Tag Archives: Government Conference

DevSecOps: Achieving Efficiency and Scale with Automation and Software Factories

Posted on by
Reply

In today’s rapidly evolving digital landscape, Government agencies face many challenges in delivering modern, secure software applications to the end-user. DevSecOps is a methodology that combines development, security and operations to create a more streamlined and secure software development process. This concept has emerged as a transformative approach that integrates security practices, automation and software factories into the software development lifecycles from its inception. At the Carahsoft DevSecOps Conference, industry experts and innovators shared their knowledge of emerging tools, effective strategies and methodologies in software engineering through several educational sessions.

Unlocking Efficiency: The Power of Automation and AI/ML

Automation helps developers improve the efficiency and quality of code, reduce risk and combat security vulnerabilities. As a key component of DevSecOps, automation allows developers to simplify many of the tasks involved in software development, such as testing, deployment and monitoring. Once automated, developers can focus on writing high-quality code and addressing security vulnerabilities, rather than spending time on redundant manual tasks.

The use of AI has transformed the way developers work, compared to 20 years ago when code was primarily written from scratch. Today, external libraries — software code written by a third-party source — are used frequently which introduces a new set of risks and benefits. The benefits include making software development faster and more efficient as developers use pre-existing code to build their applications. However, if a third-party library has a security vulnerability, it can be exploited by malicious actors to gain access to sensitive data. If not maintained properly, the third-party library can become outdated and incompatible with other software components.

Carahsoft DevSecOps Conference Blog Embedded Image 2023Software Factories

Software development has become an essential part of today’s business operations, and Government agencies are constantly seeking ways to improve their processes. Recently, the concept of the software factory—a structured approach to software development that emphasizes standardization, automation and collaboration—has gained popularity. It establishes a set of tools, processes and best practices that enable teams to develop software more efficiently and effectively. The goal of a software factory is to create a repeatable and scalable process for software development that can be applied across different projects and teams. By implementing this strategy, agencies can improve the quality, speed and consistency of their software development efforts.

One of those best practices, Continuous Integration and Continuous Deployment, are combined in a single process known as CI/CD. CI is the practice of frequently merging code changes from multiple developers into a shared repository, where automated tests are run to address integration issues early in the development cycle. This ensures the code is always in a releasable state and reduces the risk of conflicts and errors when changes are merged. CD, on the other hand, is the practice of automatically deploying code changes to production as soon as they pass the necessary tests and checks. Thus, enabling teams to release software changes quickly and frequently. By utilizing CI/CD, teams can achieve a continuous flow of code changes from development to production, which is imperative for modern software development.

Elevating DevSecOps: A Blueprint for Integrating Early Software Security Measures

Securing software in a containerized environment presents unique challenges due to the dynamic nature of containers and the distributed nature of container orchestration platforms like Kubernetes. Government agencies must ensure that containers are properly configured and secured, as misconfigurations can lead to vulnerabilities that can be exploited by attackers. Another difficulty is detecting and responding to security incidents in a timely manner, as containers can be spun up and down quickly and may be spread across multiple nodes in a cluster. Securing software early can help agencies reduce risk, lower costs, deliver software faster and improve collaboration between development and security teams.

Another crucial component of DevSecOps—continuous delivery—enables teams to deliver software changes quickly, safely and sustainably. This means that teams can release software changes frequently and with confidence, knowing that the changes have been thoroughly tested and are ready for production. Through a combination of automation, collaboration and feedback loops, continuous delivery helps reduce the time and effort required to release software changes.

Agencies can adopt a DevSecOps approach that integrates security into the software development lifecycle from the beginning. This involves using tools and processes to automate security testing and validation, as well as incorporating security requirements into the development process. For instance, agencies can use tools like vulnerability scanners and security-focused container images to detect and remediate vulnerabilities in containers. They can also use automation to validate security requirements and ensure that containers are properly configured and secured.

Securing software early in the development process can lead to several benefits including:

  • Reduced risk of security incidents: By identifying and addressing security vulnerabilities early in the development process, agencies can minimize the risk of security incidents and data breaches.
  • Lower costs: Fixing security issues later in the development process is much more expensive than addressing them early on. By integrating security into the development process from the beginning, agencies can reduce the cost of fixing security issues and avoid costly rework.
  • Faster time to market: Adopting DevSecOps approach can help agencies to deliver software faster by automating security testing and validation. This decreases the time for manual testing and enables faster release cycles.
  • Improved collaboration: Agencies can strengthen collaboration between development and security teams to ensure requirements are properly understood and incorporated into the development process. This proactive initiative can help foster a culture of security throughout the agency.

The adoption of DevSecOps, along with its fundamental principles, empowers Government agencies to establish a more efficient and secure software development process. This is achieved through the implementation of automation, the adoption of a software factory approach and the early integration of security measures.

 

To learn more about DevSecOps best practices and trending innovations, visit Carahsoft’s DevSecOps vertical solutions portfolio. 

