IBM To Establish New Cybersecurity Center For US Federal Clients

IBM Center for Government Cybersecurity to help agencies navigate current and future threats Convenes advisory group of former government officials for expanded expertise

WASHINGTON—IBM today announced that it is creating the IBM Center for Government Cybersecurity, a collaborative environment focused on helping federal agencies address current and future cybersecurity threats. The center will facilitate events and learnings, drawing on IBM’s cybersecurity expertise from delivering software and managed services to over 17,500 security customers globally. Working with a group of internal IBM experts and external advisors, including former government officials with decades of cybersecurity experience, the center will leverage IBM technology and host workshops focused on priorities such as zero trust frameworks and cloud security, complemented by access to IBM Research labs to collaborate around the future of encryption.

As recent threats like SolarWinds and the Colonial Pipeline ransomware attack against critical infrastructure have shown, the threat landscape has crossed over from the digital world to the physical. In fact, the 2021 IBM Security X-Force Threat Intelligence Index found that ransomware accounted for 33% of the attacks on government organizations in 2020. With the US Federal government furthering its investment in hybrid cloud, new approaches for cybersecurity should focus on protecting both systems as well as data – no matter where it is – either on premise, in the cloud, or at the edge.

The IBM Center for Government Cybersecurity will be housed at IBM’s offices in downtown Washington DC. The new facility will feature secured laboratory space where government customers can collaborate on unique solutions for advanced security threats leveraging insights from demos of IBM technologies and services. Initially, IBM will conduct virtual sessions to accommodate any challenges to meeting in person, with the capability to execute engagements at on-site customer locations.

“IBM is committed to helping our US Federal government customers meet cybersecurity modernization requirements – both for current and future threats,” said Stephen LaFleche, General Manager Public and Federal Market, IBM. “Hybrid cloud environments can provide an opportunity to implement new technologies and techniques, like a zero trust framework and advanced encryption – while helping make the government more accessible and easier for citizens work with. These techniques are also being applied in other highly regulated industries, such as financial services, telecommunications and healthcare.” 

Center Exploring Current and Future Threats

A central goal of the IBM Center for Government Cybersecurity is to provide access to information on cybersecurity technologies IBM is using with the public and private sectors, and security innovations being developed in IBM Research laboratories via workshops. Some of initial examples of the sessions IBM will conduct include:

  • Adapting to a Zero Trust World – Exploring the unique implementation needs for government to apply the core principles of zero trust: least privilege access; never trust, always verify; and assume breach. IBM will leverage blueprints from successful public and private sector implementations to assist agencies to plan their zero trust journey. The session will explore four initiatives including: Securing the hybrid and remote workforce, Reducing the risk of insider threats, Protecting the hybrid cloud and Preserving customer privacy. As part of the center, IBM can demonstrate the capabilities of IBM Cloud Pak for Security to help orchestrate zero trust approaches. Customers can also experience the IBM Zero Trust Acceleration workshop to help manage new emerging requirements for a zero trust approach at US Federal agencies – with added expertise via partnerships like Zscaler and Illumio.
     
  • Hybrid Cloud Security Challenges for Data Portability – Part of adapting zero trust models is disrupting the architecture design for IT systems. Agencies using multi-cloud and multi-tenant environments may be looking to securely modernize their applications and move data between on premise and cloud environments. As part of this workshop, IBM Security architects can demonstrate the use of trusted execution environments, containers, and open standards as a reference point for future hybrid cloud designs via  IBM Security Services for Cloud. IBM is also helping customers protect data across hybrid environments for current threats. For example, IBM services and technologies are designed to maintain the highest available level of cryptographic key encryption protection to help protect existing data in the cloud1 and prepare for future threats that could evolve with advances in quantum computing. 
     
