Our Autonomous Future Starts Now

Posted on by

The autonomous future imagined by The Jetsons, 2001: A Space Odyssey, and even Back to the Future Part II may not yet be a reality, but a perfect storm of technological innovation is moving us closer. Drones, autonomous robots, and self-driving cars all rely on a complex web of technology to perform as programmed. Advances in artificial intelligence (AI) and 5G availability are enabling autonomous devices to be more, well...autonomous.

Device autonomy is a spectrum. Basic autonomy could look like the end result of setting a flight path for a drone and then initiating an unmanned flight. More complex autonomy could resemble giving a drone parameters such as, "here's the data we want to capture" and the device then designing the tactics, flight path, and timing needed to meet that goal. The wide rollout of 5G provides infrastructure that can handle the high data volumes and speed required by autonomous devices and missions, while AI advances are allowing machines to engage in more advanced and proactive decision-making.

While the reality of autonomy will look different than what Hollywood visionaries depicted, its impact will be just as exciting as any blockbuster. Autonomous systems will be a critical part of realizing a number of key government goals. Continue reading

Goodbye RMF, Hello CSRMC

Posted on by

The Risk Management Framework (RMF) was introduced in 2022 to create a standardized way to measure and manage cybersecurity risk in the federal government. Modeled with standards including the Federal Information Security Modernization Act and NIST Special Publication 800-53, the RMF was a repeatable, structured method to manage cybersecurity risk and ensure compliance with federal standards. The RMF allowed agencies to identify, understand, prioritize, and reduce risks to their information systems and missions. It informed leaders of security risks, allowing them to make educated decisions about trade-offs between security and mission needs.

While it was designed to be more than a checklist, in practice the RMF had become just that. Rather than engaging with it dynamically, agencies employed highly manual processes that slowed the adoption of much-needed solutions. The process could not keep up with the quickly evolving threat landscape. Continue reading

FedRAMP 20x Keeps Government Cloud Use Moving

Posted on by

Earlier this year, the General Services Administration (GSA) announced a significant update to the Federal Risk and Authorization Management Program (FedRAMP). Named FedRAMP 20x, the focus of this initiative is on introducing automation to increase the pace of authorizations.

The Phase One pilot of this effort trialed a new approach to FedRAMP Low authorization. This automated process focused on Key Security Indicators (KSIs) rather than the traditional NIST SP 800-53 narrative control set. Vendors meeting the KPIs were granted a 12-month FedRAMP Low authorization. Using this process, the first FedRAMP authorizations were issued in just four months.

The GSA is now kicking off Phase Two, which will look at granting FedRAMP Moderate authorizations. Participation in this pilot is by invitation only, in order to ensure the small FedRAMP staff concentrates efforts on participants that are well-positioned to achieve Moderate authorization. The focus of this phase, "quality, not quantity,"-- is aimed at fine-tuning automated processes, with a target of 10 approved solutions. Continue reading

Making Sure Data Centers are Good Neighbors

Posted on by

Artificial intelligence (AI) is having a huge impact on how states and cities deliver services and manage communities. The computing power needed to support this technology requires the construction and management of a multitude of new data centers. This infrastructure has proven to be both a blessing and a curse for localities.

Data centers can transform the economics of a region, bringing a host of benefits to communities including job creation, tax revenue, and infrastructure upgrades, including investments in clean energy. Additionally, areas with data centers tend to attract companies building technology hubs that provide additional highly paid and highly skilled jobs. Continue reading

How Cyber Basics Make a Big Impact

Posted on by

October is a fitting month for cybersecurity awareness. Phishing emails can be even more deceptive than a convincing costume and ransomware attacks can feel like a jump scare in a horror movie. Each year, the National Cybersecurity Alliance and the U.S. Department of Homeland Security spearhead an educational campaign to ensure everyone knows their role in protecting the vast amounts of online data we depend on for daily life.

The 2025 theme is "Stay Safe Online" with a focus on four key steps everyone can take to improve online safety:

  • Use strong passwords and a password manager
  • Turn on multifactor authentication
  • Recognize and report scams
  • Update your software

These tactics are important at a personal as well as enterprise level. Agencies across government have taken these best practices and implemented new security measures to protect data. Continue reading