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Carahsoft’s annual DevSecOps Conference.*

Transforming State and Local Government in Ohio Through Technology

Posted on by
Reply

Innovation and collaboration are imperative to drive growth and transformation in State and Local Governments, as well as the need to invest in education and training to prepare the workforce for the jobs of the future. At the Carahsoft Digital Transformation Roadshow in Columbus, Ohio, Government IT and industry leaders engaged in dynamic discussions around the role of technology in shaping the modernization of the state of Ohio and beyond.

Technology Innovation in State and Local Government

Ohio State and Local agencies have begun to integrate innovative technologies to drive better decision-making while lowering the cost of ownership for IT systems; however, this requires significant investment in infrastructure, training and talent acquisition. Agencies must also ensure cybersecurity and risk management, as the use of new technology can create new vulnerabilities. There is a critical need for education, collaboration and innovation as State and Local agencies reimagine the future workforce which is an ever evolving complex and diverse ecosystem.

When faced with implementing technologies like artificial intelligence (AI), internet of things (IoT) and other transformational technologies, comprehensive planning is the best way forward for State and Local agencies. By doing the planning upfront, agencies can ensure that they have the right tools to manage vulnerabilities, mitigate risks and drive innovation.

Carahsoft State and Local Ohio Roadshow Blog Embedded Image 2023Utilizing a single platform that connects automation of other tools into that platform helps agencies get real-time data reporting and addresses risk within the organization. By using multiple endpoint management and security tools in a single platform, agencies can streamline their operations, reduce costs and improve their overall security posture.

A local agency in Westerville, Ohio has started using data for applied analytics and customizing citizen experiences using a feedback model. This approach involves analyzing and interpreting data to improve services and provide a more streamlined citizen experience for services like trash collection, public safety and traffic management. By using data to drive decision-making and improve services, agencies can become more efficient, effective and responsive to the needs of citizens.

Building a Resilient Government

Modernizing systems, which is the top priority for building a resilient Government, will improve citizen services, generate cost savings, increase security and provide a more holistic, human-centered Government experience. Many State and Local agencies have outdated systems and need to modernize their infrastructure and business processes to make commerce more accessible and efficient. This involves evaluating areas for improvement, such as replacing fax machines with modernized digital tools and platforms and consolidating multiple systems into a few with all the key functionality they need.

The Ohio Department of Aging (DoA) implemented a tenant of rapid response in which automated systems provide emergency staffing within 24 hours for long-term care facilities and nursing homes during the COVID-19 pandemic and continue to this day. The DoA has also worked on predictive modeling utilizing the Governance, Risk and Compliance (GRC) organizational strategy to identify potential issues and respond proactively. Additionally, it has focused on meeting citizens’ needs through an omnichannel approach, using interoperable data analytics and predictive modeling to provide a more personalized and efficient experience.

Combating Cyber Threats in Government

Public Sector organizations face a range of cybersecurity risks, including data exploitation, insider threats, third party vulnerabilities, ransomware, identity theft and fraudulent access to State Government services. To mitigate these risks, agencies can take steps such as implementing strong access controls, regularly updating software and systems, conducting employee training on cybersecurity best practices and partnering with other organizations to share threat intelligence and collaborate on incident response.

Cybersecurity and Infrastructure Security Agency (CISA) offers several services to assist Government agencies with cybersecurity, including assessments and external dependency mapping. These services are provided at no cost to agencies, as they are already paid for by federal taxpayers. The services include:

  • Cybersecurity assessments: conduct cybersecurity assessments, which can help identify vulnerabilities and areas for improvement.
  • Ransomware readiness assessments: prepare for and respond to ransomware attacks, which are a growing threat to State and Local Governments.
  • External dependency mapping: identify and assess third-party vendors and other external dependencies, which can be a source of cybersecurity risk.
  • Threat intelligence sharing: provide agencies with information on emerging threats and best practices for defending against cyber-attacks.
  • Incident response planning: develop and test incident response plans, which can help ensure a coordinated and effective response in the event of a cyber-attack.

As cybersecurity threats become more sophisticated, it is increasingly critical for individual employees to be aware of the risks and take steps to protect their agency. Following best practices for password management, avoiding suspicious emails and links and reporting any potential security incidents to IT or security personnel is imperative. Agencies should provide regular training and offer resources such as phishing simulations to help employees become more vigilant.

Agencies must continue to leverage technology, utilize resources like CISA, stay up to date on the latest best practices and remain committed to meeting citizens’ needs. By embracing technology innovation, State and Local agencies can create a brighter future for all.

