Tech Transforms, sponsored by Dynatrace

Jason Miller is the Executive Editor of Federal News Network and has covered the federal technology space over the course of five Presidential administrations. He brings his wealth of knowledge as he joins Tech Transforms to talk about AI, the top things government agencies are working towards this year and his predictions around FedRAMP changes. Jason also pulls on his decades of experience as he discusses events that changed the nation's approach to cybersecurity and the longstanding need to have data that is better, faster and easier to use.

Key Topics

• 00:00 AI's impact on texting and cloud's significance.
• 04:17 Federal Enterprise Risk Management in government tech.
• 07:20 AI trends shifting toward real-time application.
• 11:22 2025 and 2027 deadlines for zero trust.
• 13:31 CISOs and CIOs adapting to modern technology.
• 16:45 Frustration with FedRAMP leads to reform efforts.
• 21:39 Applying similar model to expand decision-making.
• 23:37 GSA discussed OSCAL at private industry day.
• 27:55 CISA's role has grown within DHS.
• 30:33 Increased transparency in cybersecurity changed approach significantly.
• 34:17 Reflecting on the 2006 significance of data.
• 39:19 AFCEA events bring together good people.
• 42:53 Fascination with government architecture and dedicated government workers.
• 44:35 Promoting positivity and accountability in government industry.

Cybersecurity Evolution: Examining Technology's Political Neutrality and AI Commitment Through Administrative Changes

Consistent Focus on Cybersecurity Evolution Across Political Administrations

Jason expressed a clear conviction that technology issues are largely immune to political fluctuation and are a continuity in government agendas. Reflecting on his experience across five administrations, he noted that the foundational technological discussions, such as cloud adoption, cybersecurity enhancement and overall IT improvement are fundamentally preserved through transitions in political leadership. He highlighted that the drive to enhance government IT is typically powered by the resilience and dedication of public servants, who generally carry on valuable reforms and initiatives regardless of the sitting administration's politics. These individuals are essential to sustaining progress and ensuring that technology remains a key priority for effective governance.

Federal IT Policies Consistency: "No one comes in and says, I'm against AI, or cloud is bad, move back on premise, or cybersecurity, defund cybersecurity. I think those are the issues that stay the same." — Jason Miller

Executive Orders and AI Adoption

Addressing the specifics of executive orders, particularly those influencing the implementation and development of artificial intelligence (AI), Jason examined their historical persistence and their potential to shape operational practices in the government sector. He and Mark discussed how the stability of AI-related orders through various administrations is indicative of a broader governmental consensus on the integral role AI holds in modernizing federal operations. Despite changes in leadership, the incoming officials frequently uphold the momentum established by their predecessors when it comes to leveraging AI. Indicating a shared, bipartisan recognition of its strategic importance to the government's future capabilities and efficiencies.

Cybersecurity Evolution: Zero Trust Principles and Network Security Challenges in Federal Agencies

Zero Trust and Cybersecurity Budgeting

During the podcast, Carolyn and Jason delve into the current trends and expectations for federal cybersecurity advancements, with a particular focus on zero trust architecture. Their discussion acknowledged that agencies are on a tight schedule to meet the...

Can you spot a deepfake? Will AI impact the election? What can we do individually to improve election security? Hillary Coover, one of the hosts of the It’s 5:05! Podcast, and Tracy Bannon join for another So What? episode of Tech Transforms to talk about all things election security. Listen in as the trio discusses cybersecurity stress tests, social engineering, combatting disinformation and much more.

Key Topics

• 04:21 Preconceived notions make it harder to fake.
• 06:25 AI exacerbates spread of misinformation in elections.
• 11:01 Be cautious and verify information from sources.
• 14:35 Receiving suspicious text messages on multiple phones.
• 18:14 Simulation exercises help plan for potential scenarios.
• 19:39 Various types of tests and simulations explained.
• 23:21 Deliberate disinformation aims to falsify; consider motivation.
• 27:44 India election, deepfakes, many parties, discerning reality.
• 32:04 Seeking out info, voting in person important.
• 34:18 Honest cybersecurity news from trusted source.
• 38:33 Addressing bias in AI models, historic nuance overlooked.
• 39:24 Consider understanding biased election information from generative AI.

Navigating the Disinformation Quagmire

Dissecting Misinformation and Disinformation

Hillary Coover brings attention to the pivotal distinction between misinformation and disinformation. Misinformation is the spread of false information without ill intent, often stemming from misunderstandings or mistakes. On the other hand, disinformation is a more insidious tactic involving the intentional fabrication and propagation of false information, aimed at deceiving the public. Hillary emphasizes that recognizing these differences is vital in order to effectively identify and combat these issues. She also warns about the role of external national entities that try to amplify societal divisions by manipulating online conversations to serve their own geopolitical aims.

Understanding Disinformation and Misinformation: "Disinformation is is a deliberate attempt to falsify information, whereas misinformation is a little different." — Hillary Coover

The Challenges of Policing Social Media Content

The episode dives into the complexities of managing content on social media platforms, where Tracy Bannon and Hillary discuss the delicate balance required to combat harmful content without infringing on freedom of speech or accidentally suppressing valuable discourse. As part of this discussion, they mention their intention to revisit and discuss the book "Ministry of the Future," which explores related themes. Suggesting that this novel offers insights that could prove valuable in understanding the intricate challenges of regulating social media. There is a shared concern about the potential for an overly robust censorship approach to hinder the dissemination of truth as much as it limits the spread of falsehoods.

The Erosion of Face-to-Face Political Dialogue

The conversation transitions to the broader societal implications of digital dependency. Specifically addressing how the diminishment of community engagement has led individuals to increasingly source news and discourse from digital platforms. This shift towards isolationistic tendencies, amplified by the creation of digital echo chambers, results in a decline of in-person political discussions. As a result, there is growing apprehension about the future of political discourse and community bonds, with Hillary and Tracy reflecting on the contemporary rarity of open, face-to-face political conversations that generations past traditionally engaged in.

The Shadow of Foreign Influence and Election Integrity

Challenges in India’s Multiparty Electoral System

In the course of the discussion, the complexity of India's...

Deborah Stephens, the Deputy Chief Information Officer for the United States Patent and Trademark Office (USPTO), “grew up” so to speak in the USPTO. Deborah led the USPTO on its agile journey. As the agency took on its “New Ways of Working, '' by moving people and resources closer to the work, she helped empower employees to build and deploy software. Deborah shares how she guided the agency through this 4-year change journey, gaining buy-in from the organization, which was proved by an engagement rate increase from 75% to 85%. Deborah also talks about what it means to be a HISP, running USPTO as a business that is entirely self-sustaining, and, in honor of Women’s History Month, the women who have inspired her along the way.

Key Topics

• 05:54 Some embraced digital change, others struggled with it
• 08:53 Most employees were ready for telework
• 10:59 USPTO shifts to agile approach for IT
• 16:41 Gathering feedback led to 10% engagement increase
• 23:50 Customers submit 600,000+ patent and trademark applications yearly
• 26:51 Agency conducts outreach through webinars and trademarks
• 31:06 Customer experience and UX processes are fundamental
• 33:45 USPTO offers different fee structures for entities
• 35:30 USPTO runs efficiently with prioritization and budgeting
• 39:43 Acknowledging strong women, personally and professionally
• 43:21 Seek guidance and practice for success

Growth in Patent and Trademark Requests

Surge in Applications at USPTO

Deborah Stephens highlights a significant increase in the number of patent and trademark applications received by the USPTO over the years. This growth, from approximately 350,000 to 400,000 applications in 2012, with numbers continuing to rise, underscores the vibrant culture of innovation and creativity in the United States. The upward trend of applications is a positive sign of the country's ongoing commitment to innovation. However, it also presents logistical challenges for the USPTO. Including the need to process a higher volume of applications efficiently while ensuring the quality of examination does not diminish.

Transition to New Ways of Working in U.S. Patent and Trademark Office: "And so in around late 2018, 19, we began our, what we referred to as our agile journey. We named it our New Ways of Working, which essentially is an entire USPTO effort. Including our business unit with 12 other business units, moving people and the resources closer to the work. Giving them that empowerment, to build, deliver, deploy software, product services for our business stakeholders, and that's both internally and externally." — Deborah Stephens

USPTO is Adapting to Increased Demand

In response to the growing demand for intellectual property protection, the USPTO has been proactive in seeking ways to maintain and improve service delivery. Deborah discusses the agency's approach to managing the influx of applications, focusing on scalability and efficiency. Despite the challenges posed by the increase in applications, the USPTO's designation as a High Impact Service Provider (HISP) has had minimal impact on its existing customer experience strategy. The agency's foundational commitment to delivering exceptional service to inventors and entrepreneurs remains steadfast. With an emphasis on continuous improvement and the adoption of new strategies to better meet the needs of the U.S. innovation community.

USPTO's Fee-Funded Model and Fiscal Strategy

USPTO’s Fee-Funded Operations

Deborah highlights the United States Patent and Trademark Office's (USPTO) operational model, which is uniquely self-sufficient. Relying entirely on fees collected from patent and trademark applications.

As technology rapidly evolves we as a nation need to anticipate the attacks that may come about as a result of that innovation. Travis Rosiek, the Public Sector CTO at Rubrik and former Leader at the Defense Information Systems Agency (DISA), joins Tech Transforms to talk about how the government’s approach to technology and relationship with industry has evolved over the last twenty years. He also discusses compliance, including FedRAMP compliance, managing the vast amount of data that is generated daily across the government and industry, and the importance of the U.S. Government building cyber resilient systems. Catch all this and more on this episode of Tech Transforms.

Key Topics

• 00:00 Government fielded and tested tech capabilities, explained compliance.
• 05:23 Enhanced security collaboration, compliance, and risk minimization.
• 09:14 Experience in government and commercial capabilities. Innovation.
• 10:12 Commercial companies prioritize profitability over long-term planning.
• 14:38 Challenges in public sector recruiting and retention.
• 18:49 Outsourcing SaaS applications frees up resources. AI evolving, human input remains essential.
• 22:33 Assessing incident response: Operational evaluation, not just compliance.
• 25:57 Vendors and program office face process challenges.
• 29:46 Secure cloud data access: visibility, risks, controls.
• 32:27 Emphasizing need for security in IT systems.
• 36:44 CISOs face challenges in evolving tech landscape.
• 38:11 Support CISOs, recruit and retain talent, accountability.

Evolving Cybersecurity Practices: A Shift to 'Cloud Smart' Strategies

Travis's Perspective on Cloud Misconceptions

Travis discusses the early days of cloud adoption, which were often fueled by misconceptions about its benefits. The migration toward cloud computing was commonly believed to be a cost-effective solution that would reduce expenses and simultaneously enhance security. However, he points out that this was not always the case. Many organizations have since realized that the initial cost of moving to the cloud can vary greatly based on specific use cases and applications. This realization has led to a strategic shift toward what Travis refers to as a "cloud smart" approach. Highlighting the need for a more discerning and tailored evaluation of how cloud resources are utilized.

The Role of Commercial Companies vs. Government in Problem-Solving: "Industry is great about solving problems. You know, driving that capitalism type of culture, building capabilities, selling solutions. And they're quicker to implement, adapt and deploy capabilities where the government is very slow in implementation of these you know, they can figure out the problem." — Travis Rosiek

The 'Cloud Smart' Strategic Approach

Taking a "cloud smart" approach indicates a maturation in the perception of cloud services by government agencies and businesses alike. Rather than a blanket strategy of cloud-first, Travis indicates that there is now a more nuanced consideration of when and how to use cloud services. He underscores the importance of aligning cloud adoption with an organization's unique needs. Including the potential scalability, security and cost implications. This approach suggests a collaborative and informed decision-making process. Recognizing that the cloud offers a variety of solutions, each with different features, advantages and trade-offs that must be carefully weighed against organizational goals and objectives.

Navigating Cybersecurity Practices in Cloud Migration

The Balance of Technical and Non-Technical Implications in Cloud Migration

Travis discusses the intricacies involved in organizational cloud migrations. Emphasizing that these undertakings are not solely about technological transitions but...

Sebastian Taphanel has spent his life on the cutting edge of technology and innovation. This week on Tech Transforms, Sebastian is sharing tales and lessons learned from his 20 years in DoD Special Ops and intelligence and 20 years implementing sound security engineering practices focused on implementing zero trust and highly resilient environments. Join Sebastian as he recounts his time in Special Forces taking his units out of the dark ages from secure fax communications to setting up an intranet, and how he continued with that innovative spirit through his 40-year career. He also shares his new passion, encouraging the industry to utilize disabled veterans to help fill both the cybersecurity and AI workforce gaps. They, after all, already have a call for the mission.

Key Topics

• 03:38 ODNI CIO responded quickly with Microsoft Azure.
• 07:03 Protecting data via application container, expanding capabilities.
• 11:01 Zero Trust redrawn cybersecurity model, data-centric approach.
• 13:57 Developing zero trust plan for downstream organizations.
• 18:50 Ensuring security while sharing information and protecting IP.
• 21:35 APIs, containers enable fluid, flexible data access.
• 24:20 Data protection systems allow secure sharing and storage.
• 27:02 Addressing cybersecurity workforce gap and AI need.
• 29:39 In 1998, new commander requests secure WAN.
• 33:49 Applied for certified protection professional, highest security certification.
• 36:28 Passionate about supporting disabled vets in cybersecurity.
• 39:55 Mentoring government employees for cybersecurity and AI/ML.
• 45:32 Using advanced generative AI solutions for copywriting.
• 47:19 Update cybersecurity tools and systems for new threats.
• 49:50 Respect for those dedicated to automation.

Enhancing Secure Communication and Cloud Environments in Special Ops

Special Ops Agility: Adapting to Remote Collaboration with Secure Cloud-Based Workspaces

Sebastian Taphanel’s experience spans twenty years in DOD Special Ops and Intelligence, followed by consulting in security engineering. The focal point of this episode is his role in advancing cybersecurity practices at the ODNI. Particularly emphasizing resilient cloud-based environments.

Sebastian describes the quick adaptation during the pandemic which led to the rollout of an ad hoc cloud-based workspace to ensure the ODNI's mission could endure despite the workforce being remote. GCC High, or Government Commercial Cloud High as conceived by Microsoft, is revealed as the successor to the initial setup. Providing a more secure platform managed strictly by U.S. persons. The approach highlighted the agility of cloud technology for remote collaboration within federal agencies.

Cybersecurity in Intelligence Sharing: "Essentially, reciprocity is a process and also a culture of accepting each other's risks. And that's really the bottom line on all that." — Sebastian Taphanel

Unfolding the GCC High Environment

The intricacies of implementing Microsoft Azure and M365 (Office 365) are detailed as Sebastian underlines their pivotal use in creating an intranet with controlled document sharing and editing. These implementations include robust Mobile Device Management. Then a BYOD Mobile Application Management system that protects sensitive data in government and personal devices. Thereby, ensuring operational security and flexibility.

Special Ops Communication Evolution

Sebastian advanced from using secure faxes for interstate communication within military units to establishing a multi-state secure WAN. This resulted in a significant leap in communication efficacy for special operations. Sebastian shared the...

