foster trust, serve the greater common purpose and create excellence in CX. In the Public Sector, CX establishes how constituents engage with civic services. By transforming CX, the public sector can build and progress toward greater trust with those it serves.

Great CX starts with an organizational understanding that building and sustaining trust matters. With that agreement in mind, organizations can better support the mission of delivering efficient CX by learning and adapting to the needs of people they are serving. Agencies should provide visibility to customers on the timeliness and process of their requests, as well as deliver on their promises to foster trust and assurance of reliability. Using human-centered design throughout all stages of CX is also essential for understanding the human perspective and anticipating customer needs. As data is collected throughout the human-centric design approach, organizations gain actionable insights that help them create the best tangible solutions for customer challenges.

Use Case: The Department of Veterans Affairs

Government agencies and organizations must focus on traditional operational measures, and the VA ensures it takes another step forward to evaluate experience-based metrics and treat these insights as co-equal when it comes to agency performance. Morton said that action drivers like executive orders and Office of Management and Budget’s (OMB) efforts are significant authorities in the transformation of Government CX to continuously progress toward access equitability and efficiency. With their guidance, agencies must agree on the top priorities for service delivery and then incorporate the human-centered design aspect. For example, the VA examines women and tribal veteran’s experiences to ensure it can translate those insights into meaningful and applicable products so those groups feel better understood when interacting with the VA. Additionally, in a digitally driven world, organizations must provide experiences with easy-to-navigate accessibility. Each agency should have a clear homepage or “digital front door” that customers know how and when to access.

Lasting Progress for Lasting Change

In the government, CX can make a measurable difference in the lives of individuals or families going through significant life changes, such as a natural disaster or medical crises as an active or retired veteran. Open source technology that intersects with the government at Federal, State and Local levels can achieve economies of scope and scale, and the improvement of financial savings proportionate to goods produced. The addition of effective CX technology allows government agencies to provide more assistance to more people, having a profound impact in their lives.

Check back soon to read the rest of Carahsoft’s insights from CX industry thought leaders at the summit.

To learn more about the latest in the CX landscape and how Carahsoft’s industry-leading partners can support your Customer Experience initiatives, please visit our resource hub to access all on-demand recordings and information from the 2023 Government Customer Experience and Engagement Summit.

Critical Infrastructure in Cybersecurity: Initiatives for The Water and Wastewater Sector

Posted on by Alex Whitworth

The first part of this four-part blog series covered the basics of critical infrastructure cybersecurity. This is the second part, and subsequent blogs will dive deeper into the electric, utility and transportation sectors respectively.

The Water and Wastewater Sector in the United States

The Water and Wastewater Systems Sector is a critical infrastructure sector focused on water and wastewater sources and the protection of such sources.

This sector is one of the United States’ critical infrastructures: a physical and/or cyber asset that is so vital that their destruction would have a debilitating effect on society, whether physical, economic or safety related. While the water and wastewater industry is vulnerable to physical attacks it is also in jeopardy to cybersecurity attacks, as the sector increasingly relies on internet of things devices, automation, sensors, data collection, network devices and analytics software.^[1]Recent water infrastructure attacks, such as the login breach that affected water treatment programs in the San Francisco Bay Area, or the breach to the industrial control systems (ICS) in Oldsmar, Florida, demonstrated how easy it was for foreign threats to not only hack critical infrastructure, but to shake the public’s confidence. While Industrial Control Systems owners and operators manage their own security, federal agencies seek to protect ICS technologies from potential exploitations that pose existential threats to the public or US property.

The Initiative to Improve Cybersecurity for Critical Infrastructure

To combat potential threats, the White House has put forth the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, an initiative that aims to safeguard the critical infrastructure of the Nation. The memorandum mentions the Water and Wastewater Systems sector by name in section 3a, spearheading the path for the government to act against threats. By working directly with critical infrastructure stakeholders, owners and operators, the White House will establish baseline cybersecurity goals and technology that facilitate threat visibility and detection so that the government and respective industry may take immediate action against any breaches.^[1]

The EPA Initiative

As a part of the National Security Memorandum, the Environmental Protection Agency (EPA), a federal agency in charge of risk management for environmental health, announced the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan to join in protecting water systems from cyberattacks. This 2022 plan focuses on supporting the early detection and expulsion of cyber threats against the water sector. A few of its action points include:

Creating a task force of water sector leaders
Adding new projects that demonstrate and implement the adoption of incident monitoring
Improving the process of information sharing and data analysis
Providing technical support to water systems^[2]

With this properly implemented, the Water and Wastewater Systems sector can survive a cyber-event with no loss of critical function. The Cybersecurity and Infrastructure Security Agency (CISA) cybersecurity performance goals, a set of voluntary goals released in accordance with the National Security Memorandum, are broadly applicable to critical infrastructure sectors, including the water and wastewater sector. Industries can utilize these collaborative cybersecurity government resources to improve their safety.

A Unified Initiative

As the world becomes increasingly more interconnected with networks and the internet, cybersecurity grows in importance. To protect one of the most vital US infrastructures, water and waste, federal agencies have come together to with initiatives to encourage agencies to implement strong security practices to protect US environments and the public.

Check out the first part of our series on cybersecurity infrastructure. The third installment of this series will cover best cybersecurity practices in the electric utility sector.

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Resources:

^[1]“National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/

^[2] “EPA Announces Action Plan to Accelerate Cyber-Resilience for the Water Sector,” United States Environmental Protection Agency, https://www.epa.gov/newsreleases/epa-announces-action-plan-accelerate-cyber-resilience-water-sector

The Basics of Cybersecurity for Critical Infrastructure

Posted on by Alex Whitworth

In July 2021, the presidential administration signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. As these systems are a part of daily life, any damage to them would be a significant threat to national security. To prevent a national crisis, the administration launched an effort to improve cybersecurity across critical infrastructure sectors. The first part of this four-part blog series will cover the basics of critical infrastructure cybersecurity. Subsequent blogs will dive deeper into the Water and Wastewater, Electric and Utility and Transportation sectors respectively.

Realities of Critical Infrastructure Environments

Increasing Industrial Control Systems (ICS) security ranks is a top priority to protect critical US infrastructure and national security. ICS is an information system that is used to control industrial processes such as manufacturing, product handling, production and distribution. These information systems can face a variety of threats from foreign and national bad actors who aim to gather intelligence and disrupt critical functions. With evolving technology, ICS operators must ensure that they implement new cybersecurity functions when connecting Operational Technology (OT) and Internet of Things (IoT) devices to Information Technology (IT) systems.

Best security practices for ICS include:

Restricting logical access to the system’s network and activity through protections such as firewalls to pause network traffic
Implementing unidirectional gates
Restricting physical access to the ICS devices and network to avoid disruptions to the system’s functionality
Securing all ICS individual components
Protecting against unauthorized data changes through network oversight
Having a response plan for potential incidents^[1]

CISA’s Cybersecurity Performance Goals

Section 4 of the National Security Memorandum required the Department of Homeland Security to create baseline cybersecurity guidelines.

To further advance this, the Cybersecurity and Infrastructure Security Agency (CISA) has released a number of initiatives for agencies to implement that would strengthen their security systems. Every day, CISA works with ICS asset owners and operators to help them identify, protect against and detect cybersecurity threats, as well as to enhance ICS technical, analytical and response capabilities. CISA is working hard with critical infrastructure organizations to improve on the common issues they see, including:

Without basic security protections and foundational measures, critical infrastructure systems are vulnerable to exploit by methods that are easily preventable.
Limitation of resources continues to be a challenge for small- and medium-sized organizations.
There are inconsistencies in the standards for cyber maturity across the various critical infrastructure sectors, leaving security gaps that can be exploited.
Cybersecurity in IT systems are prioritized, leaving OT systems overlooked and outdated.

CISA offers a wide array of resources to help critical infrastructure organizations. These include the 2022 Cybersecurity Performance Goals—the CPGs. The CPGs are intended to be both voluntary and not comprehensive. It is not a mandated act for agencies to implement, nor does it consist of every helpful cybersecurity practice for every organization. Rather, they are intended as a beginner guideline that can be communicated to a non-technical audience. The CPGs were set as a baseline set of cybersecurity practices that are broadly applicable across critical infrastructure and have known risk-reduction value for IT and OT owners. And lastly, the CPGs stand out from other control frameworks by not only considering practices that address risk to individual entities, but also the aggregate risk to the nation.^[2]

The Cross-Sector Cybersecurity Performance Goals provide a set of IT and OT cybersecurity practices that will help organizations increase cyber resilience in their Critical Infrastructure systems. CISA has organized the practices into 8 categories:

Account Security
Device Security
Data Security
Governance and Training
Vulnerability Management
Supply Chain / Third Party
Response and Recovery
Other

In March 2023 CISA released and updated version of the CPGs to include a key updates from the October 2022 guidelines.