 

Explore more resources and learn more about Carahsoft’s State and Local Roadshow Series: Digital Transformation by visiting our Roadshow portfolio.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Carahsoft’s Digital Transformation Roadshow.*

Transitioning Towards a Sustainable Healthcare Mindset at DHITS 2023

Posted on by
Reply

Since the Defense Health Agency (DHA) oversees the entire military health system, it knows how important it is for members of the military and their doctors to be able to access medical records quickly and universally. In August 2023, the DHA hosted the Defense Health Information Technology Symposium (DHITS) where military health system (MHS) stakeholders discussed its newest asset– the Military Health System (MHS) Genesis. With the creation of this universal health record database, military members’ health records can easily be accessed, whether they are active-duty or not. Currently being rolled out in waves, the MHS Genesis plans to expand health records accessibility between different military branches.

Benefits from MHS Genesis

While still new, the MHS Genesis already shows improvements in several areas which include:

  • Enterprise and Cultural Interoperability: Some doctors may have different views or standards than others. This universal system makes patient files easily accessible to any doctor, regardless of military branch or practice. Now, the IT systems and Electronic Health Records (EHR) work together seamlessly. Different military branches will be able to use the same uniform system when it comes to accessing patient files and records, making the job easier for both patients and doctors.
  • Patient-Centric Care: With the MHS Genesis technology enhancements, it is now easier than ever to meet patients at their home on a Tuesday through telehealth. Telehealth is especially important within the military to give patients flexibility in choosing appointments as well as requesting information or gaining access to their medical records.
  • System and Process Automation: Medical professionals struggle with the global constraint of time. The MHS enables providers to automate tasks, saving time on things like paperwork and allowing for more one-on-one patient care.

Carahsoft Healthcare at DHITS Tradeshow Blog Embedded Image 2023Next Steps for the MHS

Currently, the entire DoD is at an 86% implementation rate for the MHS Genesis. It is actively being used in all DHA locations in the U.S. with plans to incorporate the universal health record system into the remaining treatment facilities outside of the United States by the end of 2023.

As leaders within the MHS continue their journey into modernization and sustainability, it is important that they equip people with the right knowledge and skills to be able to deliver their future vision of what military medicine should look like. The number one purpose of this emerging technology is to ensure the medical readiness of the military. The MHS Genesis will help guarantee that this stays a top priority, as it creates better access to information and helps deliver that information to the decision makers. Using Artificial Intelligence (AI) in medical settings is an exciting development that will help with diagnosing, personal assistants, risk analysis, forecasting and more. Through AI support, doctors will be able to spend more time on their patients and less time on large amounts of paperwork.

While the implementation of the MHS Genesis has been a success, all branches of the DoD must continue to communicate and collaborate openly and effectively. They must also involve other stakeholders by breaking down data silos and sharing freely what does and does not work in an enterprise setting. This will ultimately help with addressing public health challenges, ethically using AI in a medical setting, cybersecurity and more.

The MHS journey coincides with changing the deployment approach to a “sustainment” mentality. A sustainment mindset involves focusing on:

  • Optimization of user experience: Seeking feedback and continuing to adjust the technology to enhance user experience
  • Scalability: Scaling the success and implementing the changes across the enterprise if success is found with one configuration setup
  • Standardization: Creating a standard vocabulary and process for enterprise usage, so people communicate with the same terminology across the MHS

At the end of the day, the most important thing is that patients receive the care they need. Through the MHS Genesis and the IT solutions discussed at DHITS, the MHS hopes to greatly boost patient experiences, increase trust in the military health system, reduce healthcare provider burnout and give patients and clinicians access to data in real-time.

 

Visit Carahsoft’s Department of Defense and Healthcare solutions portfolios to learn more about DHITS 2023 and how Carahsoft can support your organization in these critical marketplaces.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DHITS 2023.*

Generative AI, DevSecOps and Cybersecurity Highlighted for the Air Force and Space Force at DAFITC 2023

Posted on by
Reply

Thousands of Space Force and Air Force personnel and industry experts convened to discuss the most current and significant threats confronting global networks and national defense at the 2023 Department of the Air Force Information Technology and Cyberpower Education & Training (DAFITC) Event. Throughout the many educational sessions, thought leaders presented a myriad of topics such as artificial intelligence (AI), DevSecOps solutions and cybersecurity strategies to collaborate on the advancement of public safety.

Leveraging Generative AI in the DoD

At the event, experts outlined three distinct use cases for simplified generative artificial intelligence in military training.

  • Text to Text: This type of generative AI takes inputted text and outputs written content in a different format. Text to Text is associated with tasks such as content creation, summarization, evaluation, prediction and coding.
  • Text to Audio: Text to Audio AI can enhance accessibility and inclusion by creating audio content from written materials to support elearning and education and facilitate language translation.
  • Text to Video: Text to Video AI is primarily geared towards generating video content from a script to aid the military with language learning and training initiatives.

Dr. Lynne Graves, representative of the Department of the Air Force Chief Data and Artificial Intelligence Office (CDAO), provided attendees with a brief timeline of how the USAF will fully adopt artificial intelligence. The overarching aim for AI integration is to make it an integral part of everyday training, exercises and operations within the Department of Defense (DoD).

  • In FY23, the DoD is focusing on pipeline assessment. Using red teaming where ethical hackers run simulations to identify weaknesses in the system, internal military personnel target improvement of their infrastructure and mitigation of the vulnerabilities in the different stages of the pipeline.
  • In FY24, the emphasis will be on the Red Force Migration policy, which involves developing, funding and scaling the necessary strategies.
  • In FY25, the goal is for the department to become AI-ready. This entails preparing for AI adoption at all agency levels, establishing a standard model card that explains context for the model’s intended use and other important information, creating a comprehensive repository of data and implementing tools for extensive testing, evaluation and verification.

Carahsoft AI, Cybersecurity, DevSecOps at DAFITC Tradeshow Blog Embedded Image 2023USSF Supra Coders Utilize DevSecOps for Innovation

The current operations of United States Space Force (USSF) Supra Coders involve a range of activities that combine modeling, simulation and expertise in replicating threats. These operations are conducted globally, and currently include orbit-related activities, replication of DA ASAT (Direct Ascent Anti-Satellite) capabilities and the reproduction of adversarial Space Domain Awareness (SDA).

The USSF Supra Coders have encountered limitations with software solutions, including restrictions tied to standalone systems, licensing structures with associated costs and limited adaptability to meet the specific needs of aggressors and USSF requirements. DevSecOps presents a multifaceted strategy for mitigating the identified capability gaps noted by the USSF Supra Coders. It can help create more effective and efficient software solutions through seamless integration of security protocols, streamlining system integration processes, optimizing costs and enhancing customizability.

Cybersecurity Within the Space Force

Cybersecurity is a shared responsibility across the DoD but is especially relevant for the U.S. Space Force. As a relatively newly emerging branch of the military, the Space Force is still developing its cyber strategies. Due to its completely virtual link to its capabilities, the USSF must prioritize secure practices from the outset and make informed decisions to protect its networks and data.

Currently, the Space Force is engaged in the initial phases of pre-mission analysis for its cyber component which serves as a critical element for establishing and maintaining infrastructure through the integration of command and control (C2). These cyber capabilities encounter a series of complex challenges, which necessitate a multifaceted approach including the following solutions:

  • Enforcing Consistent Cybersecurity Compliance
  • Developing Secure Methods to Safely Retire Old Technology
  • Enhancing Cryptography Visibility
  • Understanding Security Certificate Complexity
  • Identifying Vulnerabilities and Mitigating Unknown Cyber Risks

While the Space Force faces a uniquely heightened imperative to bolster its cybersecurity capabilities with its inherent reliance on information technology and networks in the space domain, the entire community must collaborate effectively to achieve military leaders’ targeted cybersecurity capabilities by the goal in 2027.

The integration of generative AI in military training, innovations through DevSecOps by the USSF Supra Coders and cybersecurity initiatives of the Space Force collectively highlight the evolving landscape of advanced technologies within the Department of Defense. Technology providers can come alongside the military to support these efforts with new solutions that enhance the DoD’s capabilities and security.

 

Visit Carahsoft’s Department of Defense market and DevSecOps vertical solutions portfolios to learn more about DAFITC 2023 and how Carahsoft can support your organization in these critical areas. 

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DAFITC 2023.*

Software, AI, Cloud and Zero Trust as Top Priorities for the Army and DoD at Large at TechNet Augusta 2023

Posted on by
Reply

Many of the major cybersecurity, data, DevSecOps and other trends from the past couple of years continue to grow and be top priorities for every segment of the Department of Defense (DoD). At TechNet Augusta 2023, Government and industry experts shared the specific needs of their organizations across those areas and solutions to help achieve their goals. The main theme of the event was “Enabling a Data-Centric Army” and expanding those principles and their mobilizing technologies to the entire DoD. For the Army in particular, the shift from hardware to software, the use of artificial intelligence (AI), cloud capabilities and Zero Trust were headlining topics at the conference.

Shifting from Hardware to Software

In an effort to increase agility and expand access to resources, the Army is transitioning its equipment from hardware to software. Amending its materiel release process to decouple software from hardware allows the Army to deploy software outside of the long hardware acquisition cycle. To mobilize this endeavor, the Army Futures Command (AFC), is modifying its software requirements to focus on high-level overviews that are then refined by operators. Alongside this shift, the Army and other departments requested that technology providers ensure that their software solutions integrate with each other. Going forward, the Army also asked industry to provide software that is not tied to specific hardware. This separation will be key to establishing data-centricity. Nearly every speaker echoed the importance of this shift for their departments.

Utilizing AI

With this major transition to a software-heavy environment, Army Chief Data and Analytics Officer David Markowitz believes it will be an ideal use case for generative AI in software development. Having a controlled environment in software development would make it easier to properly govern compared to the complexity of some of the other uses. As AI usage increases across the DoD, military leaders requested industry create AI platforms with layered complexity of features enabling users of any skill level to utilize the technology effectively. In regard to AI applications for data, Army CIO Leonel Garciga stated that additional guidance on “Data Use on Public/Commercial Platforms” would be released soon to clarify its policy. Overall, officials concurred that the DoD is not looking to become 100% reliant on AI aid but instead maximize AI’s strengths to augment human critical thinking and empower commanders to make data-driven decisions.

Enabling Cloud Capabilities

Over the past year, the Army has exponentially increased its cloud migration and virtualized capabilities. Housing information in the cloud optimizes data storage and simplifies ease of access particularly with the increase in data output, and the push for AI data analytics and data-driven decisions. Hybrid cloud solutions offer the readiness, adaptability and duplication of vital information necessary for military operations to continue smoothly in any situation. Currently, DoD leaders seek industry solutions for modernizing and moving applications to the cloud simultaneously. Acquiring technology with this ability would reduce both the security risk and the work required from the military to implement it.

Expanding Zero Trust

Overarching every aspect of the DoD is the critical need for cybersecurity. Garciga plans to emphasize Zero Trust implementation heavily in conjunction with improving user experience and cyber posture. While multi-factor authentication offers a great starting point, military leaders explained that it is not enough and that they look to partner with industry to close virtualization vulnerabilities through continuous monitoring and regular red teaming. At the conference, the Army Cyber Command (ARCYBER) outlined seven principles for IT providers to follow for all capabilities they deliver:

  • Rapidly Patch Software
  • Assess All Production Code for Security Flaws
  • Improve Security of Development Networks
  • Isolate Development Environments from the Internet and from the Vendor Business Network
  • Implement Development Network Security Monitoring
  • Implement Two-Factor Authentication (2FA) on Development Network and Testing Services
  • Implement Role-based Permissions on Development Network

Empowering DoD Success

A consistent thread woven throughout the event was the vital nature of open communication and partnership between the DoD and technology companies to achieve the established goals. Within each of these areas including the shift from hardware to software, use of AI, cloud capabilities and Zero Trust, the DoD looks to innovate and explore new methods and solutions to stay ahead on the world platform. Together through collaboration, industry can have a vital role in keeping American citizens safe one technology update at a time.

 

Explore our Federal Defense Technology Solutions Portfolio to learn how Carahsoft can support your organization through innovative, agile defense resources and IT capabilities.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at TechNet Augusta 2023.*

Unlocking New Potential at GEOINT 2023

Posted on by
Reply

Over the past couple decades, geospatial intelligence has evolved dramatically to encompass new realms that were previously only a dream and now – thanks to technology — have become a reality. At the United States Geospatial Intelligence Foundation’s (USGIF) GEOINT 2023 Symposium held in St. Louis, Missouri, Government, military, industry and academic leaders gathered to celebrate the 20th anniversary of the event as the largest annual gathering of geospatial intelligence professionals in the nation and discuss ways to further the mission. This year’s theme, “From Maps to Metaverse,” gave tribute to the advancements within the GEOINT discipline and highlighted the innovative ways technology can help solve current national security challenges.

Carahsoft GEOINT Tradeshow Blog Embedded Image 2023The Current Metaverse

One of the overarching questions from the symposium was – what is the metaverse? From interactive whiteboards to keynote sessions, numerous experts chimed in to offer their insight on the topic including Christopher Johnson, Deputy Chief Technology Officer at the National Geospatial-Intelligence Agency (NGA), who defined the metaverse as a virtual representation of the world that has evolved in complexity over time. He elaborated, “The metaverse really isn’t a thing. It is more of a concept. It is how we interact with information in a new and novel way that we’ve never done before.” Johnson believes that the metaverse will fundamentally transform the way the world operates. The key to building an effective strategy for this shift will be technologists and end-user partnerships. According to Johnson this collaboration will look different than traditional Government partnerships and will require in-depth face-to-face conversations on the personal applications of the metaverse instead of just the engineering and design specifications.

While the current capabilities are barely scratching the surface of what could be possible for the metaverse, Johnson sees tremendous potential for utilizing the technology within the GEOINT community particularly for immersive training and military operations. By leaning in, exploring additional use cases and creating standards that can grow with the technology, Johnson believes it will unlock a whole new level of possible.

Enabling the Metaverse of the Future

The customization and adaptability potential make the metaverse both harder to define and to institute governing policies. Emerging agile software development with daily feature updates will require open standards to be implemented for effective and secure delivery. Johnson says it is imperative to start the process of creating these standards now and recommends the Government lean on international nonprofits to adapt some of the current standards and enable further technology development and implementation.

Dan Opstal, Acting Director of the National Civil Applications Center at the US Geological Survey, highlighted the role of data within the metaverse and the need to evaluate both the new ways data can be viewed and how much data the metaverse ingests to be able to operate. Opstal shared that a common theme for agencies and technologists is navigating oversight and privacy especially as the metaverse continues to expand and develop. Artificial Intelligence (AI) and machine learning (ML) will play a large role in sorting and standardizing the data for usage and close collaboration will be vital for instituting the legal frameworks to maximize these technologies.

