How AI Models are Advancing Weather Predictions and Forecasting

Posted on by Mike Adams

AI models have revolutionized weather forecasting, achieving levels of accuracy unimaginable just a few years ago. Today, a four-day forecast is as reliable as a one-day forecast was in the past, allowing meteorologists to predict weather further in advance with increased precision. This has practical benefits for everyday planning, like deciding whether to grill over the weekend or preparing for outdoor activities. More critically, improved forecasting is a game-changer for disaster preparedness in areas where timely and accurate predictions can save lives and reduce economic losses. Carahsoft, The Trusted Government IT Solutions Provider™, leads in AI innovation, addressing Government challenges and unlocking AI’s potential to accelerate operations. Partnering with top AI companies, Carahsoft delivers advanced, accurate weather models to support Government agencies.

The Power of AI and Data

Ground-level stations and satellite sensors generate a massive influx of information daily, which AI excels at processing. By analyzing real-time observations alongside decades of historical weather records, AI tools identify patterns and deliver accurate predictions. This capability is particularly valuable during extreme weather events.

Carahsoft AI Models Advancing Weather Forecasting Blog Embedded Image 2025

Innovative AI models like Google DeepMind’s GenCast push the boundaries of what is possible in forecasting. GenCast delivers highly detailed forecasts with a resolution of about 16 miles, capturing localized weather patterns often missed by traditional methods. In addition to precision, these models offer unprecedented speed, processing vast amounts of high-quality data in minutes. This efficiency empowers emergency responders and decision-makers to act with confidence, reducing the impact of extreme weather on communities.

The integration of AI into weather forecasting has also significantly enhanced disaster preparedness. AI enables more precise identification of regions of concern, helping meteorologists and emergency teams allocate resources more effectively and reduce unnecessary efforts elsewhere. This targeted approach ensures critical areas receive the attention they need, while also preventing burnout among professionals tasked with monitoring weather events.

Moreover, meteorologists are expanding their roles to include emergency management skills. By combining AI insights with a deep understanding of societal and infrastructure impacts, they ensure forecasts translate into actionable strategies that protect lives and property. The combination of AI’s processing power and human expertise enables more effective evacuations, resource alignment and response efforts.

Challenges and Sustainability in AI Operations

While AI offers transformative benefits, it also presents challenges. The risk of misinformation from AI-generated weather models or images remains a concern, as untrained individuals may spread false predictions, causing unnecessary panic. This places an additional burden on professionals to correct misinformation and redirect resources. Maintaining a “human-in-the-loop” is essential for all AI deployments, ensuring that expert oversight validates outputs and mitigates potential errors. Furthermore, improving model training to recognize complex atmospheric dynamics, such as interactions with continental systems that can alter hurricane paths, is essential to enhancing forecasting accuracy. Weather forecasting is uniquely suited for early AI adoption because it generates massive amounts of data and benefits from high-quality datasets provided by organizations like the National Weather Service and NASA, ensuring models are trained on reliable information.

Sustainability is another critical consideration. Data centers and AI facilities consume significant amounts of energy and water, often in regions susceptible to drought or extreme heat. Expanding such operations across multiple sites could strain local resources. A lack of water for cooling systems, coupled with increasing heat waves, poses risks to operations and the energy grid, potentially leading to rolling blackouts.

Infrastructure capable of withstanding extreme weather is crucial. Facilities like the Salesforce Tower in California exemplify climate-resilient design by incorporating renewable energy, black water recycling and the ability to export energy to the city during optimal periods. More facilities of this kind are needed—those that not only minimize environmental impact but also contribute positively to surrounding communities. Strategic planning for site locations and designs, informed by accurate climate data, will be essential for ensuring sustainability and resilience.

How Government Agencies are Preparing for the Future

As Government agencies embrace an AI-driven future, they are modernizing infrastructure, curating large datasets and upskilling their workforce to harness AI’s potential. These efforts go beyond technological enhancements, focusing on using AI to address critical challenges such as refining weather predictions and mitigating the impacts of extreme weather. By integrating AI into disaster preparedness and emergency management, agencies are building a more resilient framework that protects lives, safeguards jobs and fosters innovative solutions for future challenges.