The CPGs have been reordered to fit the NIST CSF functions, and accompanying documents have been adjusted to reflect this.
The Multifactor Authentication (MFA) goal has been updated to reflect the most recent CISA guidelines.
To aid in organizations’ recovery planning, CISA added a goal based around GitHub feedback.
There were slight changes made to the glossary to not only reflect the previously listed changes, but to acknowledge additional stakeholders who’ve contributed to the guidelines.

To better connect with the greater community, there are now additional opportunities to provide input on the goals CISA discussion page. CISA welcomes feedback from partners in cybersecurity and critical infrastructure communities.

Check back to read our second installment of this critical infrastructure series that will cover the best cybersecurity practices in the water and wastewater sectors.

To learn more about protecting agencies against cyber-attacks, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Resources:

^[1] “Recommended Cybersecurity Practices for Industrial Control Systems,” CISA, https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

^[2] “Cross-Sector Cybersecurity Performance Goals,” CISA, https://www.cisa.gov/cross-sector-cybersecurity-performance-goals

Unlocking New Potential at GEOINT 2023

Posted on by Francis Rose

Over the past couple decades, geospatial intelligence has evolved dramatically to encompass new realms that were previously only a dream and now – thanks to technology — have become a reality. At the United States Geospatial Intelligence Foundation’s (USGIF) GEOINT 2023 Symposium held in St. Louis, Missouri, Government, military, industry and academic leaders gathered to celebrate the 20^th anniversary of the event as the largest annual gathering of geospatial intelligence professionals in the nation and discuss ways to further the mission. This year’s theme, “From Maps to Metaverse,” gave tribute to the advancements within the GEOINT discipline and highlighted the innovative ways technology can help solve current national security challenges.

The Current Metaverse

One of the overarching questions from the symposium was – what is the metaverse? From interactive whiteboards to keynote sessions, numerous experts chimed in to offer their insight on the topic including Christopher Johnson, Deputy Chief Technology Officer at the National Geospatial-Intelligence Agency (NGA), who defined the metaverse as a virtual representation of the world that has evolved in complexity over time. He elaborated, “The metaverse really isn’t a thing. It is more of a concept. It is how we interact with information in a new and novel way that we’ve never done before.” Johnson believes that the metaverse will fundamentally transform the way the world operates. The key to building an effective strategy for this shift will be technologists and end-user partnerships. According to Johnson this collaboration will look different than traditional Government partnerships and will require in-depth face-to-face conversations on the personal applications of the metaverse instead of just the engineering and design specifications.

While the current capabilities are barely scratching the surface of what could be possible for the metaverse, Johnson sees tremendous potential for utilizing the technology within the GEOINT community particularly for immersive training and military operations. By leaning in, exploring additional use cases and creating standards that can grow with the technology, Johnson believes it will unlock a whole new level of possible.

Enabling the Metaverse of the Future

The customization and adaptability potential make the metaverse both harder to define and to institute governing policies. Emerging agile software development with daily feature updates will require open standards to be implemented for effective and secure delivery. Johnson says it is imperative to start the process of creating these standards now and recommends the Government lean on international nonprofits to adapt some of the current standards and enable further technology development and implementation.

Dan Opstal, Acting Director of the National Civil Applications Center at the US Geological Survey, highlighted the role of data within the metaverse and the need to evaluate both the new ways data can be viewed and how much data the metaverse ingests to be able to operate. Opstal shared that a common theme for agencies and technologists is navigating oversight and privacy especially as the metaverse continues to expand and develop. Artificial Intelligence (AI) and machine learning (ML) will play a large role in sorting and standardizing the data for usage and close collaboration will be vital for instituting the legal frameworks to maximize these technologies.

Over his 40-year career at the organization Mark Chatelain, Chief Information Officer at the NGA, has witnessed the evolution from maps to the metaverse and noted the difference in requirements between the two. For maps, only a printing press and simple computer were necessary to display the information; however, with the metaverse and immersive AI, it necessitates immense computational capabilities and mobile communications to be invented and perfected for widespread implementation. Chatelain predicts that cloud data solutions and partnerships will be vital for storing the massive amounts of information that is expected to increase by over 1,500% in the next seven years. In addition to the data analysis, cloud and storage solutions, the NGA is also prioritizing the mobilization of its analysts to be able to work virtually and not be tied down to one location due to data access and computational power for high quality graphics at high speeds.

Maintaining and Improving the Workforce

To be able to modernize and adapt with the innovations in the field, the GEOINT community is looking into practical ways to invest in the current workforce and attract new talent. NGA leadership anticipates that the new generation’s fluency with technology will be an asset but also require a huge cultural change.

