Profiles In Excellence

---

Volume 10 Number 1

February 2018

www.onthefrontlines.net

How Using The OODA

Loop Improves Outcomes!

It occurs to me…

Jeff Erlichman, Editor, On the Frontlines

Tech Leaders Teach Welcome to Profiles in Excellence.

T

he “Profiles In Excellence” broadcast of the Federal Executive Forum on Federal News Radio showcased Federal IT achievements and lessons learned during 2017. A Federal government “who’s who” of senior technology leaders spoke about their challenges and successes to a live audience at the National Press Club in Washington DC. CIOs from the Department of Defense, Air Force, Justice, Commerce, NASA, the Small Business Administration and the Federal Emergency Management Agency candidly assessed OODA Loop their efforts — revealing what has worked and what still needs to be done. Each of these leaders stressed the importance of cultivating a culture of partnership, communication, innovation and excellence. Their lessons learned — shared with you here — serve as a proven playbook for Federal IT executives. Turn the page and you can read what each has to say or watch a video of their remarks. Then learn from four former senior government executives about advancing Federal IT: •M  ajor General Dale Meyerrose — U.S. Air Force (retired) — former CIO for the Intelligence Community •L  t. General William J. Bender — former CIO U.S. Air Force •D  avid Wennergren — former DoD Assistant Secretary Chief Management Officer • Pete Tseronis — former CTO, Department of Energy Volume 10 Number 1

February 2018

www.onthefrontlines.net

How Using The

Improves Outcomes!

Finally, Subject Matter Experts from four leading government IT suppliers share their expertise on how to take advantage of advanced technologies to fulfill mission objectives: • Agari — John Wilson, Field Chief Technology Officer • CrowdStrike — James Yeager, VP Public Sector • Splunk — Kevin Davis, VP Public Sector • Tanium — Ralph Kahn, VP Federal Learn from these leaders. And then if you want to learn more, don’t hesitate to reach out to them. ■

PROFILES IN EXCELLENCE

3

Inside Profiles In Excellence

Leaders’ Lessons Learned

10 Lessons Learned from 10 senior leaders provide Federal IT with proven pathways to excellence.

6 Actually Have a Service to Share Rod Turk Acting Chief Information Officer Department of Commerce What Rod Turk and his team faced early in FY17 was clear. Commerce needed to consolidate, collapse and unify services. But, in order to have a strategic service or a shared service, you actually have to have a “service to share”. Otherwise if you don’t have the service in place initially, you then you have to develop a project to do that service. So we have actually done it iteratively. Learn more on page 6.

6 Communicate With Standard Language Joe Klimavicz Chief Information Officer Department of Justice Now that DOJ has received its ISO 20000 certification, CIO Joe Klimavicz is using the certification to position DOJ to continuously improve services and standardize them. “We are able to develop a normalized set of metrics we can use to compare to others not only is government, but in the private sector as well.” The lessons learned are what you could expect in any change management process, Mr. Klimavicz said. But #1 is constant communication. Learn more on page 6.

8 Grab People’s Hearts and Minds Renee Wynn Chief Information Officer NASA

8 Transformation Takes Time Maria Roat Chief Information Officer Small Business Administration 2017 has been a huge transformational year for IT at SBA. “A year ago, I set the direction: four racks, moving to Windows 10 2016 and upgrading the infrastructure. That’s easier said than done!” Maria Roat noted. Ms. Roat said her lesson learned is that transformation is not easy, it is hard. Having the technical chops, laying out what we are doing and the direction where we’re going is only part of the solution. “The other part is continuing to push every day and finding ways to get everybody ‘on the bus’.” Learn more on page 8.

9 Form Partnerships for Progress Adrian Gardner Chief Information Officer Federal Emergency Management Agency For FEMA, 2017 was unprecedented. Hurricanes in Texas, Florida, Puerto Rico and the Virgin Islands and forest fires in California rallied government as a whole to respond in a spirit of partnership. The biggest lesson learned as well as the biggest challenge: How is this partnership effort institutionalized governmentwide for future disaster relief? “Partnership is #1. Then how do we leverage the IT to meet the demand and third thing is a standardization of our processes, Mr. Gardner explained. “So, we must institutionalize the way we train and fight — train the way we fight and fight like we train.” Learn more on page 9.

In 2015, NASA did a deep dive on the way they managed IT. As a result NASA decided IT needed to be a strategic resource and that was done through what’s called a Business Services Assessment (BSA). “You can move boxes and all of that, but you really need to capture the ‘hearts and minds’ of those in your organization, especially those that are perhaps a little more resistant to what you want to get done.” Lesson learned is: You never know how a change is going to hit someone, even on a personal level and that change part is really hard. Learn more on page 8.

4

PROFILES IN EXCELLENCE

9 Pursue Partnerships of Value Kevin Cox CDM Program Manager Department of Homeland Security The purpose of the CDM — the Continuous Diagnostics and Mitigation program — is to help agencies protect their data against the threat — nation state and criminal — that is targeting us on a daily basis explained Kevin Cox. Mr. Cox said the biggest lesson learned is the value of partnerships and really understanding that this is not just a DHS program, it’s a program for the Federal government. “It’s us partnering with the agencies to help them protect their data and networks,” he noted. “It’s partnering with the SI and vendor community to help get the bright technologies out quickly to the agencies, to help them ensure they have the latest, greatest technologies to protect their environments.” Learn more on page 9.

10 Promote Partnership Opportunities! Soraya Correa Chief Procurement Officer Department of Homeland Security Soraya Correa is particularly proud of what the DHS Procurement Innovation Lab (PIL) has done to speed up the procurement process. The PIL has been very successful, with more than 19 projects to date. The lesson learned: “It’s about partnership at all levels of the organization,” she said. “One thing we have done very well within DHS is the lines of business within management.” The CIO, CFO, CPO, CTO, all the C-suite comes together to solve problems. “We talk to one another; we share with one another; we learn to help one another. That level of partnership permeating the organization is going to make us far more effective and efficient.” Learn more on page 10.

10 Transform the IT Conversation Stephen Rice Deputy Chief Information Officer Department of Homeland Security HQ When Stephen Rice came to DHS many outside IT thought was just a delivery system; to Mr. Rice IT could be a transformational agent at DHS. “It sounds kind of simple, but if you have never seen a data center, you really don’t know the size, scale and complexity,” Mr. Rice explained. So he took the finance and procurement communities for a drive to see a data center, then a cloud center in action. “Now instead of cloud being a nebulous term, they started seeing the data centers behind it and that it’s actually a change in business models.” Now leadership has a better understanding of the compute requirements necessary. The lesson learned: It is not just about you understanding your technology; you need to understand how to talk at a different level based on your audience and build that network. Learn more on page 10.

11 Automate, Automate, Automate Tom Michelli Deputy Chief Information Officer Department of Defense At Defense, Tom Michelli uses its Cyber Scorecard to measure the success of its security efforts. DoD has tens of millions of endpoints and tens of millions of users. Keeping track of how we’re securing all those systems and people is a daunting task, Mr. Michelli explained. Especially if you are doing it manually; and the lesson learned was that processes had to automated. “So we started with the people and the processes. We had weekly data calls with the components focusing on how we can work together on how we’re meeting those tasks with measures and metrics.“ “Now we have about 12 different systems; we are automatically updating the system; we’re refining the metrics to make them more meaningful and relevant to how it adds lethality and efficiency to the Department.” Learn more on page 11.

11 Foster A Climate Of Innovation LTG Bradford Shwedo Chief Information Officer US Air Force Cybersecurity is all about team work when you have a large worldwide network, said LTG Bradford Shwedo. So, from the Secretary on down, the lesson learned is the Air Force needs to foster innovation. Today the big demarcation line between the people who were doing the war and the people that were providing the tools is gone. “A long, long time ago when I entered the Air Force, they’d say, ‘well you do that because we have always done it that way’. These guys shrug their shoulders and say ‘there should be an app for this’.” Then they create that app, proclaimed LTG Shwedo as the new Air Force culture of innovation begins to soar. Learn more on page 11. PROFILES IN EXCELLENCE

5

Department of Commerce

Collapse, Consolidate, Unify Rod Turk Acting Chief Information Officer Department of Commerce

Trite, but true! In order to have a strategic service or a shared service, you have to actually have in place a “service to share”.

„

What Rod Turk and his team faced early in FY17 was clear. Commerce needed to consolidate, collapse and unify services. “We needed to bring unity to certain services; what we called strategic sourcing or strategic initiatives,” Mr. Turk explained. “The idea was we could do them better and offer a quality service at a lower price.” To do that required a realignment of the organization and the way they did business. “We found there were certain strategic skills we needed to enhance and bring forward within the organization to be successful,” he said. “We added a risk component; we also knew we were going to have significant outsourcing.” That translated into driving changes in the way Commerce did business in contracting and in program management, using more Blanket Purchase Agreements (BPAs). “You have to evolve with the technology,” Mr. Turk stated, “and Commerce now offers several strategic services that capitalize on that new organizational realignment.”

For example, Commerce has established an Enterprise Security Operations Center in Fairmount, WV, where the bulk of incident response and reporting is done. “We basically ‘bake the cake’ for our components in terms of cybersecurity initiatives and being able to bring forward information about the systems to our components.” In addition NOAA has developed a trusted internet connection (TIC) access point, which is approved and offered for use to all Commerce components. “The beauty of that is that it will save money for our telecommunications and connection to the internet — between 40 and 60 percent as we mature this,” Mr. Turk noted. Another big success is Commerce’s CDM program in conjunction with DHS. It was really the first strategic sourcing slash strategic services initiative for Commerce and “broke the ice” for the rest of the components with a concerted strategic kind of offering, Mr. Turk said.

Department of Justice

Holding IT Services To ISO 20000 Standards Joe Klimavicz Chief Information Officer Department of Justice

ISO 20000 is a global standard that describes the requirements for an information technology service manage­ment (ITSM) system.

„ 6

Technology is intrinsic to everything the Justice Department does and when IT goes down essentially the Department goes down. “My office delivers key IT services to the Department. To mitigate risks posed by services, we have been pursuing ISO 20000 certification for the last two years,” CIO Joe Klimavicz explained. ISO 20000 is a global standard that describes the requirements for an information technology service management (ITSM) system. The standard was developed to mirror the best practices described within the IT Infrastructure Library (ITIL) framework. In 2017, those efforts were rewarded. “(In early December) my office celebrated becoming only one of three government organizations to achieve ISO 20000 certification,” noted Mr. Klimavicz. With ISO 20000, DOJ is ensuring they follow best practices in the industry. DOH completed an exhaustive audit and 14 processes were certified such as business relationship management (BRM),

service level management (SLM) and information security according to Mr. Klimavicz. “When you think about this, it positions us to provide better services, higher quality services and make sure those services are repeatable and consistent manner to support the mission,” he noted. Additionally, Mr. Klimavicz wants to use the certification to position DOJ to continuously improve services and standardize them. “It’s important and we are also able to develop a normalized set of metrics that we can use to compare to others not only is government but in the private sector as well.” We were trying not to add additional work on to anybody’s plate, Mr. Klimavicz asserted. “We want to make sure the processes and the metrics are really relevant to the job being done. We hold weekly and monthly reviews looking at those metrics; making sure we’re actually using them to our advantage and we are constantly getting better.” PROFILES IN EXCELLENCE

NASA

Capture Their Hearts and Minds Renee Wynn Chief Information Officer NASA

You never know how a change is going to hit someone, even on a personal level and that change part is really hard.

„

When it comes to IT, NASA is different than other Federal entities. “We have to remember that NASA will invent the IT that it needs for the specific mission,” explained CIO Renee Wynn. That can lead to an IT siloed mentality. But in their wisdom, in 2015, NASA started to ask themselves some really tough questions in the way they managed IT, said Ms. Wynn. And as a result, “NASA decided that IT needed to be a strategic resource and that was done through what’s called a Business Services Assessment (BSA).” It was at that time Ms. Wynn joined NASA and asked to make it happen. “You can move boxes and all of that, but you really need to capture the ‘hearts and minds’ of those in your organization, especially those that are perhaps a little more resistant to what you want to get done.” Ms. Wynn’s is using the BSAs to restructure the delivery of IT with many more

enterprise services, but also is making the tough calls on what should be locally done and what should be done by the missions. That shift has put Ms. Wynn at the planning table for discussions on missions such as the manned Mars mission. “I get to be part of decisions of planetary protection? How do you prepare for when we return from Mars with humans? What IT is there? What’s your cybersecurity plan? What’s your safety plan?” Before at NASA, IT was seen as just a delivery of that device, Ms. Wynn said. “Now we are recognizing — in part because of cyber threats — that we need to be at the table to make sure that what we do in the corporate isn’t affecting the mission or flying assets.”

Small Business Administration

Lost Decade Found Maria Roat Chief Information Officer Small Business Administration

SBA is moving quickly to the cloud, having laid out the architecture and done the migration planning.

„ 8

2017 has been a huge transformational year for IT at SBA. Recovering from what CIO Maria Roat jokingly calls the “Lost Decade”, she is moving SBA IT forward at a hard and fast pace. “A year ago, I set the direction: four racks, moving to Windows 10 2016 and upgrading the infrastructure. That’s easier said than done!” Getting to four racks in the primary data center, one that’s got water in it and lots of racks with lots of old equipment, it’s a huge lift, Ms. Roat explained. “We have moved to the cloud; we are not lifting and shifting. We have laid out the Tiger Teams; we have done the architecture; we have done the migration planning,” Ms. Roat said. “So we’re moving to the cloud; we’re moving very fast; we’re upgrading our infrastructure. You can’t move to the cloud, you can’t put in place until you’ve got the

infrastructure that can support everything you do.” Before more than 30% of SBA infrastructure was so overloaded it was peaking at 100%. Now SBA is moving to a fiber backbone across the board. “We are about 40-50% done right now. We’re rolling out on Windows 10 2016. We are the first Federal agency to put CDM in the cloud. To do this requires saying what I said a year ago. No new hardware. I will not sign anything for any new hardware in our primary data center period’.” The work SBA did in the 12 months through the summer of 2017 set the stage for them to support the hurricane activities. “We partner with FEMA; we do all those loans for businesses as well people for the home loans. It set the stage for us to very quickly support the hurricane and the disasters that hit this year.”

PROFILES IN EXCELLENCE

Federal Emergency Management Agency

For FEMA, Disaster Lessons Adrian Gardner Chief Information Officer Federal Emergency Management Agency

FEMA has never faced a situation where an infrastructure has been completely obliterated to the tune of more than 50% of the infrastructure of Puerto Rico and Virgin Islands.

„

For FEMA, 2017 was unprecedented. Hurricanes in Texas, Florida, Puerto Rico and the Virgin Islands and forest fires in California rallied government as a whole to respond in a spirit of partnership. “Federal agencies even those outside of the DHS family came together with us, FEMA CIO Adrian Gardner stressed. “It was a team sport, with people within the DHS community manning call centers at Headquarters to take incoming calls in real-time with survivors.” Mr. Gardner explained from a standpoint of surge capacity, FEMA on-boarded more than 10,000 people in less than six weeks to our personnel mobilization centers, getting them to a place where they were ready to hit the ground running to support survivors directly. The challenge is: How is this effort institutionalized for future disaster relief? “Although we have the mandates in place and the process at a high level in place, from an IT and infrastructure plan

standpoint, how do we actually now begin to institutionalize that capability and capacity across DHS and other Federal agencies, such as SBA and HUD as well as FEMA and DHS employees and staff?” Mr. Gardner explained that from the standpoint of CONUS vs OCONUS, in other words Puerto Rico and Virgin Islands vs Texas and Florida, there are very different challenges. “We have to recognize that those challenges exist and plan for those in a way that makes the outcome at least more structured and more in a way which the survivors and the Federal entities know how to play that out” “We need to figure out how we are going to actually manage that; whether that is through increased staging of assets on island, or finding ways we can build more robust systems and capabilities on islands; so there is a whole discussion on survivable resilient capabilities, survivable communications, and survivable power grid.”

Department of Homeland Security

CDM = Real-Time Awareness Kevin Cox CDM Program Manager Department of Homeland Security

All of the agencies now have their agency dashboard in place, so they have real time awareness of what’s connected to their network.

„ PROFILES IN EXCELLENCE

The purpose of CDM program is to help the agencies protect their data against the threat — nation state and criminal — that is targeting us on a daily basis explained Kevin Cox. CDM — the Continuous Diagnostics and Mitigation program — is a dynamic approach to fortifying the cybersecurity of government networks and systems, providing the government with capabilities and tools that identify cybersecurity risks on an ongoing basis; prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. DHS has worked diligently to get discovery and technology out to the agencies and has brought the Federal dashboard online. Now all of the agencies now have their agency dashboard in place, so they have real time awareness of what’s connected to their network. “Now agencies know who the user base is and then feed that data up into a

real-time dashboard,” Mr. Cox said. “That allows the agencies and ultimately the Federal government to be able to ensure the proper protections are in place and we have a good understanding of how the data is being stored and protected in the long run. But there is still much to be done.” Mr. Cox is also getting the Federal dashboard operationalized with the NCCIC — National Cybersecurity and Communications Integration Center. NCCIC serves as a centralized location where operational elements involved in cybersecurity and communications reliance are coordinated and integrated. NCCIC partners include all Federal departments and agencies; state, local, and tribal entities. “NCCIC is able to monitor and help the agencies address their vulnerabilities; and then we are going to continue forward with our shared service effort as well helping the non-CFO Act agencies protect their environment using cloud services.” 9

Department of Homeland Security

Clever, Creative Procurement Innovation Soraya Correa Chief Procurement Officer Department of Homeland Security

The PIL focuses on we improve business processes; how we come up with more clever, creative, innovative ways to speed procurement.

„

Soraya Correa thrives on coming up with clever, creative ways to evaluate proposals in real time to make sure DHS gets mission critical products and services needed quickly. That’s why she is particularly proud of what the DHS Procurement Innovation Lab (PIL) has accomplished. “The PIL focuses on we improve business processes; how we come up with more clever, creative, innovative ways, working within the confines of the regulations for DHS, industry and government partners to speed up the process”, Ms. Correa explained. “The PIL has been very successful. We’ve run probably run over 19 projects.” One example is a VA project where DHS collaborated with them. “VA used one of our processes where we use technical demonstrations from industry instead of having them write proposals,” Ms. Correa explained. “We bring them in and they demonstrate their capabilities.”

This creative risk taking, working in partnership with our customers is important thing I want to do in procurement, Ms. Correa stressed. That is translating into increased collaboration and strategic conversations with industry. “We’re talking with industry before solicitations are out there, before we’re planning a procurement to really let them know: ‘Here are the challenges we face, here are the problems we are trying to solve’, making sure industry understands our needs and how we can better work with industry,” Ms. Correa said. “When industry does see a problem, they bring it to my attention or to the head of contracting so the problem can actually be solved.” Ms. Correa stressed she wants to properly plan with customers to deliver what they need, when they need it, how they need it in furtherance of the mission. “Because at the end of the day, that’s what this is all about.”

Department of Homeland Security HQ

Transforming the Conversation — and IT Stephen Rice Deputy Chief Information Officer Department of Homeland Security HQ

Instead of cloud being a nebulous term, executives started seeing the data centers behind it and that it’s actually a change in business models.

„ 10

When Stephen Rice came to DHS, he helped change the management conversation about the role of IT at DHS. Many outside IT thought was just a delivery system; to Mr. Rice IT could be a transformational agent at DHS. Thus, he set out to make sure that everyone understood their business, the challenges and financial issues DHS was facing. “It sounds kind of simple, but if you have never seen a data center, you really don’t know the size, scale and complexity,” Mr. Rice explained. “The first thing I did was create a roadshow. I took the finance community, I took the procurement community; I put them in a car and drove them down to the data center.” There they saw rows and rows and racks of equipment. The conversation turned to the challenges of recapitalization; the complexity based on the size, scale and number of patches necessary; and just that the pace of a data center.

Mr. Rice also showed them a cloud center. “Now instead of cloud being a nebulous term, they started seeing that there are data centers behind it and it’s actually a change in business models,” he added. Now leadership has a better understanding of the compute requirements necessary. This change in conversation allowed Mr. Rice to sit down with CFOs and procurement staff at multiple levels to discuss ways to transform the delivery, governance and acquisition of services. “We can actually transform the type of Federal IT professional we are looking at,” Mr. Rice said. “We are not looking for infrastructure professionals; we are looking for data analysts; we’re looking for persons that understand how to operate in the cloud; we’re looking at the ability to move into a cloud or DevOps approach. So it is the change in conversation that I am most proud of.” PROFILES IN EXCELLENCE

Department of Defense

The New Cyber Normal Tom Michelli Deputy Chief Information Officer Department of Defense

We’re refining the metrics to make them more meaningful and relevant to how it adds lethality and efficiency to the Department.

„

At Defense, Tom Michelli uses its Cyber Scorecard to measure the success of its security efforts. DoD has tens of millions of endpoints, tens of millions of users and keeping track of how we’re securing all those systems and people is a daunting task, Mr. Michelli explained. “So we started with the people and the processes. We had weekly data calls with the components focusing on how we can work together on how we’re meeting those tasks with measures and metrics. “ Through this effort, DoD began automating the process. “We went from almost all data calls to adding simple data feeds,” Mr. Michelli noted. “Now we have about 12 different systems; we are automatically updating the system; we’re refining the metrics to make them more meaningful and relevant to how it adds lethality and efficiency to the Department.”

Based on this success, DoD is about to embark on Cyber Scorecard. 2.0 that focuses on people and processes. “We’re working the DIUX (Defense Innovation Unit Experimental) that taps into Silicon Valley,” he said. “We are looking how we can make this more real time, with more feeds, more artificial intelligence machine learning to have a real-time risk assessment and cyber resiliency.” The cyber scorecard also showed DoD some of the reasons why progress was slow certain places — one of which was multiple operating systems, Mr. Michelli added. “We knew if we were on one operating system platform, we could do so much goodness, so much faster. We made the decision to go to Windows 10 which required the partnership, the leadership of the department both from the mission leaders, the financial leaders to the CIOs to make that happen.”

US Air Force

Spy vs. Spy: Shrinking the ‘OODA Loop’ LTG Bradford Shwedo Chief Information Officer US Air Force

In dogfighting, there’s an old adage that ‘speed is life’; and that is never truer than in cyber. We need to operate at the speed of cyber.

„ PROFILES IN EXCELLENCE

Air Force CIO LTG Bradford Shwedo did not mince words describing the cyber threat America faces. “In dogfighting, there’s an old adage that ‘speed is life’; and that is never truer than in cyber. We need to operate at the speed of cyber. We are literally in a ‘spy vs spy’ game every day with bad guys wiggling windows, trying to get in our back doors.” To operate at the speed of cyber, the Air Force challenge was maintaining and managing an aging infrastructure with 600,000 endpoints worldwide, where every major command used to have its own infrastructure. “Now we have rolled all those infrastructures up with a program called Automated Remediation and Asset Discovery — ARAD.” With ARAD, the Air Force rapidly found, patched and remediated assets very quickly; what used to take weeks, months is now being done rapidly. “So fundamentally it has been very,

very successful”, LTG Shwedo noted. “Having the capability where you can push ‘enter’ and then all of a sudden having it all patched, that’s when you start getting in the ‘spy vs spy’. “Going back to a dogfight, one of our goals is to shrink the enemies “OODA Loop”. The phrase OODA Loop refers to the decision cycle of observe, orient, decide, and act, developed by military strategist and Air Force Colonel John Boyd. Boyd applied the concept to the combat operations process, often at the strategic level in military operations. “In dogfighting speed wins, whoever shrinks that ‘OODA Loop’ down the fastest wins,” LTG Shwedo explained. “Then if you’re really good you start introducing errors into the other side’s ‘OODA Loop’, making theirs long and lethargic. When we talk about operating at the speed of cyber, we are talking about getting in the back doors of the bad guys and get it incorporated.” 11

Excellence Advice F

our former government senior executives present proven strategies, methods and most importantly actions on how to make excellence an everyday part of your day.

Dr. Dale Meyerrose Major General, U.S. Air Force (retired) David M. Wennergren Managing Director, Deloitte Consulting LLP Lt. General William J. Bender Strategic Account Executive Government Relations within the Business Development & Strategy Group Leidos Peter Tseronis Founder & CEO, Dots and Bridges LLC Read excerpts below. Then turn to pages 24-27 for full commentary.

Preparation: Focus on Outcomes — Reduce Stupidity Dr. Dale Meyerrose

Inspiring and Leading IT Transformation in a Rapidly Changing World Lt. General William J. Bender

It’s an age-old axiom, plans collapse when they confront reality. Yet, we all know that plans are indispensable leadership and organizational tools. Many argue that poor plans are the result of poor leadership. I would counter that if virtually all plans fail to some degree, even those created by good leaders, perhaps, we’re not approaching the concept of planning in the most productive way. Turn to page 14 to read Dr. Meyerrose’s full commentary.

Strategic Account Executive, Government Relations within the Business Development & Strategy Group Leidos It is impossible to separate the organization’s strategy from the decisions it makes concerning IT. Innovation and growth are inextricably linked to harnessing emerging technologies necessary to set the organization on a winning path in a hyper-competitive world. IT leaders must serve as the critical link to success by balancing current business processes and new and innovative approaches. Turn to page 16 to read General Bender’s full commentary.

Dr. Meyerrose, Major General, U.S. Air Force (retired) was the first Senate-confirmed, President-appointed Chief Information Officer for the Intelligence Community after over three decades of military service.

General Bender most recently served as CIO for the Air Force, where he was responsible for 50,000 cyber op­erations and support personnel across the globe with oversight for the USAF’s IT investment strategy and a portfolio valued at $17 billion.

Embrace New Approaches to Realize Benefits

Leverage Your Wisdom

Major General U.S. Air Force (retired)

David M. Wennergren Managing Director Deloitte Consulting LLP

The effective use of the right service level agreements (SLAs) is but one example of how the power of performance data can help replace decisions based on anecdote or fear with data-driven results. And performance-based contracts coupled with meaningful SLAs can be a great way to accelerate IT modernization efforts and overcome the drag produced by the fear of letting go. Turn to page 15 to read Mr. Wennergren’s full commentary. Mr. Wennergren served as DoD Assistant Deputy Chief Management Officer and Deputy Assistant Secretary of Defense for Information Management, Integration and Technology. 12

Peter Tseronis

Founder & CEO, Dots and Bridges LLC As the Internet of Everything exponentially evolves and seeks to transform our lives and economies, the result is 24/7 accessibility to information. This is the new normal. As such, this phenomenon demands that we work (yes, it takes work) to connect with others. Don’t miss the opportunity to use every acquaintance as the springboard to a door that embraces your passion! A door that leverages your wisdom! A door that networks your relationships! Turn to page 17 to read Mr. Tseronis’s full commentary. Mr. Tseronis was the Department of Energy’s (DoE) first-ever appointed Chief Technology Officer (CTO). In this role, Mr. Tseronis served as an innovation advocator for the technology transfer and commercialization of intellectual property. PROFILES IN EXCELLENCE

CONJURE INSIGHTS INTO YOUR IT OPERATIONS. Splunk® solutions help you demystify your data and gain end-to-end visibility across your infrastructure. What can you do with Splunk? Find out at splunk.com/digging-out-of-silos

© 2018 Splunk Inc.

With Change on Steroids, Do You Need to Change? By Dr. Dale Meyerrose Major General U.S. Air Force (re­tired)

T

oday’s leadership challenges can be overwhelming — and somehow seems different from those of the past. We are constantly bombarded with a barrage of information of indiscernible reliability. The ability to metabolize everything, on a non-stop basis, causes one to focus on the urgent and loudest in lieu of the important and what matters. At the risk of oversimplifying, successful leadership directly correlates to the quality, and integration, of preparation and execution. Preparation: focus on outcomes — reduce stupidity It’s an age-old axiom, plans collapse when they confront reality. If virtually all plans fail to some degree, even those created by good leaders, perhaps, we’re not approaching the concept of planning in the most productive way. Most of us are familiar with traditional planning processes. The organization decides on goals, defines requirements, analyzes alternatives, sets milestones, creates metrics, and institutes feedback loops for continuous improvement. Throw in the natural tendency to be overly optimistic at the start of a new endeavor and you created the usual ingredients for your next crisis because the plan failed to anticipate the future. Then, comes the all-too-common response: “don’t blame me, I followed the rules.” That’s when one can readily identify a manager who has failed at leadership by not accepting accountability for producing the wrong outcome. So, how to stop the insanity of doing what one always does to get the same, wrong answer? Challenge the concepts and policies associated with planning within your organization. Regard the activity associated with these processes to have more importance than the creation of a final document. This should help create the mindset of continually working the plan — avoiding that dreaded “shelf-ware” status. In so doing, you want to create a journey of discovery and working together toward common goals for your team. In this journey, it’s critical to allow for discovery, missteps, changed assump-

Keep a plan in perpetual draft — never publishing a final version. This helps create the mindset of continually working the plan — avoiding that dreaded “shelf-ware” status.

14

tions, new goals, personnel changes, and altered policies. In my view, the best plans are more about organizational commitment and less about brilliance. With Change on Steroids, Do You Need to Change? Like plans, processes are viewed as essential organizational tools. Most evolve over time — continually refined to enhance predictability and eliminate past mistakes. Unfortunately, these become entrenched in optimizing the way in which work is currently performed — and are almost always the enemy of innovation and how work should be performed. The result is that managers tend to view system performance as being more important than the performance of the people using the system. This is the antithesis of good leadership. Are there leadership constructs that address today’s workplace challenges? Are they different from the past? Recent research suggests that a small subset of leadership skills closely correlates with leadership success in modern organizations. McKinsey & Company came up with a comprehensive list of 20 desirable leadership traits as a baseline. They then surveyed 189,000 people globally, across many industries. They found that high-quality leadership teams typically displayed four, distinct types of behavior over those of lesser effectiveness. Namely: ✓ Solve problems effectively ✓ Operate with a strong results orientation ✓ Seek different perspectives ✓ Support others I was struck by the two focus points of this short list — outcomes and people. When we strip away the emotional and intellectual clutter that obscures one’s “leadership perspective,” I maintain that results and people are the only top-tier measurements on which leaders should strive and be judged. But, I’m reminded of one my most difficult challenges in helping organizations and leaders to improve their performance; that is convincing them that the research is applicable to their situation. Indeed, ideas are a “dime a dozen”. However, it’s the execution, combined with the proper preparation, which delivers results that matter in a world of constant change. ■ Dr. Dale Meyerrose, Major General, U.S. Air Force (retired) is a Partner of RIDGE-LANE Limited Partners, a merchant-bank founded by financier R. Brad Lane and The Honorable Thomas J. Ridge, former Governor of Pennsylvania and first Secretary of U.S. Department of Homeland Security. He is an adjunct instructor for Carnegie Mellon University, Institute for Software Research running their Cybersecurity Leadership Certificate program. General Meyerrose, a Southwest Asia veteran, was the first Senate-confirmed, President-appointed Chief Information Officer for the U.S. Intelligence Community after over three decades of military service. PROFILES IN EXCELLENCE

The Power of Performance Management By David M. Wennergren Managing Director Deloitte Consulting LLP

I

n last year’s Profiles in Excellence issue, I offered advice on leadership during the transition to a new presidential administration. Now, as we mark the first anniversary of the new administration, it’s worth reflecting on the current environment and providing some tips on delivering results in the year ahead. As we survey the Federal technology landscape, there is a rare convergence of both legislative branch action through the passage of the Modernizing Government Technology Act and executive branch action through the release of the American Technology Council Information Technology (IT) Modernization Report to the President. This shared focus on IT Modernization is a galvanizing force for action in the year ahead.

tral change management issue of letting go of personal control. Migrations to commercial cloud solutions result in tales of “server huggers” unwilling to let go of their old gear despite the promise of more modern technology provided by someone else. This reticence is first and foremost a matter of trust. In the book, Speed of Trust, Stephen M. R. Covey confronts the single biggest obstacle to change in large public and private sector organizations—a lack of trust. He describes the huge price that low trust organizations pay in terms of both time and money. At the heart of the slow pace of adoption of commercial solutions and changing security models is a lack of trust, and Covey’s book provides insights on how to build and retain trust in your organization and relationships.

Keep A Keen Eye The focus on IT modernization includes both the accelerated adoption of commercial solutions such as cloud, and also the recognition of the need for different cybersecurity approaches to fully realize the benefits of commercial solutions. It also requires a wider aperture, as IT modernization is so much more than just infrastructure moved to the cloud; it’s looking hard at the thousands of legacy systems with a keen eye as to what to retire, what to replace and what to refresh. As any intrepid change leader knows, it’s always easier to “ride the waves” of change and draft on the energy and activity resulting from leadership direction and attention. In focusing on IT modernization, an interesting dynamic is the need to effect change in the face of a lack of appropriations and the fact that non-traditional IT jobs are being filled more rapidly than traditional jobs and non-traditional centers of energy within agencies, to include digital services teams and innovation labs, are playing much more prominent roles in leading the modernization charge. As Clayton Christensen noted in The Innovator’s Dilemma, successful organizations find it hard to truly innovate from within, and it often takes a non-traditional element to challenge the status quo and provide space for the introduction of new ideas and solutions.

Keep Pursuing the Prize So, if the prize is modernized technology and improved cybersecurity, and the approach is to better leverage commercial best practices and solutions, the way ahead must replace this lack of trust with a confidence to move forward. In the classic leadership book, Execution: The Discipline of Getting Things Done, Larry Bossidy and Ram Charan provide insights on how to create an execution-oriented culture. Not surprisingly, at the center of their story is the power of performance management. The things that we measure are the things that we focus our time and attention on. The effective use of the right service level agreements (SLAs) is but one example of how the power of performance data can help replace decisions based on anecdote or fear with data-driven results. And performance-based contracts coupled with meaningful SLAs can be a great way to accelerate IT modernization efforts and overcome the drag produced by the fear of letting go. Wherever you are, you have the opportunity to lead this year. Your actions and attitudes become the pebble thrown into the pond; the resulting ripples serving as a resonating chamber across your teams and organization. Will you choose to be a force for positive change in the face of uncertainty, or will you be a resonating chamber for the angst, conventional wisdom and lack of trust exhibited by those who are reluctant to change? As Larry Bossidy notes in Execution, “Leaders get the behaviors they exhibit and tolerate.”. ■

“In the face of uncertainty, will you choose to be a force for positive change?”

Overcoming Obstacles This focus on non-traditional approaches and organizations provides opportunities for leadership at all levels of Federal organizations. A greater reliance on commercial solutions and the need to manage rather than avoid risks speaks to the cen-

PROFILES IN EXCELLENCE

Dave Wennergren is a managing director at Deloitte Consulting LLP. He has extensive leadership experience in information technology and change management and has served in a number of senior positions, most recently in the private sector as EVP & COO at the Professional Services Council and a VP at CACI International Inc., and prior to that in government as Department of the Navy CIO, Vice Chair of the Federal CIO Council, DoD Deputy Assistant Secretary of Defense/Deputy CIO and DoD Assistant Deputy Chief Management Officer. He is also a fellow at the National Academy of Public Administration.

15

Inspiring and Leading IT Transformation in a Rapidly Changing World By Lt. General William J. Bender

Strategic Account Executive, Government Relations within the Business Development & Strategy Group Leidos

T

 he role IT leaders play in organizations is evolving rapidly. Increasingly, they are expected to harness technologies and strategic partnerships to be successful, while also balancing future needs with today’s operational realities. In rapidly changing environments such as this, IT leaders must learn to focus on the highest priority opportunities and challenges, and seek to be both the “connective tissue” and the “driving force” for the right initiatives, while taking a front row seat in charting the organizations strategic course toward the future. It is impossible to separate the organization’s strategy from the decisions it makes concerning information technologies. Innovation and growth are inextricably linked to harnessing emerging technologies necessary to set the organization on a winning path in a hyper-competitive world. IT leaders must serve as the critical link to success by balancing current business processes and new and innovative approaches, introducing ways to reshape those processes without losing sight of feasibility, complexity and risk.

