Changes to DHA Will Impact Cybersecurity Needs

Lloyd McCoy Jr.By Lloyd McCoy, Market Intelligence Manager

The mandates in the National Defense Authorization Acts of 2017 and 2019 called for greater centralization of the military health system. We are now seeing these initiatives being set in motion. One prime example is the migration of the Army, Navy and Air Force’s more than 400 military hospitals and clinics under the umbrella of the Defense Health Agency. I recently attended an AFCEA luncheon where Dr. Barclay Butler, the Component Acquisition Executive for DHA, and Pat Flanders, DHA CIO, spoke extensively on the ongoing consolidation, as well as other initiatives which promise to impact how those selling IT should approach defense health IT leaders.

Measurability and efficiency are driving the trend toward centralization and standardization across the Defense Health establishment. This is particularly applicable for security vendors since DHA wants to instill commonality in cybersecurity services and tools — from the largest military hospitals to the widely dispersed clinics. The two leaders urged industry that when engaging with Army, Navy and Air Force hospitals and clinics, think of the big picture. How can your solution work and be applicable across the entire military health enterprise?

Measurability

Butler and Flanders spoke at length about the need to measure outcomes. For security solutions, that means being able to better monitor threats and speed of remediation. Nothing new on the surface, but this requirement becomes more complicated as more and more military facilities get subsumed under DHA, with all the network architecture and migration challenges that come with the transition. Having a steady dialogue with DHA or one of the service medical commands is critical to ensure that safety and security aren’t negatively impacted by these changes – while ensuring that the hospitals and clinics have robust capabilities for measuring and auditing their security posture.

Read more of this post

Behold the New Cybersecurity and Infrastructure Security Agency

By Kevin Shaker, Consultant

For a long time now, we have been talking about a change in the mission scope and organizational structure of the National Protection and Programs Directorate, the agency largely responsible for securing federal networks and protecting critical infrastructure. But now, it seems that the 2017 bill to rename, reorganize and solidify its role at the department has finally happened.

The agency has officially been renamed the Cyber and Infrastructure Security Agency or CISA. The president signed into law the CISA Act of 2018 on November 16, 2018. The bill had been looming over Congress for some time.

Here are a few things industry will want to know about the agency’s new facelift:

Read more of this post

FY19 Advice From DISA Industry Day

By Ryan Granato, Analyst

At their recent forecast to industry, DISA outlined a future built around mobility, cybersecurity, small businesses and the importance of targeted industry pitches. Here are key insights from DISA leaders for securing FY19 business:

Selling to DISA
When selling to DISA, it is paramount for industry to tailor their pitch to how their solutions can work specifically for outlined requirements and referenced pain points. According to Dave Bennett, director of DISA’s operations center, nine out of ten times what worked for industry commercially will not work for DISA. Even more so, he says that any pitches that reference past performance for industry will not be met with open arms. Bennett goes so far as to say, “I will zero my mind out. I will be singing la la la in the back of my head.” For best practices, Bennett says that industry must come armed with knowledge directly associated to the area they are looking to support.

Read more of this post

The Return of Space Command – The Space Force for Now

By Mark Wisinger, Senior Analyst

Space Force? Not exactly. The new FY19 NDAA features the requirement to re-establish Space Command – which is high-priority focus area for department policy makers in FY19.

DOD policy makers like John Rood, Under Secretary of Defense for Policy, have been developing a plan to meet the Congressional mandate to re-establish US Space Command, which was originally de-established back in 2002. In the short term, we are likely to see Space Command spun out of STRATCOM as a subordinate command, considering Space Command was originally folded into STRATCOM back in 2002. It’ll primarily be staffed with Air Force Personnel as it is stood up, sourcing from STRATCOM and Air Force Space Command.

Read more of this post

Key Highlights From the FY19 Cybersecurity Budget

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

The newly minted FY19 budget stands out because the federal government passed it on time and for the first time in nine years, government agencies begin the new year equipped to fund new and ongoing IT investments. In what is welcome, albeit not surprising news for security providers, cybersecurity remains the highest priority in the IT budget.

When it comes to security-specific spending, all signs point to the recently passed budget largely aligning to the initial agency wish lists.

Below are some of the key takeaways to help you map out your targeting strategy. Note that these figures don’t wholly encompass security spending as a substantial (though unknown) level of security spending isn’t formally recognized as such.

Read more of this post

Yes, the Public Sector Is Embracing IoT!

By Tim Larkins, director, market intelligence

Most analysts agree that by 2021, over 20 billion Internet-connected devices worldwide will make up a market for the Internet of Things (IoT) worth over $2.5 trillion. That means a huge market opportunity for vendors providing technology at every point — from the user device to the platform itself.

In a nutshell, IoT allows devices to link and exchange data. It’s not a discrete technology like business applications or infrastructure or even cybersecurity. It’s more like a wrapper around all other technologies and is comprised of five major elements:

  • The Edge: The devices, nodes and sensors actually collecting data
  • The Gateway: Either a physical device or software that allows data to flow from the edge to the platform
  • The IoT Platform: The operating environment, storage, computing power and development tools that receive data from the gateway
  • Software Applications: Programs that let users solve business problems, working with data stored in the IoT platform
  • Cybersecurity: The tools that protect all the nodes/sensors/devices at the edge and data transmitted through the gateway, platform, all the way to the user

Read more of this post

New DOE Office to Focus on Cyber Threats to Energy Sector

Tom O'Keefe

By Tom O’Keefe, consultant

Facing mounting cybersecurity challenges, the Department of Energy recently created a new office, the Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Karen Evans, a long-term fixture in cybersecurity in the federal government, was confirmed to lead the office on September 4, 2018. Dedicated to shoring up the cybersecurity of the U.S. energy grid, as well as protecting its own IT assets, the formation of CESER yet again demonstrates the government’s focus on protecting critical infrastructure from foreign attacks.

There are opportunities for industry within CESER, although it’s not your typical cyber play, like protecting against malware and viruses; it’s more about threat intelligence, information sharing and cyber situational awareness. Read more of this post

%d bloggers like this: