With one of the most abnormal years of our lifetimes coming to an end, we look back at the top Fed IT moments of 2020. In a year with both a pandemic and an election, the government had to change the way it worked, ensure trust in election outcomes, and modernize on the fly.
Here are the top moments of the year, in no particular order:
The COVID-19 pandemic changed the way we all worked, sending much of the nation’s workforce from the office to the couch for telework. The pandemic made major waves in the United States in March, and while most of the larger Federal agencies were able to pivot quickly, some of the smaller and micro agencies had a harder time switching to working from home. Telework put new stressors on agencies’ security measures, and with the pandemic stretching into 2021, many are looking forward to improving the way they work remotely heading into the new year.
The 2016 election had sowed some seeds of election mistrust, making 2020 an important one for reassuring the American public. But when all was said and done, the 2020 election went off without a technical hitch. The Cybersecurity and Infrastructure Security Agency (CISA) called the 2020 election “the safest in the nation’s history” and said voting systems were airtight.
Chris Krebs Fired
President Trump, in turn, fired CISA head Chris Krebs for his election security assessment and drew the ire of both sides of the aisle. Despite President Trump’s many claims to the contrary, recount after recount has confirmed his loss. Krebs has since shown up to Congressional hearings to reassure lawmakers that the election was, in fact, secure, and filed a lawsuit for unlawful termination.
The Big Hack
One of the newest stories on this list may also end up being one of the most impactful, with the SolarWinds hack having all the hallmarks of a state-sponsored attack. Threat actors breached a SolarWinds system used to update its widely-used Orion product, and from there were able to inject malware into software updates sent to the company’s customers, which include a wide range of government and private sector customers. The full extent of the attack is still being unearthed, and CISA has warned that the attack represents a “grave risk.” House panels have since opened inquiries into the attack, and investigations will only grow wider in 2021.
The August FITARA scorecard drew bipartisan praise and saw seven different agencies improve their scores. The General Services Administration (GSA) and the United States Agency for International Development (USAID) both passed with flying colors, with GSA earning an A+ on the scorecard and USAID earning an A. Seven other agencies nearly cracked the A-rating, coming in at a B+. Rep. Gerry Connolly, D-Va., applauded the 10.0 scores but pointed to more work that needed to be done.
As agencies migrated to mostly virtual environments, Zero Trust initiatives were in vogue this year. In April, just weeks after the COVID-19 pandemic began in masse, CISA released guidance on Trusted Internet Connections that leaned heavily on Zero Trust architecture. Almost across the board agency Chief Information Officers (CIOs) and cybersecurity leaders have touted the benefits of Zero Trust, and it’s safe to expect the initiative to play a big role in 2021 as well.
With in-person events canceled across the board, 2020 was also the year of the virtual conference. MeriTalk held over 36 virtual events this year, with topics ranging from conversations with CIOs, to how municipalities were dealing with COVID-19, and more. With full distribution of the COVID-19 vaccine likely still months away, at least, expect the trend to continue through early 2021. MeriTalk already has two lined up: one in January – about defending High Value Assets (HVAs) – and another in February – the second part of a discussion on migrating to the cloud.
A federal court first put the Department of Defense’s (DoD) Joint Enterprise Defense Infrastructure (JEDI) cloud services contract on hold in February 2020, while an Amazon protest was sorted out. Another protest by Oracle was eventually rejected by the court in early September. After an extension of the awards process, DoD went with its original JEDI vendor and awarded Microsoft the contract in September. Legal haggling continues in Federal court.
The newest entry on the list came with five agencies having their grades lowered, though most agencies held steady. A category change helped contribute to the grade-changes, with the committee no longer using MEGABYTE as a category pushing agencies down the list. It was replaced by progress on Enterprise Infrastructure Solutions (EIS), and, while the inclusion of EIS helped three agencies, it also knocked GSA down from the A+ it received on the FITARA 10.0 scorecard. The House of Representatives Oversight and Reform Committee endorsed the scorecard as a valuable tool to measure performance of IT initiatives.
Continuous Diagnostics and Mitigation (CDM) had its time in the limelight this year, even getting its own funding bump in the omnibus bill for Fiscal Year 2021 (FY21). Citing a need for speedier deployment and better supports, Congress appropriated an additional $40 million to CISA earmarked specifically for CDM improvements. That funding bump came just weeks after a report that there was a funding shortfall for the government’s primary program for improving cybersecurity in civilian agencies. A MeriTalk survey found that 86 percent of respondents believe that CDM is a better method of protecting the government’s HVAs than the current system.