StateTech - Technology Solutions That Drive Government https://statetechmagazine.com/rss.xml en 4 Settings to Adjust to Extend Your Smartphone Battery Life https://statetechmagazine.com/article/2018/06/4-settings-adjust-extend-your-smartphone-battery-life <span>4 Settings to Adjust to Extend Your Smartphone Battery Life</span> <span><span lang="" about="/user/92511" typeof="schema:Person" property="schema:name" datatype="">Mickey McCarter</span></span> <span>Tue, 06/19/2018 - 14:12</span> <div><p>Smartphones and other mobile devices serve as a <strong>digital umbilical cord</strong> for government employees as they carry out the business of the people. From texting and voice calls to email and mobile apps, devices are now an essential part of government work. There’s nothing more frustrating for a government employee than watching <strong>battery life slip away</strong> when there isn’t a charging opportunity in sight.</p> <p>The default configurations on modern devices often sacrifice battery life in favor of functionality and convenience. However, a few simple <strong>changes to the settings</strong> on your device can significantly extend the time available to work between charges. Making subtle changes that don’t affect device functionality can add hours of use on the road. Here are four things that you can do to prolong the battery life of a mobile device.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2>1. Activate Low-Power Mode to Disable Power Hogs</h2> <p>Battery conservation becomes most crucial when low on power, and many devices provide a low-power mode that kicks in automatically when the battery runs low. In battery-saver mode, devices <strong>disable power-hogging features</strong> to conserve energy; notice that your screen dims and the display powers off more quickly. The trade-off is that a phone will also reduce performance and slow down noticeably to save power. When in a low-battery situation, activate low-power mode manually.</p> <h2>2. Control Screen Settings to Dim the Lights</h2> <p>Devices use a tremendous amount of power to create the light for their displays. The brighter a display is, the more power it uses. Some simple tweaks to settings can dramatically reduce a device’s power consumption. First, the auto-dimming feature on modern devices <strong>lower the brightness</strong> automatically when it won’t impact the viewing experience. Activating that feature will prolong battery life. Even better, if you don’t mind squinting, manually turn the brightness down very low and increase it only when necessary.</p> <h2>3. Use Black Wallpaper Because It Requires Less Power</h2> <p>If a device uses an organic light-emitting diode (OLED) display, changing the wallpaper on it can actually reduce the amount of power it consumes. The technology used in these displays can show black pixels <strong>without using any power</strong>. Changing the wallpaper to solid black will lower the number of nonblack pixels that appear on the display and reduce the amount of power consumed. Researchers who have studied the power consumption of phones with black backdrops have found power savings between 6 percent and 20 percent, depending on the specific circumstances. OLED displays are incorporated into devices such as Samsung’s Galaxy S7, Google’s Pixel 2 and Apple’s iPhone X.</p> <h2>4. Turn Off Unused Radio Signals for Things Not Being Used</h2> <p>A phone contains several different radios used for a variety of communications: cellular, Wi-Fi, Bluetooth and GPS. In default configurations, all of these radios are active and searching for connection opportunities. One way to reduce power consumption is to <strong>deactivate any of these radios</strong> that are not in use. Turn off Bluetooth and Wi-Fi to save on power when you’re on the road and relying on a cellular connection.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/mike-chapple"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/mike_chapple_updated.jpg?itok=PSiizevj" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/mike-chapple"> <div>Mike Chapple</div> </a> </div> <div class="author-bio"> <p> <div><p>Mike Chapple is associate teaching professor of IT, analytics and operations at the University of Notre Dame. </p> </div> </p> </div> </div> </div> </div> Tue, 19 Jun 2018 18:12:26 +0000 Mickey McCarter 40976 at https://statetechmagazine.com 5 Best Practices for Agencies to Implement Network Access Control https://statetechmagazine.com/article/2018/06/5-best-practices-agencies-implement-network-access-control <span>5 Best Practices for Agencies to Implement Network Access Control</span> <span><span lang="" about="/user/92511" typeof="schema:Person" property="schema:name" datatype="">Mickey McCarter</span></span> <span>Mon, 06/18/2018 - 10:06</span> <div><p>Providing access to services for a wide array of people can prove daunting for government organizations at all levels. Employees, contractors, visitors and third-party suppliers all require unimpeded <strong>access to critical network infrastructure</strong>, but they also present <strong>potential vulnerabilities</strong>. How might state and local government offices meet these demands while ensuring privacy, confidentiality and compliance?</p> <p>As the risk of breaches grows, so too does the demand for <strong>network access control solutions to mitigate the risk</strong>. NAC solutions are intended to ensure that only endpoint devices in compliance with security policy can access specific network resources. However, implementing NAC in a world of increasing third-party access and a growing number of endpoints — including BYOD and the Internet of Things — requires special attention to detail. <strong>NAC best practices</strong> can help state and local governments stay ahead of the curve.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2>The Perils of Open Access on Government Networks</h2> <p>Governments want to ensure that all users — employees, contractors, constituents and other guests — have <strong>unfettered access</strong> to the resources they need. But problems abound. In a BYOD environment, many unvetted (and potentially unsecured) devices access the network daily, perhaps <strong>inadvertently bringing malware</strong>. Hackers welcome openness as they constantly probe government applications and services for vulnerabilities. They also use phishing attacks to steal credentials and infiltrate networks.</p> <p>Government breaches may be more serious than commercial breaches because they often involve <strong>personally identifiable data</strong> such as names, addresses, Social Security numbers and birth dates. While a credit card breach can be serious, a person can cancel a card; <strong>changing an SSN</strong> is a different story.</p> <p>And the results can be costly: A South Carolina Department of Revenue breach compromised <a href="https://www.greenvilleonline.com/story/news/crime/2016/08/12/four-years-later-case-still-open-dor-data-breach/88453548/" title="South Carolina's largest data breach">the data of 6.4 million individuals and businesses</a>. One of the <strong>largest breaches in history</strong>, it has already cost the state more than $25 million, with lawsuits continuing to unfold.</p> <h2>How NAC Has Evolved for Today's Environment</h2> <p>Early NAC technology aimed to curb the spread of malware by preventing infected computers from accessing the network. Built for tightly controlled environments, these tools required endpoints to have specific OS versions and software agents before granting network access. Unfortunately, these <strong>older NAC solutions were cumbersome</strong> and expensive, and they failed to gain widespread acceptance.</p> <p>Today, the <strong>popularity of BYOD</strong> has renewed interest in NAC. Modern NAC tools can easily handle <strong>secure access</strong> for a multitude of device types, models and OSs — even those beyond the reach of the organization’s enterprise security software, which has proved especially useful in managing guest and contractor access.</p> <p>For organizations implementing <strong>common security controls</strong>, NAC serves as a preventive by enforcing rules governing authorized devices and connections. It can monitor adherence to policy, block access or even remediate endpoints and solve configuration issues.