healthcarereimagined

By: Rolf Fredheim Sebastian Bay

Related topics: Social Media DisinformationInformation Manipulation

Publication details

ISBN:978-9934-619-16-8Year:2022Format:PDFPages:46Size:1.41 MB

Read online

Download

The ongoing war in Ukraine has shown the importance of being able to defend and influence the information environment in order to win a modern conflict. Coordinated social media manipulation campaigns continue to be an important tool for adversaries. Therefore, assessing the abilities of social media companies to protect their platforms against manipulation continues to be important for understanding how well our societies are able to protect our information environment against antagonistic threats. To further our understanding of platform manipulation, we re-ran our groundbreaking experiment to assess the ability of social media companies to counter platform manipulation. This year, we added a sixth social media platform, VKontakte, to our experiment.

Article link: https://stratcomcoe.org/publications/social-media-manipulation-20212022-assessing-the-ability-of-social-media-companies-to-combat-platform-manipulation/242

As the U.S. Air Force continues its aggressive pursuit of modernization and prepares for the future fight, the head of the service wants to put words into action and get meaningful military capabilities into the hands of warfighters faster than ever before.

“I’m not very interested in experimentations or demos. I’m prepared to accept risk and move towards fielding with engineering and system development programs that lead to production and lead to production at scale,” Air Force Secretary Frank Kendalltold an audience at the Potomac Officers Club’s 2022 Air Force Summit in Tysons, VA.

“If the risk appears to be manageable and we have reasonable mitigations, we need to get on with it and get towards production,” said Kendall, a Wash100 Award recipient. “The result of that inevitably would be some cost and schedule hiccups as we go forward, but I’m afraid we’re going to have to pay that price to get to where we need to go.”

This urgency stems in part from what Kendall has seen as a decline in the Air Force’s dominance since the Cold War. Speaking from his breadth of experience in government, military and industry, Kendall acknowledged that the Air Force’s analytical, science and engineering capabilities have atrophied in the past few decades. Now, as the head of the Air Force, Kendall hopes to reestablish that dominance.

Kendall was sworn in as Air Force secretary in July 2021, and in his remarks during the event, he reflected on the strides the service has made — as well as the ways in which the threat landscape has changed — throughout his first year in the role.

“I came into office with two fundamental roles. One was to put us in a better position relative to our principal competitor, and that is of course, China,” Kendall reiterated.

Priority Number One: China

China’s military modernization program is something Kendall has expressed deep concern about since his return to the public sector in 2010, when he took on the role of principal deputy under secretary and acting under secretary of defense for acquisition, technology and logistics at the Department of Defense.

At that time, Kendall said he could already see that China was on a path to field systems that were intended to defeat the United States’ ability to project power. “We had to respond to that,” he remembered. In the 12 years since that point, however, the systems that China had in development have been fielded, and now the country is working on even newer systems.

“So this is an ongoing quest for technological military superiority that we have got to move quickly in, but we also have to make the right choices about what we invest in,” Kendall said.

Looking at the risk profile the U.S. faces today, Kendall noted that it will not lessen over time. Instead, the nation’s adversaries will be looking ahead to our capabilities in the pipeline for the future and building systems to defeat them.

“We have got to be thinking ahead of that and moving ahead of that. That risk is going to go up over time, and you’re seeing increasing aggressive behaviors on the part of China,” he warned.

Priority Number Two: Reestablishing Air Force’s Operational Power

The second objective Kendall had coming into the Air Force was to leave the Air Force better than he found it. This objective, he admitted, “covers an enormously wide swath of things” including, importantly, strengthening the institution’s technological capability.

Kendall’s second objective also led to the creation of his seven Operational Imperatives — an effort which he describes as a “list of seven things that I felt that we had to do better at to be successful operationally in conventional power projection.”

These imperatives cover top programs and mission areas including space, the Advanced Battle Management System, Next Generation Air Dominance and Air Force readiness in the future battlespace. In the seven months since Kendall revealed his Operational Imperatives, he has put together teams — led by operators, technologists and acquisition executives — to see the imperatives to fruition.

Reflecting on this progress, Kendall said, “The teams have done great work at pulling together what we need to do. The problem now, for me, is to resource it.”

Budget

Fortunately, Kendall expects the Air Force’s top priority programs to be well-funded. “Congress is likely to provide a significant increase in [2023] from what we asked for. This would reset our baseline for [2024],” he projected.

The Air Force’s most recent Program Objective Memorandum, or POM, is just a starting point for the budget and funding conversations Kendall expects to have in the next few months. However, until budgets are finalized, the Air Force won’t know for sure which resources will be allocated to which programs.

“We don’t really know where we’re going to end up in terms of resources, but I think we’ve positioned the Department of the Air Force very well to compete for those resources, because we have identified the specific things that we need to do.”

Though Kendall could not share details about the latest POM, he did say, “I will tell you that I made tradeoffs in the POM to fund as much of the Operational Imperatives as I could.”

DOD-Wide Cultural Shifts Necessary

Ultimately, Kendall acknowledged that the Air Force won’t overcome the myriad of threats it faces if the Department of Defense doesn’t integrate and operate as a cohesive joint force.

“There’s an enormous amount of parochialism, turfism, etc. that I have seen in the Department of Defense, and we’ve got to get beyond that,” Kendall urged. “We’ve got to think about what our mission is and how we contribute to that mission and make sure that what we’re doing contributes as much as possible and not spend our time just trying to take care of our little part of the budget.”

“One team, one fight” is a mantra that guides Kendall in his role as he hopes to drive out the “dysfunctional” behavior in the Pentagon and enact the same mentality across the entire DOD enterprise.

The 2022 Air Force Summit is part of the Potomac Officers Club’s annual military service-focused program of events. The next installment of the series will be the 2022 7th Annual Army Summit on Aug. 24 at the McLean Hilton.

Hon. Gabe Camarillo, undersecretary of the Army and chief management officer for the U.S. Department of the Army, is slated to keynote this highly-anticipated in-person event. Click here to register.

Article link: https://www.govconwire.com/2022/07/air-force-secretary-frank-kendall-prepared-to-accept-risk-to-field-capabilities/

By EDWARD GRAHAMJULY 21, 2022

The message to staff said that “more could be done” to streamline planned deployment of new health record software at Boise VA Medical Center.

The Veterans Affairs Department has indefinitely postponed its planned rollout of the Oracle Cerner Millennium electronic health record system at the Boise VA Medical Center as technical issues and critical reports from the VA’s Office of Inspector General continue to stymie the implementation of the software.

In an internal VA email to staff distributed on Wednesday and obtained by Nextgov, VA Deputy Under Secretary for Health Steven Lieberman called the postponement “not a setback, but rather part of the process.” 

The VA announced last month that all of its originally planned software deployments for the year, with the exception of Boise, would be delayed until 2023, following a series of outages and logistical issues that have highlighted serious flaws in the EHR system. The deployment at Boise VA Medical Center was originally scheduled for June 25, before being pushed back to July 23. The most recent delay indefinitely postpones the software’s go-live date.

“At this time, VA has not scheduled a new launch date for the electronic health record system at the Boise VA Medical Center,” VA spokesman Randal Noller said.

“Many thanks go to our Boise VAMC and [Electronic Health Record Modernization Integration Office] staff, who worked tirelessly to get us to this point,” the email said. “There are positive improvements in many areas because of their hard work. However, in assessing Boise’s readiness for deployment this weekend, VA made the decision that more could be done to ensure a safe and successful deployment. VA continues to work with Oracle Cerner to implement important system enhancements and make the necessary improvements to ensure system stability.”

VA Secretary Denis McDonough confirmed the delayed software rollout at the Boise VA Medical Center during a press conference on Wednesday, but said “we’ve learned from these issues around patient safety” when asked about the long-term viability of the EHR system.

The next EHR system deployments are currently scheduled for January 28, 2023, in Michigan’s Aleda E. Lutz VA Medical Center and the VA Ann Arbor Healthcare System. According to EHRM’s online deployment schedule, the tentative go-live date for both facilities—as of June—was the second quarter of 2023. 