Over his 40-year career at the organization Mark Chatelain, Chief Information Officer at the NGA, has witnessed the evolution from maps to the metaverse and noted the difference in requirements between the two. For maps, only a printing press and simple computer were necessary to display the information; however, with the metaverse and immersive AI, it necessitates immense computational capabilities and mobile communications to be invented and perfected for widespread implementation. Chatelain predicts that cloud data solutions and partnerships will be vital for storing the massive amounts of information that is expected to increase by over 1,500% in the next seven years. In addition to the data analysis, cloud and storage solutions, the NGA is also prioritizing the mobilization of its analysts to be able to work virtually and not be tied down to one location due to data access and computational power for high quality graphics at high speeds.

Maintaining and Improving the Workforce

To be able to modernize and adapt with the innovations in the field, the GEOINT community is looking into practical ways to invest in the current workforce and attract new talent. NGA leadership anticipates that the new generation’s fluency with technology will be an asset but also require a huge cultural change.

Ian Zearfaus, Director of the Human Capital Advanced Capabilities Office at the NGA, explained how offering visibility into all organization roles through an assignments marketplace is one new initiative that has opened up flexibility for employees. By encouraging lateral career movement, employees can advance further through exposure to new opportunities and skill growth. The NGA has seen great success with this initiative for the current workforce and it has become increasingly popular with the next generation as well. The NGA focuses on establishing cross-cutting and leadership competencies that provide employees with easily transferable skills within the organization. Zearfaus foresees data literacy, critical thinking and the ability to forge partnerships to continue to be highly sought after proficiencies. NGA coaching programs have also been a catalyst for employees to seek out micro-learning environments, find ways to maximize their strengths and ultimately climb an un-traditional career ladder to accomplish their goals. Additional innovative training methods have included role playing with virtual avatars to simulate co-worker and partner engagement and a pilot public-private talent exchange program with the Director of National Intelligence (DNI) to facilitate officer collaboration with the tech industry. In total, these efforts align with the NGA Strategic Workforce Plan to prepare for the workforce of 2026-2030 by leveraging internal talent and modernizing positions to align with future mission needs.

Overall, the GEOINT 2023 Symposium provided attendees with one of the most consistently presented solution drivers – the chance for collaboration and partnerships. Equipped with both the educational knowledge of the current themes in the GEOINT discipline and the perspective offered by agencies and industry, members of the broader GEOINT community left empowered to effectively utilize technology and achieve new heights.

 

To learn more about the topics discussed at GEOINT, listen to Francis Rose’s Fed Gov Today podcasts Part 1 and Part 2 co-sponsored by Carahsoft.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at GEOINT 2023.*

Insights from SOF Week 2023

Posted on by
Reply

By maintaining effective collaboration and innovation, the U.S. furthers its quality defense. This year’s SOF Week conference was held May 8-11 in Tampa, Florida. Organized by the Global Special Operations Forces Foundation (GSOF) and the United States Special Operations Command (USSOCOM), the event offered attendees an exhibition hall and extensive networking and educational programming to discuss advanced physical and digital security measures within defense operations.

The Importance of People

The Marine Forces Special Operations Command is initiating a new program called Cognitive Raider. This initiative’s goal is to operate parallel to the Marine Corps by making a difference on the battlefield through a robust workforce. There are several traits the Cognitive Raider initiative is looking for in applicants. Individuals must be prepared to secure assets against adversaries and be able to operate, not only as an individual, but also as a part of a team. Other vital traits are professionalism, dependability and modesty in relation to their achievements. The Marine Forces deliberately select candidates who display character and are prepared to learn special skills that build the organization up for success.

As the military aims to advance along with the dynamic evolution of technology, they must prepare for significant and unpredictable changes. Agencies may need to repurpose existing technology and investments to gain results in new areas that were previously considered low priority projects.

Carahsoft SOF Week Recap Blog Embedded Image 2023Artificial Intelligence Driving Innovation

In the digital age, and in the U.S. specifically, the economic ecosystem is digitally connected. This makes cybersecurity vital to every part of daily life. Bad actors can utilize AI’s abilities to hack software before defensive tools have been put in place; however, there are ways to mitigate these challenges.

AI technology drives efficient capability by improving agency understanding of technology and by accelerating decision-making. While humans can only make a few decisions a minute, AI can make hundreds of thousands of precise calculations and execute accordingly. This makes AI helpful in performing penetration tests to identify security weakness for offensive cyber operations. In finding these weaknesses, agencies can get ahead in the cybersecurity battle against threats.

Innovation in U.S. Central Command

Innovation is a vital part of the national defense sphere, and emerging technology can be leveraged to drive agency growth. This means employees must be properly prepared to use new software. To achieve this, agencies need to implement mechanisms and processes that encourage employees to enact change.

Team collaboration can help agencies reach grounded conclusions. Having tech partners is vital, as agencies can swap information on their respective expertise to help each other accomplish their goals and optimize processes. Schuyler Moore, the Chief Technology Officer for U.S. Central Command said she collaborates with other team members “…consistently to scan and ask folks about what processes are working, and what good ideas [they] have that might improve on how we do things.”

