Month: October 2023

Posted on

What does the future of cybersecurity look like?

As we look ahead, there are several key areas of focus that will undoubtedly shape the virtual battleground. Government agencies who proactively embrace and implement current high priorities in these key areas will be better prepared to navigate the evolving digital threatscape and safeguard their sensitive information and assets. Here are some top drivers we anticipate will impact agencies’ cybersecurity strategy and spending plans.

Zero Trust Architecture (ZTA)

ZTA has been at the forefront of government guidance in recent years. Now that agencies have had time to plan for their ZTA requirements, implementing strategies should commence. ZTA provides agencies with the foundation to build a strong security posture that evolves with the ever-changing technological environment of dynamic and accelerating threats.

Cybersecurity Supply Chain Risk Management (C-SCRM)

The growing interconnectedness of systems, services, and products makes management and mitigation of supply chain risks even more important. Effective C-SCRM should be a fundamental component in cybersecurity strategy. Having C-SCRM as an essential element in procurement helps to ensure the resilience, security, and continuity of operations for organizations, government agencies, and critical infrastructure.

Post-Quantum Cryptography (PQC)

PQC is an emerging field within the cyber realm that is gaining increased relevance due to the potential threat quantum computers pose to traditional encryption methods. PQC involves the development of new cryptographic algorithms resistant to quantum computer attacks to ensure the security of digital communications and sensitive information. Agencies should begin to plan for future quantum resistant methods by inventorying their systems and engaging with vendors on how they are addressing quantum-readiness.

Some challenges agencies may face include:

  • The ability to identify PQ-vulnerable systems.
  • The ability to identify and implement appropriate PQC algorithms.
  • The high cost and complexity of implementation.
  • A gap in a trained and certified workforce to implement and maintain PCQ algorithms.

Artificial Intelligence (AI)

The rapid emergence and adoption of generative AI tools has created new challenges, especially for data security. As AI becomes more prevalent in our modern technology, agencies will need to assess the associated risks and develop strategies to mitigate vulnerabilities.

GSA and other agencies are working to support the new Executive Order to help ensure that AI systems are safe, secure, and trustworthy.

Follow ITC on LinkedIn and subscribe for blog updates.

Posted on

Find cybersecurity solutions in IT Services GWACs

In a post earlier this month, I talked about the Cybersecurity Battle Ground with various Administration strategies, executive orders, and some of the resources that we’ve developed to help you navigate this guidance. If you haven’t read that post yet, I suggest you check it out.

Today, I thought I’d talk about some of the acquisition contracts that we’ve developed to help you get on-the-ground support with your cybersecurity efforts.

MAS and beyond

When you think cybersecurity, and you think GSA, the Multiple Award Schedule (MAS) for Information Technology (IT) probably comes to mind. We have a lot of great cybersecurity solutions there, including the Highly Adaptive Cybersecurity Solutions (HACS) Special Item Number (SIN), a variety of Continuous Diagnostics and Mitigation (CDM) tools, and Zero Trust Architecture (ZTA) solutions.

True, MAS-IT is a great place to cover your cybersecurity needs, but it’s not the only place. Depending on your overall acquisition goals, GSA’s Governmentwide Acquisition Contracts (GWACs) are a great path as well. These IT Services-first contracts are considered by the Office of Management and Budget to be Best-in-Class and have a host of capabilities to meet cybersecurity needs; from ZTA to IPv6, to insider threat detection and mitigation services.

I thought it would be interesting to analyze the data in our GWAC Dashboard to see what I could find by simply pulling the data by contract and searching for ‘Cyber’*. This is definitely not a comprehensive review of our cybersecurity offerings on the GWACs, but this gives a great sense of the work that’s happening.

* This can be done by going to the “DATA Feed” tab, clicking on the “Choose a format to download” icon at the bottom right, and selecting “Crosstab.” This will result in an Excel file with more information than can be easily displayed in the web dashboard.

8(a) STARS III

Federal agencies have leveraged the 8(a) STARS III GWAC, for example, to protect against cyber threats. 8(a) STARS III industry partners have supported America’s government by creating cyber risk assessments, performing enterprise penetration testing, and establishing security assessment reports. 8(a) STARS III has 23 task orders with an estimated value of more than $141.8 million for cyber-related activities. The Department of Treasury and the Department of Homeland Security are among the biggest users of 8(a) STARS III for cybersecurity services.

VETS 2

The VETS 2 GWAC is another great example. This Service-Disabled Veteran-Owned Small Business GWAC currently has more than $118 million in estimated value from 10 task orders ranging from IT Security Risk Management Framework (RMF) and Assessment and Authorization (A&A) Services to cybersecurity architecture and engineering services. Some of VETS 2’s biggest cybersecurity customers are the Department of Treasury, the Department of Homeland Security, and the Army.