  • The Future of Cryptography – With modern day cryptographic techniques threatened by advancements in computing, IBM Research is expanding its efforts in hardening this essential technology. IBM currently has several Quantum-safe cryptography standards in consideration with NIST and is at the forefront of making data usable while encrypted via Fully Homomorphic Encryption (FHE) and Confidential Computing. As part of this workshop, IBM researchers can help US Federal agency teams understand the implications that the technology will have on next-generation architectures and security protocols. IBM Z helps agencies protect against, and respond to threats, with technologies such as: encryption everywhere for data at rest and in transit to protect against data loss or corruption.

Expertise Available via IBM Center

The IBM Center for Government Cybersecurity Advisory Group brings together former public sector leaders and private sector experts that can advise US Federal customers on historical challenges and help evaluate best practices for navigating current and future regulations and orders. Access to the advisory group will be made available via on-site and virtual conferences as well as individual discussions. The Center Advisory Group will also publish thought leadership and research on cybersecurity issues and solutions.

Advisory group members include:

  • Tony Scott – Former US Chief Information Officer
  • Curt Dukes – Former Information Security/Cyber Security Lead for NSA
  • Kiersten Todt – Former Cybersecurity Advisor for President Obama
  • Margaret Graves – Former Deputy Federal CIO and Deputy DHS CIO
  • Daniel Chenok – Former Branch Chief for OMB
  • Brian Dravis, Major General (ret) – Former Director Joint Service Provider DISA, DOD
  • Terry Halvorsen – Former DOD CIO, DON CIO, and Deputy Commander Network Warfare Command

The world-renowned IBM Security X-Force research organization will also be available via Center events. IBM Security X-Force monitors 150 billion+ security events per day in more than 130 countries. Early access to research from X-Force will be available for US Federal customers engaged via the Center.

IBM X-Force Command Cyber Tactical Operations Center

Industry’s first fully functional Security Operation Center (SOC) on wheels was launched by IBM in 2018. The IBM X-Force Command Cyber Tactical Operations Center (C-TOC) travels onsite for cybersecurity training, education and response, including immersive cyberattack simulations to help organizations improve their incident response efforts.

The IBM X-Force Command Cyber Tactical Operations Center (C-TOC) will travel onsite for cybersecurity training, education and response, including immersive cyberattack simulations to help organizations improve their incident response efforts.

The IBM X-Force C-TOC provides a gesture-controlled cybersecurity “watch floor,” data center and conference facilities that can accommodate two dozen operators, analysts and incident command center staff.

About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. IBM Security offers a completely flexible deployment model from consultancy, advice from industry experts, advanced technology to managed security services.

For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

Source and photo credits: IBM and Feature Photo Service

A D V E R T I S E M E N T

The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

NEW YORK—As America struggles to assess the damage from the devastating SolarWinds cyberattack discovered in December, ProPublica has learned of a promising defense that could shore up the vulnerability the hackers exploited: a system the federal government funded but has never required its vendors to use.

The massive breach, which U.S. intelligence agencies say was “likely Russian in origin,” penetrated the computer systems of critical federal agencies, including the Department of Homeland Security, the Treasury Department, the National Institutes of Health and the Department of Justice, as well as a number of Fortune 500 corporations. The hackers remained undetected, free to forage, for months.

The hackers infiltrated the systems by inserting malware into routine software updates that SolarWinds sent to customers to install on its products, which are used to monitor internal computer networks. Software updates customarily add new features, remove bugs and boost security. But in this instance, the hackers commandeered the process by slipping in malicious code, creating secret portals (called “back doors”) that granted them access to an untold bounty of government and company secrets.

The incursion became the latest — and, it appears, by far the worst — in a string of hacks targeting the software supply chain. Cybersecurity experts have voiced concern for years that existing defenses, which focus on attacks against individual end users, fail to spot malware planted in downloads from trusted software suppliers. Such attacks are especially worrisome because of their ability to rapidly distribute malicious computer code to tens of thousands of unwitting customers.

This problem spurred development of a new approach, backed by $2.2 million in federal grants and available for free, aimed at providing end-to-end protection for the entire software supply pipeline. Named in-toto (Latin for “as a whole”), it is the work of a team of academics led by Justin Cappos, an associate computer science and engineering professor at New York University. Cappos, 43, has made securing the software supply chain his life’s work. In 2013, Popular Science named him as one of its “Brilliant Ten” scientists under 40.