</p> <p>Today’s NAC can help ensure a <strong>safe, productive and compliant</strong> government computing environment. The following <strong>best practices</strong> can help state and local IT teams to limit guest access, ensure compliance and provide a frictionless experience for users.</p> <h2>1. Research NAC Solutions Before Purchasing</h2> <p>Look for a NAC solution with an extensible framework that can <strong>gather information from a variety of sources</strong>, including new devices on the market. The solution should offer a guest portal with limited access and user self-service. Review your network access control policy to ensure it limits full network access to enterprise-owned devices and requires mobile device management to enforce encryption, screen locking and other security settings. The policy should cover NAC integration with other security systems, such as security information and event management.</p> <h2>2. Build a User Baseline and Watch for Changes</h2> <p>Determine how many devices are connected to the network, what type and who owns them. If you don’t know, <strong>NAC can provide visibility</strong> to existing infrastructure and alert you to new devices. Specify which level of access is available for guest and contractor devices. Once you have built a baseline, monitor changes.</p> <h2>3. Establish Controls for Guests on the Network</h2> <p>Set up <strong>guest networking boundaries</strong>, including time and location fences. Use NAC to limit guests and contractors, as well as users with personal devices, to protected areas of the network. Roll out major changes, such as quarantine networks, in pilot or monitoring mode. Be sure to educate users about such changes and remediate systems to accommodate them. Conduct a full NAC rollout in phases, culminating in full enforcement.</p> <h2>4. Train IT Staff to Monitor NAC Alerts</h2> <p>Make sure your IT staff is proficient at <strong>interpreting NAC alerts</strong> to ensure that network access is delivered securely, with minimal disruption to legitimate users. This may be a full-time job, depending on the number of endpoints. If it’s a part-time job, allocate a specific time for the IT team to do the monitoring.</p> <h2>5. Prepare for Network Access Audits</h2> <p>Make a habit of regularly <strong>producing and reading historical and real-time reports</strong>, so you are ready for an audit. NAC can prove invaluable in arming you with proof that you are controlling and monitoring your network, as well as managing the introduction of rogue devices and restricting access to important information.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/tanya-candia"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/spot%20tc.jpg?itok=7SFfNslW" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/tanya-candia"> <div>Tanya Candia</div> </a> </div> <div class="author-bio"> <p> <div><p>Tanya Candia is an international management expert, specializing for more than 25 years in information security strategy and communication for public- and private-sector organizations.</p> </div> </p> </div> </div> </div> </div> Mon, 18 Jun 2018 14:06:50 +0000 Mickey McCarter 40971 at https://statetechmagazine.com Collaboration Tool Analytics Transform State and Local Agencies https://statetechmagazine.com/article/2018/06/collaboration-tool-analytics-transform-state-and-local-agencies <span>Collaboration Tool Analytics Transform State and Local Agencies</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Fri, 06/15/2018 - 09:00</span> <div><p>Americans spend about <strong>two or three years of their lives waiting in line</strong>, <a href="http://www.cbc.ca/documentarychannel/docs/the-taming-of-the-queue" target="_blank">says Richard Larson</a>, a professor specializing in service industries at the <a href="http://web.mit.edu/" target="_blank">Massachusetts Institute of Technology</a>.</p> <p>Clearly, that isn’t the most productive use of anyone’s time. And if you work in a state or local government agency, you want to <strong>deliver service as quickly and seamlessly as possible</strong>.</p> <p>Thanks to the power of collaboration tools, state and local IT leaders are in a unique position to help government offices work more efficiently and expedite the delivery of citizen services. By <strong>analyzing patterns of collaboration</strong> that affect productivity and employee engagement, managers can evaluate how to empower productivity within their agencies, and take full advantage of technology that boosts productivity with insights from data analytics.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Collaborate Fearlessly to Make the Most of Data</h2> <p>Today, we’re very much aware that wasting time is not good for productivity. Being productive means we have more money and more time for leisure pursuits, and constituents know that waiting in line or on hold is not good for either. Government workers also want to find ways to be as productive as possible.</p> <p>Innovations in mobile devices and cloud-based management boost mobility and collaboration among government workers, improving productivity. Workers in remote government offices can bridge the distance with <strong>tools that empower them to collaborate in real time</strong>. For example, government agencies can effortlessly produce documents with solutions in the cloud. A typical government employee today can now <a href="https://www.entrepreneur.com/article/306509" target="_blank">perform more tasks collectively</a> with more colleagues and stakeholders than at any other time in history.</p> <p>Simple applications that we don’t often think of as having advanced collaborative capabilities, such as calendars, may enhance productivity tremendously. For instance, calendars impart a clear view of our schedules, let us see direct project ownership, and allow us to share information quickly. <strong>Government workers can synchronize their schedules</strong> and tasks with their colleagues, ensuring their availability to provide service when required.</p> <p>“Further productivity benefits from enterprise technology <strong>require deeper levels of organizational commitment</strong>,” says Craig Roth, a research vice president at Gartner,<a href="https://blogs.gartner.com/craig-roth/2017/01/09/why-is-productivity-slowing-down/" target="_blank"> in a recent blog</a>. Surveys or focus groups may uncover obstacles to collaboration, he says. In government, leaders may then implement changes in their agencies to overcome these obstacles.</p> <h2 id="toc_1">Data Insights Abound for Local Governments</h2> <p>With growth in collaboration tools comes a commensurate growth in data analytics tools, which can provide powerful insights into an agency’s productivity and engagement. Such solutions pool data from collaborative applications, including email, calendars, word processors and more, to produce metrics on office behavior. Equipped with those behavioral metrics, state and local IT leaders may <strong>detect patterns that contribute to </strong><strong>success</strong> and foster greater collaborative efforts.</p> <p>Office solutions that <strong>empower collaboration</strong> can also track behaviors of those using the products. These <strong>production suites provide data to managers</strong> who can aggregate it and share insights to help people become more effective in their jobs by pinpointing opportunities to collaborate.</p> <p>It’s incumbent on IT leaders to take these steps within state and local government. Analytics tools collect data over the course of everyday work; individual employees are not required to do anything differently. But by using data analytics, managers can measure employees’ collective behaviors — no individual worker is singled out — to visualize how best to encourage engagement. Workplace <strong>analytics help leaders to understand trends</strong> and act on them.</p> <p>In that way, <strong>we can truly change how we operate</strong>.