Weekly Wrap-Up
Week of September 13, 2021
ADI Hosting USCIS Reverse Industry Day - Sep. 28
ADI is excited to participate in the upcoming USCIS Reverse Industry Day on September 28. ‎

This Reverse Industry Day is to discuss barriers to federal contracts for non-traditional companies.‎

Member-Representatives from ADI companies will be moderating two panels, discussing topics such as: what is a non-traditional company; purpose of ADI; Panel 1, Issues/barriers and hurdles briefing; and Panel 2, specific barriers to doing business with the government.

This event is free and open to all. Please email jstallsmith@hq.alliance4digitalinnovation.org for the calendar ‎invitation.‎
Diversity in Cybersecurity
Leveraging Diversity to Enhance Cybersecurity
(InfoQ) 2020 & 2021 have shaken the foundations of every facet of our lives. From our health, our jobs and finances, to our governments and our law enforcement. These systems will be rebuilt in our lifetime - and we all need to ask ourselves: what can we do to ensure cybersecurity alleviates the bias that exists today? Ensure there is a diverse mindset applied to cybersecurity you and your organizations face. This means including non-technical people, those from non-traditional backgrounds, and being intentional about avoiding herd mentality. 

If we as an industry proclaim security in depth as a best practice, we must equally ensure diversity in depth to ensure we have most effectively mitigated the risks that abound. 
Report: Fostering a Diverse Cybersecurity Workforce
(FCW) The range of backgrounds and experiences among the workforce directly impacts the mission in cybersecurity, experts said during an event focused on the diversity of the cybersecurity workforce hosted by the Aspen Institute's Tech Policy Hub and Aspen Digital on Sept. 9.

A report released the same day offers recommendations for how to foster a diverse cybersecurity workforce, a remaining area for growth in an industry also characterized by a notoriously tight labor market.

The report found lagging levels of participation on the cybersecurity workforce among Hispanics, Blacks and women, as compared to their share of the overall population.
New Report Outlines Concrete Steps to Diversify Cybersecurity
(GovTech) The U.S. faces a massive demand for cybersecurity professionals, yet organizations continue overlooking talented candidates who could help meet that demand and advance the field, said speakers during a report launch event held by the Aspen Institute last week.

Traditional hiring practices often home in on white, male recruits with pricey cybersecurity certifications, to the extent that employers often dismiss or simply fail to consider many other candidates, speakers said. These approaches often impose additional obstacles for people of color and women wishing to join or progress in the field.

The exclusionary impact of these hiring strategies — whether accidental or intended — is both a moral problem and a national security one, said U.S. Rep. Lauren Underwood, D-Ill. Failing to bring in all available talent leaves the industry missing out on important ideas, and relying heavily on candidates with similar backgrounds makes cybersecurity teams less informed and less able to catch each other’s blind spots, because the teams can only draw on a narrow range of viewpoints and lived experiences, she said.
Aspen Report Finds Scant Diversity in Cyber Field
(MeriTalk) A recent report by the Aspen Institute found that despite existing efforts to improve diversity, equity, and inclusion (DEI), the cybersecurity field remains mostly homogenous among technical practitioners and policy thinkers.

According to the report, only an estimated four percent of cybersecurity workers self-identify as Hispanic, nine percent as Black, and 24 percent as women.

“The national reckoning on racial justice that began in mid-2020, prompted by the murders of George Floyd, Breonna Taylor, and other Black Americans at the hands of police, has further clarified that current DEI efforts, however well-meaning, have not addressed the overwhelming white-ness and male-ness of the cybersecurity field,” the report says.

To diversify the cybersecurity industry, Aspen Digital and the Aspen Tech Policy Hub have made recommendations across two categories: immediate actions and actions requiring further investment.
More in Zero Trust
Funding OMB's Zero Trust Mandate May be the Toughest Part of the New Strategy
(Federal News Network) About the time the Office of Management and Budget released its draft zero trust strategy last week, Mittal Desai, the chief information officer at the Federal Energy and Regulatory Commission (FERC) was presenting his fiscal 2023 technology budget submission to the agency’s chairman and other leadership.

Desai said the first question FERC Chairman Richard Glick asked wasn’t about topline numbers or the significant increases to modernize applications and networks.

