DAFITC Recap: DoD cyber experts emphasize ZTA and RMF reform

October 13, 2022 Leave a comment

By Ryan Nelson, Market Intelligence Manager

When it comes to cybersecurity, look for the DoD to emphasize Zero Trust Architecture (ZTA) as the branches push for reform to the Risk Management Framework (RMF), among other hot topics.

At the recent Department of the Air Force Information Technology and Cyberpower 2022 conference, increased focus on ZTA and RMF topped the list of cybersecurity concerns across the DoD. According to a panel of cybersecurity experts, other top-of-mind topics included the Cyber Security Maturity Model and the need for a better articulated policy for cybersecurity overall.

The panel included cybersecurity experts across the DoD, including:

  • David McKeown – Deputy Chief Information Officer for Cybersecurity and the Chief Information Security Officer for Department of Defense (DoD)
  • Alvin “Tony” Plater – Director of Cybersecurity for the Department of Navy Office of Chief Information Officer (OCIO)
  • Brigadier General Jan C. Norris (USAR) – Deputy Chief Information Officer, Department of the Army Office of the Chief Information Officer (OCIO)
  • Scott M. St. Pierre – Deputy Director Enterprise Networks and Cybersecurity Department of the Navy (OPNAV N2N6D)

As mentioned at the outset, panelists generally agreed that all branches of service need to move away from perimeter security to a Zero Trust Architecture (ZTA). The panelists noted the DoD released a plan in July for Zero Trust Reference Architecture.

Read more of this post

Filed under Market Intelligence, Sales Tagged with , ,

EO 14028 uncertainty offers opportunities in event logging, zero trust, Part 2 of 2

July 6, 2022 Leave a comment

By Ryan Nelson, Market Intelligence Manager

Uncertainty at the agency level about what constitutes compliance with EO 14028’s requirements regarding event logging (EL) and zero trust architecture (ZTA) offers vendors with those technological capabilities an opportunity to support agencies as they try to meet the demands of the order.

In the first part of this two-part series, we looked at event logging. This time we’ll turn our attention to ZTA.

As mentioned in our first installment, agencies have requested significant funding for the zero trust architecture and event logging requirements in the Executive Order, typically to the tune of $25 million per agency to achieve both goals.

Read more of this post

Filed under Market Intelligence, Public Policy, Sales Tagged with , , , , ,

EO 14028 uncertainty offers opportunities in event logging, zero trust (Part 1 of 2)

June 30, 2022 Leave a comment

By Ryan Nelson, Market Intelligence Manager

The Executive Order on Improving the Nation’s Cybersecurity, along with timelines and compliance guidance from the Office of Management and Budget (OMB), is causing some confusion among agencies as to what actually constitutes compliance. Agencies have requested significant funding for zero trust architecture (ZTA) and event logging (EL) requirements in the Executive Order, often around $25 million per agency to achieve both goals.

Vendors that can help agencies comply with the order and meet OMB’s timelines will be of extreme interest to these organizations.

Background

Signed on May 12, 2021, EO 14028 contains specific directives to achieve improve agency visibility on network activity and cybersecurity. The Office of Management and Budget (OMB) then released clarifying guidance in memos to define what agencies must accomplish. These include:

  • OMB 21-31: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents
  • OMB 22-09: Moving the U.S. Government Toward Zero Trust Cybersecurity Principles

EO 14028 requires agencies to determine their strategy for achieving a zero trust architecture within 60 days of release, while OMB 22-09 requires specific security goals be achieved by the end of FY24.

Read more of this post

Filed under Market Intelligence, Public Policy, Sales Tagged with , , , , ,

CMMC: Get ahead by doing the bare minimum

May 12, 2022 Leave a comment

By Ryan Nelson, Market Intelligence Manager

If you’ve been involved in federal sales for any time at all, you know that government cybersecurity professionals have been asking – pleading, in some cases – for vendors to “bake-in” risk management into their proposal. And while the industry does seem to be inching in that direction, it’s still a topic of great concern among agency IT leaders.

That’s why, if you really want to set yourself apart in federal sales, you need to do the bare minimum, and build your proposals with an eye toward compliance with Cybersecurity Maturity Model Certification 2.0. By doing the bare minimum, you’ll actually stand out from your less motivated competition, and stand a better chance at having your proposal come out on top.