Speed and agility demand a commitment to experimentation and innovation.

Relevance Demands Credibility To remain relevant, organizations must be credible in three ways: (1) keeping their “IT house” in order; (2) leveraging advances in S&T and (3) emerging technologies to drive innovation; and focusing on business priorities and serving the customer’s needs. To succeed, it requires making fundamental changes to current organization structures, perspectives and capabilities. Success necessitates giving decision makers greater visibility into IT-related areas of focus, the associated risks, and the value to be gained. Success also depends on providing the necessary visibility into the IT “balance sheet,” including all assets, costs, resource requirements, expected ROI, risks, dependencies, and an understanding of how IT expenditures align to strategic priorities. And very often, success will require that IT leaders tell business line leaders what they “need” and dissuade them of what they “want.” Focus on Agility and Speed Finding the right balance between the potential of tomorrow and the realities of today requires IT leaders to envision, design and build future IT architectures that optimize current 16

infrastructure investments while moving with a sense of urgency toward cloud and mobility solutions. It will also require development of a data management strategy and a proactive cyber defense strategy. Perhaps most importantly, IT leaders must focus on agility and speed. Doing so will necessitate an unwavering commitment to responsiveness and adoption of the ideas, practices and processes of others from across the organization and the larger community. Speed and agility demand a commitment to experimentation and innovation, which may in turn require relief from rigid corporate acquisition, budgeting and planning processes. IT leaders must be bold in demanding that cybersecurity is everyone’s responsibility. To be effective, they must take a proactive view of risk, considering information security throughout a systems life cycle, rooted in an understanding of probable and acceptable risk, exposure, trade-offs and potential impacts. New and developing IT technologies inherently involve risk. The notion of “failing fast” is not about universal acceptance of failure, but meant to emphasize learning through iteration, by using experiments intended to yield measurable results, as quickly as possible. One Team Together Finally, IT leaders must adopt a “one team” mentality to put the organization on a positive path toward its future state, engaging frequently with other leaders to help establish and direct their priorities, goals and dependencies on IT. Strong “top-down” leadership is needed to inspire new ideas and innovative behaviors in the organization’s workforce. After all, leaders are only as good as the teams they lead. A rapidly changing environment away from traditional IT requires new skills and aptitudes, new disciplines, new ways of organizing and new ways of working together. ■ Lt. General William J. Bender currently serves as the Strategic Account Executive, Government Relations, within the Business Development & Strategy Group at Leidos. General Bender is responsible for strengthening and advancing trusted relationships with customers and advancing strategic initiatives to foster enterprise growth. General Bender brings more than 34 years of military experience and executive-level leadership in multiple facets of information technology (IT) and government services. General Bender most recently served as Chief Information Officer for the United States Air Force (USAF), where he was responsible for 50,000 cyber operations and support personnel across the globe with oversight for the USAF’s IT investment strategy and a portfolio valued at $17 billion.

PROFILES IN EXCELLENCE

Connect and Build By Pete Tseronis

Founder and CEO Dots and Bridges, LLC

I

t is an amazing feeling to wake up each and every day doing what you like (love) with the people you like (love). Well, it may not be a daily feeling, but let’s frame it in terms of “much more often than not.” For the past 2+ years, I have stared down the uncertainty of an entrepreneurial journey, squashed what I had believed to be risk aversion, and given myself a shot at a life that I otherwise did not know was possible. As such, I am often asked what is the secret ingredient for success? Or how have you been able to do it? Secret Revealed For me, the answer is simple. It is the combination of Relationships (equal parts of constant cultivation, commitment, and compassion) and Passion (that motivational feeling that comes naturally). Pedigree, Job Title, Years-In-Service….these are pertinent and can be what you lean on as critical success factors to obtaining your next promotion. Looking at it through a different lens, though, don’t miss the opportunity to use every acquaintance as the springboard to a door that is ajar. A door that embraces your passion! A door that leverages your wisdom! A door that networks your relationships!

The 24/7 access to information demands that we work even harder to connect with others.

Consider These Here are a few considerations when presented with a chance to pivot from a work discussion to a personal connection: • Doing business in (and among) the public and private sectors is less about the service offering and more about the trusted relationship. Nurturing these partnerships takes time, yet it will be time well spent. • Accepting what you DO NOT KNOW can inspire a zeal to learn and, better yet, allow your colleagues to teach. It is admitting that I can’t boil the ocean of knowledge that has made all the difference. • In the working world, individuals are labeled Supervisor, CEO, Director. In life, these same people are Mom, Granddad, Friend. Titles are simply words. Human beings have feelings, undetected passions. Connect on a human level and opportunities result.

PROFILES IN EXCELLENCE

• Establishing a personal connection with someone can happen in an instant and can be the differentiator. They kind of feel like “light-bulb” moments. And shared interests pave new roads for success. Sustainable Connections During my 25-year run in the Federal Government, I generated a rolodex of colleagues across government, industry, academia, and investor domains, to name a few. And while my collegial index has expanded exponentially in my post-Federal career, I attribute my professional formation to these unique and sustainable connections. As the Internet of Everything exponentially evolves and seeks to transform our lives and economies, the result is 24/7 accessibility to information. This is the new normal. As such, this phenomenon demands that we work (yes, it takes work) to connect with others. Dots and Bridges may be three simple words, yet what they represent is a universal idiom: Connecting Dots and Building Bridges. It is both subliminal and explicit. We all maintain the capacity to do it. Make it a priority. Ignite your passion, and it will become infectious! Every day I am mindful of those colleagues that have partnered with me for the past 27+ for their friendship, trust, and authenticity. I look forward to continued collaboration with these (and future) amazing individuals and fueling our mutual passions. Net Net…Relationships plus Passion trump any grind, seven days a week and twice on Sunday! ■ Pete Tseronis spent 25 years in the Federal government and was the Department of Energy’s (DoE) first-ever appointed Chief Technology Officer (CTO). In this role, Pete served as an innovation advocator for the technology transfer and commercialization of intellectual property, was an effective and credible collaborator across the international research and development community, and leveraged intellect within the national laboratory enterprise to catalyze economic competitiveness.

17

Views You Can Use W

orking with the private sector, agencies are making great strides in enhancing government services, while keeping government systems and the data it holds secure. Read how four of government’s leading IT partners — Tanium, Agari, Crowdstrike and Splunk — are helping agencies succeed and learn how you can integrate their solutions into your agency.

Realizing Digital Transformation By Kevin Davis

Vice President, Public Sector Splunk

Rebuilding Trust in Government: The Role of Security By John Wilson

Field Chief Technology Officer Agari

The promise of digital transformation is increasing operational efficiency through eliminating stove-piped systems, reducing system complexity, strengthening cybersecurity, improving incident response, and employing DevOps practices. Transformation begins with a complete understanding of current enterprise systems, workloads, and processes. This can most effectively be derived from an analytical, data-driven approach that supports the evaluation of modernization tools and methods. By embracing new tools and methods, agencies are more than twice as likely to deliver higher quality products and services, realize better operating efficiency, and ensure increased customer satisfaction. Turn to page 24 to read the complete article.

Authenticating email is about more than security, it is about restoring trust in the government. The recent Department of Homeland Security (DHS) Binding Operational Directive (BOD) 18-01, which mandates the adoption of a critical email authentication standard called DMARC, is shining yet another spotlight on the important role that IT security teams play in keeping our government’s communications, operations and identities secure. The question is: how will the Federal cybersecurity community respond? Turn to page 22 to read the complete article.

Applying the OODA Loop to U.S. Air Force Cybersecurity

Modernizing for the Future of Cybersecurity: How the cloud will enable security effectiveness in the Federal government.

By Ralph Kahn

Vice President Federal Tanium In the middle of the Korean War, Air Force Colonel John Boyd noticed something odd: America’s fighter pilots were winning a majority of aerial battles, even though the enemy’s planes maneuvered far better than the American F-86 jets. But the American jets had two crucial advantages: a bubble canopy that gave pilots a near complete field of vision and hydraulic controls that let pilots move faster and with more ease. These factors made all the difference. Boyd broke down what was happening into four steps, a process he called the OODA Loop: observe, orient, decide and act. Whoever completed these steps faster would win the battle. Turn to page 20 to read the complete article.

18

By James Yeager

Vice President of Public Sector CrowdStrike In 2017, Executive Order 13800 mandated that public sector enterprises must “build and maintain a modern, secure, and more resilient” IT architecture. As adversaries continue to evolve their tactics, techniques and procedures (TTPs), the volume and sophistication of attacks will increase, whether they are from nation-states, criminal actors or hacktivists. The Federal government must be prepared to meet the challenges of today’s evolving threat landscape. Implementing these five essential best practices going will go a long way towards securing the Federal domain. Turn to page 26 to read the complete article.

PROFILES IN EXCELLENCE

Putting You Of IT Innovation

Volume 7 Number 3

April/May 2015

Government, researchers and industry are bridging the gaps to a better cyber state.

Sponsorships: Contact Tom Trezza: 201-670-8153; [email protected]

Federal IT Proc urement...Deliv ered

NASA

2017–2018 GW AC Guide

Volume 10 Number 1

February 201 8 Published by

es .n et

digital.onthefrontlines.net.

Inside

Public Sector Comm

unications, LLC.