</p> <h2 id="toc_2">Analytics Support Future Public Sector Intelligence</h2> <p>State and local IT leaders will see <strong>even more opportunities for collaboration in the next five years</strong> as artificial intelligence and machine learning continue to enter government operations. As Chalmers Brown, co-founder and CTO of Due, <a href="https://www.forbes.com/sites/forbestechcouncil/2017/05/16/10-effective-ways-to-increase-productivity-using-technology/#558870af680f" target="_blank">advised on behalf of the Forbes Technology Council</a>: “<strong>Find the tools that automate everything</strong>, from scheduling and bill pay to email responses and contact update lists. Also, add as many apps as possible that provide a way to digitize any manual processes such as list making or gift giving.”</p> <p>We’ve already seen many<a href="https://statetechmagazine.com/article/2018/01/state-and-local-governments-tap-chatbots-slash-staff-workloads"> agencies deploy AI through chatbots</a> to help citizens with simple tasks. The automation of repetitive tasks will become more pervasive in the near future, opening the door for smart leaders to provide even more efficient service. <strong>The result will be a higher quality of life for everyone</strong>.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/bob-kirby"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/bob%20kirby.jpg?itok=hDw4W_gn" width="58" height="58" alt="" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/bob-kirby"> <div>Bob Kirby</div> </a> </div> <div class="author-bio"> <p> <div><p>Bob Kirby is vice president of sales for CDW·G, a leading technology provider to government and education.</p> </div> </p> </div> </div> </div> </div> Fri, 15 Jun 2018 13:00:00 +0000 juliet.vanwagenen_22746 40956 at https://statetechmagazine.com Cybersecurity Today: How Governments Must Rethink Strategy to Thrive https://statetechmagazine.com/article/2018/06/cybersecurity-today-how-governments-must-rethink-strategy-thrive <span>Cybersecurity Today: How Governments Must Rethink Strategy to Thrive</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 06/14/2018 - 19:03</span> <div><p>What was once material for Hollywood espionage thrillers is now how real-world hackers commit to disrupt everyday life. From the <a href="https://www.opm.gov/cybersecurity/cybersecurity-incidents/" target="_blank">Office of Personnel Management breach in 2015</a> to a <strong>high-profile attack in March</strong> that <a href="https://statetechmagazine.com/article/2018/03/7-tips-protect-city-governments-cyberattacks">deeply impacted the city of Atlanta</a>, cyberattacks have become more sophisticated, prolific and consistent, demonstrating just how pervasive cyberthreats are today.</p> <p>These attacks are not solely focused on individuals or private companies with data-rich environments. The very constructs of our communities and society — our state and local government institutions — are <strong>at risk on a daily basis</strong>.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">The Current Threat Landscape for Local Governments</h2> <p>One may ask why these attacks continue to happen regularly, given the advances of modern technology that are suited to predict and protect against cyberthreats. The answer is simple: <strong>there is money to be made by bad actors</strong>, and through social engineering, they have learned to manipulate technology users and gain access to government IT infrastructure that is not always built to last.</p> <p>Moreover, attacks are on the rise: federal agencies were attacked with <a href="https://federalnewsradio.com/reporters-notebook-jason-miller/2018/04/agencies-faced-14-percent-more-cyber-incidents-last-year-but-security-is-improving/" target="_blank">14 percent greater frequency</a> in 2017 than 2016. <a href="https://icma.org/sites/default/files/18-038 Cybersecurity-Report-hyperlinks-small-101617.pdf" target="_blank">Nearly half of local governments report</a> at least one attempted attack daily, and more than a quarter do not know how often they are attacked, according to a report from the International City/County Management Association (ICMA).</p> <p>Attacks are diverse as well. Ransomware attacks hold the data and services of cities of various sizes and budgets hostage, from major metropolises to <a href="http://www.govtech.com/security/GT-OctoberNovember-2017-Small-Towns-Confront-Big-Cyber-Risks.html" target="_blank">America’s smallest towns</a>.</p> <p>As midterm elections approach and the debate around election security continues, our election infrastructure <a href="https://www.npr.org/2018/05/17/611869599/not-just-ballots-tennessee-hack-shows-election-websites-are-vulnerable-too" target="_blank">remains a target</a>. And as governments continue to leverage developing technologies, such as cloud computing and the Internet of Things (IoT), they <strong>face a broader threat landscape</strong> that includes <a href="http://www.govtech.com/security/Judge-Sentences-Man-to-15-Years-in-Prison-for-Attacking-Minnesota-Government-Websites.html" target="_blank">distributed denial-of-service attacks</a>, which can effectively lock down agency operations.</p> <p>The federal government continues battling on several fronts to address cybersecurity, and cities and states — many of them<a href="https://www.nascio.org/Portals/0/Publications/Documents/2017/NASCIO_2017_State_CIO_Survey.pdf?ver=2017-10-25-174540-510" target="_blank"> depending on national security standards</a> and federal funding for cybersecurity — must also find ways to reduce risks and improve their cybersecurity hygiene. An end-to-end security strategy, coupled with other cybersecurity best practices, will support these objectives at all levels of government.</p> <h2 id="toc_1">Cultivate a Strong, Mature Government Cybersecurity Posture</h2> <p>Cybersecurity is not a platform-specific issue. It must be wrapped into every single layer of government operations, from the applications delivered to users, to the networking they’re delivered through, to the underlying infrastructure itself.</p> <p>Organizations also can’t approach cybersecurity posture reactively. If we wait to dream up protections against the latest threat made against IT infrastructure, we’ll remain two steps behind attackers who are always finding new opportunities and developing newer threats.</p> <p>Every government organization at every level should <strong>follow a framework or set of standards</strong> in order to build a robust security posture. A strong framework helps manage vulnerability in a number of dimensions: endpoints, data centers, user authorization and physical security, just to name a few.</p> <p>More than <strong>half of local governments don’t have a formal cybersecurity framework</strong> developed, according to the ICMA report, and nearly <strong>70 percent don’t have a formal cyber risk management plan</strong>. This must be prioritized in every community in the country. States are further along: the National Association of State Chief Information Officers (NASCIO) <a href="https://www.nascio.org/Portals/0/Publications/Documents/2017/NASCIO_2017_State_CIO_Survey.pdf?ver=2017-10-25-174540-510" target="_blank">notes that 95 percent of states</a> have adopted a cybersecurity framework based on national standards and guidelines.</p> <p>In my time as a deputy CIO for state government, our security framework had a dozen dimensions. We recognized the need to intimately understand each of them and to know the maturity of those dimensions, rather than just buying a solution.</p> <h2 id="toc_2">Proactive (and Continuing) Education Plays a Key Cybersecurity Role</h2> <p>Another way to counter the persistence of cyberattackers is to persistently train against them. All too often, hackers are invited into an organization by an unwitting employee who clicks on a questionable link or opens an unassuming email that grants access to malicious programming.</p> <p>By providing employee <strong>education and phishing testing</strong>, governments can ensure every individual behind a computer understands that they may impact the entire organization by clicking on or responding to the wrong email or bad links on the internet.</p> <p>Such exercises gauge the degree of the social engineering problem. Some states have found they can reduce phishing exposure by 20 percent by providing this training. According to the NASCIO survey, <strong>88 percent of state CIOs </strong>developed security awareness training for workers and contractors in 2017. Conversely, the ICMA reports<strong> 30 percent of local governments</strong> never train end users or provide cybersecurity awareness training for municipal employees, and half never provide training for elected officials. Organizations at every level should explore training options for their human resources.</p> <h2 id="toc_3">Good Cyberhygiene Goes a Long Way</h2> <p>A<a href="https://statetechmagazine.com/article/2018/03/3-ways-state-and-local-agencies-can-form-risk-based-security-strategy"> risk-based management approach</a> applies to every aspect of government operations, including the way governments integrate new technologies. Agencies at the federal, state and local levels are taking strides to modernize legacy technology at varying paces, with many tapping the <strong>flexibility afforded by cloud computing, apps and IoT devices</strong>.</p> <p>Regardless of how ambitiously they seek to modernize, agencies must be sure to embed the security frameworks they arrive at throughout their entire infrastructure. Everything from file servers and wireless networks, to desktop computers and employees’ mobile devices (whether they’re work-issued or personal devices), to the applications they enable must share the same security parameters as the rest of the organization, or the agency mission is at risk.</p> <p>Many security products claim to be a universal solution against cybersecurity threats, but these solutions may amount to little more than bandages if the problem lies within the security strategy itself. In reality, <strong>there is no silver-bullet </strong>technology that can render a government completely immune to attack, but <strong>strong </strong><strong>cyberhygiene</strong><strong> can go a long way</strong> toward building up immunity.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11506"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/herbthompson.jpeg.jpg?itok=ZK4J3n63" width="58" height="58" alt="Herb Thompson" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11506"> <div>Herb Thompson</div> </a> </div> <div class="author-bio"> <p> <div><p>Herb Thompson, a state and local government and education strategist for VMware, worked in IT for over a decade for the state of Wisconsin, most recently serving as its deputy state CIO.</p> </div> </p> </div> </div> </div> </div> Thu, 14 Jun 2018 23:03:11 +0000 juliet.vanwagenen_22746 40951 at https://statetechmagazine.com West Virginia Pilots First Blockchain-Powered Federal Voting App https://statetechmagazine.com/article/2018/06/west-virginia-pilots-first-blockchain-powered-federal-voting-app <span>West Virginia Pilots First Blockchain-Powered Federal Voting App</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Fri, 06/08/2018 - 10:32</span> <div><p>As states and localities continue to <a href="https://statetechmagazine.com/article/2018/05/blockchain-ready-state-government-use" target="_blank">sift out exactly how blockchain can make a difference to government operations</a>, West Virginia is testing the technology in one of the most foundational aspects of government: voting.</p> <p>After the West Virginia Secretary of State’s office <a href="https://gallery.mailchimp.com/8f557e1c6ac0b5aa70dfd4c00/files/4b0e5aad-c98d-4387-b9cd-c05bedaef2a5/Secure_Military_Mobile_Voting_Solution.pdf" target="_blank">announced in March</a> its intention to pilot the technology to enable <strong>secure military mobile voting in two counties</strong>, it became the first state in the U.S. to do so in its <strong>May 8 primary election</strong>. While there’s certainly more investigation to be done before the state can call the pilot of the blockchain-based mobile app a runaway success, the initial reports are encouraging.</p> <p>“One particular overseas voter voted for the first time in over 15 years, so that was particularly heartening for us and a small indicator of the potential impact of this new platform,” a spokesperson for Voatz, the company that built the blockchain-based voting app, <a href="https://modernconsensus.com/regulation/united-states/west-virginia-blockchain-federal-election/" target="_blank">tells Modern Consensus</a>.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Blockchain Delivers Flexibility and Security to Voters</h2> <p>While hopes for the technology are certainly high, the initial pilot was available to only a few voters. West Virginia Secretary of State Mac Warner<a href="http://www.govtech.com/biz/West-Virginia-Becomes-First-State-to-Test-Mobile-Voting-by-Blockchain-in-a-Federal-Election.html?utm_term=high-profile%20use%20of%20blockchain%20voting&amp;utm_campaign=Blockchain%20Voting%20Has%20its%20First%20Testbed%20State%3A%20West%20Virginia&amp;utm_content=email&amp;utm_source=Act-On+Software&amp;utm_medium=email" target="_blank"> tells <em>Government Technology</em></a> the pilot was truly focused just on evaluating blockchain’s capability to enable mobile voting.</p> <p>“I’m really not concerned about numbers,” Warner says. “<strong>We’re really just looking at the technology</strong>.”</p> <p>The blockchain-based mobile app uses biometrics to verify the voter’s identity, then records the vote from the mobile device onto a “chain” where it is verified by a third party. For voters, this means much more flexibility and security when it comes to the voting process, given that the vote can happen from anywhere with an internet connection.</p> <p>“If the military or their family or other Americans working overseas are in an area [where] they may or may not have access to any kind of computer technology [or] scanner, they may not have access to regular postal service,” Carye Blaney, the clerk for Monongalia County, W.V., one of the counties involved in the pilot, tells <em>Government Technology</em>. “And from a jurisdictional perspective, we can’t help them get that ballot back to us.”</p> <p>It also offers deployed military voters <strong>a more anonymous way to vote</strong>.</p> <p>“Normally when a military person submits an absentee ballot, they have to sign a waiver that they recognize that they’re giving up their right to a secret ballot because they have to send it back to us by email or fax,” Blaney says.</p> <p>For states, it means that there is a <strong>firm recording of the vote</strong> and no reason that it should be miscounted. Moreover, blockchain is currently regarded as a secure system that, as of now, could be unhackable.</p> <p>But perhaps the largest advantage is simply the inclusion it affords voters who may not be able to otherwise have their votes counted.</p> <p>“We want to make sure that everyone fighting for our freedoms, for our democratic way of life, has an opportunity to participate in that democratic process,” Warner says.</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/juliet-van-wagenen"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Headshot%20JV.JPG.jpg?itok=8ak2COBM" width="58" height="58" alt="Juliet Van Wagenen" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/juliet-van-wagenen"> <div>Juliet Van Wagenen</div> </a> </div> <div class="author-bio"> <p> <div><p>Juliet is the senior web editor for <em>StateTech</em> and <em>HealthTech</em> magazines. In her six years as a journalist she has covered everything from aerospace to indie music reviews — but she is unfailingly partial to covering technology.</p> </div> </p> </div> </div> </div> </div> Fri, 08 Jun 2018 14:32:39 +0000 juliet.vanwagenen_22746 40961 at https://statetechmagazine.com What's the Right Approach to State and Local Voting Security? https://statetechmagazine.com/article/2018/06/whats-right-approach-state-and-local-voting-security <span>What&#039;s the Right Approach to State and Local Voting Security?</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 06/07/2018 - 18:42</span> <div><p>Elections are at the core of democracy. However, ensuring that every vote counts and that vote counts are accurate is a growing concern in the digital age.</p> <p>"There are a <strong>huge number of touchpoints and intersection points</strong> for voter data and it's vital to keep it secure," says Michael Garcia, director of elections best practices for the nonprofit <a href="https://www.cisecurity.org/" target="_blank">Center for Internet Security</a> (CIS). "Local and state governments must acknowledge that they are at risk and manage the risk."</p> <p>The concept isn't lost on most election officials. Hacks, attacks and attempts to compromise data are real. These range from <a href="https://www.politico.com/story/2016/08/fbi-states-voting-systems-digital-assualt-227523" target="_blank">incidents perpetrated by Russia</a> in the 2016 presidential election to voter registration <a href="https://www.usatoday.com/story/tech/news/2016/08/29/hackers-hit-arizona-illinois-voter-databases/89547326/" target="_blank">database breaches in Illinois and Arizona</a>.</p> <p>"<strong>Systems are increasingly under assault</strong>," says Katie Moussouris, founder and CEO of a cybersecurity advisory firm and the creator of <a href="https://www.cdw.com/content/cdw/en/brand/microsoft-interstitial.html?enkwrd=Microsoft" target="_blank">Microsoft</a>'s Bug Bounty program.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">How to Make State and Local Election Security Count</h2> <p>The challenge for most local and state election officials is dealing with the array of technologies, systems and processes that add up to an election. This can include volunteers using their own computers to handle official functions, staff printing documents or uploading data into a system, and inadequate database security.</p> <p>"As systems and networks become more interconnected, the risks magnify," Garcia adds. "In some cases, <strong>agencies may not know about all the devices and things that are used in the voting process</strong>."</p> <p>Locking down processes and systems is no simple endeavor. A starting point, Garcia says, is to conduct a general risk assessment.</p> <p>"It's critical to <strong>understand your network and your processes</strong>," he notes, adding that this assessment may involve internal staff but it's wise to consider an independent assessor. "It's impossible to address every possible vulnerability so you have to focus on <strong>mitigating the most significant risks</strong>."</p> <p>According to Garcia, election security measures ultimately revolve around three types of systems: network connected systems and computers; indirectly connected systems such as external media, which includes hard drives and USB drives; and non-digital components, including paper, that intersect and connect with digital systems.</p> <p>In its <strong>74-page guide</strong>, <a href="https://www.cisecurity.org/wp-content/uploads/2018/02/CIS-Elections-eBook-15-Feb.pdf" target="_blank">A Handbook for Elections Infrastructure Security</a>, CIS offers <strong>88 ways to secure systems</strong>. Among the high-priority items, Garcia says, is to ensure that redundant systems are in place, air gaps exist between key systems, and backup sets of all data exist.</p> <p>At the network IT level, <strong>key security techniques include</strong>:</p> <ul><li>Whitelisting IP addresses authorized to access a specific device or system</li> <li>Using network scans to detect unauthorized devices</li> <li>Encrypting and digitally signing data</li> <li>Providing training to both volunteers and staff about security best practices</li> </ul><h2 id="toc_1">Localities Take Diverse Approaches to Election Security</h2> <p>Amid all of this, local and state officials are taking steps to improve security. For example, in Morgan County, Ala., <a href="http://www.govtech.com/computing/New-Poll-Book-System-Could-Streamline-Alabama-Countys-Voting.html?utm_term=New" target="_blank">electronic poll books</a>, residing on <a href="https://www.cdw.com/product/Apple-10.5-inch-iPad-Pro-Wi-Fi-tablet-256-GB-10.5/4648222?pfm=srh" target="_blank">iPads</a>, allow poll workers to check in voters faster and more accurately.</p> <p>"Everyone's information is contained on all the iPads in that precinct," says Morgan County Probate Judge Greg Cain.</p> <p>In Rhode Island, officials are working to secure the voting process prior to the 2019 midterm elections. This includes <a href="https://www.usnews.com/news/best-states/rhode-island/articles/2018-04-11/state-election-officials-seek-to-improve-voting-security" target="_blank">adoption</a><a href="https://www.usnews.com/news/best-states/rhode-island/articles/2018-04-11/state-election-officials-seek-to-improve-voting-security" target="_blank"> of a new audit system</a> recommended by federal authorities.</p> <p>Ohio is now considering spending <strong>$114.5 million to replace aging voting machines</strong> with more efficient and secure devices.</p> <p>Indiana has begun <a href="https://gcn.com/articles/2018/03/16/cis-election-security-handbook.aspx" target="_blank">piloting a monitoring solution</a> that uses commodity hardware and open-source intrusion detection software to analyze network traffic. The solution spots suspicious activity based on known signatures.</p> <p>Meanwhile, Georgia lawmakers are <a href="http://www.govtech.com/policy/Georgias-Plan-to-Scrap-Vulnerable-Voting-Machines-Moves-to-the-House.html" target="_blank">considering a bill</a> to <strong>replace 27,000 voting machines with paper ballots</strong> that leave a clear audit trail. However, Moussouris believes that paper re-introduces other problems, including poorly marked ballots, chads, and cumbersome and inefficient processes. She says that one solution — particularly at precincts — is to use easily configurable and easily wiped devices, such as<a href="https://www.cdw.com/product/ASUS-Chromebook-Flip-C302CA-DHM4-12.5-Core-m3-6Y30-4-GB-RAM-64-GB/4439285?pfm=srh" target="_blank"> Google Chromebooks</a>.</p> <p>"This <strong>approach reduces the demands on volunteers</strong> and workers to be security experts," she notes.</p> <p>One thing is clear: maintaining election integrity is an issue that won't disappear.</p> <p>"From the early days of the American Revolution to the present day, it has always been crucial to recognize that security and data integrity revolve around process," Garcia explains. "Although the technology continues to evolve — and it is important to address the potential weaknesses and vulnerabilities it introduces — a framework for assessing risk, managing it and building in resiliency are at the center of everything."</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/author/samuel-greengard"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/sam-greengard-180.jpg?itok=RXKBh4ZU" width="58" height="58" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/samuel-greengard"> <div>Samuel Greengard</div> </a> <a target="_blank" class="twitter" href="https://twitter.com/intent/follow?region=follow_link&amp;screen_name=@samthewriter&amp;tw_p=followbutton&amp;variant=2.0"><span>Twitter</span></a> </div> <div class="author-bio"> <p> <div><p>Samuel is a business and technology writer based in West Linn, Oregon. For more information, visit his website:<a href="http://www.greengard.com" target="_blank" title="Samuel Greengard website"> www.greengard.com</a> and follow him on <a href="https://plus.google.com/106962465983961373194/posts" rel="author">Google+</a> and Twitter: <a href="https://twitter.com/samthewriter" class="twitter-follow-button">Follow @samthewriter</a> </p> <script type="text/javascript"> <!--//--><![CDATA[// ><!-- // <![CDATA[ !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); // ]]]]><![CDATA[> //--><!]]> </script></div> </p> </div> </div> </div> </div> Thu, 07 Jun 2018 22:42:36 +0000 juliet.vanwagenen_22746 40946 at https://statetechmagazine.com 4 Threats State and Local Governments Need to Be Aware Of https://statetechmagazine.com/article/2018/06/4-threats-state-and-local-governments-need-be-aware <span>4 Threats State and Local Governments Need to Be Aware Of</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 06/07/2018 - 17:49</span> <div><p>Recent investments in cybersecurity by government agencies have been driven by the rapidly changing threat environment. Attackers are increasing their focus on government targets; technology environments are becoming more complex and prone to vulnerabilities; and<strong> attack tools are becoming more sophisticated</strong> and difficult to detect.</p> <p>Governments and agencies manage most modern threats with a holistic, enterprise approach to cybersecurity, but legacy technology and slow adoption of modern IT solutions — some because of funding and acquisition considerations — complicate the effort to secure data and systems. Malware, advanced persistent threats, the Internet of Things and legacy technology are just some of the dangers agencies must protect against.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">1. Malware Poses a New Spin on an Old Threat</h2> <p>Malicious software, or malware, is perhaps the oldest cybersecurity threat, with<strong> viruses and worms tracing their roots back to the 1980s</strong>. The authors of malware keep pace with improvements in security technologies, and in an ongoing cat-and-mouse game, go to great lengths to keep a foothold in upgraded operating systems and applications by developing stealthier and more effective malware.</p> <p>Some malware authors focus on compromising numerous systems, regardless of their owner or purpose. For example, <a href="https://community.norton.com/en/blogs/product-update-announcements/protection-against-coinminer-malware" target="_blank">CoinMiner malware</a> infects systems via malicious code embedded in online advertising and then uses the purloined computing capacity to mine bitcoin or other cryptocurrencies. Similarly, the <a href="https://blog.malwarebytes.com/detections/trojan-kovter/" target="_blank">Kovter Trojan</a> infects systems via malicious email attachments and then generates advertising revenue via click fraud schemes. These unfocused malware attacks are a nuisance to agency IT staff who must rebuild infected systems.</p> <p>Other malware, however, has more focused purposes and can be dangerous on government computer systems. <a href="https://www.digitrustgroup.com/nanocore-not-your-average-rat/" target="_blank">NanoCore</a>, for example, is a remote access Trojan that allows hackers to gain complete control of infected systems, where they can then either steal sensitive information or use the system as a jumping-off point for attacks on the rest of the network.</p> <p>Ransomware is a specific type of malware that poses a significant threat. After ransomware infects a target system, it uses strong cryptography to encrypt the contents with a secret key. If the victim wishes to decrypt the information and regain access, he or she must pay a ransom to the attacker. <a href="https://statetechmagazine.com/article/2017/11/4-steps-agencies-can-take-bounce-back-ransomware-attack">Recent ransomware outbreaks</a>, such as WannaCry and Petya, <strong>found victims at all levels of government</strong>, ranging from Britain’s National Health Service to local law enforcement agencies across the United States.</p> <h2 id="toc_1">2. Government Agencies Get Targeted</h2> <p>Government agencies are often the targets of extremely talented attackers and well-funded attacks known as advanced persistent threats. These attackers, typically sponsored by nation-states, are quite patient and focus on very specific targets. Once they gain access, they operate with stealthy techniques, placing a high priority on avoiding detection. During the <a href="https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/" target="_blank">2015 Office of Personnel Management breach</a>, attackers believed to be associated with the Chinese government operated within the agency’s network undetected for more than a year, stealing massive quantities of sensitive personnel information.</p> <p>In 2018, the U.S. government accused Iran’s Mabna Institute of conducting a <strong>four-year-long attack</strong> in at least 20 countries against <strong>hundreds of universities and dozens of government agencies</strong>, including the U.S. Labor Department, the Federal Energy Regulatory Commission and the states of Hawaii and Indiana.</p> <p>The intelligence community believes that during the 2016 U.S. election cycle, APT attackers associated with the Russian government gained access to computer servers belonging to the Democratic National Committee and used the information gained to discredit the Hillary Clinton presidential campaign. Researchers also believe that Russian operatives successfully targeted and scanned voting systems used by many states.</p> <h2 id="toc_2">3. Public Sector IoT Poses a Threat</h2> <p>State and local governments are <a href="https://statetechmagazine.com/article/2018/05/3-tips-secure-internet-things-smart-states">embracing </a><a href="https://statetechmagazine.com/article/2018/05/3-tips-secure-internet-things-smart-states">Internet</a><a href="https://statetechmagazine.com/article/2018/05/3-tips-secure-internet-things-smart-states"> of Things sensors and devices</a> to enable smart city initiatives, improve their agencies’ environmental efficiency and increase public safety. Similar initiatives in the federal government also promise to dramatically improve the quality of service provided to residents, but all these projects come fraught with new cybersecurity risks.</p> <p>In 2013, hackers linked to the Iranian government compromised command-and-control systems <a href="https://www.nytimes.com/2016/03/26/nyregion/rye-brook-dam-caught-in-computer-hacking-case.html" target="_blank">supporting a small dam in Rye, N.Y.</a> They were unable to take physical control of the dam only because an important control cable had been disconnected for troubleshooting purposes. This attack, however, points out <strong>critical deficiencies in IoT security measures</strong> — including an increased reliance on cellular networks, which are more visible to would-be attackers and often less protected — and a focus on targeting IoT systems by state-sponsored attackers.</p> <h2 id="toc_3">4. Legacy Systems Welcome New Vulnerabilities</h2> <p>One often-overlooked threat to cybersecurity comes in the form of<strong> legacy systems</strong>, which were designed to operate in a completely different threat and technical environment. Their lack of modern cybersecurity controls provides hackers with an easy path into government networks. Agency technology staff should search all systems for outdated hardware and software that may require upgrading or replacement.</p> <p>As agencies seek to replace legacy technology, they also often undertake digital transformation initiatives that upgrade and enhance technologies. Recent examples of these initiatives include the <a href="https://statetechmagazine.com/article/2018/02/states-revamp-911-systems-keep-pace-new-media">Next Generation 911</a> and <a href="https://statetechmagazine.com/article/2018/03/att-gets-go-ahead-begin-firstnet-network-build-out">FirstNet programs</a>, which are designed to enhance public safety communications efforts nationwide.</p> <p><em>To learn more, download our white paper, "<a href="https://statetechmagazine.com/resources/white-paper/managing-cyber-risks-public-sector-environment" target="_blank">Managing Cyber Risks in a Public Sector Environment</a>."</em></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/statetech-staff"> <div>StateTech Staff</div> </a> </div> <div class="author-bio"> <p></p> </div> </div> </div> </div> Thu, 07 Jun 2018 21:49:12 +0000 juliet.vanwagenen_22746 40936 at https://statetechmagazine.com 4 Steps to Future-Proofed Cybersecurity in the Face of IT Modernization https://statetechmagazine.com/article/2018/06/4-steps-future-proofed-cybersecurity-face-it-modernization <span>4 Steps to Future-Proofed Cybersecurity in the Face of IT Modernization</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 06/07/2018 - 12:43</span> <div><p>Right now,<a href="https://statetechmagazine.com/article/2018/01/it-modernization-empowers-government-innovate"> IT modernization is the bell of the ball</a> for state and local government CIOs. In fact, 90 percent of state CIOs believe at least 20 percent of their systems need replacement or modernization, while nearly two-thirds view more than 40 percent of their systems as a legacy, a <a href="https://www.nascio.org/Publications/ArtMID/485/ArticleID/412/2016-State-CIO-Survey-The-Adaptable-State-CIO" target="_blank">2016 survey by NASCIO found</a>.</p> <p>And while CIOs everywhere — from <a href="https://statetechmagazine.com/article/2018/01/kentuckys-new-cio-sets-out-optimize-state-it">Kentucky</a> to <a href="https://statetechmagazine.com/article/2017/10/rhode-islands-new-cio-sparks-it-progress">Rhode Island</a>  — are pursuing updated and properly integrated systems with the aim to drive funding requests and agency spending, <strong>these initiatives may also introduce vulnerabilities</strong> by expanding network footprints and creating integration challenges among vendors and services.</p> <p>The advent of the Internet of Things, cloud storage and other external services result in an increasingly blurred network perimeter, making it difficult to apply traditional perimeter-based security controls.</p> <p>As state and local government agencies increase their digital transformation and modernization efforts, they must <strong>choose multilayered security solutions</strong> that not only provide an effective defense against modern threats but also keep an eye toward the future.</p> <p>Agencies adopting a <strong>defense-in-depth approach to cybersecurity</strong> will find themselves well-positioned to combat these future threats.</p> <p>Take the first steps toward a stronger security posture with these solutions:</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">1. Malware Protection and Detection Are a Public Sector Must</h2> <p>As many security threats arrive via malware vectors, agency cybersecurity teams should ensure that they are taking proactive, detective and reactive steps to protect systems against malware-borne threats. These controls should include <strong>deploying frequently updated anti-virus protection on servers</strong>, endpoints and network gateways. Agencies should also consider the use of advanced botnet and malware detection tools that incorporate threat intelligence information and provide a robust defense against evolving threats.</p> <h2 id="toc_1">2. User Training Is a Government Cybersecurity Imperative</h2> <p><strong>Cybersecurity starts and finishes with the user</strong>. No matter how robust an agency’s cybersecurity controls, a single mistake by an end user can undermine those efforts, providing attackers with access to sensitive information or granting them a foothold on internal agency networks.</p> <p>Combating these efforts requires regular security awareness training that helps users understand the threats facing the agency and their individual role in protecting the confidentiality, integrity and availability of government information and systems. These efforts should include a particular focus on phishing and spoofing attacks.</p> <h2 id="toc_2">3. Identify Active Threats with Network Monitoring</h2> <p>Network activity is one of the most important sources of information for cybersecurity teams seeking to maintain situational awareness and identify active threats.</p> <p>Network monitoring activities fit into two major categories: <strong>passive and active</strong>. Passive network monitoring simply captures network traffic as it travels from point to point and monitors it for unusual activity. Active network monitoring actually manipulates network traffic by injecting test activity onto the network and observing its performance. This also plays an important role in network troubleshooting and performance monitoring.</p> <h2 id="toc_3">4. Network Access Control Keeps Agencies Clued in on Permissions</h2> <p>In addition to regularly monitoring network activity, agencies should consider the implementation of network access control technology that regulates devices allowed to connect to the network.</p> <p>NAC technology permits agencies to <strong>require user and/or device authentication</strong> prior to granting access to wired and wireless networks as well as VPN connections. NAC solutions also provide posture checking capability, which verifies that a device is configured in compliance with the agency’s security policy before it is allowed on the network.</p> <p>To learn more, download our white paper, "<a href="https://statetechmagazine.com/resources/white-paper/managing-cyber-risks-public-sector-environment" target="_blank">Managing Cyber Risks in a Public Sector Environment</a>."</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/statetech-staff"> <div>StateTech Staff</div> </a> </div> <div class="author-bio"> <p></p> </div> </div> </div> </div> Thu, 07 Jun 2018 16:43:43 +0000 juliet.vanwagenen_22746 40931 at https://statetechmagazine.com How State and Local IT Leaders Can Support Future Security Needs https://statetechmagazine.com/article/2018/06/how-state-and-local-it-leaders-can-support-future-security-needs <span>How State and Local IT Leaders Can Support Future Security Needs</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 06/06/2018 - 12:15</span> <div><p>The threat landscape is currently changing, and so are policies around cybersecurity. For this reason, state and local government agencies must remain cognizant of existing and emerging compliance requirements that affect how they protect information and technology assets.</p> <p>Agency business and technology leaders must stay abreast of these requirements and ensure that they can operate in their own evolving technology environment in accordance with all relevant laws and regulations.</p> <p>At the federal level, the president <a href="https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/" target="_blank">issued an executive order in May 2017</a> directing federal agencies to <strong>adopt a risk-based approach to cybersecurity</strong> and to immediately work to modernize cybersecurity controls. Federal agencies subject to this executive order should pay specific attention to the significant cybersecurity risks posed by systems with known vulnerabilities. <a href="https://www.dhs.gov/trusted-internet-connections" target="_blank">DHS’ Trusted Internet Connections program</a> seeks to provide a <strong>consistent level of security across agencies</strong> to ensure that all agencies have a secure, trusted path to the internet.</p> <p>The TIC initiative seeks to <strong>consolidate internet connections to a manageable number</strong> and then provide security services across those trusted connections.</p> <p>Recognizing the increasing shift toward cloud computing services, the federal government also now manages the <a href="https://www.fedramp.gov/" target="_blank">Federal Risk and Authorization Management Program</a>. FedRAMP provides a consistent process for the evaluation and approval of cloud computing vendors across federal agencies, relieving agencies of the burden of independently evaluating vendor security practices and providing a common level of vendor assurance across the federal government.</p> <p>And the <a href="https://www.congress.gov/bill/113th-congress/house-bill/1232" target="_blank">Federal Information Technology Acquisition Reform Act </a>(FITARA) of 2015 implements new requirements for the appointment of federal agency CIOs and the centralization of procurement practices.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">The State and Local Government Play in Federal Cyber Regulations</h2> <p>While many of these regulations come from the federal government, <strong>state and local technology officials should also pay heed</strong>. Agencies interacting with the federal government must be able to integrate with these new, more secure systems.</p> <p>For example, the federal law enforcement community publishes the <a href="https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center" target="_blank">Criminal Justice Information Services (CJIS) Security Policy</a>. This policy contains specific requirements for state and local law enforcement agencies seeking access to federal law enforcement systems. State and local agencies may also look to the federal government for advice on security best practices.</p> <p>The <a href="https://www.nist.gov/cyberframework" target="_blank">National Institute of Standards and Technology publishes a Cybersecurity Framework</a> (CSF) that provides comprehensive guidance on cybersecurity issues that can form the foundation of any cybersecurity program in the public or private sector.</p> <p>This framework classifies cybersecurity activities into <strong>five major functions</strong>:</p> <ul><li>Identify</li> <li>Protect</li> <li>Detect</li> <li>Respond</li> <li>Recover</li> </ul><p>The CSF then provides policies, standards and best practices for organizations to follow as they implement and manage each of those five cybersecurity functions.</p> <p>Agencies that choose to adopt a well-defined framework such as CSF will <strong>increase their ability to future-proof their infrastructure</strong> against new and evolving cybersecurity requirements. By adopting a best-practices approach to cybersecurity, agencies will have a strong foundation in place when new requirements arise.