Making progress on IT modernization and cybersecurity
The state of IT modernization in the federal government will always be a work in progress. There will always be new ways we can help agencies use technology to communicate with their stakeholders more effectively. There will always be new things that can be adopted to serve citizens more efficiently. And unfortunately, there will always be new cyber threats that require connected, built-in security. Today’s IT modernization efforts go hand-in-hand with securing all the data and systems at a fundamental level.
The U.S. government is a few months into the new calendar year and a little over a year into a new administration. Many IT modernization projects and programs across the federal government are shifting from planning stages to execution. New imperatives and priorities are providing direction, such as the Executive Order on Transforming Federal Customer Experience. Agencies are producing new websites and deploying technologies faster than ever before, such as launching a new website, making it easy to order free at-home COVID-19 tests (www.covidtests.gov) and have them delivered by the U.S. Postal Service.
The pandemic experience also informs some new paths forward for government agencies as a hybrid workforce takes shape in the public sector. That hybrid workforce brings new wrinkles to agencies’ IT modernization efforts. Some of the changes made on the fly over the last two years to enable work from home arrangements need to be rethought as it becomes clear that employees will likely spend some time at home and some time at the office.
Network modernization must account for authenticating users from different locations and managing their permissions appropriately. While everyone will likely enjoy face-to-face discussions again, videoconferences and other bandwidth-intensive interactions are now part of normal operations. But when you bring people back to the office, will there be enough bandwidth to handle all the video calls?
Establishing trusted access
My Lumen colleague Jason Schulman, VP of our federal civilian practice, recently spoke as part of IT MOD TALKS organized by Scoop Media. He covered the changing federal security landscape and offered our perspective as a leading threat intelligence provider through our Black Lotus Labs and as a proud member of the Joint Cyber Defense Collaborative.
In 2021, the White House issued a cybersecurity Executive Order requiring federal agencies to adopt a Zero Trust Networking architecture. More recently, OMB articulated a zero-trust strategy and timetables for implementation.
Zero trust is a framework based on principles assuming any access attempt is suspect. It’s implemented with a set of technologies and approaches rather than through one single offering. Individual profiles are developed for every user, location, or device, and access privileges can be tailored to those categories. For example, a user might have access to some office systems that aren’t available from home. And when working on a mobile device, more restrictions can be applied.
These requirements create opportunities for agencies to overhaul how federal employees and citizens access government systems and services.
Ransomware players have been disrupted over the last year, but those networks are reforming as the best hackers are recruited by new criminals. Drawing on intelligence from Black Lotus Labs, Jason highlighted some recent shifts in the sphere of bad cyber actors and their tools. We’re seeing bad actors are using multi-pronged attack modes that might include Distributed Denial of Service (DDoS) attacks, naming and shaming campaigns, and, in the private sector, even pressuring a firm’s customers to help get a target to pay up. And that is in addition to the more typical practice of stealing and encrypting your data and then holding it hostage.
Any discussion of today’s cybersecurity posture is always just scratching the surface. Like IT modernization, security is a task that will never be fully completed – but you need to keep pressing forward. As a global internet provider and top IT and network provider to the U.S. government, Lumen can recommend and evaluate leading-edge technologies and test them at scale across our network to ensure they are ready for deployment.
As IT modernization efforts continue to gain momentum, the requirements tend to get more complex. However, agencies are not on their own as they try to achieve these important objectives. By working with leading industry partners like Lumen, agencies can utilize the private sector’s experience and expertise to help them meet their missions more effectively and efficiently.
Lumen brings our knowledge of government operations, security requirements, and updates to existing frameworks, such as the NIST cybersecurity framework, that enable us to build capabilities that address today’s cyber threats. We deliver solutions that can automate assessments, validate compliance, and employ countermeasures when risks exceed allowable thresholds.
Once an agency has come to terms with its risk posture, there is a huge advantage in moving towards continuous monitoring or the concept of continuous Authority to Operate. Threat intelligence is shared between the private and public sectors to proactively address agencies’ collective risk through organizations such as the Joint Cyber Defense Collaborative.
There will always be more work to do as new technologies become available and new usage models take shape when it comes to IT Modernization. Yet, the best approach is to move forward together.
What’s your modernization plan? Is your agency secure?
To learn more about how we can help modernize your agency, download our Next-Generation Networks IT Modernization guide.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue.