Mitigating risk, managing cybersecurity and building resiliency to meet the mission of government
The IBM Center for The Business of Government has written previously about the need for mission leaders to focus on cyber security as a key success factor, especially given the Administration’s identification of “cybersecurity as a key enabler of mission delivery” in the President’s Management Agenda. Below we provide highlights of a few of those reports focused on cyber, which provide a foundation for IBM to build on as the Cybersecurity Center moves ahead. We look forward to adding to this research base, working with academic and nonprofit experts to benefit government leaders in achieving cybersecurity goals.
We will also work to drive current thinking on cyber issues into the government’s marketplace of ideas via a regular blog series. The first blog, authored by IBM executive and former DHS Cybersecurity Leader Kelvin Coleman, is also being released today.
In this report, the authors address current and potential future organizational cybersecurity and risk management needs by creating a decision model that allows agencies to tailor approaches for particular cyber challenges. The authors review existing risk management frameworks in use across government, and analyze steps that agencies can take to understand and respond to those risks in a manner consistent with existing law and policy. They put this work together to develop an implementation model based on taking five steps to improve cybersecurity outcomes: Prioritize, Resource, Implement, Standardize, and Monitor–the PRISM model.
The Impact of Blockchain for Government: Insights on Identity, Payments, and Supply Chain
Blockchain technology enables a shared ledger to record the history of transactions with consistency and certainty. In a blockchain network, all parties to a transaction must give consensus before a new transaction is added—and once recorded in the blockchain network, a transaction cannot be altered. Blockchain eliminates or reduces paper processes—speeding up transaction times, increasing efficiencies, and building trust among participants to a transaction. This report helps leaders to understand how blockchain can benefit government and how can government lead the way to a broad-based blockchain evolution that drives economic vitality.
This report focuses on data gathering, analysis, and dissemination challenges and opportunities across the homeland security enterprise, looking especially at how improved information sharing could enhance threat prediction and prevention in a transatlantic context. The authors address how stakeholders in the U.S. and Europe can increase the understanding of effective ways to leverage channels involving technology, human capital, organizations, and private sector coordination that meet strategic, mission, and operational needs. The report highlights opportunities for governments to leverage data integration and analytics to support better decision making around cyber and homeland security.
This report reviews recent progress made in applying artificial intelligence to public sector service provision, drawing on lessons learned from commercial experience as well as burgeoning cognitive computing activity by Federal, State, local, and international governments. The author takes this real-world experience to set forth a framework for agencies to plan, develop, and deploy AI systems. The author puts forward a set of challenges for government leaders and innovators in this space, along with opportunities for agencies to act in addressing these challenges. Finally, the report outlines a maturity model for agencies to use in guiding their journey forward in applying AI to improve mission performance.
Media attention highlighted a series of high-profile security breaches such as the Department of Veterans Affairs (VA) data loss and the Office of Personnel Management (OPM) data hack. These breaches have affected U.S. government agencies and their contractors, and severely damaged the public trust and confidence in the federal government. No longer relegated to the IT organization of classical defensive products and tools within the enterprise firewall, security is now unquestionably a C-suite priority across an information ecosystem. Federal agencies and organizations need to move toward a more systematic and proactive approach to addressing evolving security threats and managing compliance requirements in today’s economy. This report details external and internal threats, compliance requirements, a security intelligence approach, a three-point plan for the C-Suite, and how to build “security intelligence” in waves.
This report makes a series of recommendations for leaders to consider in developing a greater understanding of cyberspace, including the value of a broad and commonly accepted definition to help guide management actions in cyberspace. The authors found that a better definition of cyberspace was needed, as well as an increased understanding of the concept of “strategic domains.” Recent events demonstrate that global cyber activity is becoming ever-more prevalent as an issue for governments to address. Accordingly, cyberspace decision makers will find this report to be helpful as they manage and make decisions about cyberspace programs in the years ahead.