Critical Infrastructure in Cybersecurity: Innovation for the Transportation Sector

Posted on by Alex Whitworth

In 2021, the presidential administration passed the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, aiming to bolster the cybersecurity posture of critical infrastructure in the United States. Various agencies, such as the Transportation Security Administration (TSA), Department of Transportation (DOT) and the Cybersecurity Infrastructure Security Agency (CISA), have been working to continuously improve the security of the transportation sector, which oversees the movement of people and goods across the country.

The Transportation Sector

Within the transportation sector, initiatives have been taken to help fund cybersecurity improvements in an array of subsectors. The transportation sector includes:

Aviation: Approximately 450 commercial airports, 19,000 airfields, air traffic control systems, heliports, landing strips, joint-use military airports, sea plane bases, manned and unmanned recreational aircraft and flight schools^[1]
Highway and motor carriers: Managing roadways, bridges, tunnels and commercial vehicles such as motorcoaches and school buses traffic management systems
The maritime transportation system: Approximately 95,000 miles of coastline, 361 ports and over 10,000 miles of navigable waterways
Mass transit and passenger rail: Terminals, operational systems, transit buses, monorails, trolleys and rideshares
Pipeline systems: Carriers of natural gas, hazardous liquids and various chemicals
Freight rail: Major carriers, smaller, active railroads, freight cars and locomotives
Postal and shipping: Regional and local couriers, mail management firms, charters and delivery services^[2]

Security Directives

Due to persistent threats to the cybersecurity of critical infrastructure, including the transportation sector, the TSA issued multiple security directives for various transportation types, including railways and pipelines. These new directives require agencies to develop approved implementation plans that will help improve cybersecurity resilience, proactively assess the effectiveness of cybersecurity measures and prevent the deterioration of infrastructure.

The directive also requires that entities regulated by the TSA proactively work to implement amendments in the directive, including to:

Develop network segmentation policies so that Operational Technology (OT) can continue working, even when compromised
Prevent unauthorized access to critical infrastructure systems by enabling control access measures
Identify vulnerabilities and implement security patches for operating systems, applications, drivers and firmware to reduce the risk of exploitation
Detect malicious software and unauthorized access on Information Technology (IT) or OT systems and report designated incidents to CISA
Isolate infected systems from uninfected systems to limit the spread of malware, deny further access and to preserve evidence of compromise^[3]

A similar initiative, introduced by the DOT in 2022, aims to improve security awareness amongst employees. All DOT network users are required to complete the DOT’s Security Awareness Training, which is inspired by various federal requirements and the DOT Order on Department Cybersecurity Policy. The training measures employees’ knowledge in cybersecurity, including password and PIN protection and basic security for information systems.^[4]

By striving to improve the security posture of the transportation sector, the TSA, DOT and CISA endeavor to protect the safety of the nation.

Cybersecurity Funding for the Future

The DOT has also introduced measures to improve the national security posture. To leverage funding from bipartisan infrastructure, the U.S. Transportation Secretary Pete Buttigieg announced up to $45 million in grants for various University Transportation Centers (UTC). These grants will be utilized to improve the cybersecurity resilience of agencies affiliated with roads, bridges, rail, shipping and airspace. One of these grants will go to Clemson University to lead a consortium focused on cybersecurity research and development. Another of these grants will go to Prairie View A&M University to improve technology in the transportation system, including data related to artificial intelligence and environmental resilience.^[5]

Ever since the Colonial Pipeline attack of 2021, as well as other attacks on the cybersecurity of critical infrastructure of the United States, various agencies have done their part to improve the nation’s security. Through CISA’s hard work to create cybersecurity guidelines and cross-sector performance goals and the Federal Government’s generous grants, the nation’s critical infrastructure is postured to increase security and resolve potential crises.

This blog is the final installment in our four-part series, which examines cybersecurity initiatives inspired by The White House’s National Security Memorandum. The first three parts covered the basics of critical infrastructure cybersecurity, an overview of the Water and Wastewater Sector, and an overview of the Electric and Utility Sector.

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Resources:

[1] “National Infrastructure Protection Plan,” Transportation Systems Sector, https://www.dhs.gov/xlibrary/assets/nipp_transport.pdf

[2] “Transportation Systems Sector,” Cybersecurity and Infrastructure Security Agency, https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/transportation-systems-sector

[3] “Security Directives and Emergency Amendments,” Transportation Security Administration, https://www.tsa.gov/sd-and-ea

[4] “FY 2022 Department of Transportation Security Awareness Training,” Federal Motor Carrier Safety Administration, https://www.fmcsa.dot.gov/safety/fy-2022-department-transportation-security-awareness-training

[5] “U.S. Department of Transportation Funds Innovative Research Providing Vital Training for Next Generation of Transportation Leaders,” U.S. Department of Transportation, https://www.transportation.gov/briefing-room/us-department-transportation-funds-innovative-research-providing-vital-training-next

Make Invisible Talent Visible

Posted on by Kelley Steven-Waiss

With strengthening and empowering the Federal workforce as a key tenant of the President’s Management Agenda, the critical need for people with cybersecurity skills and an aging workforce, now is the time for government to re-evaluate how it looks at the skills of employees. Moving to a data-driven talent strategy allows agencies to match the right people to the right work at the right time which also enhances that employee’s experience and engagement with their work.

Progression not Promotion

The first step is realizing that skills are not a title. For too long, career success has meant moving up GS levels or in title. A change in title does not necessarily mean being exposed to new experiences, gaining new skills or even gaining responsibility. The growth that comes with new challenges is what keeps employees fulfilled. That can happen when employees move into positions across an organization. Sideways needs to be the new up – not just for the growth of employees but for the mission achievement of government.

Keep Talent in Government

People enter public service because they have a tie to the mission. They want to work for that organization with a line of sight toward that mission. They do not leave because they stopped believing in the mission, they leave because they have not been given an opportunity to grow and develop. Research shows that one third of millennials and Gen Z workers leave a job because they did not see an opportunity to grow their career.

Talent sharing across agencies is a concept whose time has come. Government employees need to see career path options outside of their current organization. Where can their skills make an impact in another office or agency? Seeing a growth path will keep the talent within the government ecosystem rather than losing them to good commercial companies.

Diversify the Workforce You Already Have

A data-driven approach can go a long way in driving out bias and growing equity. Across government there are many opportunities for people to get involved in steering committees, pop-up projects and short-term initiatives. However, getting involved requires employees to be informed. We assume that people will seek out these opportunities. Employees only network with people they know – this limits what they are exposed to. Employees miss opportunities every day that are tailor made for their skills and career goals.

A data-driven approach automates the ability to engage. Opportunities can be pushed to employees that meet specific skills and capability criteria. Those employees can then engage with the opportunity through a digital workflow allowing them to quickly and easily break into a new network within the organization. No longer are we dependent on who we know. Now technology becomes a proactive, enabling force in finding the best fit based on skills, not position or education.

Personalize the Journey

Studies show that 94% of employees will stay with an organization longer if they feel it is invested in them. Providing a dynamic career path backed by training and mentoring opportunities is a way to demonstrate commitment to an employee.

A one size fits all training program ends up fitting no one. Employees have come to expect a personalized experience from all of the brands they interact with – whether that is music or movie recommendations or reminders to order more toilet paper. Data-driven organizations can offer that same experience by feeding employees programs and trainings that people actually want to participate in and learn from.

For organizations, knowing the growth areas for employees allows for more targeted efforts in offering reskilling and upskilling opportunities to the people who will most quickly benefit from the training.

ServiceNow is proud to support organizations ready to make the leap to a data-driven skills-based model. Our recent webinar showed how to move away from spreadsheets and emails and begin managing skills in an automated way that works for everyone – HR, agency leaders, supervisors and employees. View the full session here to learn how to transform how you hire, reward and grow your team.

Personalized Digital Experiences in Government

Posted on by Josh Green

Personalized customer experiences have been a primary focus of US policy over the last few Administrations. President Trump made it a part of his President Management Agenda, and President Biden released an Executive Order mandating a transformation of the “Federal Customer Experience.” Further policies, including the 21st Century IDEA and the IT Modernization Act, provide additional sources of funding and policy to help governments address these rising customer needs, and while they have been around for a few years, they are still required to be fully implemented. Agencies need to take advantage of this momentum to continue improving citizen experiences and “recommit to being ‘of the people, by the people, [and] for the people” in order to solve the complex 21st century challenges our Nation faces.”

Building on the Foundations

During the COVID-19 pandemic, agencies across the US quickly stepped up and adapted to a rapidly changing world with rapidly changing requests coming from their constituents. Unemployment and labor issues, health and safety concerns, social services, childcare and schooling, and even more all immediately increased in scale for both requests for services as well as requests for reliable information. What was previously done largely in person now had to be done – by necessity – at a distance. Agencies began to lay the digital foundations which were necessary to adapt to this new normal. New landing pages for up-to-date Health information, portals for testing and vaccine distribution, digitized enrollment processes for social services and unemployment insurances, as well as relevant and personalized communications with residents, were all adapted to this new personalization at a distance.