The real question is, what doesn’t Dr. Amy Hamilton do? She’s currently the visiting Faculty Chair for the Department of Energy (DOE) at National Defense University and the DOE Senior Advisor for National Cybersecurity Policy and Programs, and has had previous stops in the U.S. Army Reserves, NORAD and U.S. European Command, just to name a few.

At National Defense University, Amy draws on all of this expertise to educate the workforce on AI and finding the right balance between automation and workforce training. Amy also explores how she teaches her students that cybersecurity has to be more than a 9-5 job, the balance of security vs. convenience, and how it will take the entire country getting on board to make the implementation of cybersecurity best practices truly possible. In this episode, we also dive into the realm of operational technology and the need to look to zero trust as we allow more smart devices into our lives and government ecosystems.

Key Topics

• 00:00 Importance of training, education and AI integration.
• 06:52 Cybersecurity, AI and building codes challenges.
• 09:47 Nuclear facilities need caution, open labs innovative.
• 11:58 Helping students understand federal government and cybertech.
• 15:37 Cyber college compared to traditional university programs.
• 17:18 National Defense University offers master's degree programs.
• 22:06 Addressing the urgent need to combat intellectual property theft.
• 24:32 Passionate plea for cybersecurity vigilance and dedication.
• 26:40 Using automation to streamline cybersecurity operations and training.
• 32:06 Policy person struggles to tie guidance together.
• 33:02 Collaboration is needed for addressing industry issues.
• 38:25 Rethink security for devices in smart tech.
• 41:16 Choosing sustainability as a guiding principle.
• 43:22 Overcome writing and presenting challenges for success.

Leveraging AI and Automation for Cyber Innovation

Emphasizing Efficiency in the Generation of Abstracts

Dr. Amy Hamilton underlines the capabilities of artificial intelligence to streamline time-consuming processes, specifically the creation of abstracts. This innovation allows for a transition from mundane, repetitive tasks to pursuits that require a deeper cognitive investment. Therefore, elevating the nature of the workforce's endeavors. Dr. Hamilton's discussion focuses on the practical applications of this technology, and she cites an instance from the National Defense University's annual Cyber Beacon Conference. Here, participants were challenged to distinguish between AI-generated and human-generated abstracts, often finding it challenging to tell them apart. This exercise not only highlighted AI's proficiency but also introduced the workforce to the safe and practical application of this emergent technology.

How do we use AI in a way that goes from low-value to high-value work? If I'm not doing abstract, what other things could I be doing and spending my brain calories towards? - Dr. Amy Hamilton

Preparing the Workforce for Cyber Innovation

Dr. Hamilton stresses the necessity for workforce education in the context of AI and automation. Aiming for a future where employees are neither intimidated by nor unfamiliar with the advancing technological landscape. She illustrates the Department of Energy's proactive role in integrating AI into its training programs. Thus, ensuring that employees are well-acquainted with both the operational and potential ethical dimensions of AI deployment. Acknowledging the diverse range of operations within the DOE, including nuclear and environmental management, Dr. Hamilton notes that the appropriateness of AI application varies by context. Signifying the...

Have you heard? Data is the new oil. JR Williamson, Senior Vice President and Chief Information Security Officer at Leidos, is here to explain where data’s value comes from, the data lifecycle and why it is essential for organizations to understand both of those things in order to protect this valuable resource. Join us as JR breaks it all down and also explores the concept he dubbed “risktasity,” which he uses to describe the elasticity of rigor based on risk. As he says, “when risk is high, rigor should be high, but when risk is low, rigor should be low.”

Key Topics

• 00:00 Migration to the cloud has increased vulnerability.
• 04:50 People want decentralized work, including mobile access.
• 08:14 Shift from application to democratizing access to data.
• 10:53 Identify, protect, and manage sensitive corporate information.
• 13:49 Data life cycle: creation, management, access, evolution.
• 20:10 Computers augmenting humans, making good decisions, insights.
• 23:19 The importance of data in gaining advantage.
• 27:04 Adapting to AI to anticipate and prevent breaches.
• 28:51 Adoption of large language models in technology.
• 33:03 Identity and access management extends beyond authentication.
• 36:33 Leveraging strengths, improving weaknesses in tennis strategy.

Tracing the Cybersecurity Evolution and Data's Ascendancy

Evolution of Cybersecurity

JR provided a snapshot into the past, comparing cybersecurity practices from the 1990s to what we see today. With 37 years of experience, he recalled a time when IT systems were centralized and the attack surfaces were significantly smaller. Contrasting this with the present scenario, he spoke about the current state where the migration to cloud services has expanded the attack surface. JR noted an increase in the complexity of cyber threats due to the widespread distribution of networks. Plus, the need for anytime-anywhere access to data. He stressed the transition from a focus on network security to a data-centric approach, where protecting data wherever it resides has become a paramount concern.

Data Life Cycle: "So part of understanding, the data itself is the data's life cycle. How does it get created? And how does it get managed? How does it evolve? What is its life cycle cradle to grave? Who needs access to it? And when they need access to it, where do they need access to it? It's part of its evolution. Does it get transformed? And sometimes back to the risktasity model, the data may enter the content life cycle here at some level. But then over its evolution may raise, up higher." — JR Williamson

The New Oil: Data

In the world JR navigates, data is akin to oil. A resource that when refined, can power decisions and create strategic advantages. He passionately elucidated on the essence of data, not just as standalone bits and bytes, but as a precursor to insights that drive informed decisions. Addressing the comparison between data and oil, JR stressed that the real value emerges from what the data is transformed into; actionable insights for decision-making. Whether it's about responding with agility in competitive marketplaces or in the context of national defense, delivering insights at an unmatched speed is where significant triumphs are secured.

Importance of Data Security

JR Williamson on Data and "Risktasity"

JR Williamson stresses the heightened necessity of enforcing security measures that accompany data wherever it resides. As the IT landscape has evolved, the focus has broadened from a traditional, perimeter-based security approach towards more data-centric strategies. He articulates the complexity that comes with managing and safeguarding data in a dispersed environment. Where data no longer resides within the confines of a controlled network but spans across a...

What will 2024 have in store for technology development and regulation? Our hosts, Carolyn Ford and Mark Senell, sat down with Roger Cressey, Partner at Mountain Wave Ventures, Ross Nodurft, Executive Director of the Alliance for Digital Innovation and Willie Hicks, Public Sector Chief Technologist for Dynatrace, to discuss their 2024 predictions. Discover what the experts think will occur next year in terms of FedRAMP, AI regulation, Zero Trust and user experience.

Key Topics

• 00:00 Revamping FedRAMP in 2024 leads to changes.
• 06:40 Industry requests FedRAMP High; concerns about changes.
• 08:20 Anticipating challenges but aiming for improvement.
• 11:13 Pushing for reciprocity in government technology solutions.
• 15:15 Ensuring human control in AI military use.
• 19:06 Questioning AI use in defense and civilian sector.
• 25:25 Increased investment in security and product regulation.
• 27:21 Expect more AI news, less legislative involvement.
• 30:30 Observability key for zero trust framework implementation.
• 36:22 Prediction: Citizens will interface with AI technology.
• 37:16 Focus on user experience in government systems.
• 41:03 Election year brings unexpected black swan events.

2024 Predictions for the Public Sector

Revamping of the FedRAMP Program

Ross predicts that in 2024, FedRAMP will be completely reauthorized based on a pending OMB memo that is expected to be finalized in late 2023. This revamp is intended to streamline and improve the FedRAMP authorization process to facilitate faster adoption of cloud-based solutions in government.

However, Roger believes the changes could temporarily slow things down as agencies take time to understand the implications of the new FedRAMP structure on their systems and assess risks. This could require investments from industry as well to meet new requirements that emerge.

