This page is not built out yet. If you are seeing this page, please contact an administrator.

Look Who’s MeriTalking: David Bray

MeriTalk introduces a regular new feature, a Q&A with prominent IT leaders. The initial installment highlights David Bray, CIO of the Federal Communications Commission.

MeriTalk: What big moves is the FCC making in the IT space?

David Bray: Modernizing our universal licensing system, which is actually multiple systems. It has 30, 40, or 50 workflows in it. What we want to do by the end of this calendar year is demonstrate that we can take three of the existing workflows and move them to a commercial cloud platform, and have them run in parallel to the existing legacy system.

The next thing we want to do is democratize data access. We’re looking at both internally, and also for external users, by the end of this fiscal year, having better ways of visualizing some of the data FCC has. That’s where we’re looking at a commercial cloud solution that will allow data visualization; if the users want to they can remix the data themselves, but they can also use an API to pull from it.

The third thing we’re trying to do is continue to do quick wins along the way, where we have legacy systems that were on servers that we hosted or code that we wrote, and what we want to do is move them to the commercial cloud platform. So we’ve got some systems in the cue that relatively soon we’ll go forward with the public, get their input on, before we flip the switch. One thing we were successful with doing to the FCC website was before we rolled it out, we got people’s input on the prototype before we flipped the switch so it wasn’t such a cold turkey thing.

MeriTalk: What percentage of your system is operating through the cloud?

DB: We are 100% cloud or commercial service provider. In terms of commercial cloud, I’d probably say we’re about 30 percent. But obviously, we want to be 100% along. We went to Office 365. We went with their 100 percent cloud option. Apparently we’re the first government agency to have done that. So our email, our documents, and everything is in Microsoft’s hands.

MeriTalk: How does FITARA affect you as a CIO?

DB: We were doing what FITARA recommended before FITARA came along. So, we developed good relationships between C-Suite peers, make sure you’re advising the top leadership of your agency, and having visibility into all financial spending related to IT. That said, we are a non-CFO act agency, so as far as we understand, it’s not clear as to whether FITARA applies to us.

MeriTalk: What advice would you give to an aspiring CIO?

DB: First, don’t let your existing position description box you in to who you are. In some respects, I think a lot of people look at their position description and say well, that’s who I am, that’s all I can do. Where I say that’s just the bare minimum things you should do. So if you want to be a future CIO, use your position description as a starting base for these are the things you have to do well.

But beyond that, you can step outside of expectations and demonstrate you can do more. I would love to see future CIOs not just have IT backgrounds, but also have backgrounds with policy or strategy or avenues as well.

Second, get as many experiences leading up to the job as you can listening, learning, and leading people. Ideally, it would be leading people without having direct authority over them. It’s very easy to manage people when you have authority. It’s very hard to lead people when you don’t have direct authority. I think the ability to influence others … I think that’s a good skill to have.

And third, be eternally humble. There’s a wonderful article from Harvard Business Review that I love to quote that says, “The best leaders recognize that they’re going to have blind spots.” If you think you know everything about technology, I think you’re fooling yourself. Surround yourself with both people on your team but also outside of your team that can help inform you. That’s partly why I’m on social media, as a way of learning from others, listening to them, and gaining insights that help keep me at the top of my game. We can have conversations as to where technology is going and where our organization is going. Partly, why we were able to take the risky bets that we did take and why we’re successful at the FCC was we had those conversations and we were ahead of the curve. We didn’t want to just be the FCC of today, we wanted to actually put the FCC on a good path for the next three to five years forward.

MeriTalk: What would an aspiring FCC CIO not see looking from the outside in that you would share?

DB: It’s 80 to 90 percent people. Leading as a CIO, even though it’s technically about information technology, I think most of the time it’s about sharing a vision, setting boundary conditions, inspiring people to move forward, but then also doing the tactical thing of asking are we getting there on a daily basis. There’s a lot of people who are really good at vision or really good at tactical, but not really good at both. That’s why you want to surround yourself with a good team.

It really is a much larger team than me. Our success really is because of the entire team we’ve got. It is a team of tens, if not hundreds. Change really does occur when you find the maximum optimization of everybody to their gifts. One of the things I like to ask people is what brings them joy? Because if you figure out what brings them joy, whether they’ve been at the FCC for 30 years, or whether they just showed up last month, then you can figure out how to best put them forward.

MeriTalk: What moment in your career defined how you lead now?

DB: It was way back when, on September 11, 2001. I was supposed to brief the CIA and the FBI (as the Centers for Disease Control associate director) at 9 o’clock in the morning. I went in early to work to finalize my presentation, and of course, 8:34, the world changed. We piled computers into cars and didn’t get to that briefing. We didn’t sleep for at least 24 hours. So on Oct. 1, after responding to the events of 9/11, we briefed the CIA Oct. 3, the first case of anthrax shows up 24 hours later. So, I think my leadership style is always dealing with the here and now, but it’s also there for when the really, really bad day happens.

Weekend Reader — Feb. 19

Catch up on some reading this weekend. Here are a few interesting items from around the Web.

Secure Cloud Choices Expand as FedRAMP Finally Gains Speed

Some 60 cloud solutions are now authorized for government use, and as the Federal Risk and Authorization Management Program (FedRAMP) heads into its fifth year, the pace of approvals is picking up. The FedRAMP Program Management Office promised in January to slash approval times beginning in the spring, answering industry calls for a better-funded, more streamlined process.

Could Revamped R&D Change Federal Cybersecurity Culture?

Tools that account for user behavior and let agencies move past a reactive security stance need to be the goal for the next decade. There needs to be an overwhelming change in the way people approach cybersecurity if the U.S. is ever going to effectively deter attacks, according to current and former government officials who have helped shape cybersecurity policy.

The Cat-and-Mouse Game of Federal IT Modernization

Federal Chief Information Officer Tony Scott has been promising for the better part of the last year that he would address the growing gulf between how much money agencies are spending on legacy systems and how much they are spending on new or modernized systems. The latest figures show about 76 percent of the $88 billion federal IT budget is spent on operations and maintenance of older systems, while 24 percent is spent on development, modernization and enhancement (DME) of technology systems.

DoD Databases: A Prime Target for Cyberattacks

Cyberattacks are on the rise, and networked military resources are on the front line of what may someday escalate into an all-out cyberwar. Databases, storing tactical and various other types of sensitive information, are widely used across the Department of Defense. Yet a growing number of defense technology industry observers, including Oracle CEO Mark Hurd, believe that DoD is misapplying its security resources, prioritizing overall network protection over what has become the prime target of most attackers.

Big Tech Companies Are Joining Apple in its Encryption Fight

The tech industry is starting to line up with Apple in its fight against the Federal government over the encryption it uses to keep iPhones secure. Google CEO Sundar Pichai had earlier voiced support for Apple in a tweet: “Forcing companies to enable hacking could compromise users’ privacy.” Twitter chief executive Jack Dorsey wrote in a tweet Thursday afternoon: “We stand with @tim-cook and Apple (and thank him for his leadership)!”

…..

Why You Should Side With the FBI, Not Apple, in the San Bernardino iPhone Case

The ongoing face-off between the FBI and Apple, stemming from a Federal court order issued Feb. 16 that would force the company to unlock the iPhone used by one of the suspects in the San Bernardino terrorist attacks, has little to do with government surveillance powers and even less to do with imperiling the security of dissidents around the world.

That’s just what the post-Snowden cottage industry of privacy-at-all-costs advocates, and Apple, want you to believe.

“The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers,” wrote Apple CEO Tim Cook, in a Feb. 16 letter to Apple customers posted on the company’s website. “The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

Cook clearly bases his argument on the overused David versus Goliath model, pitting the great American technology company against the great Satan of the American surveillance state. But that approach glosses over important questions that are really at the heart of this debate: Do we want to live in a country where consumer technologies can be used to carry out horrific acts of violence and then rob victims of justice by encrypting the evidence for eternity? And should private companies like Apple and Google get to dictate the balance between our privacy and our safety, and what is in the public interest?

To those who take a purely academic approach to these questions, the answers are “complicated,” buried deep within a tangled web of “policy implications.” But to a growing number of average Americans—all of whom have had no other choice but to stand by and watch as Silicon Valley absconded with their personal information and proceeded to sell it to the highest bidder—these questions have rational answers.

This case is not about the FBI testing the limits of its surveillance powers and trying to establish precedent for strong-arming companies into creating so-called backdoors to encryption and other security protections. It’s about our ability as a society to provide for the common defense against real enemies of safety and security—not the perceived enemies that some would have you believe are sitting in the basement at NSA headquarters in Fort Meade, Md., right now trying to read your emails and text messages.

Americans look at this debate and see an increasing number of non-terrorism related violent crimes going unsolved or languishing in the criminal justice system because our law enforcement agencies aren’t able to get access to commercial devices that likely hold critical evidence of wrongdoing.

“A part that gets confusing to me is when people talk like we want access to company’s servers, we want access to their source code,” said FBI director James Comey, during testimony Feb. 9 before the Senate Select Committee on Intelligence. “What we would like is a world where people are able to comply with court orders. It’s not about us trying to get a backdoor….I don’t want a door, I don’t want a window, I don’t want a sliding glass door. I would like people to comply with court orders.”

What’s worse, the argument put forth by Apple and the privacy-at-all-costs community is that changing the legal framework to help protect citizens in the U.S. from acts of terrorism and other violent crimes that are being supported by these commercial devices would somehow put the future of mankind at risk by giving rise to authoritarian governments in every clime and place, from Silicon Valley to Samoa.

PASADENA, CA - JANUARY 18: Protesters march against China's censorship of the internet at the Doo Dah Parade on January 18, 2009 in Pasadena. (Photo: Shutterstock) — Protesters march against China’s censorship of the Internet at the Doo Dah Parade on Jan. 18, 2009, in Pasadena, Calif. (Photo: Shutterstock)

Such an absurd prediction ignores the reality that our digital privacy is already gone. Authoritarian regimes—even that futuristic American boogeyman that hides under our beds—already have easy access to the technological tools of political control. A world in which we give our most personal information to Facebook, Google, and Apple so they can profit from it, but are too paranoid to even consider finding a way to help the government protect us from real dangers is a world turned upside down.

There’s also plenty of hypocrisy to point out. How quickly people forget what Silicon Valley has been willing to do to gain access to markets in repressive societies. In 2006, for example, I called for a boycott of Google after the search engine giant cooperated with the Chinese government to develop a censored version of Google for use in China. The Chinese version of Google not only filters out controversial topics, like democracy, but it deliberately returned results full of official Chinese government propaganda. And Google is not alone in accepting the so-called “cost of doing business” in China.

The bottom line is that questions of security and privacy should not be left to the likes of Apple and Google to determine. Likewise, they should not be left with the courts. These are matters that Americans must decide for themselves through laws and regulations passed by our elected representatives in Congress. And if 86 percent of 18- to 25-year-old technology students believe curing cancer or Alzheimer’s disease is more important than personal privacy (as MeriTalk discovered in a recent national survey), Silicon Valley and the privacy-at-all-costs industry is just going to have to suck it up.

GSA Opts Out of FedRAMP

The Fix FedRAMP paper released a few weeks back from the FedRAMP Fast Forward Industry Advocacy Group has given a cohesive voice to widespread concerns about the cloak-and-dagger and inefficiencies of the FedRAMP process. We briefed the GSA FedRAMP PMO, the entity at the center of the debacle, on the paper before making it public. Disappointingly, but consistent with its petulant voice that tries to blame industry for the program’s shortcomings and dismal track record, GSA refused to comment on the paper.

Dumping gasoline on the fire, late last week GSA pulled out of the March 3rd Cloud Computing Caucus meeting focused on FedRAMP’s shortcomings – a program built to provide GSA with a platform to answer the issues raised in the Fix FedRAMP paper – and pointedly to roll out its long-over-due FedRAMP 2.0.
(more…)

The Situation Report: Apple & Big Data Terrorists

Why Tim’s Duck May Be Cooked

A group calling itself Fight for the Future is planning to hold rallies next week outside Apple stores around the country to protest the recent court order that would compel the company to build a software backdoor to help the FBI unlock the iPhone used by one of the terrorists responsible for killing 14 people and wounding dozens last December in San Bernardino, Calif.

Not surprisingly, Apple CEO Tim Cook has vowed to fight Uncle Sam every step of the way, calling the government’s request that Apple create software that would help the FBI circumvent the security protections on the iPhone used by the terrorist in San Bernardino “too dangerous.”

The Situation Report is picking up strong signals that Cook and Apple may be playing a dangerous game of chicken at a time when U.S. public opinion seems capable of swinging forcefully in favor of supporting government efforts to identify and stop terrorists in our midst. Even recent surveys of millennials show that private companies like Apple and Google are in no position to take the moral high ground on privacy and security, much less pretend that they know best when it comes to the balance between security and privacy.

In fact, a new MeriTalk survey found that more than half (54 percent) of tech students ages 18-25 said they trust the government more than they trust private companies with their personal data. In addition, when asked if Edward Snowden—the former contractor responsible for exposing NSA Internet and telephone surveillance programs—is a terrorist or a freedom fighter, the same percentage (54 percent) said they were “unsure.”

Public opinion shifts. And the balance that Cook and others argue they support may be shifting in favor of enabling the government to better protect us from these killers. Cook, however, is unlikely to acknowledge such a shift. My Cupertino, Calif.-based listening post has picked up strong signals that Cook’s real concern is losing market share overseas by cooperating with big, bad Uncle Sam.

Wanna know how I really feel about this case? Here’s Why You Should Side With the FBI, Not Apple, in the San Bernardino iPhone Case.

Big Data to the Rescue

I picked up an interesting document recently when I cleared my Department of Homeland Security dead drop site. There’s been a lot of attention recently on DHS’s interest in social media monitoring. But The Situation Report has received strong intelligence that DHS is also currently reviewing a proposal to leverage big data analytics to identify and uncover lone wolf terrorists—like the individuals who carried out the attacks in San Bernardino—before they strike and to proactively counter terrorist recruitment messaging and radicalization efforts.

A chart from a proposal under review at the Department of Homeland Security showing the scope of big data analysis that would go into the Terrorist Ideology Counter Communications Strategy (TICCS).

DHS has been in possession of a major proposal by a group of experts who have worked social media exploitation on behalf of the U.S. Central Command (USCENTCOM) and Special Operations Command (SOCOM), and continue to support various cyber projects at the NSA. According to the proposal, the Terrorist Ideology Counter Communications Strategy (TICCS) “will proactively identify Lone Wolf Terrorists in real time and before they strike. The TICCS application of dynamic and automated big data predictive analysis will identify emerging Lone Wolf terrorism triggers and hot spots.”

According to DHS sources, who spoke to The Situation Report on condition of anonymity because they were not authorized to discuss internal proposal reviews, a TICCS Monitoring and Information Sharing Center would be established to conduct automated analysis on the data collected, including:

Analysis of Competing Hypotheses (ACH): A tool to aid judgment on important issues requiring careful weighing of alternative explanations or conclusions. ACH is an eight-step procedure grounded in basic insights from cognitive psychology, decision analysis, and the scientific method.
Social Network Analysis: SNA is fundamentally about entities and the relationships between them. As a result, this method has a number of variations within the intelligence community ranging from techniques such as association matrices through link analysis charts right up to the validated mathematical models.
Multiple-criteria decision-making or multiple-criteria decision analysis: MCDA is a subdiscipline of operations research that explicitly considers multiple criteria in decision-making environments.
Link Analysis: A technique our team uses to evaluate relationships (connections) between nodes. Relationships may be identified among various types of nodes (objects, people, places, things, transactions). Link analysis focuses on analysis of relationships among nodes through visualization methods to find matches in data for known patterns of interest, find anomalies where known patterns are violated, and discover new patterns of interest.

The TICCS Monitoring platform also provides 24/7 blanket coverage of real-time television — capturing, digitizing and indexing 40 hours of live broadcast programming from 2,000 channels in all 210 U.S. Nielsen Markets and four continents every 60 seconds. U.S. Radio coverage extends to more than 150 top stations. Print and online data comes from the following:

55,000+ online news sources
Newspapers, magazines, newswires, trade publications, and professional blogs
Limitless virtual blogs, pages, and groups
Social networks

Send your intercepts for The Situation Report to dverton@meritalk.com

Weekend Reader – Feb. 12

Catch up on some reading this weekend. Here are a few interesting items from around the Web.

IBM Secures DISA Impact-Level 5 Cloud Security Certification

IBM has received a Defense Information Systems Agency authorization to host impact-level 5 data workloads for the Defense Department through the firm’s cloud service.

Just Using Big Data Isn’t Enough Anymore

Four years ago, organizations and executives were struggling to understand the opportunity and business impact of Big Data. Now, we have arrived at a new juncture: Big Data is emerging as a corporate standard, and the focus is rapidly shifting to the results it produces and the business capabilities it enables.

IRS Fends Off Intruders in Botnet Attack

The tax agency announced it had fended off a botnet attack on the E-file system that attempted to create artificial PINs for stolen Social Security numbers. IRS security officials detected the use of some 464,000 different Social Security numbers attempting to create new PINs using an automated script. The botnet was able to access PINs for about 101,000 taxpayer accounts, however it does not seem as though any sensitive information was stolen.

Big Data Leader Retail Velocity Wins CGT’s 2016 Award for its Excellence in Retail Execution

Retail Velocity has won Consumer Goods Technology (CGT) Reader’s Choice Award in Retail Execution. CGT’s readers also rated it with the highest Customer Satisfaction ratings among competitors such as Salesforce.com, SAP, Accenture CAS, RW3 Technologies, Retail Solutions Inc. and many others.

End of Federal Tech Boom May Send Contractors Elsewhere for Work

The end of a Federal government technology boom may push more U.S. contractors like Northrop Grumman to spin off units focused on certain IT work and refocus on areas like cybersecurity where agencies are boosting spending. President Obama’s new 2017 budget makes clear that the sector’s high-flying days are over.

The Situation Report: Federal CISO Reversal

CISO Reversal

The Obama administration’s last budget before leaving office landed this week with a loud thud on Capitol Hill. And while the Federal IT community can’t stop talking about the big boost in IT modernization and cybersecurity, the reality is there might be a lot less there than you think.

Take, for example, the decision to establish a Federal chief information security officer (CISO) position. Just one year ago, U.S. Chief Information Officer Tony Scott was convinced there was no need for such a position, arguing that most of the security work in government is done by agency CISOs.

“In most agencies, we do have a chief information security officer. That’s where really most of the government work takes place,” Scott said last August. “So, at the moment, at least, I don’t feel a need for that. We’ve got great help from Homeland Security and from some of the other components. So, I think at the moment I’m not feeling the urgency for that that might be the case, otherwise.”

That was then.

Fast forward 18 months and Scott is a believer. “That’s a key role that many private sector companies have long implemented and it’s good practice for the Federal government,” he told reporters this week.

The Situation Report has picked up strong signals that more than a few current and former Federal IT officials have their doubts about the new CISO position, particularly what, if any, real authority will come with it. After all, it took an act of Congress to give Federal CIOs enough authority to even think about effecting real change. According to Scott, the new position will strictly be a policy position and will not be “operational” at the agency level.

“I just wish it wasn’t in the last budget of a lame duck president,” said Alan Balutis, senior director and distinguished fellow at Cisco Systems Public Sector, speaking Thursday at the launch of the Tech Iconoclasts position paper in Washington, D.C.

“I think it’s too bad that here we are in the last year of the Obama administration and we’re finally getting to important ideas,” said Richard Spires, the chief executive officer of Learning Tree International and the former CIO at the Department of Homeland Security.

Millennial Madness

This Situation Report’s college campus listening post has picked up disturbing signals about America’s tech future. At a time when government is in dire need of fresh tech talent capable of leading it into the future, the nation’s science, technology, engineering, and mathematics students simply aren’t interested.

Intercepts targeting 1,500 STEM students ages 18-25 uncovered a whopping 70 percent have no interest in offering their tech talents to Uncle Sam. And when it comes to a six-month to two-year “tour of duty” in government, 57 percent of America’s future tech talent still have no interest. Those same intercepts reveal that female STEM students are significantly less likely than their male counterparts to want to pursue a career in Federal IT.

Get your copy of this intelligence report here: https://meritalk.com/study/millennial-math/

Weekend Reader – Feb. 5

Catch up on some reading this weekend. Here are a few interesting items from around the Web.

Apache Spark Surrounded by Cloud Data Services at IBM

IBM has made no secret about its admiration for Apache Spark, which it sees as the future for in-memory analytics. Today the IT giant unveiled a host of new cloud-based data services that bolsters its hosted Apache Spark business

Decision Lens Obtains FedRAMP Certification for Cloud-Based Software

Decision Lens has received agency authorization under the Federal Risk and Authorization Management Program for its cloud-based software. The company said Wednesday it obtained the FedRAMP certification through sponsorship from the Centers for Medicare and Medicaid Services.

Cops Will Adapt Big Data Platform to Secure Super Bowl

Law enforcement agents and first responders are turning to some software that harnesses the power of data to help keep fans safe at the Super Bowl. The state first started using the program last year known as the “California Common Operating Picture” and powered by Haystax Technology’s “Constellation” analytics platform

First Woman-Owned Small Business Gets FedRAMP Nod

The Federal Risk and Authorization Management Program approved another cloud service provider last week, as NetComm, a cloud-based solution company, became the first woman-owned small business to receive FedRAMP certification.

AWS Offers Guidance for Trusted Cloud Connections

The capabilities of Trusted Internet Connections (TIC), an Office of Management and Budget mandate to reduce the number of network gateways on federal networks and route external connections through approved government agencies — TIC Access Providers or Managed Trusted Internet Protocol Services — are not available in the cloud. But Amazon Web Services’ “Guidance for TIC Readiness on AWS,” released Feb. 3, details ways that agencies could develop TIC-ready architectures on the AWS cloud

NetComm SaaS Platform Gets FedRAMP ATO From NIH

The National Institutes of Health has granted NetComm a Federal Risk Authorization and Management Program certification that allows the company to implement its software-as-a-service platform to government organizations. Netcomm said Jan. 28 the FedRAMP authority-to-operate certificate is for the company’s Beacon, a cloud computing SaaS designed to help agencies manage and secure workflows.

…

Tech 4 President?

Cornfields in the rearview mirror. Time to park the personalities – and focus on the key issues.

Innovation ignites America’s economy. Let’s face it, China’s not trying to steal our Constitution. Europe doesn’t covet our right to bear arms. Isn’t Putin trying to make Russia great again?

Think Apple, Amazon, Facebook, Google, Intel, Microsoft, and Oracle. These tech titans define this nation’s competitive advantage. Tech provides the juice that powers our economy, which feeds our tax base, which pays for healthcare and muscles up our military. It’s that excitement that makes people want to come to live here.

But, if tech increases the divide between the haves and have nots – distancing the one percent – those displaced citizens will attack progress at the ballot box. What will taxi drivers do when cars drive themselves? Consider the top 62 folks in the world own as much wealth as the poorest half of the global population. If tech continues to amplify the divide, we have big problems.

And, tech has utopian and dystopian personalities. Without regulation, industry will run amok. But, with too much government control, it’s 1984. Balance is everything.

What have we heard from the candidates on tech policy? Crickets …

[the_ad_group id=”474″]
So, if the candidates don’t seem to have a tech agenda – how about we give them one? That’s exactly why a group of former Federal CIOs, IT execs, and some of my MeriTalk colleagues have spent the last year hard at work. Known as the Tech Iconoclasts, this group and its policy platform aim to shake things up. No 25-points to fix government IT. And, it’s much more ambitious than government IT – the Iconoclasts provide five big tech policy recommendations for America.

If you want to know more, join the Tech Iconoclasts for breakfast at the National Press Club in D.C. on February 11^th for the launch. Register for the breakfast here.

As you drive to New Hampshire, Cruz, Trump, Hillary, and Bernie – we’re talking to you.

The Situation Report: OMB’s Digital Disconnect, Video Storage, and Richard McKinney

Digital Disconnect

My intelligent video surveillance devices mounted throughout the New Executive Office Building (NEOB)—which, you might recall from a recent Tweet, picked up signs of elevator graffiti depicting the Office of Management and Budget director as Frankenstein—are now streaming footage directly into The Situation Report’s digital video storage and analytics system. And that has produced some interesting intelligence.

U.S. Chief Information Officer Tony Scott is reportedly concerned about the survival of the U.S Digital Service once the Obama administration cuts the cord and moves out of the House. Signals intelligence intercepts indicate that Scott is a true believer in USDS but, like many, wants to see the government’s “big problems” added to the USDS list of priorities. Those same intercepts have picked up signals that Scott is preparing his transition plan, which he hopes will lay the foundation for continued progress on the IT reform front—even under a President Trump.

But all is not well on the digital front. My OMB listening post has intercepted rumblings that some agencies aren’t drinking the Kool-Aid being supplied by the USDS and the General Services Administration’s 18F. “There’s also a disconnect between the success they believe is true and what their customers believe is true,” according to one well-placed mole.

The digital disconnect between USDS, 18F, and their agency customers has not been lost on Deputy CIO Lisa Schlosser, who threatened to hold agencies and IT vendors “accountable” if they do not use the Digital Services Playbook. According to The Situation Report’s confidential informant, Schlosser’s threats of greater accountability are really about withholding funding for those who refuse to blow the dust off the Digital Services Playbook cover.

Analysis: There’s a deeper culture clash at play here. There are a lot of career Federal IT professionals who have spent the better part of the last two years watching as OMB and GSA actively recruit “tomorrow’s Federal IT workforce.” The only problem is that to some tomorrow feels like it means literally tomorrow, or very soon thereafter. Schlosser recently tried to reassure career govies that the digital recruitment efforts aren’t about “displacing” current workers. But it might have been better not to have kicked that hornet’s nest.

[the_ad_group id=”473″]

Video Data Deluge

There’s no question that the quality of video surveillance systems is improving dramatically. But a new white paper, obtained by The Situation Report, reveals that storing and analyzing that footage is presenting massive challenges for agencies at all levels of government.

By 2020, video surveillance is expected to generate 3.3 trillion video hours—859 petabytes—of surveillance footage every day. “Add real-time CCTV footage to the mix—and you’re swimming in a video vortex,” according to Quantum Corp.’s analysis.

Having more video footage—and better quality video footage—sounds like a good thing. But the reality is that the exponential growth in video surveillance is driving a data deluge that can easily swamp networks and cripple IT infrastructures. Federal, state, and local agencies, particularly law enforcement agencies, face difficult questions—how to manage these massive, complex workflows, how to access these massive data sets in a timely fashion so that serious crimes can be solved or prevented, and, of course, how to pay for these new technology requirements.

For example, my Big Easy listening post reports that the New Orleans Police Department has budgeted $1.2 million over five years just to pay for the data storage to support 350 police body cameras. In San Diego, the local police department signed a five-year deal for 1,000 body cameras, including a whopping $3.6 million just for storage, software licenses, maintenance, and related equipment.

To learn more about the availability of technology solutions that can help balance the competing needs of performance, reliability and cost-efficiency, download the new white paper, Getting the Full Picture.

Personnel Predictions

My LinkedIn surveillance radar has picked up weak, but compelling, signals that Department of Transportation CIO Richard McKinney—one of the first CIOs to truly embrace the new authorities granted under the Federal Information Technology Acquisition Reform Act (FITARA)—is planning his exit from government.

Nothing says “I need to keep my options open” more than a LinkedIn request for a profile endorsement.

Picked up any signals for The Situation Report? Forward them in confidence via email or direct message on Twitter.

Weekend Reader – Jan. 29

Catch up on some reading this weekend. Here are a few interesting items from around the web.

Minute by minute, data center outage costs stack up

The cost of an unplanned data center outage is now up to nearly $9,000 per minute. Some data center pros, though, suggested this estimate is too low, and the more meaningful number is the total hit over an entire data center outage cycle. The Ponemon Minute by minute, data center outage costs stack up

Swarming Regulation of Personal Data in the U.S. Tech Sector

Sectoral regulation of privacy and information security in the United States has created a complex system for tech innovation, because new products and services transcend the traditional sectoral boundaries and because regulators view these new products Swarming Regulation of Personal Data in the U.S. Tech Sector

GAO Says DHS Cybersecurity Protection Program Lacking

The National Cybersecurity Protection System has helped protect government information from email-based intrusions but needs further expansion to address a wide range of potential threats to information security, according to the report from the GAO. GAO Says DHS Cybersecurity Protection Program Lacking

Ben Carson’s Cybersecurity Plan Is Terrible. But At Least He Has One.

The weakness of the NCSA model might not matter so much were it not the only concrete thing Carson actually proposes to do about cybersecurity. Here are some of his other ideas: He wants us to “be prepared to defend not only our sensitive information

Ben Carson’s Cybersecurity Plan Is Terrible. But At Least He Has One.

Microsoft fighting back under Satya Nadella as cloud services grow

Nadella is trying to remake the company around cloud services, such as the Azure computing platform and the subscription-based Office 365, which are seeing strong growth. The company is also focusing on Windows 10 to restore momentum to the operating

Microsoft fighting back under Satya Nadella as cloud services grow

F-35 software overrun with bugs, DoD testing chief warns – Ars Technica

F-35 software overrun with bugs, DoD testing chief warnsOf particular concern to Gilmore was the F-35’s “Autonomic Logistics Information System” (ALIS), which he said “continues to struggle in development with deferred requirements, late and incomplete deliveries, high manpower requirements, multiple

F-35 software overrun with bugs, DoD testing chief warns – Ars Technica

…

The Situation Report: Investigating VA Cybersecurity and 18F

Follow The Money

A recent audit of the Department of Veterans Affairs’ 2015 financial statements uncovered more than a few problems with the department’s balance sheets. According to the independent public accounting firm CliftonLarsonAllen LLP, the review of VA’s financial statements revealed continuing material weaknesses in the agency’s IT security controls. Although the audit gives VA props for making progress on its Continuous Readiness in Information Security Program (CRISP), the department remains a disjointed mess when it comes to configuration management and access controls.

“We continue to identify significant technical weaknesses in databases, servers, and network devices that support transmitting financial and sensitive information between VA’s medical centers, regional offices, and data centers. This is as a result of an inconsistent application of vendor patches and outdated system software that could jeopardize the data integrity and confidentiality of VA’s financial and sensitive information,” the audit states.

Meanwhile, surveillance footage received by The Situation Report reveals another side to VA’s troubled Financial Management System (FMS)—manual madness. VA’s FMS “continues to require extensive manipulations, journal entries, manual processes, and reconciliations in order for VA to produce a set of auditable financial statements.”

Find The Money

My remote listening post concealed on the corner of 18th and F Street in downtown Washington, D.C., has picked up unconfirmed reports that the General Services Administration’s inspector general wants to know how the agency’s digital services consultants used about $200,000 worth of funding. The IG’s office would neither confirm nor deny it is conducting an investigation, but digital intercepts indicate that financial record keeping may not be a core competency at the corner of 18th and F.

Tackling The Tough Problems

It’s no secret that many of the most senior Federal IT leaders are concerned about the future of the government’s digital services. So we asked a few confidential informants to dig up proof that the newest Federal techies from Silicon Valley are ready, willing, and able to tackle government’s most difficult problems. Here’s what was left at one of our frequently used dead drops:

The best digital minds at 18F were so concerned about making people “feel bad” by using the word “guys” instead of “team,” that they customized Slackbot’s autoresponses to replace the words guys and guyz with more inclusive language. The customized Slackbot recommended the following:

Did you mean y’all?

Did you mean team?

Did you mean all?

Did you mean pals?

Did you mean gang?

Did you mean crew?

Did you mean people?

“Turns out, a little cultural hack can go a long way,” wrote 18F’s Front End Designer Maya Benari. “It’s easy to forget these things and say guys unconsciously, but a nice, friendly, automated reminder solves that issue, and reduces the need for any kind of person-to-person conversation.”

Intercept some intelligence for The Situation Report? Send to dverton@meritalk.com.

Optimize Performance With Blended Learning

In my last Pulse article, we explored how Individual Development Plans (IDPs) as part of the performance review process can provide a powerful motivator for professional development. Now that we have laid out a plan to help employees mature, what’s next? For a manager working to drive optimal performance from his or her organization, proper training can be the difference maker. Yet all too often, training results in little to no demonstrable business results. There are a number of reasons for this, but in many instances, attendees of training find it difficult applying the classroom learning to deal with real-world problems encountered in the work environment.

A powerful approach to address this issue with training is Blended Learning. According to the Office of Educational Technology at the U.S. Department of Education, Blended Learning melds traditional classroom-based learning with virtual and technology-based learning opportunities, giving students more control over the time, place, path or pace of learning. The result is an adaptive, personalized learning experience that facilitates maximum understanding of knowledge and the ability to apply that knowledge to real-world problems.

The advantages of Blended Learning for the students and their organizations include:

The learner is in the driver’s seat. When students are given control of some aspects of training, they are free to choose what best suits their needs, which makes for a more effective learning environment.
Different learning approaches address different needs. Because Blended Learning combines varied delivery methods, students are free to learn the way that works for them.
Learning is focused on high-order “doing” skills (creating, evaluating, analyzing, and applying) over low-order “thinking” skills (understanding and remembering). Hands-on learning, facilitated through technology, ensures students can apply their new knowledge to their specific environment.

For adult professionals looking to apply new skills back at the office, the Blended Learning method is a must, as it combines hands-on experience with training from expert instructors. Doing so in a “safe” environment, like a project acceleration or process implementation workshop allows participants to learn new concepts and apply them in real-time on their projects. This blended learning solution is an effective way to maximize learning so that new knowledge and skills can easily be applied to real-world problems immediately applicable and repeatable on future projects. For organizations that implement this training method, this translates into:

Engaged team members who are ready to apply new skills on the job
Heightened institutional knowledge that can be shared throughout the workforce
Increased ROI on each training dollar spent
Confident employees who are invested in the company’s goals because the company made the effort to invest in their careers and personal growth.

To continue the discussion on IT workforce development challenges, follow our blog.

Fix FedRAMP – Tough Love?

We love FedRAMP. How could you not? It’s the smart gateway to secure cloud computing across the government. Without a clear, centralized, easy-to-understand cloud computing security model, cloud’s vaporware. Without cloud we can’t consolidate applications, embrace shared services, and modernize our IT. Without cloud, we’ll continue to waste 80 percent of our $80 billion annual IT spend on legacy systems.

We aren’t the only ones that love FedRAMP. Companies have spent hundreds of millions of dollars on the process. And, it’s out of that love that the folks that dig FedRAMP are hosting an intervention – confronting FedRAMP with its issues for its own good. That’s why the FedRAMP Fast Forward industry advisory group, in which MeriTalk participates, has worked with stakeholders across government to put together the Fix FedRAMP Report.

What’s Wrong?
Where to begin…? Three words — transparency, effectiveness, and accountability.

It costs too much, it takes too long. CSPs in the process don’t know their status and CSPs trying to get in, don’t know how. There’s mass confusion about the merits of the three paths to a FedRAMP ATO – JAB, agency, and self certification. CSPs are afraid to raise issues publicly for fear of reprisals from the PMO. The program’s unscalable – the PMO spends as much on continuous monitoring for the current approved CSPs as it does on managing all new applications in process. Further, agencies don’t trust FedRAMP ATOs granted by other agencies – defeating the whole point of FedRAMP. CSPs are simultaneously pursuing ATOs from multiple agencies for the same cloud offerings – which defeats the whole “do-once-use-many” premise.

The FedRAMP PMO sits under the GSA Associate Administrator’s office. GSA Associate Administrator for Office of Citizen Services and Innovative Technologies past and present agree there is a problem. Dave McClure played an active role in developing the Fix FedRAMP recommendations. Phaedra Chrousos is looking to cut the CSP approval duration to three months – three cheers for Phaedra.

Six-Point Plan
You should read the Fix FedRAMP report. We all remember the 25-point plan – this is just six points. If you’re pressed for time – skip to the pages that really matter, 3-8. Here’s a readahead on the recommendations: (more…)

Cloud wars: Oracle CEO Mark Hurd’s vision to gain cloud market share – SiliconANGLE (blog)

Cloud wars: Oracle CEO Mark Hurd’s vision to gain cloud market shareHurd recently predicted that by 2020, two software-as-a-service (SaaS) companies will hold 80% of enterprise SaaS market and that Oracle will be one of them. To ensure that, Oracle is making massive R&D bets on horizontal and vertical integration.Oracle Adds New Retail Cloud Services to Enterprise SaaS App PortfolioDatabase Trends and Applicationsall 4 news articles » Cloud wars: Oracle CEO Mark Hurd’s vision to gain cloud market share – SiliconANGLE (blog)

The FBI is part of a new strategy to combat intellectual property crimes. – Federal Bureau of Investigation (press release) (blog)

The FBI is part of a new strategy to combat intellectual property crimes.In 2008, a new federal law creating stricter penalties for criminals who engaged in intellectual property theft was enacted to keep pace with globalization, e-commerce, and technology advances. … Said Attorney General Loretta Lynch, “Through this new The FBI is part of a new strategy to combat intellectual property crimes. – Federal Bureau of Investigation (press release) (blog)

The mobile phone of the future will be implanted in your head – CNET

The mobile phone of the future will be implanted in your headThink Kate Beckinsale in the remake of the sci-fi thriller “Total Recall” video chatting with her boss using the phone embedded in her hand. Experts say embeddable “phones” or devices that are implanted in the body that use wireless technology could be The mobile phone of the future will be implanted in your head – CNET

thumbnail courtesy of cnet.com

Inspector General: Clinton emails had intel from most secretive, classified programs

The order says the programs can only be authorized by the president, “the Secretaries of State, Defense, Energy … Office of the Director of National Intelligence (ODNI) and State Department inspector general. Fox News has asked the committees to make Inspector General: Clinton emails had intel from most secretive, classified programs

thumbnail courtesy of foxnews.com

The Situation Report: Keeping Tabs Edition

Tipping Point @CyberCom

My Fort Meade listening post has picked up strong signals that 2016 promises to be a crucial year in the development of U.S. Cyber Command. “You can tell we’re at the tipping point now,” said Admiral Michael S. Rogers, the commander of CyberCom and director of the National Security Agency, speaking Thursday at the Atlantic Council. The 6,200-strong CyberCom force is beginning to jell into a major, cohesive national asset. “The capacity and capability is starting to come online. The hard work of the last few years is really starting to pay off in some really tangible capabilities that you will see us start to apply in a broader and broader way,” Rogers said.

Talent Magnet

Despite the lingering trust deficit stemming from the controversy over its domestic and international electronic surveillance activities, the NSA continues to attract and retain the best cyber talent the country has to offer. In fact, the agency’s retention rate in 2015 was a staggering 96.7 percent. Meanwhile, its attrition rate for high-end science, technology, engineering, and mathematics (STEM) professionals was less than 10 percent. But those “phenomenal” statistics come with a downside—recapitalizing the workforce at that rate will take NSA 30 years. That is the driver behind the NSA’s effort to create a partnership program with private companies to share cyber talent, said Rogers.

Biometric Blunders

The Department of Homeland Security’s effort to create a biometric exit system to monitor and report foreign nationals who overstay their visas or temporary visitor status remains woefully behind schedule. In fact, the department has missed multiple statutory deadlines during the last few years and does not appear to be picking up the pace in 2016.

A biometric entry tracking system has been fully operational at U.S. airports since 2006. But a corresponding exit system—required by law since 2004—remains out of reach more than a decade later. My border crossing surveillance outpost reports that the department still hasn’t delivered a single data point on overstays by foreign nationals and has yet to document the reliability of the data it does have. In addition, the agency still has not identified a way to collect data on individuals exiting the country through southern land border crossings.

Technologists at U.S. Customs and Border Protection (CBP) continue to plan and analyze how proposed biometric technologies will integrate with existing CBP systems, according to reports. Perhaps DHS should ask the European Space Agency for help. How hard can capturing fingerprints be after you’ve landed a spacecraft on a comet hurtling through space?

Counting Carry-Ons

DHS may not be able to count and track visa overstays, but at least the Transportation Security Administration has a handle on the number of weapons people are trying to smuggle onto airplanes every year. Last year was a record-setting year for intercepting guns in carry-on luggage, with TSA officers stopping 2,653 firearms before their owners could get them aboard aircraft. Of the weapons confiscated at 236 airports around the country, 83 percent were loaded.

One might imagine that with 708 million passengers carrying 1.6 billion bags onto commercial aircraft last year, some of the items seized by TSA were quite peculiar. For example:

A wide variety of cane swords (yes, full-length swords concealed in walking canes)
Sickle
A weapon resembling a Klingon bat’leth
Jawbone tomahawk
Inert grenades, artillery rounds, cannonballs, mortar shells, rocket-propelled grenades, mines, and anti-tank projectiles
Meat slicer
Ninja climbing claws; and a
Chihuahua stowed away in a hard-shell checked suitcase

A total of 2,653 firearms were discovered in carry-on bags at checkpoints across the country, averaging more than seven firearms per day. Of those, 2,198 (83 percent) were loaded. (Source: TSA)

FedRAMP on the Move?

Folks, just a quick preface on this new statement from the FedRAMP PMO. For the last year, FedRAMP Fast Forward, a group in which MeriTalk participates, has hosted industry and government dialogue focused on delivering tangible recommendations to increase the value of FedRAMP. We’ve taken a series of meetings with government agencies, including the FedRAMP PMO. We briefed the FedRAMP PMO two weeks ago on a new Fix FedRAMP paper that we will release Jan. 25. Seems Matt Goodrich and his team listened.

Anticipating the release of the Fix FedRAMP paper, GSA and the FedRAMP PMO released this blog Wednesday evening. Let’s hear it for change — if the FedRAMP PMO’s up for change — we’re excited to work with them. If this is just window dressing to ward off criticism, we’ll ensure to hold their feet to the fire.

Mark your calendar for the Congressional Cloud Computing Caucus Advisory Group meeting on the Hill on March 3rd. We understand GSA’ll roll out its tangible plan to Fix FedRAMP — Let’s call it FedRAMP 2.0 .

We’re delighted to hear GSA’s changing. We love the direction. Now we’d all like to see the operational details.

The Evolution of FedRAMP

We asked. You talked. We’re responding.

January 20, 2016 | Matthew Goodrich , Director for the Federal Risk and Authorization Management Program (FedRAMP) in GSA
As we approached our fourth year of helping agencies secure the cloud solutions they use, we here at FedRAMP undertook a comprehensive outreach effort to learn as much as possible about how we’re meeting your needs. In response to your feedback, we’re shifting our efforts to scale the things we’re doing well, and we’re also working to improve the areas you’d like to see changed.

We asked

During the last six months, we went out and talked to you: cloud service providers (CSPs), third-party assessors (3PAOs), industry consortiums, and agencies, among other users. We also did some self reflection by conducting internal interviews. The questions we asked helped us get to the heart of what you need by providing valuable insight into how we’re delivering services and helping us identify what areas we can improve.

You talked

As we talked to you, we not only asked questions but also followed your end-to-end “customer journeys” in detail. This helped us visualize how you’ve interacted with GSA and the PMO. If there’s one thing our research made clear, it’s that you’re not shy about giving us constructive feedback,and we couldn’t be happier about the insights you shared!

We heard a lot of positive sentiments about FedRAMP. Most notably, you let us know that industry sees the value in the program and that it can be a market maker. You told us other industries are using FedRAMP for their own standards, and that it has increased the government’s trust in using cloud solutions. We also heard that you want more from us. You want more visibility into where you are in the process and more transparency around FedRAMP’s data — specifically, what agencies are using the program, what cloud services are available to procure. Above all, you want the time to authorization to be much faster.

We’re responding

We’re taking your feedback to heart. During the coming weeks and months, we’ll be making some major changes based on your feedback. Things are going to happen quickly. More specifically, we’ll be focusing on four key improvements:

Increasing the speed to authorization
Increasing transparency
Piloting a high baseline
Promoting FedRAMP reuse

1. Increasing the speed to authorization
The fastest authorizations for FedRAMP have taken approximately six months. We agree with you— that’s simply too long. Our current process, designed four years ago, mirrors the time it took for authorizations to occur when it took six to twelve months to build a legacy IT system. Today with cloud, you can build a new system in days, sometimes even minutes. This means our authorization process needs to reflect that a system is already built and operational. To that end, we’re exploring changes to the authorization process to focus more on capabilities and evidence up front, rather than documentation throughout. We believe this will allow FedRAMP to scale not only for government, but for industry as well.

2. Increasing transparency

You’ve said you want better visibility into FedRAMP— both in how other people are using it and where you are in the authorization process. We’re happy to devote time and resources to do that. Our aim is to clearly show:

Which agencies are using FedRAMP
Which CSPs are authorized
Which CSPs are in the process of getting authorized
What services are available to agencies

And we want all of that information to be searchable, downloadable, and easy to find. We’ve teamed up with 18F to make this a reality by creating a public dashboard on www.FedRAMP.gov, which will be available to you by spring.

3. Piloting a high baseline

FedRAMP can be a market maker, and we’re expanding what that market can be. You told us that CSPs can provide higher level of security than FedRAMP authorizes now and that agencies want to use those services. We’re on track to finalize the requirements for high impact security systems by the end of winter (read the most recent public draft of these requirements). At the same time, we’re also piloting this effort with a few vendors to be authorized via the Joint Authorization Board so that we can have lessons learned and specific areas of focus for vendors who are interested in achieving this level of security. This is all an effort to help our industry partners make an informed decision about the level of effort it takes to maintain a high system, and also enable our agency customers to understand what to expect from using a cloud service for their high systems.

4. Promoting FedRAMP reuse

We also heard that you wanted us to match CSPs with agency needs and promote FedRAMP to the right people within agencies. We recently brought on Ashley Mahan, who was born to do this and has hit the ground running. She’s already matched a CSP to be authorized with a federal agency customer in her first 15 days on the job. To keep the momentum going, Ashley will complete an “Agency Roadshow” over the next three months. She’ll be meeting with every federal agency to identify how they’re using FedRAMP and get a better understanding what types of CSPs they want to use. Follow Ashley on her tour by following @FedRAMPAshley on Twitter and the hashtag #WheresAshley.

This is the beginning

We’d like FedRAMP to become as true of a partnership between the federal government and industry as possible— and we want the FedRAMP authorization process to clearly reflect this. We need the continued engagement of both government and industry. So stay involved. We promise to continue to respond and iterate to ensure we’re meeting your needs.

Star Wars Was Rubbish?

Am I the only one that found that The Force Awakens sent me to sleep? It’s a 38-year-old retread of the first movie – which my kids tell me is the fourth film. It’s not just Luke that lacks luster, 007 shot blanks in Spectre – am I the only one that kept expecting Dr. Evil to put in a cameo? Austin Powers cheering from the front row – shagerific, baby…

They say that art is a mirror to our society. It’s time to stop looking backward – to move past yesterday’s successes. They inhibit our progress. As we consider our New Year’s resolutions, I’m asking for new ideas, new thinking. Yes, we’ll have some flops, but repeating yesterday’s behaviors and expecting different outcomes won’t work. That’s as true in government IT as in Hollywood as in life.

As Tony Scott tells us – yesterday’s IT is strangling Uncle Sam’s ability to make progress. The bad Darth Vader’s the only fella who’d champion 80 percent of our IT budget on geriatric systems. Three big plays to watch this year.

First, FITARA – the program’s getting teeth. We need to watch for sneaky language in the omnibus approps bill that introduces an exception for Energy Labs. This is The Empire Strikes Back – if we introduce the ability for one agency to opt out, the force will weaken and others will soon follow. Join us on March 30th for the FITARA Forum at the Newseum. Congressmen, OMB, GSA, and lots of CIOs.

Second, the Hill’s Bring Out Your Dead program – I know there’s no Monty Python in Star Wars or Bond, but let’s stay with the movie moniker. On December 22nd the House and Senate – Oversight and Government Reform and Homeland Security and Government Affairs – sent a letter to all 24 CFO agencies looking to get a census of IT systems past the sell-by date. The Hill wants information on systems, hardware, software – as well as agencies plans to pull the plug on these systems, with dates. Agencies owe their responses by January 29th – and rumor has it Oversight and Government Reform will host a joint legacy IT transition and FITARA hearing in the spring. If agencies get real about answering this data call – and we’ve seen these plays fail in the past – this could be a critical pivot point in Federal IT transformation. Does Rep. Will Hurd, R-Texas, have the fortitude to make this stick?

Third, there’s FedRAMP – seems it’s been around so long it’s a silent movie. FedRAMP’s pivotal in empowering Feds to get off their legacy base. But, thus far, despite huge lines to get in, the do-once-use-many cloud security program’s proved a massive bust at the box office. But wait, there’s a new Jedi heroine at GSA – Phaedra Chrousos, the associate administrator. She’s talking about radically revamping FedRAMP. The question, how? Everybody in Federal IT’s excited about this sequel – let’s call it FedRAMP 2.0.

And, keep an eye out for the new script. The FedRAMP Fast Forward group, an industry group in which MeriTalk participates, will release the Fix FedRAMP paper on January 25th. Based on conversations with industry and government, Fix FedRAMP puts forward six recommendations on how to get from disaster to master. Never fear, it won’t be more of the same – it’s all about new. Mark your calendar for the Congressional Cloud Computing Caucus meeting focused on Fix FedRAMP taking place on the Hill March 3rd. Register early – it’ll be harder to get tickets than it was to see the new Star Wars premiere. And, we guarantee a better plot and acting.

I took advantage of the downtime over the holidays to clear out my closet – finally letting go of those 80s glad rags – and to read a couple of books in areas I didn’t understand. That’s MeriTalk’s new year’s resolution – out with the old.

As I walked out of Star Wars, I saw the promotion for Creed – that’s Rocky 25. How many rounds can we fight with the past? Let’s go for different in 2016. And, may the cloud be with you.

The Situation Report: Cracks in FITARA?

The Situation Report has picked up strong signals from our Office of Management and Budget outpost that senior administration officials are “pissed off” at Sen. Lamar Alexander, R-Tenn., for inserting language into the omnibus spending bill that passed in December.

Alexander is responsible for inserting a paragraph into the omnibus spending package that granted the Department of Energy’s national laboratories—including the Oak Ridge facility in Alexander’s home state—an exemption from the Federal Information Technology Acquisition Reform Act, known as FITARA.

The Situation Report intercepted a few dire warnings about Alexander’s actions that have made their way up the chain of command to Federal Chief Information Officer Tony Scott. “It’s the first chink in the armor of FITARA and opens the door for others who don’t want good IT governance,” said one senior administration official who spoke to the Situation Report on condition of anonymity. “It’s bad law.”

Gathering Storm

Intelligence assets report that OMB is “within weeks” of issuing a formal opinion on the language contained in the law, which sources call “vague, at best.” One of the main items OMB plans to address is another tidbit inserted into the ombibus bill at the last minute that would extend FITARA authorities to all civilian agencies. While FITARA is good for government IT, pushing it out to the enitre goverment—including independent agencies like the Federal Communications Commission and dozens of others—doesn’t sit well with OMB.

“The language could have been more explicit,” a senior administration official said. “OMB is not really resourced for that.”

The Scott Campaign

A grass-roots effort has taken shape to recruit Scott to remain Federal CIO through the next administration. Organizers of the Scott campaign say he’s smart, truly understands the issues, and is genuinely a nice guy to work with. But the Situation Report has picked up strong signals that Scott plans to fly his own plane back to the left coast when the Obama administration hands over the reins to Hillary or Trump. According to the latest draft of Scott’s legend, obtained by the Situaton Report, the trained lawyer is open to staying for a “short period of time” during the transition, but has plans to sit on a couple of corporate boards and teach law in California.

Feds Embrace Big Data to Battle Insiders, Terrorists

The Situation Report received a flash message from our Defense Manpower Data Center outpost that the Pentagon agency may have experienced a small problem with employees searching for their own personnel files on the Joint Personnel Adjudication System (JPAS). Sophisticated readers will know JPAS as the Defense Department’s system of record for maintaining security clearance eligibility determinations.

“Notifications will be emailed to users who have violated JPAS policy by querying and/or looking up their own record within the last 30 days as a warning to the user,” according to a notice posted to agency employees.

The issue is acutally a serious security concern. When an employee searches for his or her own name in security clearance or investigation databases it should be an immediate red flag for a potential counterintelligence threat. Sure, many are probably just curious to know what dirt might have been dug up when their clearance was granted. But does the name Robert Philip Hanssen ring a bell? Hanssen was the former FBI agent who spied for the Soviet and Russian intelligence services undetected for 22 years. One of the lessons to come out of the Hanssen case involved his ability to leverage his authorized access to a bureau database to search for his own name and determine if he was under FBI investigation.

Insider Threat Progress?

The DMDC situation certainly doesn’t paint a picture of a defense establishment that has learned the tough lessons of the past when it comes to insider threat detection—Hanssen, after all, was arrested 15 years ago. But a 2015 Pentagon report, released Dec. 23 in response to a Freedom of Information Act request by the Federation of American Scientists, contends that the Defense Department’s Continuous Evaluation (CE) program is making great strides to leverage big data to stay ahead of potential changes in an employee’s suitability for holding a security clearance.

According to the report, written by Undersecretary of Defense Robert Vickers, the department has directed pilot programs to test its CE efforts on more than 100,000 servicemembers and civilian employees. The goal of the pilot projects is to evaluate the data sources, business rules, and procedures to eventually replace the periodic reinvestigation requirement for secret and confidential clearance holders. But Steven Aftergood, the director of the Project of Government Secrecy at FAS, points out that the best way to reduce the insider threat is to reduce the number of potential insiders. And if that’s truly the best method, then the Defense Department is, indeed, making some progress, eliminating 800,000 security clearances during the last two years.

OPM Stonewalling Congress

As the Dec. 17 Situation Report detailed, the Office of Personnel Management may have multiple reasons for not providing Congress all of the documents it has related to the massive data breach involving personnel security clearance investigations.

“OPM has unduly burdened committee investigators by apply unnecessary and unexplainable redactions,” said House Committee on Oversight and Government Reform Chairman Rep. Jason Chaffetz, R-Utah, during a hearing Wednesday into Executive Branch agencies withholding information from Congress. “The extraordinary lengths to which OPM has gone to keep basic information from the committee leaves us with the conclusion that perhaps they have a lot to hide.”

Our Capitol Hill observation post picked up some encrypted signals that OPM is concerned about IP addresses and user names of “users” who were on the agency’s network at the time of the intrusion and exfiltration of documents. The concern is so high that OPM opted to deliver reams of documents containing nothing but blacked-out redacted pages.

“These redactions are consistent with those employed by other Federal agencies, and were based on security recommendations from OPM IT security professionals and in consultation with interagency cyber experts,” said Jason Levine, the director of the Office of Congressional, Legislative, and Intergovernmental Affairs at OPM. “Additional redactions were also made for reasons of longstanding Executive branch confidentiality interests.”

Levine testified alongside officials from the departments of State, Justice and Homeland Security—all of whom were taken to task for their agencies’ failure to provide Congress with documents and answers to questions.

“I have to question whether or not you guys respect the constitutional authority that’s invested in this committee,” Rep. Gary Palmer, R-Ala., said. “There’s a pattern here.”

Egg Nog and Excitement?

This is the time of year for small talk, silly sweaters, and, as we head into the holiday lull, little else. This year’s different – two new developments. FedRAMP’s frothing and Senators Tom Udall, D-N.M., and Jerry Moran, R-Kan., two powerful Senate Appropriators, unwrapped the Cloud Infrastructure Transition Act, the son of FITARA legislation. This new proposed legislative package is designed to turbo charge Uncle Sam’s cloud transformation. Time to think ahead about New Year’s resolutions early before we’ve even had a chance to over indulge.

FedRAMP First

FedRAMP’s right at the center of the excitement. This week, Phaedra Chrousos, GSA’s Associate Administrator for Citizen Services and Innovative Technologies, announced the agency plans to slash the CSP FedRAMP ATO duration to three months next year. Citing Unisys’ 18-month and eight-attempt experience as what’s wrong, she admitted the program’s painful and needs an overhaul. Straight talk and a commitment to do better – GSA moves right to the top of the nice list.

(more…)

New Pressures on FedRAMP, OPM

All indicators are blinking red at the Office of Personnel Management. The Situation Report has picked up on some disturbing reports that the Chinese may not have been alone when they hacked into OPM’s network and made off with more than 21 million security clearance files. My mobile intercept operator has forwarded a debriefing report with a human source who said multiple intruders, including Iran and more than a couple of “friendly” countries, are believed to have rummaged through the vulnerable files.

Situation Critical

That’s the tone of the reporting coming in from all directions as far as the Federal Risk and Authorization Management (FedRAMP) program is concerned. The Federal government’s main program for evaluating and authorizing commercial cloud service providers is under attack along four different fronts.

Beltway Bandits

Attacking from south of the Beltway is the FedRAMP Fast Forward industry advocacy group, which plans to issue a major policy paper in January that will call for fundamental changes to the FedRAMP program. The group is taking aim at what many CSPs consider to be a flawed process that takes too long, costs too much, lacks transparency, and is adhered to (ignored?) differently from agency to agency. This avenue of approach holds the most promise, as the Fix FedRAMP position paper will get a high-profile public airing on Capitol Hill Feb. 4 during the next Cloud Computing Caucus Advisory Group meeting.

The High Ground

My forward observers on Capitol Hill report increasing activity by troops under the commands of Sens. Tom Udall, D-N.M., and Jerry Moran, R-Kan. Udall and Moran are planning a coordinated assault to help save FedRAMP. Code-named operation Cloud IT Act—the bill has started making its way through intelligence circles in the form of a “discussion draft.” MeriTalk obtained a summary of the legislation. You can read the full story here.

GSA Division

The General Services Administration division, under the command of Associate Administrator for Citizen Services and Innovative Technologies Phaedra Chrousos, also reports it is ready to open a new front along FedRAMP’s left flank. A mole in Chrousos’ command center reports the battle plan is “ambitious” and has identified “FedRAMP 2.0” as its main target.

Chrousos tipped her hand earlier this week when she told an audience at a National Contracts Management Association event that GSA is busy “reimagining” FedRAMP. Although there is no shortage of horror stories from industry, the tipping point came from the experience reported by Unisys Corp., she said. According to Chrousos, it took Unisys—a major Federal IT player with plenty of resources at its disposal—18 months and eight attempts to successfully navigate the FedRAMP certification process.

Disorderly Conduct?

Last week, my Force Reconnaissance teams reported suspicious activities at the Department of Veterans Affairs’ IT office, under the command of newly appointed Chief Information Officer LaVerne Coucil. A senior commander within VA has since responded to The Situation Report with a denial that its Continuous Readiness in Information Security Program (CRISP) is over budget and offered a similar denial that there are any plans to allow its identity theft analytics contract to expire without renewal.

However, a source interrogation recently revealed that VA’s former Acting Chief Information Security Officer Dan Galik wasn’t very happy with the level of cooperation taking place throughout VA on cybersecurity issues before he left the agency in November. According to the source, who has reported accurately in the past, Galik saw the enemy at the gates and made a hasty retreat while there was still time.

‘Pulp Fiction,’ Security, and Your ‘One Thing’ – Why Encryption Matters

This past summer’s hacking of secure personnel information at The Office of Personnel Management started me thinking about the 1994 movie Pulp Fiction. We all need to take a hard lesson from that film, in terms of how we protect what’s important to us.

In Pulp Fiction, a boxer named Butch has a gold watch–a memento from his father who died in a Vietnam prison camp. Over the course of the story, Butch has to make a hasty getaway, but at the last minute, he discovers his father’s gold watch is missing.

Butch is unwilling to run away without the watch. That watch was Butch’s “one thing,” and he knew it. Unfortunately, he wasn’t sufficiently careful about securing it, and trying to get it back meant undergoing suffering and pain.

Whether in our personal lives or on the job, we all have “one thing”–that item or asset that most needs protecting and preserving. The one thing that is so important that, if your house were burning down and you had to make an escape and could only grab one thing, it would be this.

This summer, The Office of Personnel Management lost its “one thing”: the secure control of essential government personnel records. The records are there, but the confidence that they are secure is gone forever. Since then, the Office of Management and Budget has introduced its Cybersecurity Strategy and Implementation Plan (CSIP). This may be a step in the right direction, but it really serves as a reminder that very few of us even know what our “one thing” actually is–or what we need to do to protect it.

Six months later we’re all still dealing with the blowback from the OPM story. What have we learned? By all appearances, nothing. The conversations are the same as they were before, and cybersecurity plans appear to be pretty much the same, as well. We all seem to be running around, just talking about the need to do something: “Seal the perimeter, update the patches, continuous monitoring, just do something!”

We need to stop and think about what security means to each of us. What is our “one thing”? At the service level, department, command, or agency? What is it we can’t afford to lose here? If we don’t know–if everyone in your organization isn’t in agreement on this thing–we cannot proceed.

If you really have more than one thing, make your short list, or top five, or even top 10, and sort them by risk priority. Once you have your list, there are three main areas of analysis you must conduct:

Access: Who can get to it and how? Is it safe?
Systems: Are the systems where it lives sound? Are they protected? Are they safe?
The asset itself: When access protections fail (and they will), when system security fails (and it will), how can we be sure that the “one thing” is not, will not, cannot be lost?

With all that in mind, remember that there is only one real way to secure a digital asset, and that’s with strong encryption and key management. Your “one thing” needs to be encrypted, and the encryption key has to be managed to keep it out of the wrong hands. That’s the only way to ensure your “one thing” is secure–at rest, in use, and in motion.

What about the cost? It’s true, there is a “tax” that comes with this type of security. You’ll be paying that tax on performance, availability, and convenience–costs that weren’t considered when service-level agreements and system designs were set.

Can we afford the cost? Let’s answer that question with a question: How important is your “one thing” to you? What is the cost if that “one thing” is lost?

Ask OPM Chief Katherine Archuleta. Oh wait, don’t bother. She is gone, just like all of the data she was responsible for protecting. My info, maybe yours, too. Still there, but gone.

Like Butch from Pulp Fiction, Archuleta lost her one thing, and it cost her (and us) dearly. Don’t do the same. Make sure you encrypt your data and have a careful strategy for managing your encryption keys.

Tom Callahan is VP of Sales for SafeNet Assured Technologies, LLC.

Happy Birthday, FITARA

Babies are cute.

Guess who turns 1 on Saturday? FITARA. Her given name is the Federal Information Technology Acquisition Reform Act.

The Federal IT community is gushing over FITARA, and last week was no exception. Everyone agreed at MeriTalk’s second FITARA Forum this youngster has potential.

A Lovely Baby

“I can’t imagine that (FITARA) isn’t the gold standard as we go forward,” said Milo Speranzo, director of strategy and compliance at Tech Data. “We really believe FITARA is here to stay for years and years.”

FITARA’s troubled cousin, the Clinger-Cohen Act, is widely viewed as a failure. Sometimes our kids fall short. FITARA is different–it gives Federal CIOs more authority.

“The CIO’s job is a very, very difficult job, no matter where you are, whether that’s in the commercial sector or other areas in the public sector,” said Steve Harris, vice president and general manager of Dell Federal Systems. “When the CIO’s not empowered, it’s an impossible job.”

Learning to Walk

FITARA promises to be a useful tool, but it may take time before agencies begin to see results from the new authority the law provides CIOs, said Steve Cooper, CIO, Department of Commerce.

“FITARA is not a sprint,” Cooper said.

The law has proven effective in at least one instance.

“I put a freeze on all IT purchases until (component agencies within the department) can come to me with a comprehensive IT spend plan,” said Richard McKinney, CIO, Transportation Department.

“We’ve got to be more deliberate about what we’re doing,” he said. “We can’t let IT decisions be made down in a program where stuff just shows up on the dock and somehow I’m supposed to slap it into the data center and run it, manage it, and care and feed it. So until the component CIOs can present me with a comprehensive IT spend plan, I’m not going to approve any (acquisitions). I’m going to use the FITARA authority to say ‘I’m not approving any IT purchases.’ ”

It looks like this baby already has teeth. But is it biting too hard?

Ugly Baby?

Some people don’t think FITARA is cute and cuddly. Component CIOs may feel overlooked.

“Why there would be resistance I think can run the gamut,” said Ryan Gillis, vice president of cybersecurity and global policy, Palo Alto Networks. “It might be that at the sub-agency level, you don’t want to relinquish some of that power and authority up to the department-level CIO. Maybe you believe that the metrics aren’t the right metrics that show how you’re performing operationally. But the bottom line is that this is a good governance approach.”

Institutionalizing the law will make it harder for a future administration to stunt FITARA’s growth, observers said.

“We’ve got this window of opportunity at the end of this administration,” said former Department of Homeland Security CIO Richard Spires. “Let’s take that opportunity to start to institutionalize these changes very rapidly. I know it’s hard. It won’t happen everywhere. But if we can get it to start working at some of these agencies, then I think it can have a snowball effect.”

Babies are cute, but toddlers represent a different challenge. Let’s see what FITARA’s terrible twos have in store for Federal CIOs.

The Situation Report: CIOs Meet Accountability & Authority

The Federal Information Technology Acquisition Reform Act (FITARA) has delivered chief information officers new authority, as evidenced by Department of Transportation CIO Richard McKinney‘s move to freeze all IT purchases until subordinate CIOs deliver a spending strategy for their components.

But along with that new authority comes a greater focus on accountability. And that’s where things are starting to get interesting.

Casualty Report

Situation reports coming in from the Hubert H. Humphrey Building in Washington, D.C., indicate that FITARA may have played a role in the recent loss of one of the Federal government’s best CIOs. Eyewitness accounts indicate that former Health and Human Services CIO Frank Baitman fought gallantly during Operation HHS Consolidation but was unable to establish a beachhead at the massive federation of fiefdoms known as HHS. According to one brave soul, Baitman’s request for FITARA fire support was largely ignored.

For nearly a year, Baitman counterattacked and regrouped, only to be outgunned and outnumbered by an axis of legacy cultures. Firebase FITARA never delivered the cover Baitman needed. He knew it, but held on as long as he could.

FLASH Message

Forward observers overlooking the E Street headquarters of the Office of Personnel Management are reporting trouble for OPM CIO Donna Seymour. House Committee on Oversight and Government Reform Chairman Rep. Jason Chaffetz, R-Utah, has renewed his calls for OPM Acting Director Beth Cobert to relieve Seymour of her command. Chaffetz not only places responsibility for the massive data breach at OPM squarely in Seymour’s lap, but he’s now targeting Seymour for moving too fast on the $20 million credit monitoring and identity theft protection contract. According to Chaffetz, OPM may have run afoul of Federal contracting laws because of an unrealistic deadline set by Seymour that forced contracting shortcuts. He also accuses Seymour of forcing a sole-source contract related to OPM’s network infrastructure improvement program.

“It is troubling that yet another IG report has found that Ms. Seymour failed to effectively fulfill her duties,” wrote Chaffetz in a letter to Cobert dated Dec. 10. “The record is clear that six months after the American people first learned about OPM’s spectacular failure at securing sensitive personal information, change is needed in the Office of the Chief Information Officer.”

No word on when or if FITARA reinforcements will arrive.

Force Recon

A situation report received by one of the most remote outposts along Vermont Avenue details some unusual movement of forces near the Washington, D.C., headquarters of the Department of Veterans Affairs.

Several water cooler warriors report that VA CIO LaVerne Council is busy looking to hire a recruiting firm to help kick-start a Silicon Valley worker pipeline at VA. The reported mission of the firm is to not only identify the candidates, but also help them fill out the stack of government documents necessary to successfully complete the Federal hiring process.

But there may be more problems on the horizon. Our advance reconnaissance elements also report concerns about $69 million in alleged overspending on the Continuous Readiness in Information Security Program, or CRISP. And that has led some local commanders to order preparations for a possible cancellation (nonrenewal) of VA’s identity theft analytics program.

The Situation Report reached out to VA, but there’s no word from the front.

Join the conversation by commenting below. Follow @DanielVerton

FITARA – What’s Next?

Between the Hill scorecard and the imminent agency self-assessment read out, FITARA’s hot and sometimes hard to follow. So, where are we? what’s next? and why should you care? Good questions. That’s why we’re working with OMB, the Hill, and GAO to host the second in ourFITARA Forum series on December 9th at the Newseum. Congressmen Connolly and Meadows just came in as morning keynote speakers – so donkeys and elephants speak FITARA…Space is limited, so if you can’t get a seat, here’s some perspective.

(more…)

« Previous 1 … 12 13 14 15 16 … 19 Next »

Cookie	Duration	Description
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_pxhd	1 year	PerimeterX sets this cookie for server-side bot detection, which helps identify malicious bots on the site.

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.

Cookie	Duration	Description
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.
_gat	1 minute	Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
UID	1 year 1 month 4 days	Scorecard Research sets this cookie for browser behaviour research.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
anj	3 months	AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
GoogleAdServingTest	session	Google sets this cookie to determine what ads have been shown to the website visitor.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
muc_ads	1 year 1 month 4 days	Twitter sets this cookie to collect user behaviour and interaction data to optimize the website.
personalization_id	1 year 1 month 4 days	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
uuid2	3 months	The uuid2 cookie is set by AppNexus and records information that helps differentiate between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
_mkto_trk	1 year 1 month 4 days	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.