What’s New This Week:
Pentagon’s Cyber (In)Security Revealed
It was another stormy week—literally and figuratively speaking. Hurricane Michael hit the Florida Panhandle and earned the title of one of the most vicious storms at landfall in U.S. history. NASA’s cameras outside the International Space Station were able to capture details of the fast-moving hurricane.
Another storm was brewing at the Pentagon, which dominated the headlines after a government watchdog revealed that the Defense Department hasn’t done enough to protect its critical weapons systems from cyberattacks. The Government Accountability Office asked to assess the cybersecurity of the Pentagon’s $1.66 trillion major weapons systems program and found several vulnerabilities that left officials scrambling, according to GAO’s newly released report.
Simply taking steps to prevent future vulnerabilities isn’t enough, GAO said. A lack of skilled cybersecurity professionals is a real problem for the Defense Department and the agency will have to find other ways to ensure security flaws are fixed before reaching the field. Because cybersecurity talent is in short supply, expect agencies facing similar challenges to start sharing skilled personnel across organizations. BGOV’s Chris Cornillie explains more in this week’s exclusive story.
Speaking of shared resources, things aren’t looking too great for the federal government’s civilian computer networks either. The National Cybersecurity Protection System has detected only 1 percent of cyber incidents since April 2017, the Office of Management and Budget recently found. Ron Johnson, chair of the Senate Homeland Security Committee, cited the data during a hearing last week and criticized federal agencies for their inability to protect data and networks.
Meanwhile, federal agencies are scrambling to meet Homeland Security’s Oct. 16 deadline to implement the Domain-based Message Authentication, Reporting and Conformance protocol, known as DMARC. The directive was issued nearly 12 months ago to tighten email security. Despite all the hype surrounding DMARC adoption, there are major concerns that implementing it will give agencies a false sense of security.
On a related note, there is some good news on the federal authentication front. The government is deploying two-factor authentication for federal agency dot-gov domains. That means federal and state employees in charge of government websites will soon be required to access their administrative accounts using the method.
We can’t argue with the benefits of adding an extra layer of security! There’s more news where that came from, so keep reading…
“We are continuously strengthening our defensive posture through network hardening, improved cybersecurity, and working with our international allies and partners and our Defense Industrial Base and Defense Critical Infrastructure partners to secure critical information.”
—Pentagon spokesperson Audricia Harris
In the Cloud
JEDI Contract Faces More Backlash
The Defense Department lost a potential bidder for its $10 billion cloud contract known as JEDI, when Google dropped out of the competition. Then IBM became the second company to file a bid protest against the contract over its single-vendor approach. Read more.
Meanwhile, Microsoft Closes In on Amazon
Microsoft said it has achieved the required security levels to host the government’s intelligence data on its Azure cloud network. The move could put the tech giant in close competition with rival Amazon for the JEDI contract, now that Google is out of the picture. Read more.
Strategy & Leadership
Improved IT Workforce Is Key to Innovation
The U.S. government’s lack of a better IT and data-knowledgeable workforce is the reason why federal innovation is not moving as fast as it should, according to Margaret Weichert, who recently took over as acting director of the Office of Personnel Management. Read more.
Agencies Search for New Deputy CIOs
The summer was a busy time for personnel changes in federal IT. Among those departing is now-retired U.S. Citizenship and Immigration Service Deputy CIO Keith Jones. Other execs have moved on to new roles. Read more.
Eye on Security
Bots Becoming Harder to Recognize
Regulators are worried that advanced bots could influence their decision-making by sending phony comments to agencies. Yet agencies claim they’re able to identify fake mass campaigns designed to increase the number of comments in favor of—or against—a proposed rule.
Army Actively Recruiting Cyber Talent
The Army is in the process of developing a “holistic talent management strategy” to recruit, educate, and retain cybersecurity personnel. One of the program’s goals is to bring in civilian cyber professionals and commission them as officers right away. Read more.
Pentagon Can’t Pinpoint AI Spending
Creating a budget for AI programs is not an easy task because of the technology’s broad definition, Deputy Secretary of Defense Patrick Shanahan said during a recent roundtable. That’s just one of the reasons why the Pentagon doesn’t know exactly how much it’s spending on AI. Read more.
Future of Blockchain in Government
While the government can greatly benefit from blockchain, the technology is still in its infancy and adoption is expected to be slow. So far, research on blockchain in in the public sector shows federal agencies are thinking about it, but testing has not started yet. Read more.
Thanks for reading this week’s edition of Bloomberg Government’s Technocrat!