Weekly Wrap-Up
Week of September 20, 2021
ADI Hosting USCIS Reverse Industry Day - Sep. 28
ADI is excited to participate in the upcoming USCIS Reverse Industry Day on September 28. ‎

This Reverse Industry Day is to discuss barriers to federal contracts for non-traditional companies.‎

Member-Representatives from ADI companies will be moderating two panels, discussing topics such as: what is a non-traditional company; purpose of ADI; Panel 1, Issues/barriers and hurdles briefing; and Panel 2, specific barriers to doing business with the government.

This event is free and open to all. Please email jstallsmith@hq.alliance4digitalinnovation.org for the calendar ‎invitation.‎
Where is the Cloud Going Next? Ask USD, GSA
(Federal News Network) The Agriculture Department and the General Services Administration have been out in front of the federal government’s move to the cloud for a decade.

USDA was among the first agencies to take their email to cloud in 2010. It also was the first agency to test out the IT Centers of Excellence, which included a specific focus on data center consolidation and cloud adoption.

GSA, both internally and from an acquisition perceptive, has made cloud services a focus since it bucked the trend and moved to Google for office productivity tools and launched an email-as-a-service contract vehicle in 2011.

So like the old EF Hutton commercial — I know I’m dating myself — but when GSA and USDA talk, other agencies should listen.
Tech Industry Group Weighs in on Federal Zero Trust Strategy
(Nextgov) The Information Technology Industry Council, which represents dozens of large tech firms, offered recommendations Wednesday to the Office of Management and Budget regarding draft guidance on zero-trust cybersecurity architectures the agency published in early September.

The guidance sought public comment on an overarching federal policy from OMB as well as draft technical reference architecture and maturity model from Cybersecurity and Infrastructure Security Agency. The guidance followed President Biden’s May executive order on strengthening cybersecurity across the federal government, calling out numerous specific tools and tactics based on the concept of zero trust.  
Evolving Agency Cybersecurity Practices to Meet Executive Order Goals
(MeriTalk) At the highest levels of the Federal government and the private sector, officials have recognized that cybersecurity is a national security issue. A series of policy and technical documents and high-level meetings this year have reinforced this notion. Chief among them is President Biden’s cybersecurity executive order (EO), which outlines a wide-ranging and ambitious series of actions Federal agencies must take to better secure government operations. MeriTalk recently talked with Jim Richberg, field chief information security officer at cybersecurity firm Fortinet, who is uniquely qualified to assess the potential impact of the cybersecurity EO and the actions that agencies must take to realize its promise. Prior to joining Fortinet, Richberg was the senior federal executive focused on cyber intelligence within the U.S. intelligence community. He helped build the discipline of cyber threat intelligence analysis and is an innovator in measuring cyber performance, risk, and return on investment.
Federal Agencies Warn Companies to be on Guard Against Prolific Ransomware Strain
(The Hill) The FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a warning to U.S. organizations to be aware of a specific type of ransomware that has already wreaked havoc on hundreds of groups.

The agencies issued a joint alert specifically warning groups to be on guard against the Conti ransomware variant, with the agencies noting that 400 U.S. and international groups had already fallen victim to Conti.

“The cyber criminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB), prior to Conti campaigns, and the advisory highlights actions organizations can take right now to counter the threat,” Rob Joyce, director of Cybersecurity at NSA, said in a statement Wednesday. “We highly recommend using the mitigations outlined in this advisory to protect against Conti malware and mitigate your risk against any ransomware attack.”
In Tech We Trust: Confidence in Federal Technology Opportunity Dwarfs Faith in Government
(MeriTalk) In this era of political division, technology can be a unifier. While only 15 percent of Americans say they trust the Federal government to do what is right for them and their families all or most of the time, the vast majority (68 percent) say Federal spending on technology is worth the investment. That sentiment crosses party lines, with 79 percent of Democrats, 56 percent of Republicans, and 60 percent of independents in agreement.

That’s one of the biggest takeaways from new research released today by MeriTalk and The Associated Press-NORC Center for Public Affairs Research. The survey of more than 1,000 adults in the U.S. was conducted in June 2021.

The survey results show a dramatic bifurcation in how Americans regard the promise and value of technology, versus their feelings about the competence of the Federal government. Among the most dramatic findings:
  • Just 9 percent feel confident in the government’s ability to spend money in the public interest
  • But, 78 percent say technology investment is key to improving the United States’ standing as a global economic leader
Nominations for the National Artificial Intelligence Advisory Committee Are Flowing In
(Nextgov) The Commerce Department is actively recruiting candidates to serve on the government’s newly-formed National Artificial Intelligence Advisory Committee, or NAIAC—where they’ll inform President Joe Biden and agencies on issues raised by the emerging technology.

At least nine members will serve up to two consecutive three-year terms on the committee, according to a recently released call for nominations. The National Institute of Standards and Technology is charged with providing administrative support to the high-level group.

“The announcement was posted just over a week ago and we have already had a good deal of interest, with more than 65 submissions so far,” NIST’s Public Affairs Director Jennifer Huergo told Nextgov on Friday.
White House Nominates John Sherman for DOD CIO
(FCW) President Joe Biden has nominated John Sherman, the Defense Department's acting CIO, to hold the top tech job on a permanent basis.

Sherman was named DOD's principal deputy CIO in 2020 and has been acting in the CIO role since January. Under his leadership at DOD, Sherman has overseen major enterprise initiatives from the coronavirus pandemic-spurred commercial virtual remote telework capability to the cancellation and pivot of the embattled Joint Enterprise Defense Infrastructure cloud contract.

Sherman, who has spent 25 years in national security, was previously the CIO for the intelligence community in the Office of the Director for National Intelligence during the Trump administration. He also served as the deputy director for the CIA's Open Source Enterprise and as a deputy national intelligence officer on the National Intelligence Council.
Auditors, Contractors Hang in the Balance as Defense Overhauls Cybersecurity Certification Program
(Nextgov) Hundreds of individuals have paid for their place in line to take an exam that would qualify them to perform cybersecurity assessments of defense contractors that may no longer be necessary after the department reexamines its Cybersecurity Maturity Model Certification program.

Under the current system, defense contractors can simply declare—or “self-attest”—their adherence to cybersecurity controls outlined by the National Institute of Standards and Technology. With an interim rule issued Sep., 2020, CMMC would institute third-party verification of the cybersecurity practices—depending on five levels of risk—given the continued loss of intellectual property to Chinese hackers, officials said.
IT Modernization
OPM Seeks 'Dedicated Funding' for IT Modernization; Kiran Ahuja Quoted
(ExecutiveGov) The Office of Personnel Management (OPM) has agreed to the National Academy of Public Administration’s (NAPA) recommendation to Congress to provide more funding that will support OPM's information technology modernization efforts, FedScoop reported Monday.

OPM recently released its response to the congressionally mandated report of NAPA, which urged the agency to prioritize IT modernization and ask for resources from the lower house for the development of its digital platforms and programs. 

OPM, an agency that serves as the chief human resources bureau of the federal government, said it needs “dedicated funding” for major IT advancement initiatives and authority from Congress to establish an IT working capital fund.
Connectivity is Still the 'Building Block' for IT Modernization
(StateScoop) The COVID-19 pandemic accelerated the pace of modernization in cities of all sizes around the country over the past 18 months. But to take the next step in their digital transformation efforts — to enable innovations like new digital services, data-driven decision making and connected infrastructure — local government technology leaders say there’s a few common key elements, like universal network connectivity and robust data analytics platforms, that are foundational to their IT modernization strategies.

The primary “building block” for a successful digital transformation, especially following the sudden increase in reliance on at-home internet connections during the pandemic, is affordable and reliable at-home broadband for both city staff and residents, said Grace Simrall, the chief of civic innovation and technology for Louisville, Kentucky. Despite becoming one of the first cities in the country in 2011 to develop an innovation team in local government, Louisville still faced connectivity challenges similar to those faced by thousands of other cities at the onset of the pandemic.
FITARA Scores Are the Push Agencies Need to Improve Basic Federal Cyber Hygiene
(Nextgov) Unsurprisingly, the key topic of discussion around the FITARA 12.0 Scorecard was cybersecurity. Few agencies are doing it well, many don’t have the strongest cyber posture, and improvement is needed throughout the federal government.

Agencies are under a sharper political and regulatory microscope and are being pushed to engineer better defenses. During the FITARA hearing on July 28, while the agency’s overall scores were positive, cybersecurity grades were harsh: only two agencies scored A grades, five received B grades, eight earned C grades, seven received D grades, and one agency earned a failing grade.

And, a recent bipartisan Senate report found that two years after a 2019 report on federal agency cybersecurity, there are still systemic failures at several agencies when it comes to safeguarding data.
Member News
What You Need to Know About the Executive Order on Improving the Nation's Cybersecurity and how AWS Can Help
(AWS Public Sector Blog) On May 12, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity.” The executive order followed a series of high-profile information security attacks and ransomware incidents targeting the public and private sector. President Biden’s executive order emphasizes the need to elevate information security as a core tenet of national security, and calls on federal agencies and public sector organizations to work with the private sector to prioritize the data security and privacy of the American people and government. Amazon Web Services (AWS) and AWS Partners can help government agencies align with the initiatives in this executive order.
VMware Earns FedRAMP High Authorization in Partnership with AWS
(FedScoop) VMware has received a Federal Risk and Authorization Management Program (FedRAMP) High authorization for its VMware Cloud product.

VMware partnered with Amazon Web Services and leveraged its AWS GovCloud infrastructure to receive the authority to operate, making it easier for agencies across government to use its virtualization and multi-cloud offerings for sensitive workloads.

High is the most secure of three authorization levels that cloud service providers can achieve when seeking approval through FedRAMP. Each CSP is assigned one of three levels: low, medium, or high.

The U.S. Marshals Service sponsored VMware’s FedRAMP authorization process, which began in March of 2019, according to the FedRAMP Marketplace.
If you would like to have your story featured in ADI's Member News, please contact ADI's Policy & Communications Manager, Jaishri Atri.
Questions? Inquiries? Please e-mail: info@hq.alliance4digitalinnovation.org