Feds at the Edge

AI is just another tool in the technology market, only becoming a powerful resource when agencies learn how to best utilize it to reach mission goals.  

This week on Feds-At-The Edge we explore several insights on deploying AI effectively for the federal government landscape.  

Caroline Carusone, Deputy CIO for NRC, discusses AI’s potential in identifying security risks and solving complex engineering challenges, like improving atomic reactor designs.  

Luke Keller, Chief Innovation Officer at the US Census Bureau, explains AI's role in handling massive datasets, enhancing earth observation for accurate population counting, automating data ingestion, and metadata classification.  

And Kurt Steege, CTO for ThunderCat Technology, introduces the concept of "multimodal AI," which processes data in multiple formats, broadening its utility. 

Tune in on your favorite podcasting platform as the panelists stress the importance of reliable data, experimentation to explore AI's capabilities and limits, and defining specific use cases to use AI responsibly. They emphasized a strategic, ethical, and well-managed approach to AI deployment in federal agencies.  

Software as a Service (SaaS) is incredibly enticing with its ease and affordability, however despite the heavy lifting being done for you, the responsibility of protecting your data and network remains in your hands.  

This week on Feds-At-The Edge we sit down with Eoghan Casey, VP of Cybersecurity Strategy & Product Development for Own Company, who highlights essential security practices for agencies using Software as a Service (SaaS).  

>> Understanding data visibility- What's sensitive and what’s not 

>> The importance of continuous monitoring and backing up your systems on a regular basis  

>> Scheduling regular tests to ensure you know how long it will take you to identify, mitigate, and recover from attack.  

Tune in on your favorite podcasting platform today to get the inside scoop from Eoghan, including his thoughts on where AI and machine learning have a role in your SaaS environment.  

If you’ve tuned before then you’ve heard the three magic words; People, process, technology. While technology often takes the spotlight, there’s a reason why “people” come first.  

This week on Feds-At-The Edge we explore the cultural shifts agencies are prioritizing to achieve zero trust.  

Jothi Dugar, CISO at NIH’s Center for Information Technology emphasizes the age-old advice, communication is key. Federal leaders should speak a language all stakeholders understand, and responsibility should be placed in the hands of the many and not the hands of the select few. 

We’ll also explore the benefits of collaborative group environments where everyone contributes to change. 

Matthew Posid, a Principal & CSO with KPMG shares how real-world zero trust examples can help technical leaders buy-in.  

Tune in on your favorite podcasting platform to hear more about the importance of continuous learning, experimentation, and collaboration to navigate these complexities. 

In today’s data-driven world, network systems are under immense pressure to handle increasing loads of data while staying compliant in a rapidly evolving landscape. How can agencies effectively secure their systems when every little nook and cranny requires oversight?  

This week on Feds-At-The Edge we explore how microsegmentation is emerging as a vital strategy for agencies working toward a robust zero-trust architecture.   

Rob Thorne, CISO of U.S. Immigration and Customs Enforcement, highlights how complex systems often have hidden connections unknown to administrators, which micro-segmentation can reveal. 

We will also dive into how machine learning and AI can be utilized to identify exactly what is on your network so you can ensure end-to-end security. 

The concept of "continuous" protection, inspired by continuous software development, is gaining traction among federal tech leaders in response to rising cyber-attacks.  

This week on Feds At the Edge, we sit down with subject matter experts who provide guidance for transitioning from the basic “Authority to Operate” snapshot in time to a “Continuous Authority to Operate.”  

Col Bryan A Eovito, Commanding Officer, for the Marine Corps Cyber Operations Group, emphasized the value of establishing a baseline for comparison to detect discrepancies, warning that low-code/no-code solutions have vulnerabilities too.  

Major Ben Hunter, Deputy Chief Information Security Officer for US Army Software Factory, explained that reaching ATO first allows for transitioning to Continuous ATO, with success measured by how quickly security patches can be applied and systems recovered. 

Tune in on your favorite podcasting platform as our experts talk about the importance of good partnership between public & private sectors to take advantage of a wide range of solutions.  

= = 

Your agency will be attacked. Even if we look at the most conservative estimates, a company like Statista shows 32,211 attacks on federal agencies in 2023. The conclusion is obvious: you will be attacked and must have a way to remediate the problem.

Today, we sat down with three experienced cyber professionals to hear suggestions on improving federal cyber security resilience.

Russel Marsh from the National Nuclear Security Administration observes that federal employees may work 9 am to 5 pm every day, but malicious actors do not. The best practice here is to have a checklist of what to do in an “off-hour” emergency.

As part of a resilience strategy, focus on device and asset attribution, as well as the ability to discard certain devices. Conduct tabletop exercises and simulations to assess incident response and communication processes.

Flexera’s Dylan Hudak has seen federal systems with unsupported applications still on them. Visibility and proper software lifecycle policy can remedy easy problems like this.

This week on Feds At the Edge, sit down with an industry expert and state election officials from Pennsylvania, Florida, and Georgia to focus on election security challenges and solutions.   

Challenges: 

>> Traditional threats like disinformation and denial-of-service (DoS) attacks continue to be significant. There is also a growing concern about the physical threats faced by election officials, leading to high turnover rates. In Pennsylvania, 2/3 of officials have left their positions, resulting in an influx of new, less experienced staff. 

Solutions: 

>> Tabletop exercises are an easy and cost-effective method to prepare for potential issues. They are able to clarify procedures for responding to unexpected attacks and who to contact. The Help America Vote Act offers funding to improve election security, and testing systems while maintaining cybersecurity is essential. Resources from NIST and CIST provide valuable, targeted guidance to support election officials.  

Tune in on your favorite podcasting platform as our experts discuss the importance of practical training, funding, and cybersecurity in securing elections.  

 = =

In a world of rapid change and threat, organizations need to be ready and waiting with a plan. One good approach some are taking to navigate an ever-evolving landscape is to lean on a “digital playbook.” Customized to each situation and the unique and individual needs agencies big and small have, these playbooks could make the difference between a scramble and a smooth transition.  

This week on Feds At the Edge, leaders from the Federal and commercial sectors discuss the integration of digital playbooks in federal modernization, emphasizing the blend of people, processes, and technology. 

AI is an essential part of a digital playbook, with guidelines for ethical use, bias training, and data security. Rear Adm. Christopher Bartz, Deputy CIO of DHS, talks about the AI Corps exploring ways AI can increase security and reduce system costs. 

The 2021 Colonial Pipeline incident has stood in history as a prime example of the importance of cyber resilience for critical infrastructure. This week on Feds At the Edge, we delve into the call-to-action events like this have created for agencies everywhere and the resources available for even the smallest entities.   

Cheri Caddy, Senior Technical Advisor for Cybersecurity at the US Department of Energy, talks about resources like CISA & NIST, but suggests that private companies should also build ties with local FBI offices.   

Brendan Peter, VP, Global Government Affairs of SecurityScorecard, notes the importance of continuous risk assessment and evaluating the impact of policies to ensure they actually reduce cyber threats. 

When a network is attacked, analysts return to the logs to gain an understanding of where the point of vulnerability was, which makes keeping these records a crucial tool in cyber resilience.  

However, a lack of staff, poor existing systems, and limitations on information sharing in our increasingly complex and hybrid landscape could prevent agencies from keeping their records reliable and up-to-date.  

This week on Feds At the Edge, leaders from the Federal and commercial sectors share they ways they’ve been able to overcome the hurdles they face when logging events.

Tate Jerussi, Director of Civilian, August Schell, and Former Deputy CIO at DOE HQ highlights prioritizing critical logs and utilizing existing tools to address these issues. And Derrick Lawson, Staff Solutions Architect at Splunk, recommended following established guidelines, such as the MITRE ATT&CK framework.  

Tune in on your favorite podcasting platform as our experts reinforce the idea of embracing OMB 2131 as a logging standard and leveraging frameworks from organizations like MITRE to improve event logging practices and enhance security.