3 Cyber Views You Can Use 4 At Defense, Cyber Is A Joint Effort 6 Advantage Defense 8 Intelligent Compliance Closes The “SecOps” Gap 9 Making Proactive Cyber Security Achievable

Trezza Media Grou p,

he fro nt lin

© Copyright 2017

w w w .o nt

Download Your Digital Edition at

24/ 7/365 onli ne at www.sewp.na resources available sa.gov Help Desk: (30 1) 286-1478

10 Delivering CDM Through CMaaS 11 Four Lessons Learned 12 Cloud Forensics: CSI In The 14 Why Can’t We Tell The TruthClouds About Cybersecurity

SEWP: Solut Procurementions For Enterprise-Wide SEWP Mission

The SEWP Progra m Office manage s a suite of government‑wi de IT products and services con that enable NAS tracts A and all Federal Agencies to ach their missions and ieve strategic initiativ es by providing streamlined acc ess to critical tech nologies and solu The Program pro tions. vides best valu e for the Federal Government and American taxp ayer through inno procurement pro vative cesses, premie r customer serv and outreach, acq ice uisition insight, and partnership Government enti with ties and Industry .

SEWP Vision

SEWP will provide Federal Agencie s high availability access and insi ght to strategic solutions through utilization of SEW P’s suite of ICT products and serv High level agency ices. decision makers access to their will have direct acquisition data to assist with stra oversight and con tegic trol of internal ICT acquisition external supply and chain processes .

Views You Can Use

Applying the OODA Loop to U.S. Air Force Cybersecurity Speed is crucial to success in both air-to-air combat and modern cybersecurity By Ralph Kahn Vice President Federal Tanium

I

n the middle of the Korean War, Air Force Colonel John Boyd noticed something odd: America’s fighter pilots were winning a majority of aerial battles, even though the enemy’s planes maneuvered far better than the American F-86 jets. But the American jets had two crucial advantages: a bubble canopy that gave pilots a near complete field of vision, and hydraulic controls that let pilots move faster and with more ease. These factors made all the difference. Boyd broke down what was happening into four steps, a process he called the OODA Loop: observe, orient, decide, act. Whoever completed these steps faster would win the battle. Speed, in particular, is key—the faster a pilot moves through the OODA Loop, the faster they can disrupt and lengthen the enemy’s own loop.

Boyd broke down what was happening into four steps, a process he called the OODA Loop: observe, orient, decide, act. Whoever completed these steps faster would win the battle.

Since the 1950s, the OODA Loop has been applied more broadly to warfare theory and also to business strategy. In fact, all humans go through the OODA Loop hundreds of times a day — each time we make a decision, we observe our environment, orient ourselves by putting our observations into context and applying past experiences, make a decision based on that information, and then we act on it. This process often happens subconsciously and in milliseconds. The OODA Loop can also be applied to cybersecurity. In fact, the process is an ideal fit for cybersecurity because of speed’s importance — cyber attackers operate in seconds, and can cause exponentially more damage the longer they are inside a network. Cyber defenders must be faster. As Lieutenant General Bradford Shwedo, the Air Force’s Chief Information Officer, said at a Trezza Media Group 2017 forum, “Speed is life — nothing is more true in cyber.” Today, the U.S. Air Force’s cyber warriors are applying the same OODA Loop to protect its cyberspace that its fighter pilots were using in the air six decades ago — and Tanium is helping. Together, we developed the Automated Remediation and Discovery Program (ARAD), which is helping the Air Force manage its 600,000 endpoints and complete the OODA Loop faster than its enemies. Here’s how it works. Step 1: Observe Just as the American F-86 pilots flying over Korea benefitted immensely from a complete field of vision, the Air Force’s cyber warriors need a complete view of every endpoint on their network. That can be a challenge when you have a massive IT environment, with laptops and mobile devices constantly coming onto and off the network. But not for the Air Force. Tanium is giving the organization complete visibility into each endpoint and its status in real time. This clear line of sight is the foundation for the next steps. Step 2: Orient The Air Force’s network faces hundreds of thousands of attempted attacks each day, and must be able to understand what needs immediate attention and what can wait. Reducing this noise is one of the biggest challenges the airmen face. Tanium is helping the Air Force’s cyber warriors rapidly filter and comprehend this vast amount of data, raising critical issues to their attention, while allowing lesser priorities to be handled within normal cyber operations cadence.

20

PROFILES IN EXCELLENCE

Step 3: Decide Because the Air Force now has a holistic view of every endpoint on its network, and the right context for understanding what’s happening on those endpoints, its cyber warriors can make much quicker, more informed decisions, in order . They also have more time to make these decisions, because Tanium is automatically handling many tasks the cyber warriors formerly had to do manually. Step 4: Act The ARAD program enables the Air Force to rapidly enact any decision they make, and be confident those actions were successful — whether that’s implementing a critical patch across their entire network in just hours, uninstalling software in minutes if they discover a vulnerability, or hunting for indicators of compromise across their environment. And because multiple Cyber Operations groups have a single platform to manage IT, implement patches, and respond to and remediate incidents, they are able to function with more effectiveness and efficiency. ARAD’s impact The Air Force’s response to the WannaCry attack is illustrative of how ARAD has transformed the organization’s security. ARAD rapidly scanned all 600,000 endpoints, patched the ones that needed patching, and quarantined systems that seemed suspicious. Before, it would take weeks to understand which devices needed patching and then to implement those patches across each endpoint. Compliance audits were also a long, lethargic process requiring Air Force staff to manually search for vulnerabilities and patch each endpoint individually. Now, the Air Force is compliant with U.S. Cyber Command regulations every day, saving the organization significant time and money. That reduced workload, combined with a much deeper visibility into their network, enables the Air Force’s IT staff to tackle bigger technology challenges, like consolidating data centers and moving to the cloud. With ARAD, the Air Force is continuously completing the OODA Loop — observing, orienting, deciding, and acting — all in seconds. The Air Force’s ability to operate at the speed of cyber, both across its entire enterprise and surgically on an individual endpoint, is keeping them a step ahead of the enemy, and dramatically improving their security. ■

PROFILES IN EXCELLENCE

SOLUTION FOCUS 15-Second Visibility and Control Over Every Endpoint. Even Across the Largest Networks. Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current state and execute change as necessary, all within seconds. With the unprecedented speed, scale and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of cost efficiency in IT operations. In a fully digital world, the lifeblood of an organization lies in its ability to gain the upper hand against bad actors by moving faster than they do and stopping attacks before they cause irreparable damage. The rising number of security breaches across both the public and private sectors is directly caused by IT’s inability to find or fix the issue quickly enough at scale — the incumbent approaches and tools are too slow and scale too poorly to secure and manage the rising number of business-critical IT assets today. Tanium is fundamentally transforming IT with the industry’s only platform capable of delivering 15-second visibility and control over millions of geographically distributed endpoints, from laptops to desktops to virtual machines to cloud assets to ATMs. Instead of relying on data that is hours, days or weeks old, security and IT operations teams now have accurate and complete data that is only seconds old and the unique ability to make changes across the enterprise in seconds as well. With authoritative data on what is actually happening — as it’s happening — and the ability to make change nearly immediately, organizations are now back in the driver’s seat to stay ahead of attackers and reclaim operational inefficiencies that have plagued them for years. Visit us at www.tanium.com or follow us on Twitter at @Tanium

21

Views You Can Use

Rebuilding Trust In Government: The Role Of Security Authenticating email is about more than security, it is about restoring trust in the government. By John Wilson Field Chief Technology Officer

Agari

H

istorical research shows that U.S. citizens’ trust in the government continues to languish at all-time lows. Amidst these challenging times, cybersecurity professionals at Federal agencies have a rare opportunity to step up and play an even more strategic role as the U.S. government strives to regain the trust of its people. The recent Department of Homeland Security (DHS) Binding Operational Directive (BOD) 18-01, which mandates the adoption of a critical email authentication standard called DMARC, is shining yet another spotlight on the important role that IT security teams play in keeping our government’s communications, operations and identities secure. The question is, how will the Federal cybersecurity community respond? Trust in Government at Historic Lows According to data from the Pew Research Center, public trust in the government remains near historic lows. Only 18% of Americans today say they can trust the government in Washington to do what is right “just about always” (3%) or “most of the time” (15%). Distrust in government is certainly nothing new. Since this data was first recorded back in 1958, trust in government has gradually eroded over time, with a few notable peaks during the economic boom of the 1980s and again during moments of national unity after 9/11. (See chart below.) Public trust in government near historic lows

22

1970

1980

1990

2000

Trump

Obama

G. W. Bush

400% 350%

Spam without malicious attachments Spam with malicious attachments

300% 250%

100% 50%

2010

Ja n 1 Fe 5 b 1 M 5 ar Ap 15 ril M 15 ay Ju 15 ne Ju 15 ly 1 Au 5 g S e 15 pt 1 Oc 5 t1 No 5 v1 De 5 c1 Ja 5 n 1 Fe 6 b 1 M 6 ar Ap 16 ril M 16 ay Ju 16 ne Ju 16 ly 1 Au 6 g S e 16 pt 1 Oc 6 t1 No 6 v1 De 6 c1 6

Clinton

Bush

Reagan

Ford

Carter

Nixon Johnson

Kennedy

Eisenhower

50%

1960

450%

0%

Moving average

0%

Spam volume and spam with malicious attachments

January 2015 through December 2016

150%

75%

25%

Federal Government at Risk for Mass-Scale Identity Deception Whether it’s spear-phishing, targeted email attacks, or some other form identity deception, email remains the number one weapon of choice for cybercriminals. KPMG determined in a 2017 study that 91% of all cyber-attacks involve spear-phishing. And in that same year, according to Verizon’s 2017 Data Breach Investigations Report, 67% of all malware breached the organization via email attachments that people were tricked into clicking on. Sadly, the trend is only growing worse. The IBM Threat Intelligence Index 2017 report shows the dramatic rise not only in spam over the years, but specifically spam with malicious attachments. (See chart below.)

200%

% who trust the government in Washington always or most of the time 100%

Whatever the politics and perceptions driving this trend, the fact remains that the U.S. government has struggled with a crisis of confidence. It is against this backdrop that the U.S. government is facing another struggle that impacts public trust — cybersecurity, and specifically, identity deception.

Federal agencies are particularly vulnerable to this form of attack, as the vast majority of communications both within an agency, with other agencies and with their citizenry take place via email. This is why the DHS has mandated the adoption of DMARC, a proven and effective defense against malicious spam and phishing. DHS BOD 18-01 creates more than a requirement for compliance. It also creates an opportunity for strategic leadership.

PROFILES IN EXCELLENCE

DHS BOD 18-01: A Moment in Time for the Federal Cybersecurity Community The majority of people in the U.S. don’t think the government is either capable or willing to do what it needs to do to function properly. Imagine if the average tax-paying citizen understood the current inability to distinguish legitimate and fraudulent emails purporting to originate from their government. What sort of impact is that going to have on the people’s trust? DMARC is about much more than simply securing emails. It’s about securing the trust of the people who rely on the services their government provides. In that spirit, here are three specific recommendations for what Federal cybersecurity professionals can do immediately to help rebuild trust in our Federal government and the people who operate it. 1. Educate your internal teams. How many people in your organization know what DHS BOD 18-01 is or why it’s important? How many know what spear-phishing is and what a pervasive threat it is? How many people understand the tireless work that happens behind the scenes to prevent those kinds of attacks? People should be made aware of what the threat is, the consequences of falling prey to that threat, and what their local cybersecurity teams are doing to keep them and the public safe. 2. Educate your citizenry. Have fail-safes in place to immediately communicate with your constituency in the event of an identity breach. Be ready to coach your internal and external audiences on what to do in the event of fraudulent communication. Let them know what solutions you are putting in place to protect against this eventuality. Waiting until after a devastating phishing attack is not the best time to start communicating with the citizens who pay your department’s bills. Start that conversation before there’s any further erosion of trust.

SOLUTION FOCUS Agari’s Email Trust Platform Today, companies are most vulnerable to cyber-attacks that prey on human perception and identity deception, with email as the current attack vector. The Agari Email Trust Platform protects against the pervasive threat of digital deception. Common forms of digital deception include display name fraud, domain name fraud and look-alike domain fraud. These forms of digital deception are leveraged in malicious inbound attacks, including spear phishing, business email compromise (BEC), and ransomware. Digital deception also takes the form of outbound phishing and spam, resulting in negative brand reputation. The Agari Email Trust Platform protects both inbound and outbound email communication from digital deception to secure the enterprise, to improve productivity and to preserve brand reputation. By automating the detection of digital deception, the Agari platform eliminates the vulnerability of human perception as the root cause of email security risk. Agari also streamlines the deployment and implementation of DMARC, an email authentication standard, with centralized management, automated sender discovery and analytics. The Agari Email Trust Platform is the industry’s only artificial intelligence (AI) driven defense system that automates the detection of digital deception, modeling authentic, trustworthy communications to protect humans from being deceived by cyberattacks such as phishing, ransomware and business email compromise (BEC). To learn more, visit www.agari.com/federal.

3. Trust your DHS BOD 18-01 compliance to a proven solution. The good news is there is a proven effective solution available. In fact, 9 out of 10 DMARC-protected Federal domains already use Agari. These trail-blazers have already laid the groundwork for where and how to implement the best protections against spear phishing, spam and email-borne cyberattacks. Other Federal cybersecurity professionals can benefit from their experiences. For best practices on Federal Government DMARC implementation, please visit www.agari. com/Federal. The Agari Email Trust Platform is the industry’s only artificial intelligence (AI) driven defense system that automates the detection of digital deception, modeling authentic, trustworthy communications to protect humans from being deceived by cyberattacks such as phishing, ransomware and business email compromise (BEC). ■ PROFILES IN EXCELLENCE

23

Views You Can Use

A Clearer View of IT Operations

Government IT Modernization Depends on Efficient Enterprise Operations Enabled by Visibility and Integration. By Kevin Davis

Vice President, Public Sector Splunk

D

igital transformation is a priority for government organizations, in part because the continued upkeep of aging legacy infrastructure consumes as much as 75 percent of IT operating budgets. This hefty investment in traditional computing architectures prohibits the introduction of new, more efficient technologies that meet current and evolving agency requirements. How can agencies, encumbered with legacy systems and constrained budgets, implement new technologies and streamline processes to improve how they perform the business of government? What government organization would not want a more integrated, efficient, and responsive IT infrastructure, supported by thoughtful processes that result in consistent and timely customer experiences? This scenario motivated passage of the Modernizing Government Technology Act of 2017, intended to provide funding and incentives to help government agencies break from long-standing IT procurement strategies and drive them to consider more cloud-based technologies to fuel and expedite their digital transformations. To move in this direction, agency professionals need a complete understanding of their current enterprise IT operations. They must evaluate traditional tools, systems, and governing policies to determine where opportunities for improvement will have the most impact on budget, staff, and future operations. By employing an analytical, data-driven approach, they can be equipped to create the vision and introduce new methods and technologies to enable sustainable, secure, and optimized IT operations.

Integrate data from independent systems into searchable repositories for visibility across the entire computing environment.

24

Managing agency IT operations is a challenge. Federal CIO organizations are responsible for monitoring, managing, and troubleshooting rapidly evolving and increasingly complex environments. Introduction of the latest technologies, pressure to migrate workloads to the cloud, compliance mandates and expanding cyber threats combine to limit agency capabilities to deliver services, fulfill service level agreements (SLAs), meet citizen expectations, and accomplish their missions. Despite the headwinds, many agencies have launched digital transformation programs and the transition has begun, as evidenced by IT budgets shifting from traditional on-premises investments to more cloud-based solutions and agile development models. Unfortunately, the transition is not pain-free. A recent survey conducted by the Ponemon Institute polled more than 1,200 decision-makers and operations staff supporting public sector programs, including government, education, and contractor professionals. The Splunk-sponsored research revealed that while a handful of new approaches are advancing IT operations, including adoption of DevOps, there is an overall loss of confidence among public sector organizations in the shifting IT environments they manage. Operating in Silos Government agencies have diverse mandates and their technology infrastructures have been driven by individual department requirements. The result is that agency technologists are attempting to manage a heterogeneous landfill of intertwined components to deliver mission-critical services. Yet they lack the real-time, end-to-end visibility into their IT operations and are unable to quickly identify root causes of outages given the lack of integration between systems that often are supported by ad hoc mitigation processes. The Ponemon study reported more than half of public sector IT respondents cannot, or were unsure, if they could pinpoint problems because their systems were managed in silos. This inability to resolve failures quickly is significant--the survey found that system recovery following an outage can take an average of 44 hours and as many as 12 full-time resources to resolve. Most also expect near-term spending for cloud and DevOps to grow by nearly 50%, a shift that has shaken the confidence of many who question their abilities to meet SLAs and manage data center upgrades and cloud migration programs.

PROFILES IN EXCELLENCE

Overcoming Complexity Improving IT operations management is essential so agencies can invest their financial, personnel and technical resources where they are needed most. While government professionals are looking to data and monitoring tools to advance this cause, they must resist a “silo mentality” where monitoring tools are technology- or application-specific. How can government professionals manage hundreds (or thousands) of applications, servers, and virtual machines generating an unprecedented volume of disparate data streams? Clearly not by relying on existing tools that monitor segments of the infrastructure but fail to evaluate overall enterprise IT operations. Traditional approaches no longer support the complexity, volume, and speed that the modern agency needs to support mobile applications, cloud-based resources, virtual machines and software-defined everything. To overcome the encumbrance of legacy systems, government organizations need to ingest and integrate data from independent systems and resources into easily searchable repositories for visibility across their entire computing environment. Modern enterprise IT operations rely on highly-scalable platforms that aggregate machine data, including all tiers of applications and hardware infrastructure, into a single, secure, and centralized location. Only with a comprehensive view of enterprise IT operations can agency professionals glean the trusted operational intelligence needed for more data-driven decision-making. Realizing Digital Transformation The promise of digital transformation is increasing operational efficiency through eliminating stove-piped systems, reducing system complexity, strengthening cybersecurity, improving incident response, and employing DevOps practices. Transformation begins with a complete understanding of current enterprise systems, workloads, and processes. This can most effectively be derived from an analytical, data-driven approach that supports the evaluation of modernization tools and methods. By embracing new tools and methods, agencies are more than twice as likely to deliver higher quality products and services, realize better operating efficiency, and ensure increased customer satisfaction. ■

SOLUTION FOCUS Splunk Software Streamlines IT Operations The key to optimizing Federal IT operations is greater end-to-end visibility into systems performance, availability, and usage with trusted capabilities to identify, troubleshoot, and resolve problems quickly. What is needed is a data collection and analytics capability that delivers a comprehensive operational view into enterprise systems and applications, from the data center to the cloud, which combine to deliver an automated framework for achieving maximum efficiency. Splunk software delivers this enterprise-wide view built on granular system information by ingesting data from any source, in any format, and presenting it in a single interface that can be used to discern usage patterns, trouble spots, and risk areas. With automation and machine learning, Splunk helps simplify operations, prioritize issue resolution, and provide continuous monitoring capabilities to enable threat detection and mitigation. Importantly, the Splunk approach to data management — collect-once, aggregate, and use-many-times — delivers multiple IT operational benefits, including comprehensive risk assessment, resource management, and reliable service delivery. Powerful and integrated Splunk solutions allow agencies to eliminate multiple, stove-piped tools, applications and their associated costs, further streamlining IT operations. Federal IT modernization programs rely on Splunk to aggregate data, understand current asset inventories and usage, and to accelerate cloud migration with targeted issue resolution and insights for performance improvement. Using Splunk to monitor workloads facilitates data center consolidation by tracking managed space, power loads, and servers. In the security domain, Splunk’s data-driven analytics enable informed incident management and forensics capabilities and improved self-reporting and compliance audits. Splunk software capabilities allow Federal IT professionals to harness data from multiple sources and present system-wide visibility in a single interface that enables rapid decision-making to continually improve operational efficiency. The results are compelling: less downtime, faster incident response, more robust cybersecurity, and increased user satisfaction. CONJURE INSIGHTS INTO YOUR IT OPERATIONS.

Splunk® solutions help you demystify your data and gain end-to-end visibility across your infrastructure. What can you do with Splunk? Find out at splunk.com/digging-out-of-silos

© 2018 Splunk Inc.

AD-Splunk-MagicSketch-ConjureInsights-8x10.75-101.indd 1

1/23/18 6:44 PM

Learn more at: https://www.splunk.com/en_us/form/ digging-out-of-the-silos.html. PROFILES IN EXCELLENCE

25

Views You Can Use

Modernizing for the Future of Cybersecurity

How the cloud will enable security effectiveness in the Federal government. By James Yeager

Vice President of Public Sector CrowdStrike

I

n 2017, Executive Order 13800 mandated that public sector enterprises must “build and maintain a modern, secure, and more resilient” IT architecture. As adversaries continue to evolve their tactics, techniques and procedures (TTPs), the volume and sophistication of attacks will increase, whether they are from nation-states, criminal actors or hacktivists. The Federal government must be prepared to meet the challenges of today’s evolving threat landscape. Implementing these five essential best practices going will go a long way towards securing the Federal domain. Focus on IT Hygiene IT hygiene is the foundation of an efficient security posture. Security starts with discovering where you’re not protected, so you can close security gaps and be better prepared to face threats. It’s imperative that organizations not only understand what software is running in their environments, but also who is leveraging each application. The data that IT hygiene yields is essential to both security and IT teams so they can implement preemptive measures and ensure they are prepared to face today’s common and uncommon attacks. Out-of-date and unpatched applications continue to be a primary attack vector into IT environments. A recent survey notes that 75 percent of organizations cite unpatched and outdated software as their greatest security risk. The ability to

A fully functioning endpoint detection and response (EDR) system should be deployed to record all endpoint activities for deeper inspec­tion, both in real time and after the fact.

26

discover, patch and update vulnerable applications running in your environment provides a tremendous advantage against attackers. Successfully employing proper IT hygiene measures can also help expose unmanaged assets that pose a considerable risk to the enterprise. Graduate to NGAV Traditional antivirus (AV) has coasted a long way in the market by touting 97 to 99 percent efficacy rates. However, most security professionals have learned the hard way, that this seemingly small gap of one to three percent provides a huge window of opportunity for adversaries. In addition, legacy AV does not address increasingly sophisticated fileless methods. In fact, studies indicate that many of today’s breaches are not caused by malware at all, but rather carried out through social engineering, credential theft or a variety of “living off the land” techniques. A signature-based approach to security is no longer sufficient enough to keep the enterprise out of harm’s way. Next-generation AV (NGAV) goes beyond identifying known signatures to block exploits that leverage vulnerabilities. NGAV needs to fully leverage behavioral analytics and machine learning to identify unknown malicious files, stepping beyond a malware-only focus to look for signs of attack as they occur, rather than after the fact. This approach entails seeking out indicators of attack (IOAs) to identify active attacks, rather than solely relying on indicators of compromise (IOCs), which are only present after an attack has taken place. To effectively achieve this, NGAV solutions must gather enough endpoint activity data throughout the environment to contextualize each IOA with other pieces of information, formulating the most complete picture of the threat. Put a Premium on Visibility Mission defenders cannot protect what they cannot see. Regardless of how advanced an organization’s defenses are, attacks inevitably slip through, causing a “silent failure.” Silent failure happens when existing legacy technologies miss a threat without any alarms going off, allowing attackers to dwell in an environment for days, weeks or months without detection. This is why operators need to have full visibility across all of their assets at all times. A fully functioning endpoint detection and response (EDR) system should be deployed to record all endpoint activities for deeper inspection, both in real time and after the fact.

PROFILES IN EXCELLENCE

EDR provides operators with the visibility and capability to proactively hunt through large volumes of data to find malicious patterns of activity that may not have been detected otherwise. Most importantly, EDR tools must offer an easy way to mitigate a breach that is uncovered, including containment of exposed hosts to stop a potential breach in its tracks, allowing remediation to take place before damage occurs. Hunt for Threats At the end of the day, attackers are people, and people are adaptive and creative. Defenders are at a major disadvantage if they rely on technology alone to counter every attack. Today’s adversaries are committed and resourceful. An effective endpoint security strategy must be bolstered by a team of security experts hunting across the enterprise and proactively looking for threats. An elite hunting team can find things that may have been missed by automated response systems. Threat hunters learn from prior incidents, leveraging telemetry data, analyzing it thoroughly and providing customers with response guidelines when malicious activity is discovered. Managed hunting pits the brainpower of expert human defense teams against the ingenuity of determined adversaries. Establish a Security Ecosystem There is no silver bullet in security. However, many tools have been engineered to work well with others. It’s important to develop a full-spectrum cybersecurity ecosystem, which functions like an immune system, with each component of your defense strategy working in harmony to form a robust and resilient infrastructure. Endpoint tools must integrate with central and perimeter network appliances, all of which must be able to feed front-end analytics platforms. Invest in tools that are fully open and only engage with solution providers who have an integration strategy that meets your security needs. ■

SOLUTION FOCUS CrowdStrike Falcon The nature of cybersecurity problems facing the public sector has changed radically, but the solutions in place to solve these problems have not. Standard security providers still rely on outdated architecture models, while myopically focusing on stopping malware alone. Yet, the problem is no longer just about malware. In fact, malware is only responsible for five out of every 10 attacks. What about the other 50 percent? This is where adversaries leverage TTPs that move beyond malware — such as exploiting features of a legitimate application or operating system. Adversaries are extremely skilled, well-funded, and relentless, able to outsmart and bypass malware-based defenses. Clearly, a new approach is needed — one that not only addresses malware more effectively, but goes a step beyond to stop fileless, malware-free attacks. To reinvent endpoint protection, CrowdStrike became the first and only company to unify five crucial elements: next-generation AV, endpoint detection and response (EDR), IT hygiene, 24/7 managed hunting services, and threat intelligence. This entire platform is uniquely delivered via the cloud in a single integrated solution. This innovative combination of solutions stops breaches by preventing and responding to all attack types. C AN 'T STO P TO DAY'S CYBER AT TAC KS ? C RO W D ST RI K E FA LC O N CA N . L EARN MORE AT CROWDS TRIKE.COM/S OLUTIONS /PUBLIC-S ECTOR/

CHALLENGE Public sector enterprises struggle to adequately protect their endpoints against increasingly sophisticated TTPs employed by adversaries. SOLUTION • Falcon is designed with your security needs in mind and a solution arsenal to protect against all attack types, blocking known and unknown malware as well as non-malware-based threats. • Its continuous monitoring of the endpoint allows for rapid detection and response to malicious activity. • Falcon OverWatchTM provides proactive 24x7 managed hunting for adversary activity so operators can detect and block attacks before they can wreak havoc on the enterprise. BENEFIT CrowdStrike provides a single, powerful, unified solution that is focused on enabling enterprises to stop breaches and keep your data safe Learn more at: www.crowdstrike.com.

PROFILES IN EXCELLENCE

27

CA N' T STOP TODAY'S CYBER ATTACKS? C ROWDSTRIK E FALCON CAN . LE A RN MORE AT CROW DSTRIKE.CO M/SO LUTI ONS/PU B L I C -SE C TOR /