To best support timely tech updates and modernization, agencies should begin by shifting the organizational structure to create new pipelines and entities to sustain long-term innovation. In addition, agencies should prioritize projects in correlation with the shifting agency needs. By utilizing recurring exercises and group conversations, organizations can coordinate employee efforts and set expectations on priorities and goals.

Collaboration around new technology drives important innovation for national security. By facilitating the sharing of these ideas, SOF Week has spurred on new defense developments and shared knowledge.

 

To learn more about the topics discussed at SOF Week, view Francis Rose’s full Fed Gov Today episode co-sponsored by Carahsoft.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at SOF Week 2023.*

Cybersecurity Initiatives from TechNet Cyber 2023

Posted on by
Reply

The global prominence of technology, cyber power and cybersecurity is vital to U.S. political and economic success. At TechNet Cyber 2023, a conference held in Baltimore, Maryland, Government, industry and academic partners discussed solving global security needs. This year’s conference, which took place May 2-4, focused on numerous topics including Zero Trust, multicloud and defense strategies against bad actors.

Thunderdome: The New Zero Trust Framework

Thunderdome is the new Zero Trust framework to improve cyber security and posture, created by the Defense Information Systems Agency (DISA), a combat support agency that provides information technology and communications support. Lieutenant General Robert Skinner, the director of DISA, attests that Thunderdome meets 131 of 153 key standards that were laid out by the Department of Defense (DoD) as a part of its strategy for Zero Trust. With that and further growth, Thunderdome is well on its way to being a vital part of Zero Trust cybersecurity.

Carahsoft TechNet Tradeshow Blog Embedded Image 2023However, Thunderdome is not a one size fits all solution, as its scalability and modularity will require ongoing assessment. At the event, Lieutenant General Skinner highlighted three key components to understanding where Thunderdome fits into agencies. They are known as the “three Ps:” posture, position and partnerships. The first part, posture, evaluates where an agency stands with its technology and processes in relation to its cyber posture. The second element, position, is the utilization of these resources to achieve the best results. And lastly, partnerships form the cornerstone of maximizing business capabilities. In relationships with allies and partners, all participants can help each other and ensure that they are all on the same page.

Much of this manifests in Thunderdome’s process of improving agency posture with regards to the workforce. Through education, the right training, retention and hiring those with the right skillsets, agencies can improve their industry posture. Lieutenant General Skinner stressed that to support the current workforce, it is vital for agency leaders to “know and understand what their capabilities are to move them in the right place.”

The Pentagon’s MultiCloud Environment

The Pentagon’s multicloud environment is designed to give practitioners access to the best of technology. However, the complexity of the multicloud environment can lead to issues if not managed correctly. To combat this, Armon Dadgar, HashiCorp’s CTO and Co-founder, recommends forming a consistent way for practitioners to set up cybersecurity infrastructure on other platforms. As agencies seek to decomplexify systems, one way to achieve this in both the public and commercial sector is by establishing a consistent approach to the multicloud. Agencies should be intentional about instituting abstraction layers and begin by defining a central platform team to create a common blueprint across environments. This way, there is an organized standard for future processes.

Threats to Cybersecurity

Wanda Jones, a principal cyber advisor of the U.S. Air Force, discussed how to protect against hackers with evolving threats. Bad actors are aggressive, always moving and attacking industry’s weak spots. The best way to defend capabilities is to detect threats early on and respond in a timely manner. Agencies must always be monitoring and improving to stay on the offensive. A solid start to improving the Zero Trust is improving security architecture and providing access to those with known identities within the agency.

With the continued focus on cybersecurity, the Federal Government maintains the public’s safety and security.

 

To learn more about the topics discussed at TechNet Cyber, View the full Fed Gov Today episode co-sponsored by Carahsoft.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at TechNet Cyber 2023.*

7 Key Takeaways from HIMSS23

Posted on by
Reply

In April, over 40,000 global health professionals converged in Chicago for the highly anticipated HIMSS23 Global Health Conference & Exhibition. Over the course of five days, healthcare, government and technology leaders discussed everything from wearable medical devices and artificial intelligence (AI) to cybersecurity and compliance. Here are some highlights and key themes from the conference.

  1. Change is happening quickly: The buzz around ChatGPT offers a perfect illustration of just how quickly AI has become part of our everyday lives. There are many applications for AI in the healthcare space as well. In procedure rooms, cameras with AI can ensure processes are being followed, and thereby helping avoid malpractice. One key question circulating at the conference was: how can regulations be put in place to protect patients and practitioners’ privacy as this new technology starts to be implemented?