Cappos and his colleagues believe that the in-toto system, if widely deployed, could have blocked or minimized the damage from the SolarWinds attack. But that didn’t happen: The federal government has taken no steps to require its software vendors, such as SolarWinds, to adopt it. Indeed, no government agency has even inquired about it, according to Cappos.

“In security, you almost never go from making something possible to impossible,” Cappos told ProPublica, during two video interviews from Shanghai, where he is teaching. “You go from making it easy to making it hard. We would have made it much harder for the [SolarWinds] attackers, and most likely would have stopped the attack.” Although the SolarWinds breach was a “really sneaky” approach, Cappos said, “in-toto definitely can protect against this. It’s very possible to catch it.”

In-toto’s system has supporters among experts in the government and corporations. When ProPublica asked Robert Beverly, who oversees in-toto’s federal grant as a program director at the National Science Foundation, whether using in-toto could have saved the government from the hack, he replied, “Absolutely. There seems to be some strong evidence that had some of the, or all of the, in-toto technologies been in place, this would have been mitigated to some extent.” Beverly, whose NSF responsibilities include “cybersecurity innovation for cyberinfrastructure” and who is on leave from his post as a computer science professor at the Naval Postgraduate School, added that it’s impossible to know for sure what impact in-toto would have had, and that the system remains at an early stage of adoption. “Unfortunately,” said Beverly, “it often takes some of these kinds of events to convince people to use these kinds of technologies.”

Some companies have embraced in-toto, and others, like Microsoft, have expressed interest. “I am a big fan of in-toto,” Kay Williams, head of Microsoft’s initiatives in open source and supply-chain security, said in an email to ProPublica. A second Microsoft program manager, Ralph Squillace, praised in-toto in a recent NYU press release for applying “precisely to the problems of supply chain confidence the community expects distributed applications to have in the real world.” (After Williams’ initial response, Microsoft declined to comment further.)

One senator blasted the government’s failure to use a system it paid for. “The U.S. government invested millions of dollars in developing technology that can protect against this threat, and while several large technology companies have already adopted it, they are the exception,” said Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee. “The government can speed up industry adoption of this best practice by requiring every government contractor to implement the best available technology to protect their supply chains.”

The in-toto system requires software vendors to map out their process for assembling computer code that will be sent to customers, and it records what’s done at each step along the way. It then verifies electronically that no hacker has inserted something in between steps. Immediately before installation, a pre-installed tool automatically runs a final check to make sure that what the customer received matches the final product the software vendor generated for delivery, confirming that it wasn’t tampered with in transit.

Cappos and a team of colleagues have worked to develop the in-toto approach for years. It’s been up and running since 2018. The project received a three-year grant from the National Science Foundation that year, aimed at promoting “widespread practical use” of in-toto. (Later in 2018, President Donald Trump signed the Federal Acquisition Supply Chain Security Act, aimed at protecting government secrets from software supply-chain threats.)

In-toto could block and reveal countless cyberattacks that currently go undetected, according to Cappos, whose team includes Santiago Torres-Arias, an assistant electrical and computer engineering professor at Purdue University, and Reza Curtmola, co-director of the New Jersey Institute of Technology’s Cybersecurity Research Center. In an August 2019 paper and presentation to the USENIX computer conference, titled “in-toto: Providing farm-to-table guarantees for bits and bytes,” Cappos’ team reported studying 30 major supply-chain breaches dating back to 2010. In-toto, they concluded, would have prevented between 83% and 100% of those attacks.

“It’s available to everyone for free, paid for by the government, and should be used by everyone,” said Cappos. “People may still be able to break in and try to hack around it. But this is a necessary first step and will catch a ton of these things.” The slow pace of adoption is “really disappointing,” Cappos added. “In the long game, we’ll win. I just don’t know that we want to go through the pain that it’ll take for everyone to wise up.”

One of in-toto’s earliest adopters, starting in 2018, was Datadog, a SolarWinds competitor that provides monitoring software for internet cloud applications. Now a publicly traded company with 2020 revenues of nearly $600 million, its customers include Nasdaq, Whole Foods and Samsung. Datadog uses in-toto to protect the security of its software updates. In an NYU press release, Datadog staff security engineer Trishank Kuppusamy, who worked on the program’s design and implementation, said that what distinguishes in-toto is that it “has been designed against a very strong threat model that includes nation-state attackers.” (Datadog did not reply to ProPublica’s requests for comment.)

The General Services Administration, which provides access to software for federal government agencies, still lists SolarWinds products available for purchase. But it said in a statement that “compromised versions” of SolarWinds programs identified by DHS are no longer available.

SolarWinds itself declined to weigh in on whether its hack could have been prevented. “We are not going to speculate on in-toto and its capabilities,” a spokesman said in an emailed statement. “We are focused on protecting our customers, hardening our security and collaborating with the industry to understand the attack and prevent similar attacks in the future.”

Previously little known to the general public, SolarWinds is a public company based in Austin, Texas, with projected 2020 revenues of just over $1 billion. It boasts of providing software to 320,000 customers in 199 countries, including 499 of the Fortune 500 companies. In a recent SEC filing, the company said its flagship Orion products, the vehicle for the cyberattack, provide about 45% of its revenues. A SolarWinds slogan: “We make IT look easy.”

After the hack was discovered, SolarWinds’ stock plunged, and it is now facing shareholder lawsuits. The company has shifted aggressively into damage-control mode, hiring CrowdStrike, a top cybersecurity firm; elite Washington lobbyists; a crisis-communications advisor; and the newly formed consulting team of Christopher Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (who was famously fired for contradicting Trump’s claims of mass voting fraud) and Alex Stamos, former security chief at Facebook.

News of what’s now known as the SolarWinds attack first came on Dec. 8. That’s when FireEye, perhaps the nation’s preeminent hack-hunter, announced that it had itself fallen victim to a “highly sophisticated state-sponsored adversary” that had broken into its servers and stolen its “Red Team tools,” which FireEye uses to try to hack into the computer networks of its clients as a test of their cyber-defenses. FireEye soon discovered the attackers had gained access through corrupted updates to the SolarWinds Orion network-monitoring software that it used.

On the evening of Dec. 13, CISA issued an emergency directive, identifying SolarWinds as ground zero for the hack and alerting federal agencies using Orion products to disconnect them immediately. Over the following weeks, investigators discovered that SolarWinds had been targeted back in early September 2019, when hackers started testing their ability to inject code into its software updates. After remaining undetected for months, they inserted malware in new updates between February and June 2020. SolarWinds estimated these infected updates affected “fewer than 18,000 of its customers.”

Precisely what the hackers saw, and stole, has yet to be determined and is under investigation. But the full impact of the breach is becoming clearer, as we now know it touches several tech companies, including Microsoft. The software giant has also labored to limit the damage by helping seize an internet domain in the U.S. that the hackers used to siphon data from some SolarWinds customers.

Stamos told the Financial Times, in an interview after being hired to help SolarWinds, that he believed the attackers had embedded hidden code that would continue to give them access to companies and government agencies for years. He compared the situation to Belgian and French farmers going out into their fields where two world wars were fought and discovering an “iron harvest” of unexploded ordnance each spring.

Dmitri Alperovitch, who co-founded CrowdStrike (the cybersecurity firm SolarWinds has hired to investigate the hack) before leaving last year to start a nonprofit policy group, said he thinks that, in theory, the in-toto system could work. But he warned that software is so complex, with many products and companies in the supply chain, that no one defense is a panacea. Still, he agrees that in-toto could provide protection, and said “it’s always a good thing to have more protection for supply chains.”

Russian intelligence services have clearly identified supply-chain attacks “as a much better way to get in,” offering “a much bigger set of targets,” Alperovitch said. “This is an indictment of the entire cybersecurity industry, as well as the intelligence community, that they were able to orchestrate such a broad, sweeping attack right under our noses.”

How to Introduce New Technologies, Products, Services, and New Innovations to the U.S. Government

COLLEGE PARK, GA — The government welcomes industry and small businesses to respond under their SBIR and STTR programs, or an Unsolicited Proposal in unique ways to introduce a specific technology, a service, a product or a new innovation to the U.S. Government.

Scenario:
One has a technology, service, product or new innovation that needs to be introduced to the government but the government is not aware of this technology, these services, products or new innovations. How are technology, services, products or new innovations introduced to the government? First one needs to consider doing research and identifying issues and challenges agencies have to determine if what is offered as a solution supports some of their issues and concerns. Many times the government will release information concerning some of their issues and problems.

SBIR:
The Small Business Innovation Research program is a highly competitive program that encourages domestic small businesses to engage in Federal Research/Research and Development (R/R&D) that has the potential for commercialization. Through a competitive awards-based program, SBIR enables small businesses to explore their technological potential and provides the incentive to profit from its commercialization. By including qualified small businesses in the nation’s R&D arena, high-tech innovation is stimulated and the United States gains entrepreneurial spirit as it meets its specific research and development needs.

STTR:
bdpaxl-bizw.jpgSmall Business Technology Transfer is another program that expands funding opportunities in the federal innovation research and development (R&D) arena. Central to the program is expansion of the public/private sector partnership to include the joint venture opportunities for small businesses and nonprofit research institutions. The unique feature of the STTR program is the requirement for the small business to formally collaborate with a research institution in Phase I and Phase II. STTR”s most important role is to bridge the gap between performance of basic science and commercialization of resulting innovations.

Unsolicited Proposal:
What Constitutes an Unsolicited Proposal? It is defined in FAR 2.101, as a written proposal for a new or innovative idea that is submitted to an agency on the initiative of the offering company (your firm) for the purpose of obtaining a contract with the government, and that is not in response to an RFP, broad agency announcement, or any other government-initiated solicitation or program, For an unsolicited proposal to comply with FAR 15.603(c), it must be:

  • Innovative and unique
  • Independently originated and developed by the offering company
  • Prepared without government supervision, endorsement, direction or direct government involvement
  • Detailed enough to show that government support could be worthwhile, and that the proposed work could benefit the agency’s research and development (or other mission responsibilities)
  • Not an advance government proposal for a contract the public already knows the agency will need that could be acquired by competitive methods

If interested in reviewing government agencies that provide specific instructions on how to submit an Unsolicited Proposal to their agency, review Department of Homeland Security (DHS) Unsolicited Proposal website posted here: https://www.dhs.gov/unsolicited-proposals 

by Dannie James
JE Group, LLC

 

A D V E R T I S E M E N T

USAFcyber-ad2017.jpg

DIA Director appointed new Deputy Commander for U.S. Cyber Command

Mr. Clapper and General Stewart
General Stewart (DIA) with Mr. James Clapper (DNI)

PENTAGON — Secretary of Defense Jim Mattis announced that one of the president’s general officer assignment nominations on 19 JUNE 2017 is Marine Corps Lieutenant General Vincent R. Stewart for appointment and assignment as deputy commander, U.S. Cyber Command (CYBERCOM).  General Stewart is currently serving as the director, Defense Intelligence Agency (DIA), Washington, District of Columbia.

CYBERCOM’s mission is to plan, coordinate, integrate, synchronize, and conduct activities to: direct the operations and defense of specified Department of Defense information networks.  CYBERCOM also must prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Since 2009, CYBERCOM has been co-located with the National Security Agency (NSA) at Fort Meade, Maryland, sharing personnel, tactics, tools and a director.  Congress recently directed CYBERCOM to become a full unified combatant command. Both organizations, while often times conducting similar activity, are defined under different statutory terms.