News of the postponement came the same day that VA leaders overseeing the agency’s software deployment were grilled by members of the Senate Veterans’ Affairs Committee about outages, cost overruns and patient care concerns that have impacted the five VA medical sites where the system is currently live. Committee Chairman Jon Tester, D-Mont., said during the hearing that a third-party estimate of the EHR software project presented to Congress found that it would cost more than $50 billion over 20-plus years.

Idaho’s entire congressional delegation said in a joint press release that it raised concerns with the VA about the software’s deployment at the Boise VA Medical Center following a series of critical OIG reports about the EHR system. One of the recent watchdog reports found that the software implemented at the Mann-Grandstaff VA Medical Center in Eastern Washington—the first commercial rollout of the EHR system—had a critical flaw that improperly routed more than 11,000 clinical orders to an “unknown queue” without the knowledge of clinicians. 

While Idaho’s lawmakers said that some of these deficiencies had been addressed, their release noted that “numerous outstanding issues remain.”

“As the VA works to determine a viable path forward for the new EHR system, we once again call on VA and Oracle Cerner leadership to put veterans first by fixing the long-identified issues with the program that pose a threat to patient care,” Republican Sens. Mike Crapo and Jim Risch, along with Republican Reps. Mike Simpson and Russ Fulcher, said. “Before the system is rolled out at any additional sites, it must be made safe, reliable and user-friendly.”

Article link: https://www.nextgov.com/it-modernization/2022/07/internal-va-email-calls-postponement-ehr-rollout-boise-part-process/374772/

The service is expected to issue a memorandum regarding policies that will support the cyber ready concept and continue to grow the use of DevSecOps. 

Nikki Henderson Fri, 07/22/2022 – 12:04

The Department of the Navy is shifting its IT development priorities toward cyber readiness and DevSecOps as it prepares to more fully implement zero trust.

The Navy is currently working on recommendations that focus on instating Continuous Authorization To Operate (cATO) procedures needed to streamline development cycles and safeguard network security.     

Tony Plater, CISO at the Navy, said being cyber ready is the service’s top priority. Plater described the ultimate goal as a more responsive and iterative approach to security.

“The right to operate is earned and managed every day because we need to be looking at cybersecurity every day.  Including how our shift to cyber ready is going to shift us to an active cyber ready state, how it’s going to enable acquisition speed and how it’s going to better defend our information,” Plater said during Federal News Network’s The Connection Between Zero Trust and DevSecOps webinar.   

The Navy views cybersecurity as a compliance problem and has identified cybersecurity requirements as well as audits to evaluate these processes. However, internal review has shown that Navy’s current compliance model is not providing the cybersecurity posture needed.  

“The Navy needs to fundamentally shift our cybersecurity from a compliance approach to an active cyber ready state,” Plater said. “Cybersecurity needs to be an enabler and it can’t be seen as a check at the end or as a barrier.  We also think this active cyber state will help us better defend our information.”   

Plater outlined that in order to be cyber ready, the Navy should follow key principles such as measuring cybersecurity more holistically through a risk and readiness framework that stays ahead of an evolving threat landscape.    

“It’s not just patching and trying to keep up with every cyber vulnerability. It means understanding what the risks are, where the threat is, prioritize and then go at it,” Plater said.   

Two other key factors that will support cyber readiness include accelerating the authorization process while avoiding risk, and fostering a culture of change needed to incorporate these new operating principles.  

Plater stated that Navy plans to launch the first of these new cybersecurity pilot programs within the next 60 to 90 days.  

“We will release a strategic intent memo which will outline our expectations for the services. Following that, those pilots will be used to help us guide actual policy. We will continue to work closely with DOD to share what we’re learning and then distribute that knowledge where it makes sense across the department,” Plater said.        

According to Plater, guidance will soon be coming from the Navy and Marine Corps CISOs on how to make better and more comprehensive use of DevSecOps. 

“The Navy has launched a new platform called Black Pearl. We have teams that meet on weekly basis who are working to establish the guidance, policy and processes it takes to certify pipelines that will produce securely coded products,” Plater said.   

“By putting all this code through a DevSecOps process we can understand how the software is developed, the pipeline is developed and establish the correct security posture,” Plater added.  

During the event Plater also gave an update on the Navy’s zero trust journey.  

“We’re conducting gap analysis. Identifying routes to and from authorized users, looking at maturity within each pillar and formulating internal roadmaps to prioritize risks that are found,” Plater said. “We will continue to emphasize that you should not automatically trust traffic inside the perimeter and to authenticate, validate and verify every request.”

Article link: https://governmentciomedia.com/navy-release-cyber-readiness-devsecops-guidelines-ahead-zero-trust

By ALEXANDRA KELLEYJULY 19, 2022 04:32 PM ET

A new report from the White House points to advanced cloud technologies to help bolster artificial intelligence R&D at the federal level.

Federal agencies that want to successfully scale and implement cloud computing systems into existing infrastructure can do so through several key practices, including designating expert teams, two-factor authentication, and enhanced education opportunities among users. 

Outlined in a White House report published earlier this month, officials documented how cloud computing systems can support further federal research and development in artificial intelligence, a goal within the broader Biden administration.

Authored by the Machine Learning and Artificial Intelligence Subcommittee within the National Science and Technology Council, the report notes that leveraging cloud computing technology can enable better on-demand resources for researchers working with AI technologies. It went on to highlight opportunities for public agencies looking to bolster AI research efforts with advanced computing systems.

“Agencies that have undertaken early efforts to leverage commercial cloud computing resources to advance AI R&D have commonly experienced benefits to their investments in terms of providing internal and external researchers persistent, on-demand access to cutting-edge capabilities, accelerating experimentation and the use of AI in new domains, and enabling reproducibility and scalability of the research activities and results,” the report explains. 

Four best practices emerged from a survey of federal agencies adopting cloud computing for R&D purposes, the first being the designation of administrative teams to manage the implementation of cloud systems into existing infrastructure. These teams will also focus on providing training to other federal employees engaging with cloud computing to facilitate individual research goals.

The subcommittee recommended improving security features, namely two-factor authentication, as a baseline security measure and the second best practice. Further training assistance for employees and pre-computed workflows were also recommended among best practices to help employee access and prevent duplicate work.

The report also outlined common challenges agencies faced in adopting cloud computing technologies, particularly related to a lack of funding and staffing across departments. 

“Agencies have also encountered challenges relating to (1) the costs of data storage and access, complicating the ability for multiple teams to access shared data, and (2) ensuring that the users of a given cloud computing platform can locate and maintain awareness of data, experiments and results relevant to their work and interests,” the report stated. 

The report ultimately emphasized the need for a more specialized workforce, a common challenge many agencies face when working with emerging technologies. It suggested more federal investments in training resources for professionals at every level of cloud computing systems, including end users, cloud architects and data scientists.

“Workforce development has remained a critical limiting factor in the ability to adopt and scale cloud computing-based research efforts. Many federal employees have limited familiarity with cloud computing technologies, and few have industry certification on cloud computing systems,” the report said. “These limitations challenge both internal research efforts and the ability to provide guidance and resources to external researchers.”

Article link: https://www.nextgov.com/emerging-tech/2022/07/white-house-advocates-cloud-investment-path-artificial-intelligence/374663/

By WILLIAM D. EGGERSJULY 20, 2022 08:00 AM ET

President Biden wants to make it easier and more efficient to access critical government services. Here’s some ways to make that happen.

Organizing government services around life events has become increasingly popular worldwide. Late last year, President Joe Biden signed an executive order to bring life-event service delivery to citizens across the United States. 

The president’s directive reorganizes the delivery of government services around five specific life events for citizens, including retirement, having children, leaving the military, surviving natural disasters and navigating financial shocks. It represents a transformational and highly impactful mindset shift for government agencies who provide critical services to Americans.

https://html5-player.libsyn.com/embed/episode/id/23568989/height/90/theme/custom/thumbnail/yes/direction/forward/render-playlist/no/custom-color/000000/

Today, accessing federal resources around any significant life event requires American citizens to navigate a time-consuming and complex obstacle course of bureaucracy. The president’s executive order aims to make it easier and more efficient to access critical government services by streamlining digital entry points, improving the quality of information about vital programs and investing meaningful resources in federal technology modernization. It can significantly strengthen the way that government agencies do business and enhance the citizen experience. 

To achieve the goals outlined in the president’s directive, federal agencies will need to cooperate, share information and get their technology to better communicate – all while putting citizens, not agency convenience, at the center of their missions. Agencies can get there by embracing six key strategies:

1. Put users at the heart of service integration: The citizen must remain at the center of every design choice. Agency leaders should test each new digital service improvement by conducting interviews with citizens and identifying major pain points and sources of friction. Listening to feedback from everyday Americans will help agencies fine tune their services and enhance the citizen experience. 
2. Design a governance model that’s right for each agency: A multi-agency project must assign accountability and determine authority. The ideal governance model for a life-event-centered service model will allow government leaders to give different agencies responsibility for different segments of the citizen experience.
3. Incentivize agencies to work together through shared funding: To overworked federal staff, a whole-of-government approach can feel like an added responsibility. As one worker put it, “We’re going to be measured on our own performance, and not on cross-agency performance.” Funding mechanisms for shared responsibilities should provide appropriate incentives and give agencies more flexibility. 
4. Determine the right data-sharing and technology model: Sharing data makes it imperative for government computers to speak the same language. Shared Application Programming Interfaces (APIs) and shared data formats can help agencies collaborate. 
5. Prioritize privacy and data security: Seamless API integration can make data sharing easy. It must also make data sharing secure. Offering citizens an opportunity manage their information on one central and secure platform can provide more security than requiring citizens to enter their personal information on a dozen different applications. 
6. Prioritize user trust: Citizens won’t try new approaches unless they trust them. And secure data protections can help strengthen citizen trust in life-event service delivery. 

Each of these six strategies is mutually reinforcing. Focusing on the individual user informs an effective governance model. An effective governance model can efficaciously and efficiently distribute interagency funding. A safe API and data-sharing model ensures citizen privacy and data security. Citizens with a secure experience accessing government services will have more trust in government. And with more trust in government, agencies can continue to successfully serve the American people and fulfill their missions. 

The transformation to life-event service delivery won’t be easy. It requires behind-the-scenes wrangling – from getting different agency computer systems to better share data, to aligning funding models that incentivize collaboration. But these six strategies can help advance the shift.

Article link: https://www.nextgov.com/ideas/2022/07/six-strategies-transforming-citizen-service-delivery/374631/

William D. Eggers serves as the executive director of the Deloitte Center for Government Insights. A noted expert on government reform, he has authored numerous books, including: “Delivering on Digital,” “The Solution Revolution,” “If We Can Put a Man on the Moon” and “Governing by Network.” He recently testified before the Senate Committee on Homeland Security and Governmental Affairs on CX and life events-based service delivery.

By Jaspreet Gill on July 13, 2022 at 3:34 PM

WASHINGTON: The Air Force needs a strategy to get more out of its investments in its different “raindrops” of software factories, according to a former Pentagon official who said he also fears the service isn’t growing enough talent in those initiatives.

Ed Wilson, former deputy principal cyber advisor to the secretary of defense, said though he’s a “big fan” of the “software factories for DevSecOps,” and sees their continued growth, he questioned how the service could “gain a bit more efficiency at times.” DevSecOps refers to an approach that combines software development, cyber security and software operations.

“I’m not…for more bureaucracy, but we kind of have raindrops of software factories out there,” Wilson said at the America’s Future Space Innovation Summit on Tuesday. “Not all are created equal. There’s more success stories than others.”

He added his “fear would be we’re not growing enough talent that can be successful in those environments. And so I think we need to pay attention to that talent pool for the DevSecOps.”

The Air Force has a number of software factories tasked with developing and delivering new software spread throughout the country, including space-specific innovation hubs and platformONE, the Defense Department’s DevSecOps environment. In total, 29 software factories exist today across the military services.

Wilson’s comments appear echo some concerns that were addressed in a Pentagon-wide software modernization strategy released Feb. 2. That strategy called for harnessing all 29 factories and establishing an enterprise-level “ecosystem” in a move to more rapidly acquire and deliver software at speed.

RELATED: The Pentagon wants to turn its 29 software factories into one ‘ecosystem’

The goal of the modernization strategy is to have a centralized software hub that would help streamline control points for end-to-end software delivery and speed innovation into soldiers’ hands. It also warned that current DoD processes governing the way the department buys, implements and operates across missions can’t keep up with the changing pace of technology.

To Wilson’s comments about not growing enough talent, a major objective in the strategy calls for “advancing technical competencies,” or improving the workforce.

DoD wants to establish a “standard and dynamic inventory of baseline training and augment that training with investments in cross-Service, on-the-job apprenticeship programs and rotation opportunities,” according to the strategy.

Jason Weiss, DoD’s chief software officer, told reporters in February that the Pentagon had also created a task force under the Software Modernization Steering Group to recommend best practices and policy changes for the factories.

“We’re seeing lots of lessons learned start to percolate to the top and a lot of collaboration taking place through things like our DevSecOps community of practice,” Weiss said. “So it is a living and breathing ecosystem. And we are going to be looking at and listening to those software factories to determine what policy changes to prioritize and when to affect them.”

Article link: https://breakingdefense-com.cdn.ampproject.org/c/s/breakingdefense.com/2022/07/air-force-needs-more-efficiency-from-raindrop-software-factories-former-dod-cyber-official/amp/

The Biden administration has already hosted expansive summits on ransomware and open-source software security. Now it’s taking a similar approach in an attempt to tackle problems in the cybersecurity workforce.

On Tuesday, the White House will bring experts, private sector companies and federal agencies together to brainstorm around one of the most pressing challenges in cybersecurity: people or, more accurately, the lack of them.

The meeting will be led by National Cyber Director Chris Inglis and includes leadership from the Departments of Homeland Security, Commerce and Labor, as well as Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency; Anne Neuberger, White House deputy national security advisor for cyber and emerging technology; Susan Rice, director of the Domestic Policy Council; and James Kvaal, undersecretary of education.

While the total number varies depending on the source, most estimates peg the shortage of qualified cybersecurity workers in the hundreds of thousands. CyberSeek, a non-profit organization backed by the National Institute for Cybersecurity Education that maps job openings, currently flags more than 714,000 open or unfilled cybersecurity positions around the country. It’s a problem that impacts both governments and businesses alike and is happening as both sectors are attempting to coalesce around ambitious long-term plans to increase the resiliency of systems and data against nation-state and criminal hackers alike.

“With approximately 700,000 cybersecurity positions open, America faces a national security challenge that must be tackled aggressive. During the summit, participants will help chart a path toward a more secure future in which all Americans have the opportunity to raise the bar on cybersecurity through greater awareness, education, and training,” the White House said in the announcement. “The summit will also serve as a call to action — to ensure that all Americans can capitalize on the benefits of the digital domain and to ensure that our nation carries through on the positive opportunities ahead of us.”

A snapshot of open cybersecurity jobs around the country. (Source: CyberSeek)

They will be joined by executives from the private sector and experts from academia and the cyber community, though the White House says more announcements on that front are forthcoming. Thus far, SC Media has confirmed that Barbara Massa, executive vice president of business operations at Mandiant, will be in attendance, as will Heather Adkins, vice president of security engineering at Google. A Microsoft spokesperson declined to comment and directed SC Media to the White House.

The summit will focus on three core challenges that have kept the supply of cybersecurity talent from keeping up with demand. One is finding a way to better utilize trade schools, apprenticeships, community colleges and other non-traditional educational institutions to create new skill-based pathways into a cybersecurity career. Another will look at tapping into underserved and diverse communities, including women and people of color, who have long been underrepresented in the field and industry leaders are working to make the field more welcoming to other backgrounds.

Finally, the meeting will look at how to invest wisely in educational initiatives to ensure American workers are trained to succeed and stay secure in a digital economy, regardless of whether they work directly in cybersecurity or other fields. While more cyber practitioners are badly needed, a massive part of any organization’s attack surface comes from the actions and decisions of their non-cyber employees, who can often upend millions of dollars in security spending by clicking on a malicious link.

As Inglis put it earlier this year when discussing the need for fundamental skills up and down the workforce: “We don’t necessarily need to make [everyone] a python programmer —  but that we make them cyber aware.”

Boosting the national cyber workforce has been a long-held goal for the Biden administration as well as its predecessor, the Trump administration. There are few, if any, straightforward solutions to the problem, at least in the short-term. More and more of our national infrastructure is being put under the control or direction of potentially vulnerable software, or connected to the internet, where it’s within reach for state-backed or criminal hacking groups. But the often highly technical work needed to secure those systems is being carried out by an increasingly smaller proportion of the workforce.

There is no easy method to quickly teach or acclimate new workers the fundamentals of cybersecurity or the IT and networking principles that underpin them. That means that even as companies and agencies are desperate to fill open roles, they’re often not willing to put the security of their organization or its customers in the hands of a novice.

Some have questioned whether untrained or undertrained cybersecurity workers would ultimately be a net boon or drag on companies remains an active debate.

Jake Williams, a former hacker at the National Security Agency and current executive director of threat intelligence at Scythe, has argued that putting untrained or lightly trained cybersecurity workers on the job is irresponsible and wouldn’t be accepted in other fields where safety and competence are considered core priorities.

“Your airline pilot started in a single engine Cessna. Nobody called it gatekeeping. And before that, they learned lots of ‘mostly irrelevant’ facts in ground training,” Williams remarked last week on Twitter. “Cyber is one of the only fields where we pretend that skipping the basics is okay to put butts in seats.”

In an email, Williams told SC Media he thinks the government and military actually do a very good job of recruiting and training cyber employees but “for the commercial workforce, the situation is a bit more bleak.” That’s in part due to what Williams, who is also a senior instructor in digital forensics at the SANS Institute, characterized as the poor state of many commercial cybersecurity training programs that churn out degrees without ensuring that graduates are being properly schooled on the fundamentals of IT security that they require before they can be trusted with protecting an organization’s sensitive data.

“Those trying to break into the cybersecurity field, often lament that employers need to ‘be realistic about skills’ and ‘take a chance on someone with passion to learn.’ The unfortunate reality is that [small and medium-sized businesses], many of which are making their first security hire, simply cannot afford to hire people without a broader cross section of security knowledge and/or experience. This leaves a disconnect between expectations and reality for many cybersecurity bootcamp graduates.

Others have called for the country to respond with a mass mobilization effort to train a generation of cybersecurity workers and put them in a position to gain experience as they work. James Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies, said last month that the U.S. is not “serious” about solving the cyber workforce shortage and won’t get anywhere near closing the gap by relying on slower, more traditional means of education or training.

He drew a comparison to efforts by the U.S. military during World War II to train an entire generation of pilots to compete with Germany, Japan and others for dominance of the skies. There is no initiative on the part of policymakers to do something similar with cybersecurity, while shortages and competition with the private sector for qualified workers only continues to grow.

“You need to create a pipeline, you need to put untrained bodies at the front, and you need to have pilots come out the other end, and you need to do that at scale and we’re not doing that,” Lewis said.

Article link: https://www.scmagazine.com/editorial/analysis/careers/white-house-to-hold-summit-on-addressing-the-thousands-of-unfilled-cybersecurity-jobs?

By NATALIE ALMSJULY 12, 2022

Workforce, interoperability and governance all feature in the new goals set for the President’s Management Agenda.

The White House filled in some of the blanks on the President’s Management Agenda last Friday with an update on flexing federal procurement muscles to advance administration priorities like addressing climate change. 

“We can harness this collective power and make connections across the federal acquisition and financial assistance systems to strengthen the U.S. manufacturing base and support American workers, catalyze new solutions that address the climate crisis and enhance sustainability, and advance equity,” the document states.

The government oversees over $1.5 trillion in federal contracts and financial assistance annually, according to performance.gov.

One goal is to “create a diverse and resilient federal marketplace.” The administration has already set goals around increasing the number of awards given to small, disadvantaged businesses generally and minority-owned small disadvantaged businesses specifically.

The Office of Management and Budget also pins down interoperability and sharing of acquisition data and tools as a second goal, and building an “inspired, engaged acquisition workforce” as a third goal for procurement and acquisition.

An OMB spokesperson told FCW that acquisition workforce improvements could involve modernizing training and development, and pursuing pilots meant to “support user-friendly access to information to support decision-making by the Federal acquisition workforce.”

The second half of the “business of government” priority focuses on federal financial management, where the administration says it wants to further improve processes and “build capacity.”

The PMA website points to lessons learned from implementing the American Rescue Plan Act and the bipartisan Infrastructure Investment and Jobs Act as evidence that the time is ripe to make progress in managing government business on an enterprise level, as well as an “increasing federal focus on program and payment integrity.”

Success metrics and milestones for this area of the PMA – something the other two priorities of workforce and customer experience already have – will be published in the next update to performance.gov, according to a blog post accompanying the latest update.

Article link: https://www.nextgov.com/cxo-briefing/2022/07/white-house-updates-acquisition-business-government-priorities/374111/

July 12, 2022

Europe’s new Digital Services Act opens a new era in access to justice for disinformation and online hate. Americans should take a close look.

When victims face disinformation or online hate speech today, they enjoy little hope of redress. They are more likely to try to look away – closing their browser windows or leaving online spaces altogether – than to seek justice. Even when faced with illegal content such as defamation or harassment – situations in which legal grounds to go to court exist – few possess the financial or emotional resources to hire a lawyer and put pressure on a powerful platform. 

Europe’s Digital Services Act (DSA) changes this equation.  

It represents the first sustained attempt to modernize rules for online content in a democratic and rule-of-law environment. While preserving free speech, the DSA reinforces access to justice in content moderation decisions, imposing on platforms a variety of scaffolded transparency and accountability requirements.   

Among other changes, platforms must open an “internal complaint handling system” where users can submit complaints about content moderation decisions, both in cases of over-moderation (take downs) and under-moderation (when platforms decide not to act on reported content). When complaints contain sufficient grounds, the platform will need to reverse its decision.  

While many platforms already have procedures for reporting content and appealing content moderation decisions, their formulation, scope, and accountability vary, and our research shows that all have ample room for improvement. Disinformation and hate speech proliferate, while it is prohibitively challenging for people to appeal wrongful content moderation decisions.  

Consider LGBTQ+ hate. In their most recent report on ‘LGBTI-phobies’, the French NGO SOS Homophobie found once again that online environments remain the most prevalent spaces for anti-LGBTQ+ sentiment. At the same time, the NGO notes a decline in reporting, which they attribute to victims and witnesses’ frustrations with effective moderation and insufficient resources devoted to answering their complaints. 

Content moderation is particularly lacking in languages other than English. During her testimony before the US Congress, Facebook whistle-blower Frances Haugen revealed that 87% of misinformation spending by Facebook is on English-language content, but only about 9% of their users are English speakers. Even globally spoken languages like Spanish are neglected. In March 2021, a coalition of organizations launched the campaign #YaBastaFacebookcalling for better Facebook protection of Spanish-speakers. 

Facebook isn’t alone. Spanish YouTube and TikTok influencer Naim Darrechi claimed recently in a viral video that he had legally become a woman by filling out a simple form and that he could change sex to increase his welfare payments every six months. This is false: Spanish law offers no such right. Even now, this misogynistic and transphobic disinformation remains available online. 

In such cases – or when initial reporting and appeals processes fail –the DSA will provide the option of “out-of-court dispute settlement.” Independent bodies in different European countries will be established to deal with content moderation disputes. This option will be especially useful for dealing with ‘lawful but awful’ content such as LGBTQ+ hate, much of which would not have grounds to be brought to court under national laws. At the same time, the independent bodies’ decision will not be legally binding, so the justice system can still have the final say.

Another DSA innovation allows representation. Specialized organizations will be able to exercise the rights of individuals under the DSA on their behalf. This will be critical since victims and witnesses of hateful content may be hesitant to appeal content moderation decisions given the emotional or traumatic engagement they have suffered. 

The DSA is not just about Europe. It’s reasonable to expect that it will raise the bar globally: once a platform improves redress mechanisms in Europe, it would be logical to harmonize these policies and implement them for all their users. 

The DSA is set to enter into force in 2024 for all online platforms. It will come into force even earlier for so-called Very Large Online Platforms, those with more than 45 million European users. This gives platforms plenty of time to design and implement accessible, intuitive appeals systems – and to begin offering Europeans real access to justice online.

Article link: https://cepa.org/the-eus-rights-based-approach-against-disinformation/

Claire Pershan is Policy Coordinator for EU DisinfoLab, an independent non-profit organization focused on tackling disinformation.