At a recent AFCEA TechNet Cyber show in Baltimore, a panel of cyber experts was once again bemoaning this seeming lack of cooperation with industry’s compliance with cybersecurity directives.
CMMC 2.0 is the latest iteration of the cybersecurity certification, which is aimed at protecting the federal infrastructure from complex cyberattacks. It’s intended to cut red tape for small- and medium-sized businesses and help DoD and industry work together to address evolving cyber threats.
TechNet panelists (everyone from the senior tech advisor for the Operations and Infrastructure Center at DISA to the Army CIO cybersecurity director) were adamant about one thing: CMMC risk mitigation needs to be written into every single proposal.

Read more of this post

Filed under CMMC, Market Intelligence, Sales Tagged with , ,

Big sales opportunities in lesser-known agencies: Decoding the Omnibus Bill

April 26, 2022 Leave a comment

By Ryan Nelson, Market Intelligence Manager

The Omnibus Bill 2022 signed by the president about a month ago clocks in at nearly 2800 pages. It’s an annual free-for-all for vendors, with sales teams scouring the pages to compare appropriations to their product and service offerings.

While vendors’ typical targets are big-name agencies, there’s a strong argument to be made to dig a bit deeper below the surface, to the smaller sub-agencies. Big opportunities are often buried in small agency funding, and it’s worth having a closer read of the bill to find out just where those opportunities exist.

After all, you may be unlocking an opportunity that might not be obvious at first read, and therefore may not be as competitive as the larger agency requirements. Put enough of these smaller opportunities together, however, and suddenly you find yourself dealing with enough prospects to keep a team busy for some time.

That said, here are four interesting opportunities you might want to consider as you develop your prospect list from the newly signed budget bill:

1) Animal and Plant Health Inspection Service. Some $38,486,000 is to remain available until expended, for Animal Health Technical Services. Similarly, $4,251,000 is to remain available for information technology infrastructure. That means even agencies that are focused on the health of wildlife, domesticated animals and farmable plants are still a lucrative target for big data, data analytics and network infrastructure components.

2) Farm Service Agency. Necessary expenses for this comparatively low-profile agency actually top $1.1 billion. Information technology represents a significant part of this funding. With programs ranging from aerial photography to financial management information, there are quite a number of opportunities in this agency alone. Most notable is the Modernize and Innovate the Delivery of Agricultural Systems (MIDAS) program. MIDAS is a web-based modernization initiative to simplify, integrate, and automate the delivery of Farm Programs across the United States.

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , , ,

Seven ways to improve your sales to state CIOs

April 13, 2022 Leave a comment

By Ryan Nelson, Market Intelligence Manager

State and local legislatures are having a good year. Flush with cash from the federal funding, most states enacted budgets with an increase in spending and revenue for FY2022. According to a recent conference of market analysts and government leaders, states project general fund spending of $1.02 trillion, a 9.3% increase compared to 2021. The education outlook is a bit more cautious, showing a trend of delayed spending of federal funding in K-12 districts. Nonetheless, there is a projected additional $3.5 billion in e-rate funds for 2022 and 2023.

During the recent conference, Jim Weaver, Secretary for Information Technology/State CIO for North Carolina was interviewed about how vendors can better position themselves and present information to decision-makers. Here are some of his top tips:

Taking all of this into account, what do vendors planning to sell into the state and local market need to know? The sales approach to state and local decision-makers is different than the federal market, and vendors should be prepared to make adjustments to their approach, to ensure a better chance of success.

1. Understand the state’s strategic plan. Every state has a strategic plan. Before you engage, know how your products and services will help them achieve their particular goals. Do not ask what an agency’s “pain points” are, or “what keeps you up at night?” You’ll find yourself being redirected back to the strategic plan.

2. States are changing the way they consume info. A crisis is an opportunity to influence change, Weaver said, and that has been true with the pandemic. What’s important now are case studies and the applicability of the study to the particular agency being courted. Messaging has to be eye-catching and visionary, but still based on what’s being done at the strategic planning level. Also, Weaver emphasized being engaged in the procurement process; vendors who aren’t already engaged in the process will most likely not get a lot of traction.

Read more of this post

Filed under Market Intelligence, Sales, SLED Tagged with , ,

%d bloggers like this: