Tag Archives: Federal Government

Critical Infrastructure in Cybersecurity: Innovation for the Transportation Sector

Posted on by
Reply

In 2021, the presidential administration passed the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, aiming to bolster the cybersecurity posture of critical infrastructure in the United States. Various agencies, such as the Transportation Security Administration (TSA), Department of Transportation (DOT) and the Cybersecurity Infrastructure Security Agency (CISA), have been working to continuously improve the security of the transportation sector, which oversees the movement of people and goods across the country.

The Transportation Sector

Within the transportation sector, initiatives have been taken to help fund cybersecurity improvements in an array of subsectors. The transportation sector includes:

  • Aviation: Approximately 450 commercial airports, 19,000 airfields, air traffic control systems, heliports, landing strips, joint-use military airports, sea plane bases, manned and unmanned recreational aircraft and flight schools[1]
  • Highway and motor carriers: Managing roadways, bridges, tunnels and commercial vehicles such as motorcoaches and school buses traffic management systems
  • The maritime transportation system: Approximately 95,000 miles of coastline, 361 ports and over 10,000 miles of navigable waterways
  • Mass transit and passenger rail: Terminals, operational systems, transit buses, monorails, trolleys and rideshares
  • Pipeline systems: Carriers of natural gas, hazardous liquids and various chemicals
  • Freight rail: Major carriers, smaller, active railroads, freight cars and locomotives
  • Postal and shipping: Regional and local couriers, mail management firms, charters and delivery services[2]

Carahsoft Cybersecurity for Transportation Blog 4 Embedded Image 2023Security Directives

Due to persistent threats to the cybersecurity of critical infrastructure, including the transportation sector, the TSA issued multiple security directives for various transportation types, including railways and pipelines. These new directives require agencies to develop approved implementation plans that will help improve cybersecurity resilience, proactively assess the effectiveness of cybersecurity measures and prevent the deterioration of infrastructure.

The directive also requires that entities regulated by the TSA proactively work to implement amendments in the directive, including to:

  • Develop network segmentation policies so that Operational Technology (OT) can continue working, even when compromised
  • Prevent unauthorized access to critical infrastructure systems by enabling control access measures
  • Identify vulnerabilities and implement security patches for operating systems, applications, drivers and firmware to reduce the risk of exploitation
  • Detect malicious software and unauthorized access on Information Technology (IT) or OT systems and report designated incidents to CISA
  • Isolate infected systems from uninfected systems to limit the spread of malware, deny further access and to preserve evidence of compromise[3]

A similar initiative, introduced by the DOT in 2022, aims to improve security awareness amongst employees. All DOT network users are required to complete the DOT’s Security Awareness Training, which is inspired by various federal requirements and the DOT Order on Department Cybersecurity Policy. The training measures employees’ knowledge in cybersecurity, including password and PIN protection and basic security for information systems.[4]

By striving to improve the security posture of the transportation sector, the TSA, DOT and CISA endeavor to protect the safety of the nation.

Cybersecurity Funding for the Future

The DOT has also introduced measures to improve the national security posture. To leverage funding from bipartisan infrastructure, the U.S. Transportation Secretary Pete Buttigieg announced up to $45 million in grants for various University Transportation Centers (UTC). These grants will be utilized to improve the cybersecurity resilience of agencies affiliated with roads, bridges, rail, shipping and airspace. One of these grants will go to Clemson University to lead a consortium focused on cybersecurity research and development. Another of these grants will go to Prairie View A&M University to improve technology in the transportation system, including data related to artificial intelligence and environmental resilience.[5]

Ever since the Colonial Pipeline attack of 2021, as well as other attacks on the cybersecurity of critical infrastructure of the United States, various agencies have done their part to improve the nation’s security. Through CISA’s hard work to create cybersecurity guidelines and cross-sector performance goals and the Federal Government’s generous grants, the nation’s critical infrastructure is postured to increase security and resolve potential crises.

This blog is the final installment in our four-part series, which examines cybersecurity initiatives inspired by The White House’s National Security Memorandum. The first three parts covered the basics of critical infrastructure cybersecurity, an overview of the Water and Wastewater Sector, and an overview of the Electric and Utility Sector.

 

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio. 

 

Resources:

[1] “National Infrastructure Protection Plan,” Transportation Systems Sector, https://www.dhs.gov/xlibrary/assets/nipp_transport.pdf

[2] “Transportation Systems Sector,” Cybersecurity and Infrastructure Security Agency, https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/transportation-systems-sector

[3] “Security Directives and Emergency Amendments,” Transportation Security Administration, https://www.tsa.gov/sd-and-ea

[4] “FY 2022 Department of Transportation Security Awareness Training,” Federal Motor Carrier Safety Administration, https://www.fmcsa.dot.gov/safety/fy-2022-department-transportation-security-awareness-training

[5] “U.S. Department of Transportation Funds Innovative Research Providing Vital Training for Next Generation of Transportation Leaders,” U.S. Department of Transportation, https://www.transportation.gov/briefing-room/us-department-transportation-funds-innovative-research-providing-vital-training-next

Speed Your Agency’s Software Deployments in 6 Easy Steps

Posted on by
Reply

Slow, bottlenecked, and often archaic release methods challenge most government agency software delivery teams. But enterprise feature management can help your agency achieve faster releases with less risk.

Enterprise feature management provides teams with total control over application features, fine-grain release targeting, and detailed audit logs. It starts with feature flags, a powerful tool that allows your development teams to turn features on or off without requiring a code change or deployment. They are a modern solution to traditional hard-coded boolean flags custom-built for each app. With an enterprise feature management platform, you can use a pre-set feature flag enterprise framework to define and operate a simple and seamless experience. This delivers a host of benefits that, among others, dramatically streamlines and accelerates software delivery. It also empowers teams to roll out new functionality gradually and selectively rather than all at once. And, your agency can “dark launch” a feature in production, reducing dependencies on expensive and custom staging environments.

Here are six steps that government agencies can take to get started with LaunchDarkly Federal, the only FedRAMP-authorized feature management platform. These steps will help you understand how to use feature management for high-speed, low-risk software releases of legacy and new applications:

1. Put in place the LaunchDarkly SDK to enable feature flagging

LaunchDarkly’s Software Development Kits (SDKs) allow your developers to implement and share feature flags quickly and easily across software applications. They provide an easy way to connect new and existing applications to the LaunchDarkly SaaS platform. Simply include your programming language-specific LaunchDarkly SDK into your application to get started. The SDK initializes to a specific environment, manages default values and targeting contexts, handles any connectivity issues, and listens for feature status and rule changes. SDKs provide the support for real-time application updates without the need to deploy new code.

2. Identify your environment(s)

In traditional release motions, government agencies identify and set up numerous development, testing, and production environments. Not only is each environment often expensive, but running a release through so many gates can be a significant challenge for resource-strapped teams. It is almost impossible to simulate a production level environment in staging and so when you release to production, you are testing in production anyways. Why not do it safely with granular targeting to reduce risk? With an enterprise feature management solution, you can reduce the number of environments and focus more on safely and securely testing in production.

3. Target, or even micro-target, your release

The next step is determining exactly where you will release individual features, and when. With feature flags, your development teams can release features in a highly customized way. By creating targeting rules, teams can easily target individual releases to a subset of users, resources, or even infrastructure, before making them widely available to all end-users. It’s possible to even micro-target a single user.

Targeting makes it simple to progressively release a new feature to a QA team or to project sponsors for feedback. The granular control over features and release targeting that LaunchDarkly Federal provides will enable more control than traditional blue/green deployments alone.

4. Flip a switch, and release whenever you want

With enterprise feature management, your development teams can separate deployment and release processes. Engineering teams can deploy code, and non-engineering teams can trigger the release with a simple flip of the switch. Decoupling these processes reduces the risk of failure and allows teams to release new features quickly and efficiently. Your development teams can keep progressing on their software development projects and release new features at the best time for their program or department. And, enterprise feature management also allows your project and program teams to develop, test, and deploy features using custom workflows with enterprise-level management capabilities.

By using low-risk continuous integration/continuous development (CI/CD) development processes with incident resolution times of less than 200ms, teams can improve developer productivity and reduce the time it takes to release new features to production.

5. Quickly disable features if issues or errors occur

In the event of an issue or error, teams need to be able to quickly disable features to avoid any issues affecting the application in production. Issues could range from something major such as security vulnerabilities to minor usability and cosmetic problems. With traditional processes, a team would have to roll back to a previous release losing everything they just deployed or take down an entire application to address issues or errors. However, with enterprise feature management solutions, teams can quickly disable the individual problematic feature leaving the rest of the application unchanged. Instead of the lengthy and cumbersome rollback and redeployment processes, this limits the impact to the application with zero downtime. DevSecOps teams would then typically perform a “patch forward” for the fix.

6. Track the release with detailed analytics

Using analytics, monitoring tools, and processes helps guarantee that your software meets government guidelines and agency policies. Using enterprise feature management, your agency can gather detailed audit logs and analytics to inform your decision-making and improve software delivery processes across your mission-critical programs.

