Tag Archives: DOE

National Laboratories Information Technology(NLIT) Summit 2025:Top 5 Insights on Automation, Cybersecurity and More

Posted on by
Reply

Technology enables Government agencies to strengthen security, increase efficiency and collaborate across departments. This year at the National Laboratories Information Technology (NLIT) Summit, representatives from the National Laboratories, Government IT decision-makers and industry and vendor partners gathered to discuss recent advancements in IT across the Department of Energy (DOE) labs, featuring panels, interactive sessions and demonstrations focused on emerging, mission-driven technologies. Carahsoft stood alongside its partners, such as Amazon Web Services (AWS), Snowflake and GitLab to support the DOE’s mission objectives. Together, we deliver secure, compliant solutions that drive innovation—from MultiCloud strategies and generative AI to streamlined IT procurement.

Here are the top themes discussed at this year’s summit.

Artificial Intelligence Exploration

The National Laboratories are at the forefront of advancing artificial intelligence (AI) and High Performance Computing (HPC) to meet critical mission objectives. Several DOE labs are showcasing this commitment through transformative initiatives. At Los Alamos National Laboratory, the establishment of the National Security AI Office and the deployment of the Venado AI supercomputer reflect a strategic focus on embedding AI into national security operations. Sandia National Laboratories is leading innovation with “vibe coding,” an AI-assisted development methodology that allows developers to generate code based on described functionality, streamlining the software development process.

To further accelerate AI and HPC capabilities, the National Laboratories are leveraging NVIDIA technologies, including GPU-powered infrastructure and AI toolkits, to support high-throughput data analysis, simulation and machine learning applications. This partnership enables scalable performance and energy-efficient computing tailored to complex scientific workloads.

In response to growing cybersecurity threats, labs are also deploying AI-driven automated response systems to detect and neutralize risks in real time. These combined efforts enhance the DOE’s cybersecurity posture while reinforcing the National Laboratories’ leadership in next-generation computing and AI innovation.

Argo: A New Generative AI Platform

As part of its development, Argo incorporates technologies from OpenAI to support advanced natural language processing and generative tasks. By integrating OpenAI models with internal controls and security protocols, Argonne can deliver high-performing language tools tailored to research and mission needs, without compromising data integrity.

Future enhancements to Argo will include:

  • Document upload for summarization and analysis
  • Adjustable response styles that range from creative and exploratory to focused and deterministic
  • Integration of Argonne-specific knowledge and internal documents for contextualized outputs
  • Onsite deployment of GPU resources to host fine-tuned and open-source LLMs, enabling operational applications such as translation, code generation and scientific research

Through Argo, Argonne is setting a benchmark for secure, mission-aligned AI deployment across the DOE ecosystem.

An Automated Approach to Cybersecurity 

Sandia National Laboratories emphasized the critical need to embed security at every stage of the software development lifecycle through a DevSecOps approach. In the session “From DevOps to DevSecOps: ASC DSO at Sandia’s Journey toward Secure Software” Stuart Baxley, a Senior Research & Development Computer Scientist shared how Sandia integrates automated tools and continuous monitoring to enable early threat detection and fast remediation—reducing both risk and cost compared to reactive approaches. Agencies with automation tools, such as GitLab, enable the National Laboratories to manage their unique software development environments.

To enhance cybersecurity posture, Sandia recommends the adoption of key security practices and tools, including. Static Application Security Testing (SAST), Software Bill of Materials (SBOM) and container scanning. Leveraging these capabilities is essential to maintaining resilience in an increasingly complex and dynamic threat environment.

Efficiency Through the Cloud

Lawrence Berkeley National Laboratory has advanced its cloud adoption efforts through the Materials Project initiative, leveraging Amazon Web Services (AWS) to significantly improve the availability, accessibility and scalability of its data products. This successful deployment offers a strong blueprint for other national laboratories exploring cloud migration.

By transitioning to cloud infrastructure, the lab has unlocked a range of strategic benefits including enhanced collaboration, improved high-performance computing capabilities, robust encryption and data security and accelerated AI-driven research. These advantages position cloud adoption not just as a technical upgrade, but as a critical enabler of research efficiency, data innovation and scientific discovery in today’s increasingly data-intensive environment.

Managing Diverse Data

As datasets across the National Laboratories continue to grow in size and complexity, effective data management becomes increasingly challenging. Oak Ridge National Laboratory advocates for a holistic approach, recognizing that no single tool can address every need. Instead, the focus should be on strengthening data transfer capabilities and adopting integrated strategies to improve overall data mobility and accessibility.

In alignment with federal mandates, laboratories and agencies managing research data must prioritize the following:

  • Transparency – ensuring data is accessible to the public to support open research
  • Up-to-date data management practices – implementing current tools and processes
  • Comprehensive audit trails and metadata documentation – maintaining accountability and traceability

By improving data transfer methods and aligning with these core principles, National Laboratories can enhance collaboration, uphold security standards and maximize the impact of their research.

Through a combination of strong data governance, cloud adoption, AI integration and cybersecurity automation, the National Laboratories remain committed to advancing innovation and IT excellence across the DOE ecosystem.

Through data management, cloud application, AI and cybersecurity automation, the National Laboratories maintain a comprehensive strategy to continually fulfill their mission of advancing IT knowledge and collaboration across the DOE.

To learn more about technologies featured at NLIT, visit Carahsoft’s artificial intelligence portfolio.

Critical Infrastructure in Cybersecurity: Modernizing the Electric and Utilities Sector

Posted on by
Reply

After the ransomware attack on Colonial Pipeline in 2021 and other notable events, the presidential administration has diligently worked to improve the cybersecurity posture of critical infrastructure in the United States. Several Government agencies, such as the Department of Energy (DOE) Cybersecurity, Energy Security and Emergency Response (CESER), the National Security Agency (NSA), Cybersecurity Infrastructure Security Agency (CISA), and private sector Electric & Utility Industry have joined to refine and boost cybersecurity in the Electric and Utilities sector.

Standards for the Electric and Utility Sector

Since 2021, the White House has put forth the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, an initiative that aims to safeguard the critical infrastructure of the nation. The Memorandum specifies that the Electricity Subsector was the pilot effort in its Initiative. In acknowledgement of the Memorandum, at least 150 electric utilities have or will adopt operational technology (OT) and Industrial Control Systems (ICS) security and improved the visibility, detection and monitoring of critical electricity networks. Further reinforcing the memo, in March of 2023, the Presidential Administration announced a national cybersecurity strategy that strives to create a secure digital ecosystem reinforced with the National Cybersecurity Strategy.

Control systems experts that work with DOE CESER, CISA and the NSA have developed a set of ICS security considerations. These considerations aim to enhance and monitor the detection, mitigation and forensic capabilities for OT owners and operators.

The ICS/OT cybersecurity evaluating and monitoring technology guidelines are recommendations rather than mandates. They include but are not limited to:

  • Building technology for ICS networks with integration compatibility for ICS protocols and communications
  • Adding sensor-based continuous network cybersecurity monitoring, detection and facilitation of response capabilities for both ICS and OT
  • Creating a collective defense capability framework for software so that Federal Government partners and trusted organizations can share insights and detections
  • Utilizing passive deployment and isolation technologies to protect sensitive information
  • Securing technology against access credential misuse[1]

These guidelines aim to improve system security and visibility with Government partners.

Carahsoft Cybersecurity for Utilities Blog 3 Embedded Image 2023Financing the Security Movement

To help fulfill the National Security Memorandum promise, the current administration has released the Bipartisan Infrastructure Law, which authorizes up to $250 million to enhance the cybersecurity resilience of rural, municipal, and small private electric utilities. The Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance (RMUC) Program has utilized the law to help improve energy systems, processes, assets, incident response and cybersecurity skills in eligible agencies within the utility workforce. Nearly one in six Americans live in remote or rural communities with inadequate funding and infrastructure for updated technology and modern systems.[2] The RMUC Program pledges financial and technical assistance to help these communities, as well as small investor-owned electric utilities, to improve vital security functions such as operational capabilities and to provide cybersecurity services access and threat-sharing programs.  In August 2023, the program pledged a prize pool of $8.96 million dollars in competitive funding and technical assistance to enable municipal and small investor-owned utilities to advance their training and cybersecurity.[3]

By ensuring secure and reliable power to all customers, RMUC will help finance cybersecurity, as well as help fulfill another of the current administration’s goals of a net-zero carbon economy by 2050.

Cleaning Up Energy

In developing the clean energy sector, the Administration aims to mold the digital ecosystem to be more defensible, resilient and aligned with American values. This strategy will invest in the future by defending the energy sector and reinforcing clean-energy critical infrastructures.[4] To aid in the battle for clean energy through cybersecurity innovation, Clean Energy Cybersecurity Accelerator (CECA) will make cybersecurity accessible via collaboration with public and private expertise. To do so, CECA will assess all ICS assets that are connected to a utility’s infrastructure. Any ICS with potential wide-reaching impact is evaluated against physical and virtual attacks in a test lab, allowing CECA to mend any security holes. Aiming to achieve carbon-free electricity by 2035, the DOE has announced hundreds of funding opportunities, including funding for the Fossil Energy and Carbon Management (FECM) office.[5]

Through the collaboration of several key Government agencies and the tech industry, the Electric and Utilities sector is on the way to being secure, reliable and accessible to all.

The first two parts of this four-part blog series covered the basics of critical infrastructure cybersecurity, as well as an overview of the Water and Wastewater Sector. Following this third part, the fourth and final blog will dive deeper into the Transportation sector.

 

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Sources

[1] “Considerations for ICS/OT Cybersecurity Monitoring Technologies,” Office of Cybersecurity, Energy Security and Emergency Response, https://www.energy.gov/ceser/considerations-icsot-cybersecurity-monitoring-technologies

[2] “Biden-Harris Administration Launches $250 Million Program to Strengthen Energy Security for Rural Communities,” Department of Energy, https://www.energy.gov/articles/biden-harris-administration-launches-250-million-program-strengthen-energy-security-rural

[3] “New Prize Supports Rural and Municipal Utilities in Strengthening Cybersecurity Posture,” NREL, https://www.nrel.gov/news/program/2023/new-prize-supports-rural-and-municipal-utilities-in-strengthening-cybersecurity-posture.html

[4] “Fact Sheet: Biden-Harris Administration Announces National Cybersecurity Strategy,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

[5] “Funding Notice: Critical Materials Innovation, Efficiency and Alternatives,” Energy.gov: Office of Fossil Energy and Carbon Management, https://www.energy.gov/fecm/funding-notice-critical-materials-innovation-efficiency-and-alternatives

Modernizing Cybersecurity & MultiCloud Services with TMF

Posted on by
Reply

What is TMF?

The Technology Modernization Fund (TMF) is an action plan created as part of the 2017 Modernizing Government Act. The goal is to have a funding vehicle that would aid agencies in accelerating project completion. This is enacted via a loan which will be repaid based on individual project agreements. In order to implement and perfect technology modernization, the Technology Modernization Board (TMB) prioritizes projects that engage several agencies at once, address security gaps, and improve the public’s access to services. The TMB is responsible for eighteen different projects across ten federal agencies, seven of which were awarded American Rescue Plan (ARP) funding to address urgent IT modernization challenges.

How it Works

The fund is overseen by the TMB, which is comprised of government IT officials and cybersecurity experts with expertise in technology, transformation, and operations. The board reviews IT-related project proposals submitted by government agencies to determine which projects deserve funding, and how much. Priority is given to proposals which meet certain criteria [1] such as improving security, increasing operational efficiency, and adapting scalable technology. Since its inception, the TMB has loaned hundreds of millions of dollars to agencies and programs such as Foreign Labor Application Gateway and Farmers.gov. Technology modernization proposals are sent to the board through a two phased approval process.

The first phase is the Initial Project Proposal (IPP). IPPs act as a low burden prescreening for both agencies and the Board. Agencies submit a rough outline of their project proposal, while only approved and unique projects go to the Board for review. In their proposal, agencies must discuss a general plan process and whether project funding has been explicitly denied or restricted by Congress.

The second phase, the Full Project Proposal (FPP), is submitted directly to the Board. FPPs must have a comprehensive description of the proposal, project milestones, and a funding schedule. Agencies should also have a pitch presentation prepared for the Board.

Once funded, TMF projects are reviewed quarterly by the Board to ensure milestones and schedules are met. Corrective action is implemented when necessary to help agencies remain on track, and technical experts are there to provide support to teams to improve capability and fix troubleshoot issues.

TMF’s Importance Today

The TMF process is helpful as it provides greater flexibility to agencies and funds technology modernization efforts by allowing repayment options and payback terms for up to five years. Across the board, government agencies have accelerated modernization efforts because they no longer need to wait for funding. Now, agencies can act and gain funding as the project goes on. Oftentimes, company departments that are overlooked by either the government or their own agency will go through the TMF to gain adequate funding for important projects. This financing shows that accountability and oversight make a difference. It allows agencies to provide new capabilities in a timely manner in a rapidly changing environment. Without the TMF loans, these contributions, delivery, and improvements would not be possible.

Modernizing Zero Trust

One of the eighteen funded projects allows the U.S. General Services Administration (GSA) to modernize legacy network systems and implement an advanced zero trust architecture [2]. Through technology modernization funds, the GSA will advance zero trust architecture by improving zero trust blocks. Firstly, the GSA will replace directory designs to meet the new expectations of hybrid cloud architecture. These updates will be multi-domain and multi-cloud applicable. Secondly, it will develop modernized enterprise single-sign-on that will include multi-factor authentication. This way, security will be improved by a micro-segmented authentication system that adheres to a zero trust strategy. Lastly, the GSA will add artificial intelligence and machine learning driven algorithms to help detect threats to systems. All together, these measures will help protect government clients’ sensitive information from bad actors.

Carahsoft Cybersecurity & MultiCloud TMF Blog Embedded Image 2022Data Modernization

Another project goal is to modernize the Department of Labor (DOL)’s enterprise data management and analytics capabilities. The aim is to improve the availability and analytic capabilities of data to developers, journalists, researchers, and other federal agencies. Currently, the DOL faces issues with data consistency, quality, and availability. Proposed improvements include incorporating predictive analytics software to report capabilities to the DOL’s IT department, and implementing data management capabilities and to support application programming interface (API). This would share data with both the DOL and the public. These efforts could aid in cost savings, increased efficiency, and improved services [2].

TMF and Multicloud Services

One initiative that the TMF has provided funding for is cloud-based security enhancements. So far, these include funding for:

  • The United States Department of Agriculture (USDA), to complete migration to the cloud for all applications ($500 thousand)
  • To the Department of Energy (DOE), to migrate enterprise emailing to the cloud ($3.7 million)
  • To the U.S. Department of Housing and Urban Development (HUD) to move critical business systems from on-premises databases to the cloud ($13.8 million) [3]

Single clouded services have limited control and less flexibility. With the combination of two or more public clouds, private clouds, or a combination of both, an agency will gain better control and oversight on the cloud. This will allow a customer’s sensitive information to be better protected. This is especially important in light of 93% of businesses are moving to multi-cloud architecture [4].

The Future of TMF

With the Technology Modernization Fund, government agencies are able to improve their cybersecurity, increase data management capabilities, and support the public they are created to serve. TMF acts as a mitigated process to gaining funding for projects. Due to the implementation of the TMF, improvements in security such as multi-factor authentication, API, zero trust, and segmentation were enacted in the federal government. Because of TMF, government agencies are better able to serve customers by keeping their information secure and meeting their constituents and employees’ needs in a modernized, efficient, and scalable manner.

 

View Adobe’s Experience Cloud Demo page for more insights on Technology Modernization Fund and cybersecurity.

 

[1] “Awarded Projects,” The Technology Modernization Fund. https://tmf.cio.gov/projects/

 [2] Miller, Jason. “Special Report: Benefits of Technology Modernization Fund Validated,” Federal News Network. https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/11/special-report-benefits-of-technology-modernization-fund-validated/?_sm_au_=iVVnDfDJW3W3ZHZskN1JRKsp6MH81

 [3] Wiggins, Don. “Advance Your Government Mission with Secure Hybrid Multicloud,” Equinix. https://blog.equinix.com/blog/2021/02/16/advance-your-government-mission-with-secure-hybrid-multicloud/

[4]  Parmar, Dipti. “Why Organizations Need a Multicloud Strategy and How to Create One,” The Forecast by Nutanix. https://www.nutanix.com/theforecastbynutanix/technology/why-organizations-need-multicloud-strategy