 

  1. Carahsoft HIMSS 23 Blog Embedded Image 2023The cloud is here to stay: Underpinning many new technologies is the cloud. As more healthcare organizations use hybrid and multi-cloud environments, compliance becomes increasingly complicated and important. This is particularly true considering regulations and data protection laws are constantly changing. One benefit is there is a lot of overlap between compliance requirements. Looking for these common requirements (i.e. encrypting sensitive data) can help organizations navigate the seemingly complex world of compliance.

 

  1. Data presents a paradox: Data holds tremendous potential to transform healthcare operations, but the promise of data-informed decision-making must be balanced with both the data overload felt by those on the front lines, and the preservation of patient privacy. Electronic health records (EHRs) have made the lives of doctors and nurses easier in many ways, but they have also required workers to document much more granular information to meet regulation and reimbursement requirements. As such, many workers are skeptical of health IT’s ability to alleviate burnout. Integrating data into the culture of the organization is the best way to ensure everyone is capturing the proper data and maximizing new technology investments.

 

  1. Pursue interoperability: Not just having the data, but sharing that information is also crucial. By improving access to clinical data across institutions, we can discover new therapies, lower medical costs and improve patient care; however, interoperability also requires compliance and due diligence. At HIMSS23, panelists from the National Institute of Standards and Technology (NIST) described how next-generation database access control can facilitate data-sharing without moving large volumes of data. This promotes interoperability while preserving local protection policies. Additionally, panelists from the Centers for Medicare and Medicaid Services (CMS) emphasized the importance of Fast Healthcare Interoperability Resources (FHIR) standards.

 

  1. Care is expanding beyond hospital walls: Increasingly, wearable technology is becoming a staple of healthcare, as it can help with monitoring everything from glucose levels to physical activity, in addition to supporting weight control and disease prevention. More than anything, wearables offer the opportunity to continue patient care outside the walls of the hospital, which reduces the cost of care. The data collected by wearable technology holds tremendous potential for analysis at both a patient level and the population level.

 

  1. Cybersecurity must be top-of-mind: While wearables have many benefits, they must be used with cybersecurity in mind. A continuous glucose monitor that connects to the internet and patient portal, for example, could put all patient data at risk if the device is compromised. That’s why an Institute of Electrical Engineers (IEEE) working group has developed a framework with Trust, Identity, Privacy, Protection, Safety, Security principles (TIPPSS) for keeping devices with sensors safe. The goal is to make TIPPSS the standard for clinical Internet of Things (IoT) devices first, then for other solutions.

 

  1. Privacy: Patient privacy was also a leading theme at HIMSS23. When working with AI, algorithms must be trained on large volumes of data. At the conference, panelists discussed how healthcare providers and tech companies can balance using this protected health information (PHI) to improve AI while still adhering to privacy laws like HIPAA. Data de-identification is one approach to get the most out of large volumes of data while maintaining patient privacy.

Overall a common thread throughout HIMSS23 was balance. Healthcare providers and tech companies must balance the promises of technology with due diligence, while working in partnership to develop innovative solutions. From data standards to data privacy, it is crucial to collaborate with the government to lay the right foundation for using these cutting-edge technologies.

 

Visit our Healthcare Solutions Portfolio to learn more about HIMSS 2023 and how Carahsoft can support your organization’s healthcare technology goals and initiatives.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at HIMSS 2023.*

Sea-Air-Space 2023 Showcases Strategic Insights for the Navy

Posted on by
Reply

As the landscape of defense technology across the United States Armed Forces continues to advance and transform, the military must also evolve and adapt with it. At Sea-Air-Space 2023, the Navy League’s Global Maritime Exposition, key leadership from the U.S. defense industry and government technology experts came together for educational and collaborative sessions across a variety of topics. A record number of attendees gathered for the three-day conference where many vendors including Carahsoft and 45 of its partners demonstrated their technology solutions to meet military needs. Fed Gov Today joined Carahsoft on the show floor to speak with military thought leaders on staffing, cybersecurity and more.

Carahsoft Sea-Air-Space Recap Tradeshow Blog Embedded Image 2023Sea Service chiefs attending the conference noted that currently, maintaining and developing the workforce is a high priority for the military as it emphasizes the role of people as resources. Defense agencies are looking to engage young, talented individuals interested in serving the armed forces.

“Whenever you see the defense budget start to go down…a lot of times you’ll see training and education reduced,” Carahsoft’s Program Executive of Navy and Defense Strategy, Mike McCalip, said. “What you end up with is a workforce that can be five or 10 years behind in technology.” To mitigate this, McCalip sees this as an opportunity for industry vendors to “help [the Navy] to educate and keep their workforce on the tip of the spear when it comes to technology.”

Another important concept discussed at Sea-Air-Space was the Department of Defense’s shift to ever evolving Zero Trust. Throughout the conference, Sea Service chiefs and tech vendors fielded many questions and conversations surrounding cybersecurity’s role within defense strategy. Military leaders and vendors shared an eagerness to collaborate and explore opportunities for growth together in the future.

 

Check out the rest of my industry insights and highlights from the event floor at Sea-Air-Space 2023 in my full blog at FedGovToday.com.