This page is not built out yet. If you are seeing this page, please contact an administrator.

The Situation Report: Coddling Millennial Techies

Welcome to the first installment of The Situation Report, a weekly column by MeriTalk Executive Editor Dan Verton that takes an honest and discerning look at the programs, policies, and people behind government information technology.

When does a call to service cross the line and become an exercise in groveling at the feet of a generation of workers who by many accounts demand to be coddled, pampered, and delivered to the C-suite free of scars and ahead of schedule?

OK, that’s a little harsh and somewhat of an exaggeration, but it comes pretty close to the prevailing perception of the millennials who make up today’s civilian technology workforce and tomorrow’s government IT leaders. But what’s more troubling for this son of the Greatest Generation is the extent to which our nation’s current Secretary of Defense, Ash Carter, accepts this characterization of the technology workforce and the lengths to which he is willing to go to accommodate their every whim.

Carter has spearheaded a massive Pentagon effort to reconnect with America’s technology industry—a much-needed initiative designed to enlist Silicon Valley in the great struggle to maintain America’s technological superiority. But a major part of his effort for the past year has focused on giving government service—particularly Defense Department jobs—a head-to-toe makeover. He’s like a dating coach trying to teach the awkward government bureaucracy a few moves.

Working for the Defense Department “has to be attractive to the next generation of people who see their lives differently,” said Carter, speaking to Harvard students Dec. 1. “They don’t want to live Ford Motor Company lives; they want to live up-to-date lives, in which their life doesn’t look like an escalator, where you get on and wait until it takes you up. You get to hop around like a jungle gym, and get up by getting around. They want to live that kind of life.”

Well la-di-da, Mr. Secretary. The Marines I served with and the rest of the men and women who wear or have worn the cloth of our nation are surely happy for them. In fact, if millennials can pull off that kind of life during the troubled times we find ourselves living in, then I say more power to them. But what about the sense of service? My Marine Corps recruiter didn’t promise me a rose garden, so why are we bending over backward trying to buy the loyalty and honor of an entire generation of workers? If they don’t already come with a desire to serve something bigger than themselves, are they really the type of people we want supporting our troops?

Of course, the Defense Department didn’t start this trend. Former U.S. Chief Technology Officer Todd Park is largely responsible for producing the nation’s first crop of high-tech volunteers to join the U.S. Digital Service movement. And at USDS, they use the language of national service without all of the strings that typically come with signing on the dotted line. The USDS website talks about “tours of duty” and being able to tell stories to your grandchildren about that time you coded for two days straight to rescue Healthcare.gov. As absurd as that might sound, it is the language of a new generation that has to be convinced that service is in their self-interest—even for just a couple of years.

This is all very troubling. Does the government need to be an attractive place to work? Yes. But should service to our nation have to be sold in a way that creates a revolving door without end that lacks continuity and leads to more frequent brain drains?

“We need to manage our workforce in defense the way thoughtful companies do today,” Carter said. “We’re not a company; we’ll never be. We’re a profession of arms; it’s different.”

And when it comes to attracting the next generation of technology workers to national service, Carter’s overriding concern is simple: “Can we connect to that generation?” he asked.

A different question might be: Do we want to?

Stuffing the Ballot Box?

As we ready for the holiday that brings all Americans together – here’s the question. Which of the turkeys running for the President would you invite to gobble with your family?

At MeriTalk, we recently hosted our own televised presidential candidate debate. Tune in to separate the wattle from the winner.

‘Tis the Season: The Gift of FITARA

Christmas is coming, and some Federal CIOs may wish for FITARA to go away.

They should come up with a new list. The Federal Information Technology Acquisition Reform Act (FITARA) is here to stay. Not all CIOs view FITARA as a lump of coal – 84 percent of Feds are optimistic about the law’s impact, according to MeriTalk. Some think the law is the right solution at the right time.

But change is hard and questions remain.

So MeriTalk will host the second FITARA Forum next week where lots of smart people will be on hand to answer questions about the IT reform law.

Naughty List

The IT subcommittee of the House Oversight and Government Reform Committee last month put agencies on notice when they issued scorecards measuring progress on four key areas of FITARA. It resembled a naughty list because of the poor grades. Those grades didn’t go over too well with some CIOs who thought they were making progress on issues like data center consolidation.

Well, it turns out that only a few agencies account for the bulk of the savings on data center consolidation, but was the subcommittee too harsh in its assessment?

“I respectfully disagree” with the failing grade, Danny Harris, CIO at the Education Department, told House Oversight and Government Reform committee members during a Nov. 19 hearing on his department’s cybersecurity efforts.

So it depends on whom you ask, and we’ll hear a lot at the FITARA Forum about the subcommittee’s first attempt to rate agencies when a panel of CIOs tackles the weighty issue of the “FITARA Scorecard–Making the Grade.”

Snow Globe

FITARA is as much about transparency as it is about lowering IT costs and giving CIOs the budget authority to cut those costs. By the end of the month, we’ll be able to view IT spending as if agencies were in a snow globe.

That’s because FITARA directs agencies to post those implementation plans by Dec. 31. Only the Agriculture Department and National Science Foundation have done that so far. Most agencies are awaiting final approval from the Office of Management and Budget (OMB) on implementation plans.

Once all agency plans are approved, OMB also will post the information online. Now that’s transparency. Just like a snow globe.

Remember to join us Dec. 9 at the FITARA Forum when we discuss the latest information about the one-year-old IT reform law. And let us know what you think–is FITARA a gift for CIOs?

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

CIO on FITARA: The Right Solution

On Nov. 4, I testified before the joint subcommittees on Information Technology and Government Operations of the House Committee of Oversight and Government Reform. The hearing was titled “FITARA’s Role in Reducing IT Acquisition Risk, Part II–Measuring Agencies.” The other witnesses included Federal CIO Tony Scott, Treasury CIO Sonny Bhagowalia, General Services Administration CIO David Shive, and Dave Powner, Director, Information Management and Technology Resources Issues, Government Accountability Office. It was an honor and privilege to have been a part of the very constructive conversation that took place that day.

I came away from the hearing more convinced than ever that FITARA–the Federal Information Technology Acquisition Reform Act–is exactly the right solution at the right time and that we have an invaluable ally in Congress. Let me see if I can break this down for you.

The hearing reinforced my strong belief that FITARA has unprecedented bipartisan support. IT is not and never has been a red/blue field of battle. The serious IT issues the Federal government faces call for a united effort between the CIO community, our executive leadership, and Congress. And that is exactly the good news that I heard from the committee. Rep. Gerry Connolly, D-Va., told me after the hearing that he wants to be doubly sure the CIO community clearly understands there is “absolutely no daylight” between any of the committee members on these issues and that he hopes we understand this is a very rare and valuable set of circumstances. He really stressed that this is our moment and that we have to seize it.
It was really gratifying to hear that Congress wants to engage with the CIO community to explore ways in which potential IT savings can be reinvested in rebuilding and modernizing both our IT infrastructure as well as our business solutions portfolios. That is an opening the CIO community must take advantage of. Driving down cost and driving up service delivery can and should go hand in hand.
The preliminary FITARA scorecard the committee unveiled at the hearing is just the beginning of what we should expect will become an ongoing and rigorous oversight process. Much of the early discussion about FITARA has understandably been about the new authorities around HR, budget, and acquisition. I know much of DOT’s focus these past months has been about the precise mechanics of putting these authorities in place. But we can’t forget that these authorities are intended as a means to an end, and that it is the accountabilities built into FITARA we are going to be judged on. The initial report card focused on data center consolidation, incremental development, IT portfolio savings, and IT risk assessment. While the grades were generally poor, they clearly and fairly reflected the long road ahead of us. The CIO community needs to understand this and engage with Congress, GAO, and the Office of Management and Budget in establishing consistent and reliable measures of progress as we tackle these issues.

At the conclusion of the hearing, I thanked the members for FITARA, but more specifically for their willingness to engage with the CIO community around the ongoing implementation of this landmark legislation. I also thanked them for the constructive urgency they were communicating, and I shared with them that the leadership at DOT was approaching FITARA with that same urgency and the strong conviction that this is our last chance to get this right.

I believe that now more than ever.

Richard McKinney is the chief information officer at the U.S. Department of Transportation.

Big Data World Series?

The Kansas City Royals just won it all by playing great defense and following the old baseball motto – “hit ‘em where they ain’t.” It’s also a motto that fraudsters have embraced as they continue hitting agencies from all angles.

In 2014, GAO officials tested the application controls for HealthCare.gov by creating 12 fake applicants and applying for coverage. A whopping 11 of the 12 fake applicants were approved for subsidized coverage – if we’re talking batting averages, that’s a .916 clip. The fictitious applicants received a total of about $30,000 in annual tax credits, and all 11 were automatically re-enrolled for coverage in 2015. If you want the full scoop, GAO released a report earlier this summer.

(more…)

Looking for Treasure

Agencies treasure data and like to refer to information as their crown jewel. But if an agency can’t find data, then any crown jewel is more of a lost treasure.

There’s no sense in wasting time hunting for data. That’s like spending your Sundays watching the Redskins lose.

Time to Clean Up

What’s your attic look like? Or your garage? Nice and neat? Didn’t think so. Agencies often have the same problem with their information–data clutter. Some agencies are beginning to put information management policies in place. It’s not spring, but you can still begin cleaning up.

Information availability represents a key element of information management. Information availability means having access to data and applications around the clock, on any device, no matter where employees work from.

Backup and recovery solutions are an important part of information availability. That’s because of the wicked phenomenon known as downtime, which plagues every agency at some point–and it’s always at the worst times, right? The best solutions mean data and applications are constantly replicated so you don’t risk losing information when downtime occurs.

Maybe you can start cleaning that attic this weekend. It’s more productive than watching the Redskins.

Fool’s Gold

Like information availability, information governance should represent an important part of an agency’s broader data management strategy. Why do agencies save what they don’t need? Some of those crown jewels may not have the value agencies think they have.

So keep your high school yearbooks, but pitch the ill-fitting ’80s apparel. No one wants to see you in parachute pants or leg warmers anyway. Members Only jackets looked bad then, and look worse now.

Agencies have the same tough decisions to make. Hoarding represents a real (big) problem.

Organizations store an average of 2.63 petabytes of data at any one time. Data managed by the average hospital is likely to grow to 665 terabytes this year, up from 168 terabytes in 2010.

Progressive agencies are beginning to practice defensible deletion and getting rid of what they don’t need.

Pot of Gold

Information management helps agencies save money, improve efficiency, and eliminate the need for frantic treasure hunts in search of the crown jewels. Get rid of what you don’t need. And who knows, maybe you’ll find something really valuable while you’re cleaning the attic, like some great old photos or letters. Remember when we used to write letters…

Read more about progressive information management practices in government and health care.

Could your agency improve its information management policies? Does your agency save everything? Do you have reliable access to data and applications around the clock? You’d be surprised how many agencies struggle to manage data.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.

Hackers Love This Trend

Every good manager has an open-door policy. Come on in. Let’s talk about it, right after you get those TPS reports finished. That would be greaaaat…

Open doors are good when it comes to management. When it comes to cybersecurity, open doors are an invitation for hackers.

Access Excess

That’s one takeaway from a new study released this week by MeriTalk, “Endpoint Epidemic.” But that’s becoming increasingly difficult because of the proliferation of devices at every agency. Workers have more devices than ever and more ways than ever to connect to networks.

It’s your classic double-edged sword–those devices have made workers more productive than ever, but they have also made it more difficult for IT departments to ensure the security of networks and data. Every device is a door to the network. If those endpoints aren’t secure, those doors are open.

Federal IT managers estimate 44 percent of endpoints used to access agency networks are at risk. It seems like a lot of doors are wide open.

Personal (Device) Problem

Mobile access, telework, and the BYOD movement are here to stay–just like selfies. Smile! Workers crave convenience and policies that allow them to work wherever they want, whenever they want.

But only 40 percent of Federal IT managers say their agency requires employees to register personal devices before using them for work, and only 41 percent say they inspect those devices. That’s nothing to smile about.

It sounds like the honor system. But there’s no honor among thieves, and the bad guys will find a way to take advantage of weak devices if agencies–and users–don’t improve their security.

In fact, personal devices represent an agency’s greatest cybersecurity challenge. Even among agencies that do have Bring Your Own Device (BYOD) policies:

61 percent do not apply network security policies to mobile devices.
•    60 percent do not require encryption.
•    50 percent do not ban the use of public Wi-Fi networks.
•    47 percent do not require anti-malware or anti-virus software.

Keep Out (unless you’re here to talk)

Read the full report. It will help you remember that your manager’s open-door policy is a good thing, but that open doors on your agency’s network will usher in danger. And send along your favorite line from Office Space. That would be greaaaat…

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Building the Right Strategy: Don’t Forget Encrypted Traffic Management (ETM)

Happy Halloween: Don’t be Scared of Cloud

Remember when cloud used to scare Federal agencies? It wasn’t that long ago that shopping for cloud resembled a trip through a haunted house – surprises around each corner. Screams and sweaty palms.

But cloud isn’t so scary. Let’s talk about it.

Deep Breath

Many agencies have overcome their cloud computing anxieties, and they want to learn more. They know there’s nothing to be afraid of. They know cloud can provide incredible savings while improving IT efficiency.

That’s what we’ll talk about next week at Cloud Connect 2015.

Trick or Treat

We’re doing our best to help agencies find their comfort level by peeling the mask off cloud computing.

We produced the Cloud Carry Out report based on data from the GovCloud Shopper (GCS) to help Federal agencies.

Data is good. No tricks, please. Just treats.

A Really Big Treat

Do you think cloud is still a new trend? Last week provided one of those moments that confirmed cloud’s arrival. Amazon and Microsoft reported quarterly earnings.

“Tech historians will look at Oct. 22 as a watershed,” New York Times reporter Quentin Hardy wrote. “Cloud computing is no longer on the way, just a contender, or even a competitor to traditional enterprise technology companies. Instead, it is here, full force, and all the signs are that it is about to get a lot bigger, fast.”

Amazon Web Services, the company’s cloud business, grew 78 percent from a year ago with third-quarter sales of $2.09 billion.

One analyst said Microsoft “hit it out of the park” with its profits. Microsoft’s Azure cloud business grew 8 percent, to $5.9 billion.

No Zombies

Cloud isn’t a strange new thing anymore, and next week at Cloud Connect 2015 we’ll discuss hybrid cloud and what’s next in government cloud. We hope it’s more fun house than haunted house, but grab a friend if that makes you feel safer.

FedRAMP Director Matt Goodrich will attend, as will other top minds in the public and private sectors.

No zombies. Just cloud. There’s nothing to be afraid of.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

What are Public Clouds Made of?

If little girls are sugar, spice, and all things nice. And, little boys are slugs, snails, and puppy dog’s tails. Then the September 2nd Synergy Research Public Cloud Infrastructure report puts the gadget guts of public clouds into plain view. This fascinating dissection of the categories of stuff that constitute clouds gives better insight into the complexity that makes things simple. (more…)

Aretha Franklin and FITARA?

How would the Queen of Soul spell FITARA? R-E-S-P-E-C-T. That’s coz the new IT law is all about Federal CIOs getting some swagger – and harmonizing Federal IT efficiency on the same track. And, according to new MeriTalk research, FITARA Future, 45 percent of Fed IT execs say IT gets no respect from mission execs. The study says Fed IT’s a Chain of Fools – where mission owners only call IT execs in early on program planning in one out of five programs. Little wonder that Fed IT outcomes are Rolling in the Deep. We’re hosting OMB, GAO, Richard Spires, and a chorus of former Federal CIOs at the FITARA Forum on December 9th at the Newseum. (more…)

Vinyl Isn’t Dead

Sales of vinyl records were up 52 percent in the first half of the year compared to last year.

Are the ‘80s back? What else is coming back? Gas guzzlers? Feathered hair? The Macarena?

What about mainframes? Nope. Album sales are surging because audiophiles like holding vinyl in their hands and reading liner notes. But server huggers should just let go. That was the refrain last week at the Cloud Computing Caucus Advisory Group meeting.

In Tune
In case you missed it, panelists at the Advisory Group meeting agreed that moving on from legacy IT and embracing cloud computing can save money and improve cyber security.

After a while it sounded like a broken record.

Dawn Leaf, chief information officer, Labor Department, said a fairly straightforward project like moving e-mail to the cloud allowed the agency to get rid of legacy equipment and make other changes – like network improvements. Through those modernization and standardization efforts, the agency got better e-mail and improved its cyber security.

Sounds like addition by subtraction.

Roopangi Kadakia, web services executive, National Aeronautics and Space Administration (NASA), said moving to the cloud helped NASA expose and fix potential security vulnerabilities.

Singing Cloud’s Praises
Kadakia also said moving data and applications to the cloud can save the agency “a lot of money… especially since we have such a big public data presence.”

That should be music to an agency’s ears.

So why do agencies spend 80 percent of IT budgets on legacy systems?

Don’t B-Flat
Even members of Congress hit all the right notes. Three of the four co-chairs of the Cloud Computing Caucus Advisory Group attended the meeting and urged agencies to embrace cloud computing. One more and it would have been a quartet…

Reps. Gerry Connolly (D-Virginia), Ted Lieu (D-California), and Mark Walker (R-North Carolina) showed they get it – legacy IT represents an incredible waste of money and is hard to secure.

How is your agency doing with efforts to move data and applications to the cloud? Let us know what your agency is moving and we’ll put out a greatest hits version of Federal cloud initiatives. How’s that sound? Keep up with the Cloud Computing Caucus Advisory Group, FedRAMP, and Federal cloud news and information so you can sing along with everyone else.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Counting the Cloud?

Fluffy comes to mind as good cloud adjective – difficult to define. But never fear, it’s raining cloud metrics this week – and we’re bringing you the chance to get face to face with the facts at our November 5th Cloud Connect conference. (more…)

Shutdown Town

What a difference a week makes.

Days after Pope Francis and Xi Jinping blew into town we’re looking at a government shutdown. Our Federal friends may not go to work on October 1.

The 2013 shutdown lasted 16 days.

What will you do if you’re forced to take a politically-fueled vacation?

While the parties try to resolve their differences you can go to the beach. The kids are back in school, so you’ll have the place to yourself.

Or you can catch up on our research, because we’ve been busy looking at the important Federal IT issues that people and agencies are talking about – cloud, cyber, data, and much more. We don’t do shutdowns (although we might leave the office early on St. Patrick’s Day).

Insider threats remain a big concern.

Two-thirds of Feds say DevOps will help agencies shift into the cloud fast lane, improving IT collaboration and migration speed.

Should agencies move legacy applications to the cloud or build new ones for the cloud? With the growth of cloud, it’s a great question.

With information coming at organizations from so many different directions and in so many different formats, data integration is a big deal.

You can also check out our video blogs and catch up on My Cup of IT. Washington may grind to a halt, but you have lots of great ways to spend this unexpected time off.

When you’re done catching up on our research, maybe you can tackle a home renovation project. Start small in case the shutdown ends quickly. Dare to dream, right?

How long do you think the shutdown will last?

How do you plan to spend your time off?

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Commentary: The Proliferation of Chiefs

When I came to Washington years ago on what was to be a one-year fellowship, the senior administrative management position in government departments and agencies was typically an Assistant Secretary for Administration (AS/A) or perhaps an Assistant Secretary for Management (AS/M). In the majority of cases, those positions and their deputies were long-time careerists, recognizing that financial management, management reform, recruitment and sustaining a high-quality workforce required large investments and considerable lead-times to be successful. Under these assistant secretaries were all the arrows that one needed in a management quiver to direct an agency’s programs — budget, financial management, personnel, procurement, and the like.

Then, beginning in the 1990’s and continuing for a decade or so afterwards, came a push for Chiefs — first Financial Officers, then Information Officers (CIO’s), and later Acquisition Officers and Human Capitol Officers. The majority of these new positions were established as either Presidential appointee, Senate confirmed jobs or non-career SES ones. And so they were filled with appointees with an average life span in government of 18-24 months. Difficulties developed in coordinating the works of the diverse chieftains. In several cases, this has led departments to establish Under Secretaries for Management to oversee and integrate these multiple chiefs.

Ironically, last year’s enactment of the Federal Information Technology and Acquisition Reform Act (FITARA), which was designed to strengthen and clarify the authority of the CIO, has given birth to a new proliferation of chiefs — especially in the information technology arena. To a certain extent, I find these new roles puzzling. Let’s review them:

Chief Data Officer (CDO): We know government agencies generate lots of data. The Department of Commerce, the smallest cabinet-level agency in terms of budget, generates 24 terabytes of data each day. Of that vast array of data, the department estimates that it makes use of less than 4 TBs. The challenge for the CDO is to make better use of this rich array of data perhaps through partnership with the private sector. But once data is combined and once it is put in a broader context it comes under the purview of a …

Chief Information Officer: Created in 1996 under the Information Technology Management Reform Act (also known as the Clinger-Cohen Act), the CIO was created to deal with two major problems — paying today’s prices for yesterday’s technologies, and IT projects that were over budget, behind schedule, and not delivering the promised functionality. But there are other key concerns, so one also needs a …

Chief Technology Officer (CTO): This may be one of the more muddled roles, since it has led Capitol Hill to draft legislation that would define the CTO’s role. Over the span of this Administration, the responsibility has shifted from defining how technology can transform the delivery of government services, such as health care, to serving as a SWAT team to salvage what many have characterized as the “botched roll-out” of the Affordable Care Act, to recruiting IT talent from Silicon Valley to come to D.C. to serve in government, to STEM, to women in technology. Regardless, one still needs a ….

Chief Information Security Officer (CISO): The CISO is needed to focus on information security. Along with a security chief, one needs a …

Chief Privacy Officer (CPO): The CPO is needed to ensure an individual’s personal data isn’t revealed. But once information is stored and aggregated, perhaps one needs a …

Chief Knowledge Officer (CKO): The CKO’s job is to understand what the agency knows. And who will use the data, the information, and the knowledge, outside the agencies, outside the government? For that, we need to turn to the …

Chief Customer Officer. And so on.

I know I haven’t covered every new chieftain (e.g., the Chief Digitization Officer). But I want to raise the issue of the proliferation of chiefs across the IT field, how they are defined and coordinated, and whether their creation undermines the efforts to strengthen the potential of using information technology to transform government and the way the government delivers services to our citizens.

At the very point when we seemed close to nailing down the role and responsibility of a CIO in the Federal space, a thousand new IT flowers have bloomed. But why?

Alan P. Balutis (@AlanBalutis) is a Senior Director and Distinguished Fellow at Cisco Systems U.S. Public Sector.

What is NIST’s Privacy Risk Management Framework?

Inside Out: Cyber Threats from all Directions

Summer’s almost over. But hackers never go out of season.