Following these six simple steps can help you shrink your agency’s release time from years and months, to days and hours, just like it did for the Centers for Medicare (CMS). Using LaunchDarkly and the six steps above, CMS went from one launch once per quarter, to completing six launches within a single day to support a global rollout.

Feature management is a powerful DevSecOps tool that can truly accelerate the delivery of transformative software. With detailed control over features, release targeting, and detailed audit logs, your agency can reduce risk and deliver software at the speed of the commercial world.

Download our eBook to learn more about LaunchDarkly, and view our our public sector webinar to learn more about DevSecOps best practices.

Reaching Customers with Client-Driven Solutions

Posted on by
Reply

One of the biggest challenges of government service is how their personnel interact with customers. Adequately supporting customers can be tricky, especially when serving people with vastly different needs. So, it is vital that government providers know how to support individuals with accurate, time-effective aid for their specific issues – for example, a mental health or public safety crisis.

Equal and Equitable Access

ConcernCenter/AWS Customer Experience Blog Embedded Image 2023What is the best way to provide care? Offering constituents and customers equal and equitable access and care means government employees need to be prepared to handle a variety of problems. First, the experience of each individual should be at the forefront of every interaction; customers should be treated with respect to their wishes and goals. Second, making the customer feel valued and heard is critical in every encounter. Customer service should not be transactional, but relational. By building trust with clients, agencies establish value now and for the agency’s future. Third, service should take into account who the individual receiving the assistance is as a person.

A Look at the Customer

Different customers prefer different styles of customer service. For governments, this means addressing the varied needs of a range of customers, including:

  • Students, parents, faculty and staff
  • Veterans
  • Employees
  • Survivors of crime and their families
  • At-risk youth
  • Patients
  • Disabled patients and their families
  • Caregivers
  • Younger generations
  • Older generations

Employees must be prepared to actively support the unique individuals that use their agency or organization. It is vital to identify who the customer is as a person, what resources are accessible to them and what their main concerns may be. This can affect all aspects of the interaction, as organizations need to consider what kind of people are reaching out, and how to best orient their services toward their target audience.

Online Support

With the growing presence of the internet in everyone’s lives, websites should be created in ways that best serve the end-user. There are a few main questions to consider when determining whether consumer-facing websites and services are meeting their intended goals:

  • Who is visiting the website? What is their age group and knowledge level?
  • What is the biggest concern to these customers? What questions are consistently being asked?
  • What results is the customer expecting on the other end of their experience?

All customers visiting a website will have a shared experience. To create a client-driven solution, first identify their ideal user experience. When customers know what questions to ask, when to ask them, and who to ask they can be confident they will receive the correct solutions they need.

Providing a Client-Driven Solution

Customer service should be client-driven, rather than business-driven. A client-driven solution is based around customer concerns. It is written simply, in words customers use every day rather than the organization’s technical jargon.

For government agencies, whose main goal is to be by and for the people, business models should be client-needs focused. In addition, organizations should provide multiple support options for the customer to choose from. This way, if a customer does not feel comfortable with one option, they have other methods of support to utilize. As soon as the customer no longer feels supported, they stop searching for help, which is exactly what we hope they will not do.

Providing client-driven solutions can look like:

  • Reducing confusion by compiling all resources into one accessible place
  • Investing in long-term staff that is experienced with the organization and its processes
  • Providing support options that are available after hours and on weekends
  • Using data analytics to gain insight into when and where support is being accessed
  • Customizing software to center around the customer base’s needs
  • Providing options for services in multiple languages
  • Offering password protection and an emergency click-away button for safety and confidentiality purposes
  • Clearly directing to answers, helpful resources and next steps

By providing client-driven solutions, agencies can build trust with customers that will allow them to more equitably serve the public.

 

ConcernCenter works with businesses, school districts, organizations, institutions, and non-profits to support users and solve common concerns. To learn more about effectively aiding customers, visit Carahsoft’s page to view ConcernCenter’s webinar on customer service.

Sea-Air-Space 2023 Showcases Strategic Insights for the Navy

Posted on by
Reply

As the landscape of defense technology across the United States Armed Forces continues to advance and transform, the military must also evolve and adapt with it. At Sea-Air-Space 2023, the Navy League’s Global Maritime Exposition, key leadership from the U.S. defense industry and government technology experts came together for educational and collaborative sessions across a variety of topics. A record number of attendees gathered for the three-day conference where many vendors including Carahsoft and 45 of its partners demonstrated their technology solutions to meet military needs. Fed Gov Today joined Carahsoft on the show floor to speak with military thought leaders on staffing, cybersecurity and more.

Carahsoft Sea-Air-Space Recap Tradeshow Blog Embedded Image 2023Sea Service chiefs attending the conference noted that currently, maintaining and developing the workforce is a high priority for the military as it emphasizes the role of people as resources. Defense agencies are looking to engage young, talented individuals interested in serving the armed forces.

“Whenever you see the defense budget start to go down…a lot of times you’ll see training and education reduced,” Carahsoft’s Program Executive of Navy and Defense Strategy, Mike McCalip, said. “What you end up with is a workforce that can be five or 10 years behind in technology.” To mitigate this, McCalip sees this as an opportunity for industry vendors to “help [the Navy] to educate and keep their workforce on the tip of the spear when it comes to technology.”

Another important concept discussed at Sea-Air-Space was the Department of Defense’s shift to ever evolving Zero Trust. Throughout the conference, Sea Service chiefs and tech vendors fielded many questions and conversations surrounding cybersecurity’s role within defense strategy. Military leaders and vendors shared an eagerness to collaborate and explore opportunities for growth together in the future.

 

Check out the rest of my industry insights and highlights from the event floor at Sea-Air-Space 2023 in my full blog at FedGovToday.com.

Shaping the Future With 3D Software in Government

Posted on by
Reply

Over the past few years, the use of 3D software has become increasingly important in Government Agencies. With advances in technology, government officials are turning to 3D software to help them visualize, analyze, and design projects with greater efficiency and effectiveness. This technology can provide several benefits, including improved collaboration, better decision-making, and increased efficiency.

One of the most significant benefits of 3D software is the ability to create realistic visualizations of data and designs. This is particularly useful in areas such as architecture, urban planning, and transportation. By using 3D software, government agencies can create realistic models of buildings, roads, and other infrastructure, allowing stakeholders to see how designs will look in the real world. This can help to identify potential issues early in the planning process, leading to more efficient and cost-effective solutions.

Adobe 3D Software Blog Embedded Image 2023For example, a city planning department could use 3D software to create a digital model of a new highway interchange. The model could be used to identify potential traffic bottlenecks, analyze the impact on nearby neighborhoods, and make design modifications to optimize traffic flow and minimize the impact on the community. By using 3D software, the planning department can gain valuable insights into the project and make better decisions that benefit both the city and its residents.

Another benefit of 3D software is improved collaboration. By creating 3D models of designs and data, government agencies can share information more easily and effectively with stakeholders. This can lead to better communication and a greater understanding of the issues at hand. Additionally, 3D software allows multiple stakeholders to view and interact with the same model, allowing for more efficient collaboration and problem-solving.

For instance, a team of engineers and architects working on a public works project could use 3D software to create a digital model of the project. The model could be shared with all team members, allowing them to see and interact with the same information. This would facilitate better communication and collaboration, as team members could identify potential issues and make design modifications in real time.

3D software can also improve decision-making in government agencies. By visualizing data and designs in 3D, agencies can better understand complex systems and identify potential problems before they occur. This can help agencies to make more informed decisions and avoid costly mistakes. Additionally, 3D software can help agencies to evaluate the impact of different policy decisions, allowing for more effective planning and resource allocation.

For example, a state transportation department could use 3D software to evaluate the impact of a proposed toll increase on highway usage. The department could create a 3D model of the highway system and use data analytics to simulate different traffic scenarios. This would allow them to evaluate the impact of the proposed toll increase and make more informed decisions about transportation policy.

Finally, 3D software can increase efficiency in government agencies. By using 3D software to create models and visualizations, agencies can streamline their workflows and reduce the time and resources required for planning and analysis. This can lead to faster decision-making and more effective use of resources.

For instance, a Federal agency could use 3D software to analyze satellite imagery of a natural disaster area. The software could automatically generate 3D models of the disaster area, allowing the agency to quickly assess the extent of the damage and prioritize response efforts. This would reduce the time required for manual analysis and allow the agency to more efficiently allocate resources.

In conclusion, the use of 3D software in government agencies can provide several benefits, including improved collaboration, better decision-making, and increased efficiency. As technology continues to advance, 3D software will likely become an increasingly important tool for government agencies across a range of fields.

 

If you or anyone you know would like to dive deeper into the Adobe creative applications and how they can be applied to current government projects, watch the on-demand recordings from our 8-part webinar series, Engage Audiences Across Screens with Powerful Collaboration and Creation.

Discover how Adobe Creative Cloud solutions accelerate creative workflows, allow for content creation across all screens and mediums, and enable quick and efficient creation of digital experiences. Our team of Adobe solutions experts demonstrate how to utilize the newest tools, upgrades, features, and integration capabilities that teams across all fields can leverage for compelling and exciting digital designs.