Ian Zearfaus, Director of the Human Capital Advanced Capabilities Office at the NGA, explained how offering visibility into all organization roles through an assignments marketplace is one new initiative that has opened up flexibility for employees. By encouraging lateral career movement, employees can advance further through exposure to new opportunities and skill growth. The NGA has seen great success with this initiative for the current workforce and it has become increasingly popular with the next generation as well. The NGA focuses on establishing cross-cutting and leadership competencies that provide employees with easily transferable skills within the organization. Zearfaus foresees data literacy, critical thinking and the ability to forge partnerships to continue to be highly sought after proficiencies. NGA coaching programs have also been a catalyst for employees to seek out micro-learning environments, find ways to maximize their strengths and ultimately climb an un-traditional career ladder to accomplish their goals. Additional innovative training methods have included role playing with virtual avatars to simulate co-worker and partner engagement and a pilot public-private talent exchange program with the Director of National Intelligence (DNI) to facilitate officer collaboration with the tech industry. In total, these efforts align with the NGA Strategic Workforce Plan to prepare for the workforce of 2026-2030 by leveraging internal talent and modernizing positions to align with future mission needs.

Overall, the GEOINT 2023 Symposium provided attendees with one of the most consistently presented solution drivers – the chance for collaboration and partnerships. Equipped with both the educational knowledge of the current themes in the GEOINT discipline and the perspective offered by agencies and industry, members of the broader GEOINT community left empowered to effectively utilize technology and achieve new heights.

To learn more about the topics discussed at GEOINT, listen to Francis Rose’s Fed Gov Today podcasts Part 1 and Part 2 co-sponsored by Carahsoft.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at GEOINT 2023.*

4 Steps to Applying Zero Trust to Content Security

Posted on by Dan Hughes

As organizations adopt zero trust architectures, there’s one key area that seems to be overlooked: the content layer. And yet, security vulnerabilities at this layer pose significant, and extremely common threats. In fact, research reveals that a large portion of companies share sensitive content with over 2,500 third parties and use multiple tools for content communications.

Given the vulnerable nature of content exchange, it’s important to extend zero trust principles right down to the emails, documents, and files that we all share every day. But there are reasons why organizations do not do this regularly. For example, enforcing access rights can be tricky, especially in large organizations or companies with significant turnover. Tracking and monitoring every file type is impossible, as is adequately classifying every type of content.

Forcepoint Kiteworks Collaboration Zero Trust Blog Embedded Image 2024

Forcepoint’s new partnership with Kiteworks, a leader in data privacy and compliance for sensitive content communications, changes everything. Together, we’ve developed the industry’s most powerful solution for true zero trust security at the content layer. It combines Forcepoint’s Content Disarm & Reconstruction (CDR) and Data Loss Prevention (DLP) solutions with Kiteworks’ Private Content Network (PCN).

This combination allows organizations to take a highly effective four-step approach to zero trust content security by:

Making all content untrusted by default – Applying zero trust at the content layer entails assuming that all data is malicious until proven otherwise. Ensuring content is secure and delivered safely requires deconstructing—and reconstructing—the information that’s being sent. Forcepoint’s Zero Trust CDR extracts information from files, verifies that the information is secure, and builds new, functional files to carry the information to its ultimate destination.
Enforcing least-privilege content access – Least-privilege access management is a core tenet of zero trust security; our solution extends this practice to the content layer. It applies access control for applications to all content assets and allows organizations to assess who is sending, sharing, receiving, viewing, altering, or saving content. Companies can also monitor from where and to that content is being sent.
Monitoring content for potential vulnerabilities – Most organizations employ some form of network monitoring and have done so for years. Effective content monitoring employs the same principles of complete, real-time visibility and unified control. Our joint solution consolidates content communication channels for easy management and closely monitors each asset to ensure content is free of vulnerabilities.
Integrating policy management tracking and controls for data loss prevention – Tracking and monitoring content collaboration and communications is essential to prevent sensitive content from falling into the wrong hands. Our solution allows organizations to discover, classify, monitor, and protect data, track and control sensitive content, and audit user behavior—mitigating data loss.

This “trust no content” approach addresses all content security gaps. It provides organizations with assurances that the content their users are reading, sharing, and using is well-protected and free of malware.

Moreover, it makes implementing and managing zero trust content security an easy, frictionless experience for both administrators and users alike. Admins have everything they need to manage content security from a central location, and users will not experience any delays or inhibitions in their ability to collaborate or communicate.

Contact a member of our team today to learn more about Forcepoint’s and Kiteworks’ new solution and schedule a demo to start taking the steps necessary to bring zero trust security to your content.