“The first question he asked was ‘do we have enough adequate security protections and do we have enough services in there to make sure we can protect our assets?’ Just hearing that from him is something that we know from the top just how important security requirements are,” Desai said during Sept. 8 panel sponsored by AFCEA Bethesda chapter. “They fully understand IT budgets are going to increase, these threats are frequent, these threats are constant and how do we adapt to be agile to protect our data assets?”
OMB Preparing Agencies for Three-Year Sprint to a New Cyber Standard
(Federal News Network) The National Institute of Standards and Technology published its zero trust architecture special publication in August 2020.

The Defense Department issued its zero trust reference architecture in April.

In May 2018, the Federal Chief Information Officer’s Council asked the industry group ACT-IAC to evaluate the technical maturity, availability for procurement and important issues related zero trust.

And then when you add the dozens of vendors who jumped on the zero trust bandwagon and are promoting their assorted capabilities, the entire discussion around what is zero trust has become murky and lacked precision.

This is what the Office of Management and Budget’s draft zero trust strategy, released on Sept. 7, is trying to change by bringing this cybersecurity approach together across government. The strategy is one of several ongoing deadlines detailed in the May executive order from President Joe Biden.
OMB, CISA Unveil Plans to Shift to Zero Trust Architecture
(HealthITSecurity) The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) are requesting public comment on newly proposed strategies and guidance that support the federal government’s shift toward a zero trust architecture, the White House announced.

The announcement follows close behind an executive order signed in May that pledged to improve the nation’s cybersecurity in light of recent cyberattacks on US critical infrastructure entities. A major attack on Colonial Pipeline that disrupted 5,550 miles of the company’s fuel supply chain served as a major catalyst to the Administration’s increased focus on cybersecurity.

Hackers continue to target small and large healthcare organizations nearly every day, resulting in care disruptions, EHR downtime, and significant data loss. Implementing a zero trust architecture could also prove critical to ensuring cybersecurity in the healthcare sector, not just the government.
CISA Tells Agencies They Don't Have to Go it Alone on Zero Trust
(Federal News Network) The Cybersecurity and Infrastructure Security Agency is highlighting the services it will make available for agencies so they can meet the goals of the newly mandated zero trust security architecture.

CISA’s draft “Zero Trust Maturity Model,” released publicly this week, isn’t entirely new. Sean Connelly, program manager of Trusted Internet Connections at CISA, said CISA sent the document to agencies in June, shortly after President Joe Biden’s May executive order on cybersecurity directed agencies to come up with zero trust implementation strategies.

“Agencies were just asking for some quick relief, some quick orientation on how to build out zero trust,” Connelly said during a Sept. 8 event produced by NextGov. “There’s a number of maturity models out there, both on the vendor side, and again on the [Defense Department] side. But we built ours more on the civilian side.”

The Office of Management and Budget is telling agencies to reach a basic zero trust maturity level by the end of fiscal 2024.
Artificial Intelligence
US Must Not Only Lead in Artificial Intelligence, but Also in Its Ethical Application
(The Hill) Artificial intelligence (AI) is sometimes referred to as a herald of the fourth industrial revolution. That revolution is already here. Whenever you say “Hey Siri” or glance at your phone in order to unlock it, you’re using AI. Its current and potential applications are numerous, including medical diagnosis and predictive technologies that enhance user interactions.

As chairwoman of the U.S. House Committee on Science, Space, and Technology, I am particularly interested in the potential for AI to accelerate innovation and discovery across the science and engineering disciplines. Just last year, DeepMind announced that its AI system AlphaFold had solved a protein-folding challenge that had stumped biologists for half a century. It is clear that not only will AI technologies be integral to improving the lives of Americans, but they will also help determine America’s standing in the world in the decades to come.
Member News
End-of-Summer Crunch Time for Ed Tech Teams
(DARKReading) Another school year is beginning — and with it the concern over rising COVID numbers, in-school mask mandates, and calls for (and against) hybrid learning.

While summer months offer necessary downtime for educators, they are the busiest for educational technology (ed tech) teams. Over the summer, all network upgrades are completed, new platforms are onboarded, new devices are asset tagged and configured, and fresh images are deployed to old computers.

There is an influx of new staff needing support, in addition to veteran employees who need assistance matching old devices with new classroom technology. As the school year begins, there's a greater need for technical staff to support teachers as students enter their classrooms.
If you would like to have your story featured in ADI's Member News, please contact ADI's Policy & Communications Manager, Jaishri Atri.
Questions? Inquiries? Please e-mail: info@hq.alliance4digitalinnovation.org