Now that it has been a few years since the beginning of the pandemic, there is an opportunity for agencies to build upon these foundations that have been laid. By making interactions with the government easier, there is a corresponding increase in interactions that can help set the scope of where to move forward. Once a process has been fully digitized the next step would be personalization. Focusing in on the personalization of the customer experience not only promotes the kind of participation in our civic lives that the US was founded on but also promotes equity and accessibility through accounting for the unique needs of people with disabilities.

Personalization and Accessibility

Tim Berners-Lee, W3C Director and inventor of the World Wide Web, once said, “The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.” So it should come as no surprise that one of the requirements of the 21st Century IDEA is that as agencies modernize their websites, services, and forms, they must comply with the Web Content Accessibility Guidelines (WCAG) standard that was established in Section 508 of the Americans with Disabilities Act (ADA). The following principles are the guiding standards of the WCAG: Perceivable, Operable, Understandable, and Robust. This means that all these government services should have the ability to be easily viewed and used by anyone with a disability – such as no or limited vision; colorblind; physical, cognitive, or learning disability; and no or limited hearing – as well as any able-bodied residents with limited access to the service in question – such as rural communities, the elderly, or even those with limited bandwidth and/or mobile-only access.

Being truly accessible means more than simply purchasing or developing technology that is accessible itself; it means taking the entire process and thinking about it through the lens of accessibility and personalization. It requires having employees who are responsible for managing the different touchpoints and interactions between the customer and the agency and understanding how these customer journeys can be further personalized. It means delivering content that is individual for each constituent – based on personal needs, preferences, and abilities and each touchpoint and interaction within that journey.

The Future of Personalized Experiences for Government

It should no longer come as a shock that the need for government to provide modern and accessible digital experiences is here to stay. This opportunity for agencies allows for them to incorporate all of these digital foundations, the policies being put out, and the web standards being designed into a truly personalized and accessible digital experience. Look for ways that employees who are responsible for Section 508 and ADA compliance can work hand in hand (and receive funding from) the teams that are responsible for implementing the 21st Century IDEA, Biden’s Executive Order, and all the other associated policies with customer experiences. The future of government experiences is one in which, no matter who you are, where you are, or what you need, you have the freedom to engage in a truly personalized manner with your government.

View Adobe’s webinar to learn more about creating personalized customer-centric digital services.

Using Modern, Agile Dashboards to Power Today’s Government Programs

Posted on by Jim Dodson

Nearly every federal agency is currently tackling a major IT modernization project. The need for functional, transparent, and user-friendly project management systems has never been higher. But tracking, managing, and overseeing these projects can be difficult for the agencies involved. Projects like the Federal IT Dashboard that the General Services Administration (GSA) successfully relaunched in March 2022 is an example of how a unified, user-friendly, and cost-effective dashboard can give agencies the tools they need to manage an expanding portfolio of projects. This ambitious project, taken after the previous dashboard had aged and become too costly to maintain, is a big step forward for the agency.

The GSA wanted to create a one-stop, accessible version of the resource, which gave agencies the insight they needed to understand and better manage their IT portfolios and investments. Their investment in a contemporary, easy-to-use dashboard is a testament to the role that a powerful, modern dashboard system plays in government program management. A well-built dashboard delivers an overview of the agency or program’s state of affairs, giving agencies the visibility they need to make informed decisions.

The Value of a Single View Across Complex Programs

One of the biggest advantages a dashboard can bring to an agency is the ability to zoom in and out of complex, multi-faceted programs and projects. This interactivity lets agencies gain insight into their project and program structures at multiple levels.

Dashboards also help with project tracking, transparency, and accountability across internal and external stakeholders. The dashboard becomes an interactive map, allowing users to dive into the details at each level of the projects they contain, giving leaders the big-picture view they need to see the impacts of a multi-faceted project.

Custom dashboards are built for an agency with a specific use in mind. While these solutions offer incredible levels of customization, they can often be costly to develop and maintain. Fortunately, there are other options that are easy to use, quick to implement, and more cost-effective than their custom counterparts. Powerful enterprise dashboard platforms are one such option. They deliver a secure, easy-to-use, simple-to-understand viewpoint that can scale from the 10,000-foot view across the program portfolio to individual tasks in a single project.

The ideal platform can bi-directionally integrate with one or more instances of the agency’s favorite project management tool to deliver an aggregated, strategic, enterprise view of everything happening across those projects and programs. It’s also important to have native integration on top of a preferred project management platform. This can bring visibility to the work being done across multiple projects and programs and delivers insights that a standalone project management tool couldn’t, such as tracking overall operational performance and measuring risk.

Working with modern commercial software can help agencies of all sizes use informative, easy-to-use dashboards, helping teams connect strategies with their technical execution at a glance. As a strategic portfolio management tool, powerful dashboard platforms that integrate with a world-class project management tool let agencies see the bigger picture without having to invest in costly tools that are built from scratch and outdated as soon as they are deployed.

Here at Atlassian, we’re celebrating the modern, agile approach to project dashboards, and we encourage agencies to consider adopting similar solutions in the spirit of financial and developmental efficiency. Our mission is to help unleash the potential of every team. We believe effective dashboards can be a key component in bringing agency teams together to help them achieve their missions.

Download our whitepaper “Jira Align: Key Steps Toward an Adaptive, Efficient, and Effective Government” to learn how Atlassian is helping agencies meet their mission requirements!

Making the Most of the Infrastructure Investment and Jobs Act

Posted on by Phoebe Nerdahl

Breaking funding barriers to invest in infrastructure and more

The Infrastructure Investment and Jobs Act (IIJA) provides a historic $973B investment into America’s growing backlog of infrastructure needs. For decades, roads, bridges, water and wastewater networks, ports, and electrical grids have all lacked the funds needed to repair them. Besides addressing these critical infrastructure needs, the IIJA also includes $550B of new investments addressing critical, forward-thinking priorities such as digital equity, cybersecurity, and resiliency. This historic bill will help federal, state, and local government agencies address some of their community’s most critical needs.

There’s a great deal to look forward to in the IIJA, but it is also more complex than the other recent stimulus bills, such as the CARES Act and ARPA. As we all begin to unpack the benefits contained in it, one thing is for sure—it’s going to take time and effort for agencies involved to build and efficiently administer the new programs outlined. This will be a big undertaking, but agencies can lessen the load by ensuring their systems are leveraging modern tools that enable automation, speed, and agility.

3 steps to prepare your agency for the IIJA

Agency project management needs are about to explode. Federal agencies like the Department of the Interior or Department of Transportation will need to build processes and applications for receiving proposals, awarding discretionary funds, and tracking results. Meanwhile, state and local governments are going to need to manage most of the infrastructure projects themselves. Workflows, permits, inspections, contractors, and resource allocation will all be part of the process. That’s a lot to keep an eye on. For your agency maximize this once-in-a-generation investment, you’ll want modern technology solutions that bring together the agility, efficiency, and security you need to make it happen.

Replace outdated project management tools

How often do you find yourself hunting down details on a project’s status or trying to figure out why a project that was due yesterday is still delayed? How often are you updating quad charts or exporting data to a spreadsheet in order to sort and filter for answers? If the answer is “every week,” a project management tool update might be in order.

Agile project management tools help coordinate work in real-time and give you a bird’s-eye view of a project so you always know how things are going. They also allow you to dive in and see progress and problems on the ground, letting you resolve bottlenecks before they affect larger portions of a project. The insights and automation delivered by a modern project management tool can also lead to smoother, more efficient workflows.

Use an ESM approach with internal service workflows

An Enterprise Service Management (ESM) approach can save vast amounts of time within internal service workflows. Leveraging IT solutions to make workplace services from all departments more accessible and instantaneous can transform workplace efficiency. Forms with automatic routing and signatures, easy-to-set-up self-services with integrated knowledge guides, and efficient issue resolution can all become simple, intelligent online processes. This relieves the staff burden of phone support, filling in spreadsheets, and email overload. You can also use an ESM approach to ensure audit-ready communication trails are in place no matter how large a project is. Once your agency is up to speed, you can then expand ESM workflows to more efficiently engage with citizens.

Build in cybersecurity and verification best practices…right from the start

You already know security is crucial for agencies. Make sure it’s a top priority by using DevSecOps tools and methodologies when building new applications. DevSecOps takes the best practices of general DevOps, and adds security verification as an active, integrated part of the development process. A DevSecOps approach makes security a shared responsibility throughout an application’s lifecycle. This means building in security best practices from day one and having processes in place to update that security as standards change. It’s always simple to transition from waterfall to agile, but you don’t have to do it alone. You can find everything from hardened containers to Team Playbooks that can help your agency or program shift left.

Take advantage of this historic opportunity with Atlassian

Atlassian provides solutions that let you create a new framework based on automation, speed, and agility. We also provide best practices and playbooks for modernizing legacy systems. Whether you’re managing complex projects, building new efficient service workflows, or securely developing new applications, agency teams can work better together to turn this investment opportunity into meaningful outcomes for your communities. To learn more about how we help agencies create agile systems that bring everyone together, contact your Atlassian representative for more information.

| Carahsoft

Tag Archives: Government Executive Order