FedRAMP 2024: "I think it's going to have a lot of agencies take a hard look at their risk and decide where they want to elevate certain high-valued assets, high-valued systems, high-valued programs, and the authorizations themselves are gonna raise in their level." — Ross Nodurft

Shift From Moderate Baseline to Higher Baseline of Controls

As part of the FedRAMP reauthorization, Ross expects many agencies will shift their systems from a moderate baseline to a higher baseline of security controls. With more interconnected systems and datasets, agencies will want heightened protections in place.

Roger concurs that the increased scrutiny on risks coming out of the FedRAMP changes will lead organizations, especially those managing high-value assets, to pursue FedRAMP High authorizations more frequently.

Increased Demand for a FedRAMP High Environment

Given the predictions around agencies elevating their security thresholds, Willie asks Ross whether the pipeline of solutions currently pursuing FedRAMP High authorizations could face disruptions from new program requirements.

Ross believes there will be some temporary slowdowns as changes are absorbed. However, he notes that the goals of the reauthorization are to increase flexibility and accessibility of authorizations. So over time, the new structure aims to accelerate FedRAMP High adoption.

2024 Predictions: Navigating FedRAMP Changes While Maintaining Industry Momentum

As Ross highlighted, the intent of the FedRAMP reauthorization is to help industry get solutions to market faster. But in the short-term, there could be some complications as vendors have to realign to new standards and processes.

Willie notes that companies like Dynatrace have already begun working towards FedRAMP High in anticipation of rising customer demand. But sudden shifts in requirements could impact those efforts, so he hopes there will be...

On this special So What? episode we go deeper in to some of the top stories being covered on the It’s 5:05! podcast with It’s 5:05! contributing journalist, Tracy Bannon. How are cybersecurity stress tests battling misinformation and aiding in election security? Is AI contributing to election disinformation? How is the CIA using SpyGPT? Come along as Carolyn and Tracy go beyond the headlines to address all these questions and more.

Key Topics

• 04:20 Proactive approach needed for software voting security.
• 09:12 Deepfake technology can replicate voices and videos.
• 12:38 Politics focuses on presidential level, ignores others.
• 15:53 Generative AI creates new content from data.
• 17:19 New tool aids intelligence agencies process data.
• 20:13 Bill Gates discusses future AI agents on LinkedIn.
• 25:24 Navigating biases in AI towards democratic values.
• 29:13 CISA promotes continuous learning and holistic approach.
• 30:51 Demystifying and making security approachable for all.
• 33:33 Open source, cybersecurity, diverse professional perspectives discussed.

Importance of Cybersecurity and Responsible AI Use

Embracing Cybersecurity Measures and Privacy Protections

In their conversation, Carolyn and Tracy discuss the imperative nature of both individuals and organizations in embracing robust cybersecurity measures. As we live in an era where data breaches and cyber attacks are on the rise, the implementation of effective security protocols is not just a matter of regulatory compliance, but also about safeguarding the privacy and personal information of users. Tracy emphasizes the continuous need for cybersecurity vigilance and education, highlighting that it is a shared responsibility. By making use of resources like the CISA cybersecurity workbook, Carolyn suggests that individuals and businesses can receive guidance on developing a more secure online presence, which is crucial in a digital ecosystem where even the smallest vulnerability can be exploited.

Addressing Biases in AI to Align With Public Interest and Democratic Values

Tracy expresses concerns over the biases that can be present in AI systems, which can stem from those who design them or the data they are trained on. Such biases have the potential to impact a vast array of decisions and analyses AI makes, leading to outcomes that may not align with the broad spectrum of public interest and democratic values. An important aspect of responsible AI use is ensuring that these technological systems are created and used in a way that is fair and equitable. This means actively working to identify and correct biases and ensuring transparency in AI operations. Plus, constantly checking that AI applications serve the public good without infringing upon civil liberties or creating divisions within society.

Demystifying Cybersecurity: "We need that public understanding, building this culture of security for everybody, by everybody. It becomes a shared thing, which should be something that we're teaching our children as soon as they are old enough to touch a device." — Tracy Bannon

The Proliferation of Personal AI Use in Everyday Tasks

The conversation shifts towards the notion of AI agents handling tasks on behalf of humans, a concept both cutting-edge and rife with potential pitfalls. Carolyn and Tracy discuss both the ease and potential risks of entrusting personal tasks to AI. On one hand, these AI agents can simplify life by managing mundane tasks. Optimizing time and resources, and even curating experiences based on an in-depth understanding of personal preferences. Yet, Tracy questions what the trade-off is, considering the amount of personal data that must be shared for AI to become truly "helpful." This gives rise to larger questions related to the surrender of personal agency...

As technology rapidly innovates, it is essential we talk about technology policy. What better way to get in the know than to have an expert break it down for us? Meet Ross Nodurft, the Executive Director of the Alliance for Digital Innovation. Ross dives in, explaining the evolution of FedRAMP controls and the recent, giant, AI Executive Order (EO) from the White House. Listen in to find out what this EO means for the government, the industry and the workforce as the U.S. attempts to implement policy ahead of AI innovation.

Key Topics

• 04:25 Increasing security controls for cloud migration
• 07:51 Discussion about customer feedback and cloud migration.
• 12:17 Encouraging commercial solutions into federal government securely.
• 15:39 Artificial intelligence shaping policy for future technology.
• 16:54 AI EO covers critical infrastructure, AI, data, immigration.
• 22:34 Guidance on AI impact assessment and testing.
• 27:02 AI tools adoption must not be delayed.
• 30:03 Ensure AI technologies have fail-safe mechanisms.
• 32:08 Concern over rapid pace of technological advances.
• 34:29 AI and technology advancing, policy aims control.
• 39:37 Fascinating book on technology and chip history.

The Future of Government Technology: Shifting to FedRAMP High and Accelerating Cloud Adoption

Shift from FedRAMP Moderate to High for Sensitive Workloads

When FedRAMP was established over a decade ago, the focus was on managing the accreditation of emerging cloud infrastructure providers to support the initial migration of workloads. The baseline standard was FedRAMP Moderate, which addressed a "good amount" of security controls for less risky systems. However, Ross explains that increasing volumes of more sensitive workloads have moved to the cloud over time - including mission-critical systems and personal data. Consequently, agencies want to step up from moderate to the more stringent requirements of FedRAMP High to protect higher-risk systems. This includes only allowing High-cloud services to interact with other High-cloud applications.

The Evolution of Cloud Computing: "So right now, we're at the point where people are existing in thin clients that have access to targeted applications, but the back end compute power is kept somewhere else. It's just a completely different world that we're in architecturally." — Ross Nodurft

The Future of Government Technology: Streamlining FedRAMP for the SaaS-Powered Enterprise

According to Ross, the COVID-19 pandemic massively accelerated enterprise cloud adoption and consumption of SaaS applications. With the abrupt shift to remote work, organizations rapidly deployed commercial solutions to meet new demands. In the federal government, this hastened the transition from earlier focus on cloud platforms to widespread use of SaaS. Ross argues that FedRAMP has not evolved at pace to address the volume and type of SaaS solutions now prevalent across agencies. There is a need to streamline authorization pathways attuned to this expanding ecosystem of applications relying on standardized baseline security controls.

High-level Security Controls for Sensitive Data in the Cloud

Addressing Data Related to Students and Constituents

Ross states that as agencies move more sensitive workloads to the cloud, they are stepping up security controls from FedRAMP Moderate to FedRAMP High. Sensitive data includes things like personal HR data or data that could impact markets, as with some of the work USDA does. Willie gives the example of the Department of Education or Federal Student Aid, which may have sensitive data on students that could warrant higher security controls when moved to the cloud.

Ross confirms that is absolutely the case - the trend is for agencies to increase security as they shift more...