IRS. OPM. Cyberattacks on Federal networks are a big deal and require a lot of attention – and budget – from agency CIOs. Federal CIO Tony Scott mandated over the summer that agencies shore up their networks, policies, and procedures to defend their networks from cyberattacks.

But have cyberattacks also caused agencies to ignore the insider threat and data protection?

A new report from MeriTalk, “Inside Job: The Federal Insider Threat Report,” illustrates the ongoing danger from insider threats.

In the past year, 45 percent of Federal IT managers say their agency has been a target of an insider incident, and nearly one in three (29 percent) say their agency has lost data to an insider incident during that same period, according to the report.

So, why does the problem exist?

Agencies aren’t always helping themselves, according to the report:

46 percent of agencies employ two-factor authentication across the agency
40 percent use endpoint encryption agency-wide
39 percent offer employees annual, in-person security training

When it comes to data, the findings are more startling:

45 percent of agencies can’t tell whether a document has been shared appropriately
40 percent of Federal IT managers say unauthorized employees access information they shouldn’t at least weekly
34 percent of agencies can’t tell what data they lost

Federal IT managers can do more to educate employees and protect their agency’s data:

65 of Federal IT managers say it is common for employees or contractors to email documents to personal accounts
51 percent say it is common for employees or contractors not to follow appropriate protocols

The good news? Awareness of insider threats has increased – 76 percent of Federal IT managers say their agency is more focused on insider threats than they were a year ago.

The Federal Cybersecurity Sprint helped improve security by increasing the use of security measures like two-factor authentication. But that was about shoring up problems with network access, not about protecting data.

So agencies still have work to do – inside and out – to make sure their data remains safe. All year around.

Read the full report for more details.

And let us know – does your agency have a formal insider threat program?

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

The Cyber Trump Card

Donald Trump might quip that there are two kinds of insider threats – the Edward Snowden kind and the Hillary Clinton kind. But our nation’s cyber security’s no laughing matter. According to a new MeriTalk study Inside Job, 45 percent of Federal agencies detected insider threats and 29 percent lost data to insider threats in the last year. What’s perhaps more alarming, in many cases Feds don’t know what they don’t know – 45 percent can’t tell if a document has been inappropriately shared and 34 percent can’t tell what data has been lost. So, it may be worse than we think…

(more…)

Price Shopping Federal Cloud

Money talks – and BS walks. We’re about to separate the men from the boys in Federal cloud. Yes, we’re rolling into busy season – when agencies use it or lose it. Will Feds drop cash on cloud or binge on boxes as usual? The answer floats on procurements’ ability to make sense of cloud pricing – and craft cloud RFQs. That’s why we developed the Gov Cloud Shopper. It’s free to use. It provides point-and-click access to pricing from FedRAMP Cloud Service Providers (CSPs) – AWS, CenturyLink, IBM, Microsoft Azure, and VMware. We use our algorithm to allow you to break CSPs out by price point and line them up based on common specs. (more…)

Commentary: Pulling Out of the Death Spiral

The Federal government spends close to $100 billion each year on Information Technology (IT). That’s a lot more than the $80 billion figure that shows up in the President’s annual budget and reports from Deltek and others. The latter number only shows spending from the 24 so-called Chief Financial Officers (CFO) Act agencies. It does not include IT expenditures by the legislative branch, the judiciary (including the court systems around the country), small agencies (a goodly sum when aggregated), independent and quasi-government agencies like the Federal Reserve and the Postal Service, or the $9 billion that we now know the intelligence community spends on IT.

But behind those budget figures is a death spiral of spending on legacy IT systems – a crisis we must confront.

The President’s FY 2016 budget suggested that 70 percent of the government’s IT budget is spent on what is called Operations and Maintenance (O&M) of legacy IT systems – as opposed to Development, Modernization, and Enhancement (DME), which is focused on establishing new technology to reduce duplication, driving cost savings and enhancing citizen services.

But in a recent FCW article, Dave Gwyn cites a Government Accountability Office claim that the O&M spend is more than 75 percent of the IT budget. And at the recent FITARA Forum, sponsored by MeriTalk, Federal CIO Tony Scott upped the ante, stating that the government spends “more than 80 percent of the…IT budget on operations and maintenance for legacy systems.”

Cheeky Brit and MeriTalk Founder Steve O’Keeffe recently went on a tirade, dubbing Federal IT systems “aging,” “decrepit,” “insecure,” “dysfunctional,” a “rusting hulk,” and “a crisis.” In this case, O’Keeffe may have been understated. He went on to call for a .usa2020 initiative – replacing our aging Federal IT infrastructure by 2020, the end of the next President’s first term. But how can we get there?

A recent McKinsey Insight article, “Two Ways to Modernize IT Systems for the Digital Era,” provides a roadmap with two potential routes. So with proper thanks to authors Juan Garcia Avedillo, Duarte Begonha, and Andrea Peyracchia, here are some thoughts on alternative paths and governance principles.

There are two approaches for successfully realizing improvements in the short term while transforming the IT architecture in the long-term: Two-speed and Greenfield.

Two-Speed Approach

Under the two-speed approach, the IT organization produces quick iterations and launches of front-end customer-facing applications while continuing to ensure the stability of slower, back-end systems that handle foundational transactions. The agency would need to limit the number of fast-track initiatives. But it would also need to set critical milestones for the long-term transformation and have a comprehensive plan and investment strategy. Without such a plan, they will be caught up in a change cycle that has no end.

Greenfield Approach

As the name suggests, this is a replacement of core legacy IT systems. The approach works best when an agency requires a total transformation that the existing legacy system simply can’t support. Implementing this approach also requires a bit more lead time, substantial capital, and business process redesign to fit the IT tools and packages being acquired.

Governance Principles

Regardless of which approach is chosen, agencies would need to adhere to certain governance principles:

Ensure that agency leadership plays an active role;
Have a clear long-term vision and plan;
Simplify processes and IT at the same time;
Maintain good housekeeping, implement IT standards, freeze legacy investments, and prevent shadow IT offerings from being introduced;
Make clear and frequent communications a priority;
Dedicate the best internal resources to the transformation project; and,
Choose industry partners that prioritize your account.

Hopefully with these McKinsey insights we can begin our .usa2020 transformation journey.

Alan P. Balutis (@AlanBalutis) is a Senior Director and Distinguished Fellow at Cisco Systems U.S. Public Sector.

Sexier than Cyber?

Cybersecurity is still a sexy topic. Just ask Ashley Madison.

Federal agencies have an intimate knowledge of cyber threats, too. That’s why MeriTalk is bringing the best minds together for the Fourth Annual Cyber Security Brainstorm. We’re all just friends.

Curious?
I guess sites like Match.com and eHarmony just don’t cut it in anymore. Does FarmersOnly.com even stand a chance? What happened to romance? We’re not sure about the fate of standard dating sites, but we do know that standard approaches to cybersecurity don’t cut it anymore.

With the increasing number of threats, agencies are looking for new ways to use information to improve cybersecurity.

How You Doin’?
At the Cyber Security Brainstorm we’re going to introduce smart people from the private sector to smart people from the Federal government. There’s no reason this shouldn’t work out! Why?

We expect sparks to fly because they share the same interests.

Government and partners across industry and academia are looking to improve collective cyber intelligence and how they use that information to deter cyber attacks and defend against cyber threats.

Let’s Talk
After Allison Tsiumis, section chief, cyber intelligence section, at the Federal Bureau of Investigation, delivers the morning keynote we’ll have a session on using data-driven intelligence to improve the security of networks, systems, and devices.

Emery Csulak, Chief Information Security Officer/Senior Privacy Official, Information Security and Privacy Group (ISPG) at the Centers for Medicare & Medicaid Services, will be joined by experts from DHS and DISA for a discussion on how to spot gaps in security.

Steven McIntosh, Insider Threat Program Coordinator at the Defense Intelligence Agency, will be joined by experts from the State Department and the CERT Insider Threat Center, Software Engineering Institute at Carnegie Mellon University, to discuss mitigating insider threats.

Ron Ross, Information Technology Laboratory, Computer Security Division at the National Institute of Standards and Technology, will moderate a discussion on evading hackers.

If that wasn’t enough, the Father of the Internet will deliver the afternoon keynote address to close out the Cyber Security Brainstorm and kick off the NIST Cloud Security Working Group session.

Vint Cerf helped develop TCP/IP protocols and the basic architecture of the Internet in 1973 – when he was a government employee – and in 1983 he helped turn the Internet on. Since then Internet use has grown to 3.1 billion, and it’s expected to grow to 3.6 billion in just three years as developing nations go online.

Retired NSA Deputy Director Chris Inglis will deliver remarks during the NIST Cloud Security Working Group.

Get the full lineup of all the speakers here and register here before it’s too late.

And let us know – if you could ask the Father of the Internet one question, what would it be?

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Addressing Compliance Issues Associated with Government Cloud Adoption

Commentary: Defending CDM

Ken Durbin, Symantec Public Sector. The recent data breach at the Office of Personnel Management has put a spotlight on the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Program. There have been articles and blog posts that call into question the usefulness and logic of CDM because it didn’t detect the attackers or block the exploit at OPM. This criticism misses the mark.

The General Services Administration awarded the Group B Task Order to Booz Allen Hamilton on April 14th, 2015. OPM is included in Group B, but it will take some time before BAH implements CDM at OPM. Even then it will only be covered by Phase I of CDM.

Some argue that CDM (btw: the “M” stands for “Mitigation”, not “Monitoring”) is simply about basic cyber hygiene and that even when fully deployed CDM is not designed to detect attackers. I disagree for two reasons. First, a key function of Phase I is to identify all hardware and software assets in the network. Seems to me it would be easier to find an attacker if you knew about all the places they could hide. Second, although we’ll need to see the final requirements, DHS has defined Phase III to allow for the detection of attackers.

The CDM Program At-A-Glance

Phase 1 – Main Goal: Endpoint Integrity
Scope of Focus: Local Computing Environment (Devices)
Areas of Focus: Hardware and Software Asset Management, Configuration Settings, Known Vulnerabilities, Malware
Phase 2 – Main Goal: Least Privilege and Infrastructure Integrity
Scope of Focus: Local Computing Environment (People), Network and Infrastructure (Devices)
Areas of Focus: Account and Privilege Management; Configuration Settings and Ports/Protocols/Services for infrastructure devices
Phase 3 – Main Goal: Boundary Protection and Event Management
Scope of Focus: Local Computing Environment (Events), Network and Infrastructure (Events), Enclave Boundary (Devices, Events)
Areas of Focus: Audit and Event Detection/Response, Encryption, Remote Access, Access Control
- “Event Management, Event Detection/Response” could include the correlation of data that would identify an attacker.

Even if CDM were to ultimately focus only on cyber hygiene it will still provide federal departments and agencies with a much improved cybersecurity posture. DHS has been very clear and consistent when describing the intent of the CDM program, which is to find and fix the most severe vulnerabilities first. CDM does this by defining the desired state of an IT system in accordance with the Federal Information Security Management Act (FISMA), scanning it once every 72 hours to determine the actual FISMA state and remediating the deficiencies. All three phases work this way, with each phase covering additional capabilities that map back to the National Institute of Standards and Technology Special Publication 800-53.

What’s Behind Phase I?

To understand how CDM will improve the government’s cybersecurity posture, let’s look at Phase I of CDM.

Phase I is divided into four functional areas (FA1 through FA4): Hardware asset management, software asset management, configuration management and vulnerability management.

First, scan your IT System to identify all hardware (FA1) and software (FA2) assets. This is done first because you can’t defend what you can’t see. Once identified, you scan the assets to make sure they are configured properly (FA3) and to look for any known vulnerabilities (FA4). An asset that is misconfigured or has an unpatched vulnerability is a threat vector for a hacker to exploit and needs to be mitigated to lower the asset’s exploitation potential. Phase I will detect the defect in the asset, but the department or agency will do the actual mitigation, focusing on the greatest threat first.

DHS chose the functional areas of Phase I for a reason. They are effective in reducing cybersecurity events. Phase I is for the most part identical to the first five of the SANS Institute’s Top 20 Critical Security Controls and is also reflected in the Australian Government’s Top 35 Mitigation Strategies. DHS quotes a study conducted by the Center for Strategic and International Studies that showed an 85 percent reduction in cyber events when the strategies detailed in Phase I are followed. Yes, the remaining 15 percent is a large number, especially in today’s fast-paced, sophisticated environment, but look at it this way; Phase I gets rid of 85 percent of the proverbial hay in the haystack, reducing the number of events an IT staff has to chase down.

Would CDM have helped OPM if it had been in place before the attack? It could have. At minimum, a fully deployed Phase I would have made an attacker’s job more difficult. The vast majority of attacks depend on the presence of a misconfigured or unpatched system to exploit. Had CDM Phase I been fully deployed it could have detected the vulnerable assets at OPM so they could be remediated. It is possible CDM could have led to the remediation of the threat vector used by the attackers who infiltrated OPM and stole personal data belonging to millions of current and former federal employees.

Phase I is happening now, but it clearly doesn’t find attackers. So do we de-emphasize CDM in favor of finding the attackers? Clearly not and here’s why. One analogy floating around suggests that deploying CDM now is like locking all your doors and windows when the burglar is already in the house and that we should instead focus on first getting rid of the burglars. Sounds reasonable, but the analogy is flawed. It ignores the fact that there are hundreds of burglars still trying to get in the house every minute of every day. Locking all the doors and windows as fast as you can reduces the number of burglars you need to search for in your house. Furthermore, how can we find the burglars if we do not know where to look for them? If Phase I capabilities are not in place it would be like doing a search and rescue in a building with no blueprints and all of the rooms are filled with smoke. The deployment of CDM should not stop, rather it should be accelerated.

We should also remember there was a real financial justification for deploying CDM. According to DHS, manual plans, reports and audits cost about $1,400 per page and total between $600 million and $1.9 billion a year. The automation CDM brings to the government is designed to bring these costs down, freeing up dollars that could be used to deploy additional security capabilities. Even if the automation doesn’t materialize, government agencies are already seeing a financial benefit from CDM. At a recent CDM conference an agency chief information security officer told the audience he was planning to buy and deploy Phase I type tools using his own budget. Now that DHS is picking up the tab he can use his budget to deploy data loss prevention tools.

Is CDM perfect? No. The roll-out is taking too long, leaving departments and agencies vulnerable. But the strategy and intent of the program is sound. Who can really argue with making sure all departments and agencies have the ability to discover their IT assets so they can conduct regular scanning for potential exploits? Let’s do all we can to find the attackers lurking in federal networks, but let’s do it with the understanding that CDM is part of the solution, not the problem.

Ken Durbin is the Unified Security Practice Manager for Symantec Public Sector.

FITARA’s Season Opener?

Agency CIOs QB Fed IT – or do they? That’s FITARA’s goal – to improve Fed IT performance by ensuring CIOs are the only QB on the Fed IT field. So, isn’t it ironic that, like the Redskins, DC’s IT franchise is plagued by ownership and QB problems? (more…)

Want to Write for MeriTalk? Check Out The Writers Guidelines

Writers Guidelines

MeriTalk is a property of 300Brand and provides a platform for news, information and thought leadership designed to improve the outcomes of government IT.

MeriTalk welcomes new, independent voices to help improve the dialogue between the public sector and industry, enhance collaboration and facilitate sharing of best practices to address the most pressing issues in government technology and policy.

Our audience ranges from senior government technology officials, policymakers and agency program managers to industry subject matter experts.

A successful guest contribution typically runs 750 words or less on a topic about which the author is qualified to speak. Guest columns should make a clear, fair and powerful argument and offer potential solutions to problems. Fresh perspectives and insights, new approaches to vexing challenges and ideas that ignite respectful debate are preferred.

Topics pitched should be timely and relevant to current news events. Likewise, submissions should cover at least one of MeriTalk’s five major Exchange areas: Cloud Computing, Cybersecurity, Big Data, Data Center or Mobile Work.

By submitting a guest column to MeriTalk, you agree that:

Your submission is original and hasn’t been published elsewhere.
All submissions are subject to editing and review prior to publication.
Unless expressly commissioned by MeriTalk, guest columnists are not entitled to monetary compensation for their work.
Upon publication, their articles become the copyrighted property of MeriTalk, its parent, 300Brand and its affiliated properties, in accordance with common copyright rules.

If you would like to write for MeriTalk, submit your column ideas to Executive Editor, Dan Verton, at dverton@meritalk.com.

Healthcare Needs a Data Checkup

It’s important to keep your weight down. Better on the heart.

Healthcare is at risk in much the same way. Government health and human services agencies struggle to confirm and verify healthcare benefits due to data integration challenges, according to a new study, “The Economics of Eligibility: The Cost of Eligibility and Verification Challenges for Government Healthcare Benefits,” released this week by MeriTalk.

Recipe for Success
Government healthcare organizations collect a staggering amount of data, and integrating that information represents the number one challenge for managers. Here’s the direct impact – their inability to integrate data means government health and human services agencies have difficulty verifying coverage or confirming eligibility for benefits quickly and comprehensively.

MeriTalk’s study estimates that 11 percent of those receiving benefits are in fact, not eligible. Government healthcare organizations may not be able to reduce their data diet, but the IT managers at those institutions say better data integration will help them manage their consumption:

64 percent say data integration will improve customer experience
63 percent say it will accelerate eligibility requirements
55 percent say it will reduce costs by accurately identifying recipients

And, improved data integration will lead to a 23 percent increase in productivity by making the appropriate data readily accessible to the appropriate people.

The report estimates that $342 billion is wasted each year due to improper payments from benefit eligibility and verification challenges. Sounds like data integration is just what the doctor ordered.

A Healthy Outlook
Will healthcare go on a data diet? It’s unlikely – they won’t stop compiling doctor’s notes, lab data, insurance information, radiology reports, pharmacy information, or the multitude of other paper and electronic health records that make up a patient’s medical history. So data integration looks like a prescription to save time and money, and potentially improve the delivery of healthcare.

Read the full report here, and let us know if your agency has embraced and solved this or other complex data integration challenges. Has it worked? Tell us how you diagnosed the problem and what your agency did to get well.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Death and Rebirth?

Never let a good crisis go to waste. The OPM breach – and the subsequent Cyber Sprint – may be just the jolt we need to euthanize our geriatric Fed IT. According to Tony Scott and GAO at this week’s FITARA Forum, we spend more than 80 percent of the $80 billion IT budget on operations and maintenance for legacy systems. You see with the Cyber Sprint we’ve been looking hard at how to secure our systems. And, the simple truth of the matter is – it’s impossible. It’s impossible to apply two-factor authentication to systems and applications built in the ’60s, ’70s, ’80s, ’90s, and naughties. (more…)

Hand Over the Encryption Keys? Not Yet.

With a Little Help from my Friends

No one goes it alone anymore.

So some smart people at the National Institute for Standards and Technology (NIST) started thinking about how to help the financial, energy, healthcare, and other critical industries better protect their data, networks, and infrastructure from a cyber attack.

They developed the NIST Cybersecurity Framework to help organizations figure out how best to guard against cyber attacks.

Hear some of those smart folks tell the story of the Framework.

You’ve Got a Friend
Here’s what we found when we spoke to them.

The NIST Framework helps organizations figure out what they have and what they can do to make their networks less vulnerable.

It’s not a tool so much as it’s a strategy.

The Framework also has become the de facto standard for cybersecurity, providing agencies and organizations with the guidance they need to eliminate weaknesses in their networks.

Dell’s Jack LeGrand and NIST’s Ron Ross break it down nicely for Luddites like me, and you can hear it in their own words on the podcast. These guys are on top of it.

That’s What Friends are For
MeriTalk also did a nice job of illustrating the Framework’s importance. Read MeriTalk’s description of the Framework and the need for the guidance it provides for agencies of all sizes.

You can also take a self-assessment survey to measure your agency’s cybersecurity profile and find out what you can do to strengthen your defenses.

There are people out there trying to help so your agency isn’t the next one to get hacked.

Don’t go it alone.

Let us know how you did in the self-assessment survey. And let us know if the Framework is helpful. NIST will update it periodically – if you pass along your insights, you can help the smart people get even smarter.

Feel like sharing something Noteworthy? Post a comment below or email me at bglanz@300brand.com.

Side effect of the OPM breach: Protecting your passwords, beyond password complexity

— from my colleague Frank Briguglio at Dell Software…

By Frank J. Briguglio, CISSP, Security Architect, Dell Software

The Office of Personnel Management (OPM) has stated that any government employee, contractor or military service member that has filled out the “Questionnaire for National Security Positions SF-86” since 2000 (and possibly prior) is at risk of having the data collected comprised to the attacker.

The data collected on the form contains every bit of Personally Identifiable Information (PII), or Sensitive Personal Information (SPI) and life event that we have encountered, personally I first filled one out in 1988 and have updated every five (5) years since, that’s a lot of data.

Think of that data, places you’ve lived, place of birth, schools attended, countries travelled to, spouses information, mother’s maiden name, etc.

Now, consider each of the accounts where you use a password, at work – privileged accounts, email, financial institutions, utility companies, social media, schools, etc.

Here is the recommendation from OPM’s website;

“If the information in your background investigation forms could be used to guess your passwords or if you are using the same password that you did when you filled out your background investigation form, change them. Use complex passwords of 10-12 characters, combining letters, numbers, and special characters. Don’t use something that is easily guessable for someone who knows you or has information about you. Don’t repeat passwords for several accounts.”

Something’s missing, more than ever we need to be more vigilant about the responses we provide to the Challenge Questions used to manage an account. Typical Challenge Questions usually include mother’s maiden name, schools attended, place of birth, favorite country you’ve travelled to, where did you meet your spouse, where did you get married, etc., all easy to remember answers, but they were all included on or could possibly be derived from compromised data!

I suggest reviewing each of your accounts for stored responses to those Challenge Questions, if you have used any data that could have been compromised or derived from compromised data consider changing those answers.

I might be stating the obvious here but so often we don’t consider those obscuring the responses to the Challenge Questions to protecting our assets but we sure need to now.

« Previous 1 … 13 14 15 16 17 … 19 Next »

Cookie	Duration	Description
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_pxhd	1 year	PerimeterX sets this cookie for server-side bot detection, which helps identify malicious bots on the site.

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.

Cookie	Duration	Description
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.
_gat	1 minute	Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
UID	1 year 1 month 4 days	Scorecard Research sets this cookie for browser behaviour research.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
anj	3 months	AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
GoogleAdServingTest	session	Google sets this cookie to determine what ads have been shown to the website visitor.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
muc_ads	1 year 1 month 4 days	Twitter sets this cookie to collect user behaviour and interaction data to optimize the website.
personalization_id	1 year 1 month 4 days	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
uuid2	3 months	The uuid2 cookie is set by AppNexus and records information that helps differentiate between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
_mkto_trk	1 year 1 month 4 days	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.