Year in Review 2022: Going to the Cloud, Embracing Zero Trust
GovTech's top stories from May and June 2022 covered everything from smart infrastructure and cloud technologies to insidious cyberattacks and ambitious electric vehicle policies.
Sharing threat intelligence across government and private industry has been hotly debated in recent years as stakeholders have sought to define what should be shared about known vulnerabilities. Arming organizations with necessary information needs to be balanced against exposing those who are affected to further threats and protecting the intellectual property of American companies. But in May, CISA published an emergency directive for federal civilian agencies using unpatched versions of VMware software, while nudging other organizations to protect against the vulnerability as well.
The costs of cyber threats were laid plain when Illinois-based Lincoln College announced in May that it would close its doors permanently after more than 150 years. While the institution cited financial uncertainty and low enrollment, officials also said a recent ransomware attack was a significant contributor to the decision. While the incident did not expose sensitive data, it did cripple several critical systems, including those used to recruit, retain and fundraise.
A report released earlier in the year from Sophos points to a lack of consistent reporting rules across K-12 and higher education, which makes the exact toll of the ransomware threat on education hard to quantify. It did find, however, that K-12 schools are a little less likely to pay the ransom when hit with an attack.
Infrastructure continues to grow ever smarter, as pilots and testbeds of connected technologies increase in size. In one example, a multistakeholder partnership in southern Georgia will expand to 18 miles along Interstate 85. “The Ray” testing ground will feature six roadside units that collect data from connected vehicles and transmit it to a traffic management platform to glean real-time insights that can make for smoother travels. This “vehicle to everything” system is currently being used in Colorado and Utah.
The pandemic has forced many real estate decisions as governments look to downsize their physical footprint due to increased remote work. Paired with growing confidence in as-a-service technologies, this has cleared the way for smaller data centers. Utah, for one, had to move to a different data center site once its facility was targeted for demolition. But CIO Alan Fuller told GT the state is using it as a chance to advance its multicloud strategy, migrating what they can to the cloud and working toward cloud for the services and applications that still need space in the new data center.
Viewed as the next phase beyond the “trust but verify” strategy, the 2022 cybersecurity term of the year was “zero trust.” Government organizations are now working toward establishing zero-trust environments that acknowledge that protecting the perimeter is no longer sufficient. At the RSA conference in June, NIST’s National Cybersecurity Center of Excellence released some zero-trust guidance, albeit in draft form, for those looking to get started. Also on the minds of government cybersecurity practitioners is the federal funding aimed at bolstering the country’s collective posture, which could help on the path to zero trust. At RSA, experts offered tips on when to expect the much-anticipated money ($200 million in 2022, $800 million in the next three years) and how to prepare.
Hacktivism, or malicious cyber activity carried out in response to controversial moves by government entities, is nothing new, but the latest round is taking aim at states with restrictive abortion laws. Ransomware group SiegedSec got its start just before the Russia/Ukraine conflict and claimed to have breached state servers in Kentucky and Arkansas after the June Supreme Court decision overturning Roe v. Wade. This example, one among many, underscores the vulnerability of digital assets, like valuable government-held data, in times of political upheaval.
June also saw some major changes for IT operations in Chicago. Mayor Lori Lightfoot not only named a new CIO in Kurt Peterson, but she also released a new digital services strategy that prioritizes equitable, transparent services for Chicagoans using more modern systems. Other stated goals include decreasing the amount of IT expertise needed at the department level and prioritizing data integrity throughout the organization. Peterson now runs the Bureau of Innovation and Technology in the Department of Assets, Information and Services, while appointee Nick Lucius, chief technology officer in the Office of the Mayor, leads efforts to make services and connectivity more widely available.
If you want a new gas-powered car and you live in California, you should make that purchase in the next dozen or so years. A proposal first heard in June by the California Air Resources Board would ban gas-powered car sales after 2035. Experts view the idea, that several other states have also vowed to adopt, as a watershed moment: “the most sweeping, transformative regulations in the history of our industry.” The agency voted unanimously in August to adopt the proposal, with New York state making a similar move in late September.
Skeptics wonder whether current electric vehicle charging infrastructure is ready for the transition, but federal support for a national electric vehicle charging infrastructure network is sure to help, with $7.5 billion set aside to get the ball rolling. Many varieties of regional partnerships and even multistate coalitions are cropping up to coordinate planning work in advance of the funding’s release, with experts urging a data-driven approach.