Federal IT leaders gathered at the International Spy Museum in Washington, DC in October to learn about emerging trends and best practices as agency leaders meet their missions. At Aruba Federal, we were honored to host this event and be a small part of the important discussion.
Dr. Eng Goh, senior vice president for data and AI at HPE kicked off the event, with thought-provoking views on the challenges, disruptions and potential impact of generative AI. Want to get more of Goh’s perspective? Watch this video from HPE Discover 2023 for a similar presentation.
How a COTS product becomes CSfC approved
After Dr. Goh concluded his presentation on gen AI, John Dunker, director of the CSfC Program Management Office, and Sam Green, technical director for CSfC, walked the audience through the NSA CSfC program. Under CSfC’s guiding principle, properly configured and layered commercial solutions can provide protection of classified information in a variety of applications. Dunker explained the process by which COTS products approved to meet requirements and outlined the capability packages to protect data in transit and at rest, including for mobile access, campus WAN, and multi-site connectivity. View Dunker’s presentation for new ways to modernize safely with CfSC solutions.
Progress on Zero Trust is a priority
We also explored the newest version of the Zero Trust Maturity Model (ZTMM), which was released in April 2023. Sean Connelly, TIC program manager and senior cybersecurity architect in the Cybersecurity division of DHS CISA – and a coauthor of the NIST Special Publication 800-207 Zero Trust Architecture, set the foundation for what Zero Trust is (and isn’t) and what’s new in ZTMM 2.0, including the revised maturity model that describes Zero Trust for identity, devices, networks, applications and workloads, and data, all built on a foundation of visibility and analytics, automation and orchestration, and governance. View Connelly’s presentation and get inspired to advance your agency's Zero Trust maturity.
Next, Branko Bokan from CISA’s Architecture and Engineering Center of Excellence provided insights into their efforts to build a community of Zero Trust leaders among federal civilian agencies, including through a community of practice, workshops, and meetings with agency CIOs and CISOs to understand their cybersecurity challenges and priorities. Bokan highlighted CISA’s Protective DNS service, the state-of-the-art DNS service used to protect civilian enterprises and prevent government traffic from reaching malicious destinations. He highlighted the work CISA is doing to realign its Continuous Diagnostics and Mitigation (CDM) efforts to support broader CISA and agency Zero Trust initiatives. Another cool topic was the Zero Trust Capabilities Observatory, which allows cybersecurity practitioners to visualize the relationships between CISA’s cybersecurity capabilities and Zero Trust concepts, which organizations can use to better understand how their current capabilities align with Zero Trust concepts. View Bokan’s presentation to learn more about Protective DNS and the Zero Trust Capabilities Observatory.
Chad Poland, service manager at CISA’s Cybersecurity Shared Services Office, provided an overview of Secure Cloud Business Applications (SCuBA), a cloud solutions architecture that provides guidance to simplify cloud planning and implementation. The Hybrid Identity Solutions Architecture, Technical Reference Architecture, and Secure Web Gateway guidance are all under development. SCuBA is developing product-specific guidance on how agencies can configure Microsoft 365 and Google Workspace to maximize security. SCuBA also developed an extensible Visibility Reference Framework to enable organizations to identify visibility data, analyze it from a threat-informed perspective, and identify potential visibility gaps. Learn more about the SCuBA cloud solutions architecture.
DISA’s technology priorities for 2024
Steve Wallace, CTO of DISA, presented on the agency’s 2024 technology roadmap, including a tech watch list of services that ready to deploy (such as data catalogs and SOAR), are in prototype (such as classified mobile capabilities, quantum resident cryptography, and AI-driven threat detection), under planning (such as hybrid cloud management and extended detection and response), or actively monitoring for maturity (such as AIOps, composable security architectures, and AI trust, risk and security management). View the FY24 tech watchlist here to incorporate into your planning.
Network innovation is happening at NOAA
Adam Nemethy, deputy director and network services portfolio manager of NOAA N-Wave, presented on the mission of the NOAA-engineered and operated network providing high-speed, carrier-class services to its stakeholder community. N-Wave was upgraded to 400 Gbps last year, and with plentiful capacity, and now NOAA is expanding the service portfolio to serve more Department of Commerce bureaus and federal agencies. View Nemethy’s presentation here and get inspired.
A concept to simplify networking in healthcare
Jake Jacobs, now the CTO of MicroHealth LLC and the former CIO of Walter Reed, explained how the “system of systems networking” concept can revolutionize and improve connectivity at hospitals to improve collaboration, information sharing, and decision making among healthcare professionals. Overcoming obstacles like interoperability among different healthcare organizations’ networks, a cultural resistance to change, and data privacy concerns won’t be easy – but the approach can ultimately improve patient care, improve resource management of medical staff and equipment, and protect data privacy. View Jacobs’ presentation here and get some ideas for collaborations of your own.
Building a secure network for today’s mobile and cloud world
Aruba CTO Ken Rich and SE Mathew Gann wrapped up the day with an overview of Aruba’s strategy for SASE, or secure access service edge. The transformation to cloud, proliferation of new sites and devices, and a hybrid workforce have fundamentally changed how work gets done, and it’s imperative that security best practices adapt accordingly. They explained the SASE concept, which blends the SD-WAN edge functionality with the Security Service Edge functionality as well as how HPE Aruba delivers a unified SASE solution through EdgeConnect SD-WAN to establish secure, application-aware networking from headquarters to branch offices to home offices, plus secure service edge solutions for zero trust network access, secure web gateway, cloud access service broker, and digital experience management. View the Aruba SASE for Federal presentation here.