SLED Cybersecurity Opportunities: The “Whole-of-State” Approach

By Rachel Eckert, SLED Market Intelligence Manager

Cybersecurity incidents increase every year, and state, local and education entities are struggling to respond in the face of limited funding and resources.

As I talked about in a recent virtual event, that response is taking the form of a synchronized “whole-of-state” approach to state and local cybersecurity initiatives. In this approach, all stakeholders – state IT, national guard, local law enforcement, local government and schools – are pulled together to develop a cohesive and coordinated response plan. The plan leverages state services, such as incident management, awareness and training, forensics, use of the security operations center and vulnerability management.

The potentially good news here is that additional federal funding may be coming to help states and local governments tackle cyber issues. The House has passed the State & Local Cybersecurity Improvement Act. If enacted as law, this measure will provide some $400M per year for states to coordinate with local governments on a cohesive security plan and response strategy, and to support upgrades to state and local systems.

Here are just a few categories of opportunities to consider, in this new era of SLED cybersecurity: Read more of this post

Top 3 FY21 Opportunities at the Department of Education

By Jessica Parks, Analyst

With another busy year end in the rearview mirror, it’s time to look to FY21. While large agencies such as the Department of Homeland Security and Health and Human Services always attract attention due to their budgets and high-visibility projects, it’s important to remember that other agencies across government also require your assistance to deliver, innovate and economize.

One such agency, the Department of Education, has requested $5 million for FY21 to establish a Working Capital Fund, showing that accelerating IT modernization will be a priority. Read on for the top 3 areas poised for significant investment.

1) NextGen Federal Student Aid (FSA)

Located in the Office of Federal Student Aid, this approximately $1B program seeks to improve the experience of external customers (such as students) in their interactions with FSA. The program covers a myriad of areas, from business process management to cybersecurity to data management and analytics. High on the list for FY21 are mobile solutions, self-service tools (think machine learning and AI solutions) and records and content management.  Read more of this post

How IT Can Help Streamline the Voting Process and Improve Accountability

By Charles Castelly, Analyst

With the presidential election around the corner, citizens are contemplating when and how they are going to vote — in person or via mail-in ballot. This is an unusual year due to concerns stemming from the global pandemic, and with that comes necessary changes for both governments and voters. The outcome of this election will rely heavily on mail-in voting, which presents some unique challenges.

Election accountability is especially crucial this year and with only a few weeks remaining, states are rushing to ensure their systems are up to par and can handle the influx of mail-in ballots expected.

Citizens are demanding accountability in the vote tabulation. Several states have rolled out applications that enable citizens to track their ballots — from request to vote count. However, there are handful of states that do not currently have an online tracking option, such as Connecticut, Mississippi, Missouri, Wyoming and New York. Other states have tracking at a state level but have little to no tracking capability at the county level.  Read more of this post

Cybersecurity Spending Continues in State Government

By Rachel Eckert, SLED Manager

By now, most of us are aware of the budgetary restrictions many states will be under due to reduced revenue collections. Arkansas will experience cuts of about $250 million in the next fiscal year. Utah could see budget cuts up to 10%, while Vermont may see budget cuts of up to 25%. This will most likely restrict the number of new projects, but one area many state CIOs expressed continued support for is cybersecurity.

During recent round table discussions hosted by NASCIO, budgets and budget cuts were top of mind for CIOs as they shared top priorities for the coming fiscal year. Many stated that they were continuing with their initiatives as best they could, balancing funding with requirements. Initiatives include projects like service digitization, automation, customer relationship management, and in many cases, improving cybersecurity frameworks.

Some states are planning to leverage funding they receive through the CARES Act for technology, while others are trying to find alternative ways to finance new and ongoing initiatives alike. Despite budget cuts, there is one area continuing to receive CIO attention — cybersecurity. Here’s a snapshot of what’s happening across the country:  Read more of this post

AI Is on the Upswing in State Government

By Rachel Eckert, SLED Manager

When it comes to artificial intelligence, most states are just beginning to uncover its potential.

As I discussed in a recent webinar, AI usage thus far has been mostly experimental. Recent survey data from the Center for Digital Government demonstrates that nearly a third of those surveyed about their current deployment of AI are doing so through proof-of-concept projects.

While widespread use of AI is not taking place, the good news is that the share of states NOT using AI is only 12% — meaning there are far more states open to using AI than not. This is a wide-open field with few standards or common threads from project to project and provides an opportunity for AI vendors to approach state and local governments with their technology. Read more of this post

Cyber Insurance Is Not an IT Strategy

By Rachel Eckert, SLED Manager

Ransomware attacks on our state and local governments’ IT infrastructure are increasing at an alarming rate and our customers are looking at cyber insurance to mitigate risk. But cyber insurance shouldn’t be confused with a sound cybersecurity strategy that guards against attacks in the first place.

Here’s what you need to know about cyber insurance and how you can work with customers to develop cyber strategies that will serve them for the long term. Read more of this post

If You Sell to DOD, Pay Attention to CMMC

By Troy Fortune, Vice President & General Manager

You’ve probably heard that the Department of Defense (DOD) recently released the official version 1.0 of its new Cybersecurity Maturity Model Certification (CMMC 1.0).

This is one of the hottest topics in government contracting right now and immixGroup is following developments very closely. And, it will affect everyone in our industry who sells to DOD – resellers, distributors and OEMs. 

As a quick refresher, this is a cybersecurity standard that all contractors must meet if they want to do business with DOD. As we’ve discussed before in a previous blog, the standards themselves are taken from existing ones. With CMMC 1.0, we now have more clarity on what the 5 levels of CMMC entail: Read more of this post

HAVA Grants Provide Funding for States to Protect Election Systems

By Rachel Eckert, SLED Manager

With just about a year before the general election and eight months before the primaries, the rush is on to identify and mitigate any potential security gaps in election systems!

Our national election system is a very complex network and involves multiple stakeholders including federal, state and local public entities, private companies and citizens. Multiple IT systems and databases that manage and support voter registration, polling books, vote tallying and election night results – are all potential points of vulnerability.

Updating and/or replacing these systems is not cheap, and with already strapped budgets, this strains state and local governments alike. While some governments have already invested in systems upgrades and improvements, many others will be looking for help from the vendor community before the next big general election.

HAVA Grants Fund Election System Upgrades

The good news is that there are funds available to state and local entities in the form of grants from the “Help America Vote Act” – or HAVA. In March 2019, an additional $380M from the federal government was provided to states to help with election security improvements. Each state received a base of $3M with the remainder of the $380M distributed by voting age population. Smaller states typically only received the base $3M, but larger states like California received upwards of $34M. Read more of this post

New Security Requirements Coming to DOD Acquisition in 2020

Lloyd McCoy Jr.Cyber security network concept. Master key connect virtual networking graphic and blur laptop with flare light effectBy Lloyd McCoy, Market Intelligence Manager

Starting next summer, anyone selling IT to the Department of Defense will need to be certified by the Cybersecurity Maturity Model Certification (CMMC) in order to compete for contracts.

The CMMC is a set of security standards that will start appearing in RFIs in June 2020 and will apply to all defense acquisitions by September. The CMMCs will represent security maturity levels and will have five levels, each with their associated security controls and processes. Level 1 will likely be like what we consider basic hygiene, with Level 5 describing the very best in security practices. The level needed will depend on the contract and will be used to determine whether a vendor makes the cut. Details on what each of the levels contain are scant right now but expect more information in the coming months as the Department collects public feedback. Read more of this post

States Improving Cybersecurity Posture Through NGA Partnership

By Rachel Eckert, SLED Manager

The National Governors Association (NGA) recently announced a partnership with states and territories that are looking to enhance their cybersecurity posture through the implementation of key controls to mitigate future attacks.

After a competitive application process, the six states and one territory chosen were Arkansas, Guam, Louisiana, Maryland, Massachusetts, Ohio and Washington. Through a series of workshops between now and the end of the year, NGA, along with their respective homeland security agencies and National Guard units, will coordinate with state agencies, local government and K-12 schools to develop methods of improving existing cybersecurity approaches.

During the workshops, participants will brainstorm new methods to protect critical infrastructure, and vendors may discover new business opportunities. In addition to developing more comprehensive strategies and collaborating with neighboring governments, the participants will be focusing on implementing six key controls outlined by the Center for Internet Security:

Read more of this post

%d bloggers like this: