The Wrap: Zero Trust Report Card; Ransomware Fighters Bulk Up; New CIO Research at Tech Tonic

Welcome to The Wrap for Wednesday, September 4!

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

?

Fed CIO’s Zero Trust Report Card

Federal agencies as a group are doing pretty well in their transition to zero trust security architectures, with the largest – the 24 CFO Act agencies – getting grades above 90 percent more than two and a half years into the process, and government agencies as a group scoring in the high 80 percent range. That was the news today from Federal CIO Clare Martorana who offered up those figures during a talk at the Billington CyberSecurity Summit. Missing from the grading report, however, were details on the exact definition of the goals agencies are being judged against. The Office of Management and Budget ’s M-22-09 policy?issued in January 2022?requires agencies to achieve a specific list of zero trust security goals by the end of FY2024, which is less than four weeks away. Those goals are organized around the zero trust maturity model developed by the Cybersecurity and Infrastructure Security Agency (CISA) that is focused on five pillars – identity; devices; networks; applications and workloads; and data. The Federal CIO emphasized today that transition to zero trust security does not feature a hard end-point. “Every agency … is [on] a journey,” Martorana said, adding, “You don’t get to a place called zero trust and it’s unicorns and rainbows.”

?

Ransomware Fighters Bulk Up?

The International Counter Ransomware Initiative (CRI), an international coalition launched by The White House in 2021 to reduce ransomware attacks globally, has grown to 68 members since then – from its original roster of 31 countries – and will be meeting later this month in Washington to size up progress made since then. White House Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger said on Tuesday at the Billington CyberSecurity Summit that she’s “deeply appreciative” of the group’s work, and explained that the global nature of the ransomware plague means “we needed to bring together as many partners as we could around the world to tackle the problem together.” What’s the secret sauce? Cutting red tape, said Chris Gower, the senior representative for Australia’s Department of Home Affairs in the Americas Region, who explained that the CRI is able to circumvent treaties and regulations that might otherwise “slow things down quite a bit.” He added, “one of the reasons the CRI has been successful is because we’ve managed to avoid all of that. It’s remained an incredibly agile organization.”

?

Fresh Fed CIO Research at Tech Tonic

Fiscal year 2025 is less than a month away, and if you’re wondering what a dozen Federal CIOs are really planning to do with their budgets for the upcoming fiscal year, then please plan to pop into MeriTalk’s Tech Tonic on September 19 from 5 p.m. – 9 p.m. at Morton's The Steakhouse in Washington, D.C. to find out. We’ll be taking the covers off the new Federal CIO Forecast report, and plan to have a bunch of those same CIOs on hand to discuss their plans, along with Rep. Gerry Connolly, D-Va., to chart the congressional outlook for FY2025 IT spending. Click here to sign up and to see the list of CIOs contributing to the upcoming research release.

?

NGA Aiming to Boost GEOINT AI

The National Geospatial-Intelligence Agency (NGA) – the king of geospatial intelligence providers in the U.S. intelligence community – is rolling out a new program that aims to elevate the standards and reliability of artificial intelligence models used in its tradecraft. The Accreditation of GEOINT AI Models (AGAIM) program is packing some broad goals including to: provide a standardized evaluation framework, implement risk management, promote a responsible AI culture, enhance AI trustworthiness, accelerate AI adoption and interoperability, recognize high-quality AI, and identify areas for improvement. At the same time, NGA is also launching its GEOINT Responsible AI Training (GREAT) program to educate coders and users on the ethical use of AI. The program conducted pilot classes in April and May.

?

Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy. And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at [email protected].