CYBERCOM, as a military organization under the chain of command of the secretary of defense, is governed by Title 10 of the United States Code (USC). NSA is an intelligence organization under the scope of Title 50, with Title 10 combat service support (CSS) duties performed when necessary. These two legal distinctions help define and refine specific roles and responsibilities for the organizations that govern them.

— Sources:
Department of Defense and BDPA-DC
Photos:
bdpatoday and U.S. Marine Corps

Microsoft Inks $927M Pentagon Deal

FORT MEADE, MD [Nasdaq]—Under a new contract with the Defense Information Systems Agency (DISA), Microsoft will provide new consulting services that include software developers and product teams “to leverage a variety of proprietary resources and source code,” as well as the firm’s premier support services like tools and knowledge centers and problem resolution assistance from developers.

pentagon-geoNasdaq reports Microsoft’s contract with DISA is a noncompetitive, single-award, firm-fixed price, indefinite-delivery/indefinite-quantity (IDIQ). The new contract comes in addition to another large award with the U.S. Department of Defense (DoD) earlier this year, which moves all of DoD’s 4 million employees to Windows 10 within a year, as well as purchasing large quantities of new laptops and related hardware.  Although Microsoft’s support for DISA mostly takes place in the U.S. (CONUS), DOD states some services may also be required at other locations outside the continental U.S. (OCONUS).

DISA is a combat support agency of the Department of Defense with 6,000 civilian employees, 1,500 active duty military personnel from the Army, Air Force, Navy, and Marine Corps, and approximately 7,500 defense contractors. DISA provides and operates command, control, and enterprise information systems.

Defense.gov: Select here to read more.

—Sources:  Nasdaq and defense.gov
Photos:  U.S. Navy and DoD

DoD launching innovation office near MIT

Accelerating Innovation to the Warfighter

CAMBRIDGE, MA — Today, AP is reporting Defense Secretary Ash Carter is launching the military’s latest effort at improving its technological capabilities in Cambridge, Massachusetts.

Carter will formally open the second office of the Defense Innovation Unit Experimental, or DIUx, near the Massachusetts Institute of Technology (MIT) this afternoon. The first office is in Mountain View, California, near the tech center of Silicon Valley.

The U.S. Department of Defense relies on innovation to maintain our nation’s ability to deter, and if need be, prevail in conflict.  With outposts in the heart of Silicon Valley and now Boston, Defense Innovation Unit Experimental (DIUx) serves as a bridge between those in the U.S. military executing on some of our nation’s toughest security challenges and companies operating at the cutting edge of technology.

diux-carter-sv

Above, Defense Secretary Ash Carter speaks with Defense Innovation Unit Experimental employees in Mountain View, Calif., May 11, 2016, before delivering remarks about the future of the Defense Department’s innovation.

DoD photos by Senior Master Sgt. Adrian Cadiz

As their name implies, DIUx is just that: an “experiment.” They continuously iterate on how best to identify, contract, and prototype novel innovations through sources traditionally not available to the Department of Defense, with the ultimate goal of accelerating this technology into the hands of the men and women in uniform.

Discover more by visiting diux.mil

The Federal Government is hiring Innovation Specialists

So you want to join 18F?

18F
Mission
18F is a civic consultancy for the government, inside the government, working with agencies to rapidly deploy tools and services that are easy to use, cost efficient, and reusable. Their goal is to change how the government buys and develops digital services by helping agencies adopt modern techniques that deliver superior products.
18F transforms government from the inside out, creating cultural change by working with teams inside agencies who want to create great services for the public.
They are a trusted partner for agencies working to transform how they build and buy tools and services in a user-centered way.
They accomplish their mission by:
▸ putting the needs of the public first
▸ being design-centric, agile, open, and data-driven
▸ deploying tools and services early and often

$1.1 Trillion Spending Bill Clears Congress

by Aisha Choudry

bills_domeWASHINGTON—Congress headed off a possible government shutdown on Dec. 18 with the passage of a $1.14 trillion spending bill. The measure funds the federal government through the end of fiscal year 2016.

