Public Sector Tech Outlook: 2024 Predictions for AI, Cybersecurity and FedRAMP Evolution

Exploring AI Trends and Cybersecurity Evolution in the Federal Tech Landscape with Jason Miller

Jason Miller is the Executive Editor of Federal News Network and has covered the federal technology space over the course of five Presidential administrations. He brings his wealth of knowledge as he joins Tech Transforms to talk about AI, the top things government agencies are working towards this year and his predictions around FedRAMP changes. Jason also pulls on his decades of experience as he discusses events that changed the nation's approach to cybersecurity and the longstanding need to have data that is better, faster and easier to use.

Key Topics

• 00:00 AI's impact on texting and cloud's significance.
• 04:17 Federal Enterprise Risk Management in government tech.
• 07:20 AI trends shifting toward real-time application.
• 11:22 2025 and 2027 deadlines for zero trust.
• 13:31 CISOs and CIOs adapting to modern technology.
• 16:45 Frustration with FedRAMP leads to reform efforts.
• 21:39 Applying similar model to expand decision-making.
• 23:37 GSA discussed OSCAL at private industry day.
• 27:55 CISA's role has grown within DHS.
• 30:33 Increased transparency in cybersecurity changed approach significantly.
• 34:17 Reflecting on the 2006 significance of data.
• 39:19 AFCEA events bring together good people.
• 42:53 Fascination with government architecture and dedicated government workers.
• 44:35 Promoting positivity and accountability in government industry.

Cybersecurity Evolution: Examining Technology's Political Neutrality and AI Commitment Through Administrative Changes

Consistent Focus on Cybersecurity Evolution Across Political Administrations

Jason expressed a clear conviction that technology issues are largely immune to political fluctuation and are a continuity in government agendas. Reflecting on his experience across five administrations, he noted that the foundational technological discussions, such as cloud adoption, cybersecurity enhancement and overall IT improvement are fundamentally preserved through transitions in political leadership. He highlighted that the drive to enhance government IT is typically powered by the resilience and dedication of public servants, who generally carry on valuable reforms and initiatives regardless of the sitting administration's politics. These individuals are essential to sustaining progress and ensuring that technology remains a key priority for effective governance.

Federal IT Policies Consistency: "No one comes in and says, I'm against AI, or cloud is bad, move back on premise, or cybersecurity, defund cybersecurity. I think those are the issues that stay the same." — Jason Miller

Executive Orders and AI Adoption

Addressing the specifics of executive orders, particularly those influencing the implementation and development of artificial intelligence (AI), Jason examined their historical persistence and their potential to shape operational practices in the government sector. He and Mark discussed how the stability of AI-related orders through various administrations is indicative of a broader governmental consensus on the integral role AI holds in modernizing federal operations. Despite changes in leadership, the incoming officials frequently uphold the momentum established by their predecessors when it comes to leveraging AI. Indicating a shared, bipartisan recognition of its strategic importance to the government's future capabilities and efficiencies.

Cybersecurity Evolution: Zero Trust Principles and Network Security Challenges in Federal Agencies

Zero Trust and Cybersecurity Budgeting

During the podcast, Carolyn and Jason delve into the current trends and expectations for federal cybersecurity advancements, with a particular focus on zero trust architecture. Their discussion acknowledged that agencies are on a tight schedule to meet the...

So What?: Understanding Disinformation and Election Integrity with Hillary Coover

Can you spot a deepfake? Will AI impact the election? What can we do individually to improve election security? Hillary Coover, one of the hosts of the It’s 5:05! Podcast, and Tracy Bannon join for another So What? episode of Tech Transforms to talk about all things election security. Listen in as the trio discusses cybersecurity stress tests, social engineering, combatting disinformation and much more.

Key Topics

• 04:21 Preconceived notions make it harder to fake.
• 06:25 AI exacerbates spread of misinformation in elections.
• 11:01 Be cautious and verify information from sources.
• 14:35 Receiving suspicious text messages on multiple phones.
• 18:14 Simulation exercises help plan for potential scenarios.
• 19:39 Various types of tests and simulations explained.
• 23:21 Deliberate disinformation aims to falsify; consider motivation.
• 27:44 India election, deepfakes, many parties, discerning reality.
• 32:04 Seeking out info, voting in person important.
• 34:18 Honest cybersecurity news from trusted source.
• 38:33 Addressing bias in AI models, historic nuance overlooked.
• 39:24 Consider understanding biased election information from generative AI.

Navigating the Disinformation Quagmire

Dissecting Misinformation and Disinformation

Hillary Coover brings attention to the pivotal distinction between misinformation and disinformation. Misinformation is the spread of false information without ill intent, often stemming from misunderstandings or mistakes. On the other hand, disinformation is a more insidious tactic involving the intentional fabrication and propagation of false information, aimed at deceiving the public. Hillary emphasizes that recognizing these differences is vital in order to effectively identify and combat these issues. She also warns about the role of external national entities that try to amplify societal divisions by manipulating online conversations to serve their own geopolitical aims.

Understanding Disinformation and Misinformation: "Disinformation is is a deliberate attempt to falsify information, whereas misinformation is a little different." — Hillary Coover

The Challenges of Policing Social Media Content

The episode dives into the complexities of managing content on social media platforms, where Tracy Bannon and Hillary discuss the delicate balance required to combat harmful content without infringing on freedom of speech or accidentally suppressing valuable discourse. As part of this discussion, they mention their intention to revisit and discuss the book "Ministry of the Future," which explores related themes. Suggesting that this novel offers insights that could prove valuable in understanding the intricate challenges of regulating social media. There is a shared concern about the potential for an overly robust censorship approach to hinder the dissemination of truth as much as it limits the spread of falsehoods.

The Erosion of Face-to-Face Political Dialogue

The conversation transitions to the broader societal implications of digital dependency. Specifically addressing how the diminishment of community engagement has led individuals to increasingly source news and discourse from digital platforms. This shift towards isolationistic tendencies, amplified by the creation of digital echo chambers, results in a decline of in-person political discussions. As a result, there is growing apprehension about the future of political discourse and community bonds, with Hillary and Tracy reflecting on the contemporary rarity of open, face-to-face political conversations that generations past traditionally engaged in.

The Shadow of Foreign Influence and Election Integrity

Challenges in India’s Multiparty Electoral System

In the course of the discussion, the complexity of India's...

Advancing USPTO's Mission: Insights from Deputy CIO Deborah Stephens

Deborah Stephens, the Deputy Chief Information Officer for the United States Patent and Trademark Office (USPTO), “grew up” so to speak in the USPTO. Deborah led the USPTO on its agile journey. As the agency took on its “New Ways of Working, '' by moving people and resources closer to the work, she helped empower employees to build and deploy software. Deborah shares how she guided the agency through this 4-year change journey, gaining buy-in from the organization, which was proved by an engagement rate increase from 75% to 85%. Deborah also talks about what it means to be a HISP, running USPTO as a business that is entirely self-sustaining, and, in honor of Women’s History Month, the women who have inspired her along the way.

Key Topics

• 05:54 Some embraced digital change, others struggled with it
• 08:53 Most employees were ready for telework
• 10:59 USPTO shifts to agile approach for IT
• 16:41 Gathering feedback led to 10% engagement increase
• 23:50 Customers submit 600,000+ patent and trademark applications yearly
• 26:51 Agency conducts outreach through webinars and trademarks
• 31:06 Customer experience and UX processes are fundamental
• 33:45 USPTO offers different fee structures for entities
• 35:30 USPTO runs efficiently with prioritization and budgeting
• 39:43 Acknowledging strong women, personally and professionally
• 43:21 Seek guidance and practice for success

Growth in Patent and Trademark Requests

Surge in Applications at USPTO

Deborah Stephens highlights a significant increase in the number of patent and trademark applications received by the USPTO over the years. This growth, from approximately 350,000 to 400,000 applications in 2012, with numbers continuing to rise, underscores the vibrant culture of innovation and creativity in the United States. The upward trend of applications is a positive sign of the country's ongoing commitment to innovation. However, it also presents logistical challenges for the USPTO. Including the need to process a higher volume of applications efficiently while ensuring the quality of examination does not diminish.

Transition to New Ways of Working in U.S. Patent and Trademark Office: "And so in around late 2018, 19, we began our, what we referred to as our agile journey. We named it our New Ways of Working, which essentially is an entire USPTO effort. Including our business unit with 12 other business units, moving people and the resources closer to the work. Giving them that empowerment, to build, deliver, deploy software, product services for our business stakeholders, and that's both internally and externally." — Deborah Stephens

USPTO is Adapting to Increased Demand

In response to the growing demand for intellectual property protection, the USPTO has been proactive in seeking ways to maintain and improve service delivery. Deborah discusses the agency's approach to managing the influx of applications, focusing on scalability and efficiency. Despite the challenges posed by the increase in applications, the USPTO's designation as a High Impact Service Provider (HISP) has had minimal impact on its existing customer experience strategy. The agency's foundational commitment to delivering exceptional service to inventors and entrepreneurs remains steadfast. With an emphasis on continuous improvement and the adoption of new strategies to better meet the needs of the U.S. innovation community.

USPTO's Fee-Funded Model and Fiscal Strategy

USPTO’s Fee-Funded Operations

Deborah highlights the United States Patent and Trademark Office's (USPTO) operational model, which is uniquely self-sufficient. Relying entirely on fees collected from patent and trademark applications.

Beyond Compliance: Elevating Cybersecurity Practices with Travis Rosiek

As technology rapidly evolves we as a nation need to anticipate the attacks that may come about as a result of that innovation. Travis Rosiek, the Public Sector CTO at Rubrik and former Leader at the Defense Information Systems Agency (DISA), joins Tech Transforms to talk about how the government’s approach to technology and relationship with industry has evolved over the last twenty years. He also discusses compliance, including FedRAMP compliance, managing the vast amount of data that is generated daily across the government and industry, and the importance of the U.S. Government building cyber resilient systems. Catch all this and more on this episode of Tech Transforms.

Key Topics

• 00:00 Government fielded and tested tech capabilities, explained compliance.
• 05:23 Enhanced security collaboration, compliance, and risk minimization.
• 09:14 Experience in government and commercial capabilities. Innovation.
• 10:12 Commercial companies prioritize profitability over long-term planning.
• 14:38 Challenges in public sector recruiting and retention.
• 18:49 Outsourcing SaaS applications frees up resources. AI evolving, human input remains essential.
• 22:33 Assessing incident response: Operational evaluation, not just compliance.
• 25:57 Vendors and program office face process challenges.
• 29:46 Secure cloud data access: visibility, risks, controls.
• 32:27 Emphasizing need for security in IT systems.
• 36:44 CISOs face challenges in evolving tech landscape.
• 38:11 Support CISOs, recruit and retain talent, accountability.

Evolving Cybersecurity Practices: A Shift to 'Cloud Smart' Strategies

Travis's Perspective on Cloud Misconceptions

Travis discusses the early days of cloud adoption, which were often fueled by misconceptions about its benefits. The migration toward cloud computing was commonly believed to be a cost-effective solution that would reduce expenses and simultaneously enhance security. However, he points out that this was not always the case. Many organizations have since realized that the initial cost of moving to the cloud can vary greatly based on specific use cases and applications. This realization has led to a strategic shift toward what Travis refers to as a "cloud smart" approach. Highlighting the need for a more discerning and tailored evaluation of how cloud resources are utilized.

The Role of Commercial Companies vs. Government in Problem-Solving: "Industry is great about solving problems. You know, driving that capitalism type of culture, building capabilities, selling solutions. And they're quicker to implement, adapt and deploy capabilities where the government is very slow in implementation of these you know, they can figure out the problem." — Travis Rosiek

The 'Cloud Smart' Strategic Approach

Taking a "cloud smart" approach indicates a maturation in the perception of cloud services by government agencies and businesses alike. Rather than a blanket strategy of cloud-first, Travis indicates that there is now a more nuanced consideration of when and how to use cloud services. He underscores the importance of aligning cloud adoption with an organization's unique needs. Including the potential scalability, security and cost implications. This approach suggests a collaborative and informed decision-making process. Recognizing that the cloud offers a variety of solutions, each with different features, advantages and trade-offs that must be carefully weighed against organizational goals and objectives.

Navigating Cybersecurity Practices in Cloud Migration

The Balance of Technical and Non-Technical Implications in Cloud Migration

Travis discusses the intricacies involved in organizational cloud migrations. Emphasizing that these undertakings are not solely about technological transitions but...

From Special Ops to Cybersecurity: A Veteran's Journey in National Security

Sebastian Taphanel has spent his life on the cutting edge of technology and innovation. This week on Tech Transforms, Sebastian is sharing tales and lessons learned from his 20 years in DoD Special Ops and intelligence and 20 years implementing sound security engineering practices focused on implementing zero trust and highly resilient environments. Join Sebastian as he recounts his time in Special Forces taking his units out of the dark ages from secure fax communications to setting up an intranet, and how he continued with that innovative spirit through his 40-year career. He also shares his new passion, encouraging the industry to utilize disabled veterans to help fill both the cybersecurity and AI workforce gaps. They, after all, already have a call for the mission.

Key Topics

• 03:38 ODNI CIO responded quickly with Microsoft Azure.
• 07:03 Protecting data via application container, expanding capabilities.
• 11:01 Zero Trust redrawn cybersecurity model, data-centric approach.
• 13:57 Developing zero trust plan for downstream organizations.
• 18:50 Ensuring security while sharing information and protecting IP.
• 21:35 APIs, containers enable fluid, flexible data access.
• 24:20 Data protection systems allow secure sharing and storage.
• 27:02 Addressing cybersecurity workforce gap and AI need.
• 29:39 In 1998, new commander requests secure WAN.
• 33:49 Applied for certified protection professional, highest security certification.
• 36:28 Passionate about supporting disabled vets in cybersecurity.
• 39:55 Mentoring government employees for cybersecurity and AI/ML.
• 45:32 Using advanced generative AI solutions for copywriting.
• 47:19 Update cybersecurity tools and systems for new threats.
• 49:50 Respect for those dedicated to automation.

Enhancing Secure Communication and Cloud Environments in Special Ops

Special Ops Agility: Adapting to Remote Collaboration with Secure Cloud-Based Workspaces

Sebastian Taphanel’s experience spans twenty years in DOD Special Ops and Intelligence, followed by consulting in security engineering. The focal point of this episode is his role in advancing cybersecurity practices at the ODNI. Particularly emphasizing resilient cloud-based environments.

Sebastian describes the quick adaptation during the pandemic which led to the rollout of an ad hoc cloud-based workspace to ensure the ODNI's mission could endure despite the workforce being remote. GCC High, or Government Commercial Cloud High as conceived by Microsoft, is revealed as the successor to the initial setup. Providing a more secure platform managed strictly by U.S. persons. The approach highlighted the agility of cloud technology for remote collaboration within federal agencies.

Cybersecurity in Intelligence Sharing: "Essentially, reciprocity is a process and also a culture of accepting each other's risks. And that's really the bottom line on all that." — Sebastian Taphanel

Unfolding the GCC High Environment

The intricacies of implementing Microsoft Azure and M365 (Office 365) are detailed as Sebastian underlines their pivotal use in creating an intranet with controlled document sharing and editing. These implementations include robust Mobile Device Management. Then a BYOD Mobile Application Management system that protects sensitive data in government and personal devices. Thereby, ensuring operational security and flexibility.

Special Ops Communication Evolution

Sebastian advanced from using secure faxes for interstate communication within military units to establishing a multi-state secure WAN. This resulted in a significant leap in communication efficacy for special operations. Sebastian shared the...