Public-sector innovation: Cybersecurity
Government rarely gets credit for the tremendous range of innovation it drives. But as the winners of our 2018 Government Innovation Awards make clear, amazing things are happening at all levels of the public sector. The 36 Public Sector Innovations – and the eight cybersecurity-based winners below -- show how IT and innovation can dramatically improve government.
Hacking the challenge of tech talent scarcity
Like every organization, the military has had to contend with a dearth of in-house cybersecurity talent. The Army Cyber Command’s solution is a direct commissioning program that plucks technical experts from the commercial sector. The program launched late last year and in May produced the first two direct commissioned officers from a total of 249 applicants. The second set of applicants has already been reviewed, with five individuals entering the program in June. Eventually, officials plan to move officers through the program four times a year. Read more.
Reinventing the TIC
The decade-old Trusted Internet Connections initiative has significantly complicated agencies’ embrace of cloud technology. So when the Office of Management and Budget started to focus on TIC modernization, the Small Business Administration jumped at the chance to find new ways to meet the intent of the TIC requirements without being bound to the standard architecture. It used cloud-based security tools that were part of existing Microsoft Azure and Office 365 license agreements. For a few tools, SBA officials worked with the company to push preview versions into service to gain access to key functionalities, but no new purchases were required. The resulting solution creates a comprehensive view of all SBA IT assets so they can be monitored and protected regardless of whether they are on-premises or in any of the agency’s three commercial clouds. Read more.
Citizen-soldiers’ cyber solution
When it comes to cybersecurity, time is of the essence. So the Missouri National Guard Cyber Team (MOCYBER) designed a capability that shrank the time it takes to collect information from compromised servers from two days down to 20 minutes. Dissatisfied with firewalls and other available tools, MOCYBER sought to dramatically reduce software development time and reduce risk while keeping existing applications intact. The team’s solution is the Response Operation Collection Kit Network Security Monitoring (RockNSM), which consolidates multiple open-source tools into a single platform to facilitate data collection and incident response. Read more.
Turning the tables on hackers
Sandia National Laboratories’ primary mission is securing the nation’s nuclear arsenal, which faces very real threats. The labs’ networks experience 1.5 billion cyber events a day, ranging from incorrect password entries, phishing and malware attacks, and more serious nation-state activities, said John Zepper, Sandia’s director of computer and networking services. In response, Sandia officials developed the High-Fidelity Adaptive Deception and Emulation System (HADES) to go beyond a traditional honeypot and use cutting-edge technology to give its operators the opportunity to run sting operations on the people trying to break into their systems. Read more.
A better way to track trade?
Customs and Border Protection is looking for more efficient ways to track goods coming into the United States, and blockchain could be part of the answer. During a live three-week test in September, CBP officials saw firsthand how the distributed ledger technology could improve the certificate process for goods coming in via North American Free Trade Agreement and Central America Free Trade Agreement partners. The proof of concept was developed with CBP’s trade partners on the Commercial Customs Operations Advisory Committee. Through the NAFTA and CAFTA agreements, partners have agreed to supply certificate data upfront. That information is then compared to CBP’s legacy system and a separate blockchain-based system designed by the Department of Homeland Security’s Science and Technology Directorate. Read more.
Making voting by mail more accountable
In Orange County, Calif., 55 percent of the votes cast in each election come via vote-by-mail ballots. To make the process more efficient and increase public confidence, the county’s Registrar of Voters pilot-tested an ambitious effort to enable voters to track their ballots during the primary election in June. The agency added bar codes to the ballots mailed to voters and created an online dashboard where voters can track their ballots through every stage of the process and find out if there is an issue with their acceptance. Read more.
A smarter way to track campaign financing
In the pursuit of accurate and accessible campaign finance data, the Federal Election Commission has long faced an unusual obstacle: Reports from Senate campaigns flow through the Senate — and the Senate insists on paper filings. To speed the digitization of all that paper, the FEC contracted with Aurotech to develop an automated program that would capture summary data and itemized transactions. A tool from Captricity “shreds” documents into small pieces that are uploaded to Mechanical Turk, Amazon’s distributed workforce platform. The mini-tasks are then distributed to employees worldwide, who clarify characters, such as differentiating a 5 from an S. Those human responses are used to train an algorithm that will anticipate which strings of text are likely to appear in certain fields, such as “$5-0-0” versus “S-a-n D-i-e-g-o.” Read more.
Inspiring trust in elections
The buzz around election security often focuses on front-end vulnerabilities, such as voting machines, state registration websites and online disinformation campaigns. However, one state has taken the lead on implementing a critical form of backend vote verification that can alert officials if their election has been hacked. Colorado is the first — and so far the only — state to legislatively mandate and implement risk-limiting audits of its elections. Security experts consider such audits to be the gold standard for ensuring accurate election results. Read more.