The package includes the Cybersecurity Act of 2015 and the fiscal 2016 Intelligence Authorization Act. CISA encourages private firms to share more cyber threat data with law enforcement. It includes provisions to improve Federal network and information system security, among others.

Story and photo by FCW.comread more

Former HUD and Education Department CIO receives Lifetime Achievement Award

37-gala-williams

Industry Icons and Community Volunteers honored by local BDPA Chapters

WASHINGTON — During an annual community and technology awards ceremony, Jerry Williams (left)  receives an industry Lifetime Achievement Award from National BDPA’s Washington, D.C. Chapter (BDPA-DC).    The chapter is celebrating its 37th year advancing technical careers in underserved communities  ‘from the classroom to the boardroom.’

Mr. Williams, Chief Executive Officer (CEO), Ryan Consulting Group, is the former Chief Information Officer at the Department of Education Federal Student Aid.  His Federal career is distinguished by over 31 years of federal service enabling mission capability and readiness throughout the Federal space in an innovative and secure manner. Mr. Williams is a recipient of the Federal 100 award, which honors individuals from government, industry, and academia whose ideas and accomplishments had the greatest impact in shaping the missions, solutions, and results achieved by the government information technology community. Mr. Williams has served as a member of Industry Advisory Council’s (IAC).

Mr. Williams was a member of the Senior Executive Service and has served as the Chief Information Officer of the Department of Housing and Urban Development, Deputy Chief Information Officer/Acting Chief Information Officer, Department of the Interior; Director of Financial Management, Director of National Intelligence; Deputy Chief Information Officer and Acting Chief Information Officer of the Department of Agriculture, Chief Information Officer, Small Business Administration; Chief Federal Financial System, Executive Office of the President Office of Management and Budget.  Mr. Williams has over 31 years of experience in public sector Financial Management and Information Technology.

Serving over 10 years at the Senior Executive Service (SES) level and the Senior National Intelligence Service levels (SNIS).  Mr. Williams has a strong background in performance/change management, implementation of GPRA objectives, independent assessment, planning, analysis, design and implementation of enterprise-level administrative and financial management systems, for Federal agencies.   Mr. Williams has authored and implemented the current Federal Financial Line of Business for Federal Financial Systems, Federal Payroll Consolidation and has served on the Obama Administration Federal Financial Systems Advisory Board (FSAB).  Mr. Williams’ possess extensive experience managing and participating in all phases of the system development lifecycle and structured information engineering, to include, strategic planning, architectural analysis, information technology oversight and assessment, requirements definition and analysis, system design, implementation, data modeling, testing, data conversion, business process reengineering, system documentation and training, and configuration management.

Mr. Williams also possess in depth knowledge of Federal Financial management requirements, including the relevant Office of Management and Budget Circulars, Federal Systems Integration Office (FSIO) financial systems requirements, Federal Accounting Standards Advisory Board statements, and Department of Treasury guidelines and regulations.  I also possess an in-depth knowledge of Federal Information Technology statutory and regulatory requirements including Clinger Cohen, FISCAM and FISMA.

The president of Ryan Consulting Group is R. Keith Harding. Mr. Harding, former President of BDPA’s Indianapolis, IN Chapter, is an established and well respected IT industry veteran and one of the founders of RYAN Consulting Group, Inc.

 

The Achampong theorem of life at NSA

Math @ NSA
The Achampong theorem of life at NSA
FedScoop.com

Christina Achampong knows what that’s like. The 30-year old operations researcher has applied her mathematics expertise at NSA since 2009. She describes her experience working at the agency as “wonderful.” But there was that one moment, shortly after former NSA contractor Edward Snowden disclosed thousands of classified documents detailing NSA’s operations around the world, when the mainstream media began painting the agency with the broad strokes of an evil empire bent on destroying liberty that Achampong and her colleagues felt the need to pause and think about what was being said about them.

Select here to discover more

%d bloggers like this: