2016 GCN Dig IT Awards
Announcing the Dig IT Award Finalists: Cybersecurity
GCN's Dig IT Awards recognize the best examples of discovery and innovation in government IT. Today we are pleased to announce the finalists in our third category: Cybersecurity.
The projects below, along with the finalists in five other categories, will be profiled in the coming weeks in GCN and on GCN.com and honored in person at the GCN Dig IT Awards Gala on Oct. 13 at the Ritz Carlton in Tysons Corner, Va. The overall winner in each category, as selected by our judging panel of top government IT innovators, will be announced at the Oct. 13 gala.
The finalists for the Big Data, Analytics and Visualization and Cloud and Infrastructure categories were published last week, and the top projects in the remaining categories will be announced over the next few days. Today, however, GCN's congratulations are focused on the six Dig IT Award finalists for Cybersecurity:
Adversarial Tactics, Techniques and Common Knowledge
The MITRE Corporation
Perimeter security is still vital, but it has long since ceased to be sufficient for government systems. The Adversarial Tactics, Techniques and Common Knowledge behavioral model offers agencies a better understanding of how the inevitable breaches occur and what to do once attackers are already on the network. A constantly growing and freely available reference base, ATT&CK can help create a blueprint for monitoring and assessment, inform cyber investments and encourage information-sharing by providing a standardized vocabulary.
Personal Identity Validation and Single Sign On Enablement
Federal Emergency Management Agency
In the wake of Office of Personnel Management records breach, virtually every agency took steps to improve security and cyber hygiene. FEMA, though, was especially aggressive, and over the course of six months it brought industry-leading security standards to 76 high-value agency systems. The standardized Personal Identity Validation and Single Sign On Enablement architecture provides a common user experience and much-improved agencywide monitoring across systems that span FEMA data centers, non-FEMA hosting facilities and various cloud environments.
GrantSolutions Two Factor Authentication Implementation
Department of Health and Human Services
Personal Identity Verification cards are a cornerstone of federal systems security, but most HHS grant applicants and recipients are not feds and don't have PIV cards. And because most commercial two-factor authentication systems come with significant licensing and call-back costs, a team within HHS' Administration for Children and Families Center of Excellence developed its own solution. That system was spun up in a matter of weeks for GrantSolutions.gov, and it is now offered free of charge to other agencies with similar needs.
Hack the Pentagon
Department of Defense
The Defense Digital Service is charged with leveraging private-sector talent and best practices to improve critical DOD systems -- and hopefully modernizing the department's IT mindset in the process. Hack the Pentagon, a bug-bounty program that was piloted this past spring, did both. More than 1,400 hackers signed up, and the first bug was reported just 13 minutes after the program began. In all, 138 bounties were paid out for confirmed vulnerabilities in the five sites that were tested. The entire cost of the pilot was approximately $150,000; the Pentagon estimated that a traditional security audit to discover those same holes would have cost $1 million.
Fortify for Forge
Defense Information Systems Agency
Long before GitHub, there was Forge.mil -- a platform and community devoted to collaborative development and IT project management through the full application lifecycle for DOD software. Fortify for Forge, or F3, provides this community with "software assurance as a service." Forge.mil users can get their code scanned, receive results, discuss the findings and recommendations with a software assurance expert and implement the required changes -- far more quickly and cheaply than most DOD users could manage by themselves.
Integrated Security Operations Center for Situational Awareness and Collaborative Cybersecurity Defense
City of Los Angeles
The City of Los Angeles serves more than 4 million residents -- and to do so, manages IT systems and network traffic for nearly 40 departments with 35,000 full-time employees and more than 120,000 networked devices. Siloed security at that scale is not a practical option, so the city created an Integrated Security Operations Center to consolidate all departmental cybersecurity into one central system, monitored 24/7 by the Los Angeles Police Department’s Cyber Crimes Task Force.
Troy K. Schneider is editor-in-chief of FCW and GCN.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.