</p> <p>To learn more, download our white paper, "<a href="https://statetechmagazine.com/resources/white-paper/managing-cyber-risks-public-sector-environment" target="_blank">Managing Cyber Risks in a Public Sector Environment</a>."</p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> </div> <div class="author-info"> <span>by </span><a rel="author" href="/author/statetech-staff"> <div>StateTech Staff</div> </a> </div> <div class="author-bio"> <p></p> </div> </div> </div> </div> Wed, 06 Jun 2018 16:15:58 +0000 juliet.vanwagenen_22746 40921 at https://statetechmagazine.com Smart Cities 3.0: 5G, Edge Computing and Citizen Engagement https://statetechmagazine.com/article/2018/06/smart-cities-30-5g-edge-computing-and-citizen-engagement <span>Smart Cities 3.0: 5G, Edge Computing and Citizen Engagement</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 06/05/2018 - 12:18</span> <div><p>When it comes to smart cities, many envision a futuristic city similar to what you might see in the latest Avengers movie, with flying cars and high-speed trains that will only be a reality in the future. As many city and state IT leaders know, this is far from the case. In fact, the smart city isn’t a stable state at all, but one that is constantly evolving. We already find ourselves in the third iteration of our approach to constructing a hyperconnected city: <strong>smart city 3.0.</strong></p> <p>When smart cities took off, a top-down approach was common. Governments would decide internally how to become a smart city and initiate new policies or working groups to help embed the latest technologies into the city’s infrastructure <strong>without input from citizens</strong>.</p> <p>The <strong>2.0 approach to smart cities was more inclusive</strong>. As governments realized citizens may not have appreciated these initiatives at the predicted rate, they decided the process must become more citizen-centric.</p> <p>For example, in 2016, the city of Dallas joined the White House’s <a href="http://www.dallascitynews.net/white-house-announces-smart-cities-initiative-dallas-to-launch-innovation-alliance)" target="_blank">Smart City Initiative</a>, which was launched with the aim to help cities invest in emerging technologies that could improve operations or citizen services. At the beginning of the initiative, the idea was for local civic leaders, technology experts and data scientists to take control of the city’s evolution. However, Dallas’s <a href="http://www3.dallascityhall.com/smart-cities/" target="_blank">official city website</a> <strong>now reflects a more inclusive approach</strong>, with details about each initiative and contact information for citizens who have additional questions or concerns.</p> <p><a href="https://statetechmagazine.com/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the <em>StateTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Edge Computing, 5G Pave the Way to a Smart Community</h2> <p>In the 3.0 approach to creating a smart city, legislators have realized it is more appropriate to think of these initiatives as a way to build not just a smart city, but a smart community. Citizens with smartphones, cameras and wearables now <a href="https://statetechmagazine.com/article/2018/03/smart-cities-connect-2018-cameras-sensors-turn-city-vehicles-smart-assets">play a role in providing real-time feedback to city development teams</a> via the data collected by these devices.</p> <p>This dynamic process gives city legislators the ability to see precisely how citizens are interacting with the sensors throughout a smart city and how those sensors can be improved, allowing for <strong>real-time decision-making and visibility into city operations</strong>.</p> <p>Government IT leaders wishing to make their cities or regions smarter must ensure they understand the demographics of their communities. To do that they may need to form partnerships with their area service providers for everything from internet connectivity to utilities.</p> <p>As for service providers, every citizen will need to have equal access to a broadband network. Because so many apps will incorporate latency-heavy technology, such as video, artificial intelligence and machine learning, 3G and 4G networks will not be able to support the bandwidth and latency requirements of this mixed-media traffic — making 5G availability key to truly smart communities.</p> <p>5G networks are expected to be <a href="https://statetechmagazine.com/article/2017/12/5g-technology-about-revolutionize-smart-city-deployments">live and working in cities by 2022</a>, opening up greater networking potential with <a href="https://statetechmagazine.com/article/2018/04/difference-between-downloadupload-speeds-smart-city-5g-perfcon">upload and download speeds that are hundreds of times faster</a> than any currently available networks. Local government leaders must determine if they will be able to bring <strong>5G capabilities and fiber assets</strong> to every part of their cities. The best way to do so is to make it financially and otherwise attractive for service providers to make 5G available citywide.</p> <p>One possible way to ease this transition is to combine government-owned fiber assets with networks of multiple service providers into a converged metrowide infrastructure. This approach would require multidomain, multivendor service; programmable physical and virtual network elements; analytics and intelligence. These components would create a more adaptive network, which automates many manual processes while still allowing control through intent-based policies. When combined with analytics and intelligence, the network will be better able to predict when and where bandwidth capacity will be needed in order to support “smart” applications.</p> <p><a href="https://statetechmagazine.com/article/2018/03/edge-computing-sharpens-agency-analytics-use">Edge computing will also have a large impact</a> on the next phase of smart city development. Smart cities are increasingly deploying high-bandwidth and latency-sensitive apps that draw information from multiple sources. This information cannot be used the way it needs to be if it is stored in a remote, centralized data center. It must be closer to the point of interaction, something edge computing can enable.</p> <p>As more devices are added to a smart city, it will become increasingly important for data to be collected at the point of interaction with citizens. This approach opens up the ability to share data with similar, nearby regions and eventually become a <strong>more connected, community-based platform</strong> supporting multiple agencies.</p> <h2 id="toc_1">A Movie-Perfect Ending for Smart Cities</h2> <p>If local governments manage to employ more inclusive citizen engagement, 5G technology and edge computing, we may soon see a movie-worthy smart city become reality. It will be one that allows for <strong>better citizen engagement and </strong><strong>participation</strong> while <a href="https://statetechmagazine.com/article/2017/05/what-will-googles-smart-city-look">tackling many frustrations that accompany city living</a>.</p> <p>We could see less traffic congestion and air pollution, streamlined processes at city hall and the local department of motor vehicles, efficient systems for utility billing and improved public services like water, electricity, garbage collection and more.</p> <p><strong>The benefits are endless.</strong></p> </div> <div> <div class="field-author"> <div id="taxonomy-term-" class=""> <div class="author-photo"> <a href="/taxonomy/term/11491"><img src="/sites/statetechmagazine.com/files/styles/face_small/public/people/Daniele_passport_photo.JPG.jpg?itok=xDSrBNIJ" width="58" height="58" alt="Daniele Loffreda" typeof="foaf:Image" /> </a> </div> <div class="author-info"> <span>by </span><a rel="author" href="/taxonomy/term/11491"> <div>Daniele Loffreda</div> </a> </div> <div class="author-bio"> <p> <div><p>Daniele Loffreda is the state/local government, education and healthcare industry advisor at Ciena. For 25 years, Daniele has held various roles in the information and communications technology industry, encompassing a variety of functions with multiple organizations. Before joining Ciena, Daniele was a senior manager for market intelligence and communications at Fujitsu.</p> </div> </p> </div> </div> </div> </div> Tue, 05 Jun 2018 16:18:46 +0000 juliet.vanwagenen_22746 40911 at https://statetechmagazine.com