Alliant 2

Alliant 2 data shows a similar story. There, we find 25 task orders for a total estimated value of $2.2 billion. These task orders relate to Federal Public Key Infrastructure (FPKI) support services to cybersecurity – supply chain risk management (C-SCRM) support services and beyond.

Again, these are just task orders with the term ‘cyber’ in the description field. Even more come through when we add the term ‘IT security’.

The right cybersecurity solutions

As we continue to observe Cybersecurity Awareness Month, I wanted to bring attention to the ‘where’ of conveniently getting the cybersecurity solutions agencies need to protect their systems as agencies move to create a safer and more secure digital future.

Visit our website to learn more about cybersecurity or use our IT Solutions Navigator to find the vehicle that’s right for you.

Follow ITC on LinkedIn and subscribe for blog updates.

Posted on

The Cybersecurity Battleground

Reflecting on the past, envisioning the future

This month marks the 20th anniversary of Cybersecurity Awareness Month, as well as the beginning of a new government fiscal year. I’d like to take this milestone opportunity to delve into some recent notable cybersecurity events, the broader implications for government agencies, and my vision as GSA continues to play a pivotal role in positioning agencies to create a safer and more secure digital future.

The 2023 Verizon Data Breach Investigations Report shows external actors were responsible for 83% of breaches. Continued cyber breaches, such as Volt Typhoon and the MOVEit application exploit not only cause disruption and pose a serious threat to our national security, but lay the groundwork for more sophisticated cyber attacks. Hackers will leverage any flaw in the cyber environment to gain access to sensitive information. Our adversaries are not resting, and neither can we.

In March 2023, the White House released an updated National Cybersecurity Strategy with ongoing initiatives aimed at enhancing the nation’s cybersecurity capabilities and comprehensive approach. It aligns numerous strategic objectives under five pillars:

  1. Defend Critical Infrastructure
  2. Disrupt and Dismantle Threat Actors
  3. Shape Market Forces to Drive Security and Resilience
  4. Invest in a Resilient Future
  5. Forge International Partnerships to Pursue Shared Goals

The White House later published its National Cybersecurity Strategy Implementation Plan which includes specific guidance for agencies as they implement the strategy’s requirements and key objectives.

The Department of Defense completed its Cyber Strategy in May 2023. The strategy underscores the ongoing advancement of Zero Trust Architecture (ZTA) and the technological solutions and services to fortify critical infrastructure, ensuring vital systems and assets are safeguarded. In August 2023, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Strategic Plan that aligns with the National Cybersecurity Strategy and lays out how agencies can fulfill their cybersecurity mission over the next three years. As plans are implemented, GSA is prepared to incorporate updated frameworks and standards into our solutions to meet agencies’ needs and requirements.

As we move forward into the new fiscal year, the Office of Management and Budget (OMB) continues to emphasize cybersecurity priorities for civilian agencies to consider when developing FY24 and FY25 budget requests. These include continued implementation of ZTA, investment in Cybersecurity Supply Chain Risk Management (C-SCRM) practices, and most recently Post-Quantum Cryptography (PQC). Details can be found in the OMB Memorandum M-22-16, M-23-18, and the Quantum-Readiness: Migration to Post-Quantum Cryptography fact sheet. Additionally, OMB outlined Research and Development Priorities for the FY25 budget which include addressing cybersecurity risks through resilient architectures. As the cybersecurity landscape is in a constant state of evolution, adapting to new guidance is imperative to Improving the Nation’s Cybersecurity.

How GSA supports agencies

GSA recognizes that every agency has unique needs, but the overarching goals remain. That is why GSA works diligently to support the modernization of security to enhance cyber resilience, protect important information, and maintain systems access and function.

To help agencies meet their goals, GSA developed a suite of resources on cybersecurity topics, such as ZTA and C-SCRM. Buyer’s guides and informational videos are available to help identify which solutions best fit agency IT security needs. In addition, our acquisition templates make procuring the products and services that modernize security and strengthen cyber resilience easy and efficient. Find the guides and more at www.gsa.gov/itsecurity.

Our commitment

At GSA we understand collaboration with other agencies, and our industry partners, is crucial for addressing the evolving and global nature of cybersecurity threats. We are committed to continue our efforts to provide comprehensive and impactful government-centric cybersecurity solutions that address the need for modernization today and protect assets from the cyber threats of tomorrow.

Stay up to date

We are available to agencies throughout the entire acquisition lifecycle. The GSA IT Category team offers subject matter expertise and is available to answer questions related to purchasing a full range of IT products and services. Please contact the IT Customer Service Center at 855-ITaid4U/855-482-4348 or itcsc@gsa.gov.

Follow ITC on LinkedIn and subscribe for blog updates.