How Carahsoft Can Help

Carahsoft works with a robust and growing ecosystem of thousands of IT solutions providers, including Google, NVIDIA and Microsoft, who have developed AI weather models that are predicting hurricane landfall faster and more accurately than traditional Numerical Weather Prediction (NWP) models. Carahsoft removes barriers around the AI adoption process by providing the infrastructure, data management and cybersecurity solutions required to safely and securely deploy innovative technology in your agency. As Government agencies continue to navigate the complexities of the modern landscape, Carahsoft’s AI partners stand ready to empower them with the tools and technologies needed to thrive in an era of unprecedented change.

Discover solutions tailored to your needs in Carahsoft’s Artificial Intelligence Solutions Portfolio and gain valuable insights with the AI Buyer’s Guide for Government.

Why Now is the Time for Government Agencies to Switch to Jira Service Management

Posted on by Will Scheffe

The demands on government agencies are increasing. Citizens expect faster, more efficient services, and agencies are under pressure to modernize their operations and reduce costs. At the same time, legacy IT service management (ITSM) systems are struggling to keep up with the demands of the digital age.

That’s why now is the time for government agencies to switch to Jira Service Management (JSM). JSM is a modern, flexible, and cost-effective ITSM solution that can help agencies improve their service delivery, increase efficiency, and save money.

The Complete ITSM Solution for Government: Cost-Effective, User-Friendly, and Secure

Here are just a few of the reasons why JSM is the right choice for government agencies:

Cost-effective: A Forrester Total Economic Impact™ (TEI) study found that organizations using Jira Service Management realized a 277% ROI over three years, with a payback period of less than six months. The study also found that JSM can help organizations save $2.1 million by retiring their previous service management solution. JSM is more affordable than legacy ITSM solutions like ServiceNow, which can be complex and require expensive add-ons. JSM’s transparent pricing model means you’ll know exactly what you’re paying for, with no hidden fees or gotchas.
Easy to use: JSM is user-friendly and easy to implement, even for non-technical users. Your team can be up and running quickly, without the need for extensive training.
Flexible: JSM can be customized to meet the specific needs of your agency. You can easily create new workflows, add new features, and integrate with other systems.
Scalable: JSM can grow with your agency. Whether you’re a small team or a large organization, JSM can handle your needs.
Secure: JSM is a secure platform that meets the stringent requirements of government agencies.

The Complete Solution for Modern Government: JSM’s Feature-Rich Platform

JSM also offers several features that are particularly beneficial for government agencies, such as:

Collaboration: JSM’s unified platform allows for seamless collaboration between IT teams and other business units. This can help to improve communication and coordination and speed up service delivery.
Citizen Service Desk: JSM’s Citizen Service Desk provides a user-friendly portal for citizens to submit requests and track their progress. This can help to improve citizen satisfaction and engagement.
ITIL Compliance: JSM is fully compliant with the ITIL framework, the industry standard for ITSM best practices. This can help agencies to improve their IT service management processes.

Ensure Mission Success: Secure Your Agency’s Future with JSM

In addition to the benefits listed above, switching to JSM can also help government agencies to:

Future-proof their IT infrastructure: JSM is a cloud-based solution that is always up to date. This means you’ll always have access to the latest features and security updates.
Improve their agility: JSM’s flexible and scalable platform can help agencies to adapt to change quickly and easily.
Reduce their total cost of ownership: JSM can help agencies save money on IT costs by reducing the need for expensive hardware and software.

The Future of Government Service Delivery is Here: Embrace it with JSM

The time for government agencies to embrace the future of IT service management is now. Legacy systems are no longer sufficient in meeting the evolving needs of citizens and the demands of a rapidly changing technological landscape. Jira Service Management offers a compelling solution to these challenges, providing a modern, flexible, and cost-effective platform for enhanced service delivery.

By switching to JSM, government agencies can unlock a world of possibilities:

Enhanced Citizen Service Delivery: Empower your team to deliver exceptional service faster and more efficiently, improving citizen satisfaction and engagement.

Reduced Costs: Streamline processes, automate tasks, and unlock trapped resources, resulting in significant cost savings.

Improved User Experience: Cultivate a user-friendly service environment that fosters collaboration and satisfaction for both internal teams and citizens.

Future-proof your agency: Ensure your technology can adapt to evolving needs and scale alongside your growth.

Don’t let your agency fall behind. Embrace the future of ITSM with Jira Service Management. Contact Oxalis today to embark on your journey towards a brighter, more agile, and citizen-centric future. Our team of experts will guide you every step of the way, ensuring a smooth transition and unlocking the full potential of JSM for your agency.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Governing Identity Attributes in a Contextual and Dynamic Access Control Environment

Posted on by Frank Briguglio

In the rapidly evolving landscape of cybersecurity, federal agencies, the Department of Defense (DoD), and critical infrastructure sectors face unique challenges in governing identity attributes within dynamic and contextual access control environments. The Department of Defense Instruction 8520.04, Identity Authentication for Information Systems, underscores the importance of identity governance in establishing trust and managing access across DoD systems. In parallel, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) guidance and the National Institute of Standards and Technology (NIST) frameworks further emphasize the critical need for secure and adaptive access controls in safeguarding critical infrastructure and federal systems.

This article examines the governance of identity attributes in this complex environment, linking these practices to Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC) models. It highlights how adherence to DoD 8520.04, CISA’s Zero Trust Maturity Model, and NIST guidelines enable organizations to maintain the accuracy, security, and provenance of identity attributes. These efforts are particularly crucial for critical infrastructure, where the ability to dynamically evaluate and protect access can prevent disruptions to essential services and minimize security risks. By integrating these principles, organizations not only achieve regulatory compliance but also strengthen their defense against evolving threats, ensuring the resilience of national security systems and vital infrastructure.

SailPoint Governing Identity Attributes Blog Embedded Image 2025

Importance of Governing Identity Attributes

Dynamic Access Control

In a dynamic access control environment (Zero Trust), access decisions are made based on real-time evaluation of identity attributes and contextual information. Identity governance plays a pivotal role in ensuring that these attributes are accurate, up-to-date, and relevant. Effective identity governance facilitates:

Real-time Access Decisions: By maintaining a comprehensive and current view of identity attributes, organizations can make informed and timely access decisions, ensuring that users have appropriate access rights based on their roles, responsibilities, and the context of their access request.
Adaptive Security: Identity governance enables adaptive security measures that can dynamically adjust access controls in response to changing risk levels, user behaviors, and environmental conditions.

Attribute Provenance

Attribute provenance refers to the history and origin of identity attributes. Understanding the provenance of attributes is critical for ensuring their reliability and trustworthiness. Identity governance supports attribute provenance by:

Tracking Attribute Sources: Implementing mechanisms to track the origins of identity attributes, including the systems and processes involved in their creation and modification.
Ensuring Data Integrity: Establishing validation and verification processes to ensure the integrity and accuracy of identity attributes over time.

Attribute Protection

Protecting identity attributes from unauthorized access, alteration, or misuse is fundamental to maintaining a secure access control environment. Identity governance enhances attribute protection through:

Access Controls: Implementing stringent access controls to limit who can view, modify, or manage identity attributes.
Encryption and Masking: Utilizing encryption and data masking techniques to protect sensitive identity attributes both at rest and in transit.
Monitoring and Auditing: Continuously monitoring and auditing access to identity attributes to detect and respond to any suspicious activities or policy violations.

Attribute Effectiveness

The effectiveness of identity attributes in supporting access control decisions is contingent upon their relevance, accuracy, and granularity. Identity governance ensures attribute effectiveness by:

Regular Reviews and Updates: Conducting periodic reviews and updates of identity attributes to align with evolving business needs, regulatory requirements, and security policies.
Feedback Mechanisms: Establishing feedback mechanisms to assess the effectiveness of identity attributes in real-world access control scenarios and make necessary adjustments.

Risks Associated with ABAC and RBAC

ABAC Risks

ABAC relies on the evaluation of attributes to make access control decisions. While ABAC offers flexibility and granularity, it also presents several risks:

Complexity: The complexity of managing a large number of attributes and policies can lead to misconfigurations and errors, potentially resulting in unauthorized access or access denials.
Scalability: As the number of attributes and policies grows, the scalability of the ABAC system can be challenged, affecting performance and responsiveness.
Attribute Quality: The effectiveness of ABAC is heavily dependent on the quality of the attributes. Inaccurate, outdated, or incomplete attributes can compromise access control decisions.

RBAC Risks

RBAC assigns access rights based on predefined roles. While RBAC simplifies access management, it also has inherent risks:

Role Explosion: The proliferation of roles to accommodate varying access needs can lead to role explosion, complicating role management and increasing administrative overhead.
Stale Roles: Over time, roles may become stale or misaligned with current job functions, leading to over-privileged or under-privileged access.
Inflexibility: RBAC may lack the flexibility to handle dynamic and context-specific access requirements, limiting its effectiveness in modern, agile environments.

Importance to a Zero Trust Model

The Zero Trust model is predicated on the principle of “never trust, always verify,” emphasizing continuous verification of identity and context for access decisions. Governing identity attributes is integral to the Zero Trust model for several reasons:

Continuous Verification: Accurate and reliable identity attributes are essential for continuous verification processes that dynamically assess access requests in real-time.
Context-Aware Security: By governing identity attributes, organizations can implement context-aware security measures that consider a wide range of factors, including user behavior, device health, and network conditions.
Minimizing Attack Surface: Effective governance of identity attributes helps minimize the attack surface by ensuring that access rights are tightly controlled and aligned with current security policies and threat landscapes.

Governing identity attributes is a cornerstone of modern access control strategies, particularly within the dynamic and contextual environments that characterize today’s IT ecosystems. By supporting dynamic access, ensuring attribute provenance, protection, and effectiveness, and addressing the risks associated with ABAC and RBAC, identity governance enhances the security and efficiency of access control mechanisms. In the context of a Zero Trust model, the rigorous governance of identity attributes is indispensable for maintaining robust and adaptive security postures, ultimately contributing to the resilience and integrity of organizational systems and data.

To learn more about SailPoint’s cybersecurity capabilities and how it can support mission-critical DoD initiatives, view our technology solutions portfolio. Additionally, check out our other blog highlighting the latest insights into “The Role of Identity Governance in the Implementation of DoD Instruction 8520.04”.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Vice President for StateRAMP Solutions, Carahsoft: StateRAMP: Recognizing the Importance of Framework Harmonization

Posted on by John Lee and Drew Scherer

StateRAMP builds on the National Institute of Standards and Technology (NIST) Special Publication 800-53 standard, which underpins FedRAMP’s approach to cloud security for Federal agencies by offering a consistent framework for security assessment, authorization and continuous monitoring. Recognizing the need for a similar framework at the State and Local levels, StateRAMP has been developed to tailor these Federal standards to the unique needs of State and Local Governments.

Key to StateRAMP’s initiative is the focus on framework harmonization, which aligns State and Local regulations with broader Federal and industry standards. This harmonization includes efforts like FedRAMP/TX-RAMP reciprocity and the CJIS task force, making compliance more streamlined. By mapping more compliance frameworks to one another, StateRAMP helps Government agencies and industry players leverage existing work, avoid redundancy and facilitate smoother procurement of secure technologies. Carahsoft supports this mission by partnering with StateRAMP Authorized vendors and engaging in initiatives that promote these harmonization efforts, such as the StateRAMP Cyber Summit and Federal News Networks’ StateRAMP Exchange.

Developing Framework Harmonization

CSPs often operate across multiple sectors and industries, each regulated by distinct frameworks such as FedRAMP CJIS, IRS Publication 1075, PCI DSS, FISMA, and HIPPA. Managing compliance across multiple frameworks can lead to redundant processes, inefficiencies and complexity. These challenges have emphasized the need for framework harmonization—aligning various cybersecurity frameworks to create a more cohesive and streamlined process.

Carahsoft StateRAMP Framework Harmonization Blog Embedded Image 2024

With the FedRAMP transition to the NIST SP 800-53 Rev. 5 requirements in 2023, StateRAMP began working towards harmonization with FedRAMP across all impact levels. Through the StateRAMP Fast Track Program, CSPs pursuing FedRAMP authorization can leverage the same compliance documentation, including Plans of Actions and Milestones (POA&M), System Security Plans (SSP), security controls matrix and Third Party Assessment Organization (3PAO) audits, to achieve StateRAMP authorization.

Reciprocity between StateRAMP and TX-RAMP has been established to streamline cybersecurity compliance for CSPs working with Texas state agencies, higher education institutions and public community colleges. CSPs that achieve a StateRAMP Ready or Authorized status are eligible to attain TX-RAMP certification at the same impact level through an established process. Additionally, StateRAMP’s Progressing Security Snapshot Program offers a pathway to provisional TX-RAMP certification, enabling CSPs to engage with Texas agencies while working towards StateRAMP compliance. Once CSPs have enrolled in the Snapshot Program or have engaged with a 3PAO to conduct an audit, they are added to the Progressing Product List, a public directory of products and their cybersecurity maturity status. This reciprocity eases the burden of navigating multiple compliance frameworks and certifications.

Harmonized frameworks enable CSPs to align with the cybersecurity objectives of various organizations while simultaneously addressing a broader range of threats and vulnerabilities, improving overall security. StateRAMP’s focus is to align requirements across the Federal, State, Local and Educational sectors to reduce the cost of development and deployment through a unified set of standards. To ensure the Public and Private Sectors work in alignment, StateRAMP members have access to the same guidance, tools and resources necessary for implementing a harmonized framework. This initiative will streamline the compliance process through a unified approach to cybersecurity that ensures adherence to industry and regulatory requirements.

The Future of StateRAMP

StateRAMP has rolled out an overlay to its Moderate Impact Level baseline that maps to Criminal Justice Information Services (CJIS) Security Policy. This overlay is designed to strengthen cloud security in the law enforcement sector, helping assess a product’s potential for CJIS compliance in safeguarding critical information.

At the 2024 StateRAMP Cyber Summit, Deputy Information Security Officer Jeffrey Campbell from the FBI CJIS addressed the challenges state and local entities face when adopting cloud technologies. He explained that while state constituents frequently asked if they could use FedRAMP for cloud initiatives, the answer was often complicated because FedRAMP alone does not fully meet CJIS requirements. “You can use vendors vetted through FedRAMP, that is going to get you maybe 80% of these requirements. There’s still 20% you’re going to have to do on your own” Campbell noted. He emphasized that, through framework harmonization, StateRAMP can bridge this compliance gap, offering states a viable solution to achieve several parallel security standards.

Another initiative is the NASPO/StateRAMP Task Force, which was formed to unite procurement officials, cybersecurity experts, Government officials and industry experts together with IT professionals. The task force aims to produce tools and resources for procurement officials nationwide to make the StateRAMP adoption process more streamlined and consistent.

Though still relatively new, StateRAMP is gaining traction, with 28 participating states as of October 2024. As cyberattacks become more sophisticated, cybersecurity compliance has become a larger point of emphasis at every level of Government to protect sensitive data. StateRAMP is working to bring all stakeholders together to drive toward a common understanding and acceptance of a standardized security standard. StateRAMP’s proactive steps to embrace framework harmonization are helping CSPs and State and Local Governments move towards a more secure digital future.

To learn more about the advantages the StateRAMP program offers State Governments and technology suppliers watch the Federal News Network’s StateRAMP Exchange, presented by Carahsoft.

To learn more about framework harmonization and gain valuable insights into others, such as cloud security, risk management and procurement best practices, watch the StateRAMP Cyber Summit, presented by Carahsoft.

Join Fellow Change Agents and Innovators at Prodacity 2025

Posted on by Seamus Bergen

With change on the horizon, Federal organizations are re-evaluating legacy processes for software development in order to deliver new and better software to Americans. They’re taking bold action and transforming organizations into continuous software delivery innovators.

In honor of these government IT change agents, Rise8 is hosting Prodacity 2025 in Nashville, TN on February 4-6. Over three days, Prodacity will bring together technology leaders at every level to learn, discuss, experiment, problem-solve and build transformative solutions that change constituents’ lives.

The agenda for Prodacity 2025 is packed with expert-led sessions and practical insights tailored to give attendees a complete perspective on effectively implementing continuous delivery. Software development requires more than development expertise; it calls for strategic thinking, an understanding of culture, sound governance and product management skills. Prodacity 2025 attendees will learn about and experience all this and more.

Each day will focus on different phases of continuous delivery. On day one, attendees will learn about setting a strategic direction for continuous innovation. Day two will be all about mastering tactics for continuous improvement. On day three, attendees will identify where to start with practical steps to drive transformation.

Speaking of Transformation

Prodacity 2025 will feature an impressive lineup of speakers from both the private and public sectors. Notable speakers include:

KEYNOTE: Barry O’Reilly, entrepreneur, business advisor and author – Barry is an expert on model innovation, product development, cultural transformation and organization design. At Prodacity 2025, he will speak on why we need a system for unlearning. He co-founded Nobody Studios, a venture studio to create 100 compelling companies over the next five years. His bestselling book, Lean Enterprise: How High-Performance Organizations Innovate at Scale, is the subject of a pre-conference book club.

Justin Fanelli – Mr. Justin Fanelli is the Acting CTO for the Department of Navy and Technical Director of PEO Digital, driving mission-critical IT transformations and cost-efficient innovations. He has held key roles including Chief Data Architect for Defense Health and Technical Director for Navy MPTE, earning accolades like the Etter Award for impactful service delivery and multi-billion-dollar cost savings. A DARPA Service Chiefs Fellow, he has led groundbreaking advancements in healthcare data systems and Navy enterprise solutions. Outside work, Mr. Fanelli teaches at Georgetown, advises startups and contributes to nonprofits like TechImpact.

Paul Contoveros – Mr. Paul Controveros is the Chief of the Combat Force Enhancement Division at Space Operations Command in the for the U.S. Space Force where he leads all support to Deltas’ Combat Development Teams and Supra Coders. He also leads a team of professional software developers charged with delivering digital tools to the force. Upon retiring from the USAF with 26 years of military service, Mr. Contoveros worked as a contractor supporting the HQ AFSPC S5/9 Advanced Capabilities Team, which morphed into the Directorate of Innovation upon the standup of HQ SpOC. In this role he created the monthly Delta Innovation Collaboration Exchange (DICE), authored the Accelerated Delta Innovation Process (ADIP) and co-authored the command’s first ever, nearly completed, Innovation Operations Instruction. Mr. Contoveros joined the government team in July of 2023 as Director of Innovation, re-branded as the Combat Enhancement Division as part of the SpOC re-organization in 2024.

Alistair Croll, author, founder and chair – Alistair is the author of Lean Analytics, widely considered required reading for startups and Just Evil Enough. He is also the chair of FWD50, a growing community of policymakers, technologists and civic innovators. Drawing on his experience as the builder of web performance pioneer Coradiant and Year One Labs incubator, Alistair will educate Prodacity attendees on MVPs for enterprises.

Edward Hieatt, Mechanical Orchard – Edward serves as Chief Customer Officer, helping enterprises overcome legacy modernization challenges. As a seasoned software engineer, Edward previously worked at Pivotal Labs and played a significant role in its growth, leading the rapid expansion of the technical field organization. His Prodacity talk will provide attendees with a perspective on real continuous delivery.

Join us at Prodacity

Carahsoft is thrilled to sponsor Prodacity 2025. We look forward to working alongside the speakers, representatives, attendees and all change agents seeking to disrupt government technology’s status quo.

Please join us February 4-6, 2025, in Nashville, TN. Learn more and register here. Prodacity will be unlike any other government event you’ve attended—it is the GovTech symposium of the year.

Cyberattack Trends Impacting Local Government and Education Sectors

Posted on by Jeffrey Wheat

Today’s cybercriminals are no longer driven solely by financial gain, the geopolitical impact of attacks has shifted with nation-state actors now targeting critical infrastructure. While Local Governments have long been a part of this, schools have also become key targets, especially after COVID-19. The pandemic’s disruption to education has left a lasting impact, making attacks on schools and Local Governments both physically and psychologically significant. These institutions, essential to society, are under siege not just for their sensitive data but for their societal importance. With advanced capabilities and financial backing, nation-state actors are accelerating their efforts, heightening the urgency for robust cybersecurity.

Why Threat Actors Target Local Government and Education

Local Governments are frequent cyberattack targets due to their political significance and the essential services they provide. When one city is attacked, neighboring cities often become hyper-vigilant, particularly smaller municipalities managing critical services like water supply. These vital functions make them high-value targets. While financial institutions are seen as obvious targets for their direct connection to money, Government agencies hold more financial value than many realize. The stakes are even higher when political positions are involved, making Local Governments attractive to financially motivated attackers and nation-state actors seeking leverage.

Lumu Technologies SLED Cyberattack Trends Blog Embedded Image 2024

Education has also become increasingly vulnerable. Schools were initially targeted for geopolitical reasons, with attackers seeking to influence the “hearts and minds” of society by disrupting education. However, cybercriminals discovered the financial value of student records, which are worth more on the dark web than credit card or healthcare information due to students not checking their credit scores. This extended window for identity theft, combined with the vast amount of data schools hold, makes educational institutions prime targets for cybercriminals.

Both Local Governments and schools face shared challenges in defending their systems. For Governments, Supervisory Control and Data Acquisition (SCADA) networks that manage infrastructure are often isolated but still present large attack surfaces due to their distributed nature. Schools, on the other hand, struggle with the complexity of students bringing their own devices, which introduces uncontrolled entry points into the network. These vulnerabilities make Local Government and education uniquely attractive and susceptible targets in the cyber landscape.

Two Main Attack Vectors: Phishing and Infostealers

Cybercriminals use various tactics to infiltrate Local Governments and schools, exploiting both technological weaknesses and human behavior. People are often the weakest link, making them prime targets for attackers. The rise of artificial intelligence (AI) has further advanced these attacks, making them more difficult to detect. While agencies and schools cannot fully eliminate the risk through training alone, understanding these evolving threats can significantly reduce the chances of successful attacks.

Phishing and information stealing are two of the most prevalent methods used by cybercriminals. Research from Lumu Technologies shows that phishing accounts for 52% of attacks, while information stealing makes up 48%, illustrating their near-equal presence as cyber threats.

Phishing

Phishing is often used to gain initial access into a network, accounting for approximately 90% of attacks. By tricking users into clicking malicious links or downloading malware, attackers establish a presence in the system. The preliminary malware allows them to move laterally, escalate privileges and locate sensitive data. Attackers either sell the data or use it to launch ransomware attacks. In ransomware scenarios, the attacker takes control of the network, encrypts critical data and issues a ransom demand. Phishing is thus the starting point for a larger chain of events leading to data theft and/or financial extortion.

Information Stealing

Infostealers are designed to capture sensitive information, often to sell on the dark web or to facilitate ransomware attacks. Like intelligence operations, they collect data to spread through an environment or identify new attack points. Keyloggers record keystrokes to capture usernames and passwords for unauthorized access. Other methods include form grabbers, which intercept forms and alter them, and browser hijackers, which mimic legitimate sites to bypass multi-factor authentication. Sensitive data from Local Government and education sectors is highly valuable, with threat actors intensifying efforts to exploit it for profit.

In addition to phishing and infostealers, cybercriminals continually find new ways to exploit technology and human behavior, such as man-in-the-middle (MITM) attacks, credential stuffing and supply chain attacks. These often-overlooked attack vectors can cause significant damage to agencies and schools. Recognizing these methods is crucial for developing comprehensive defenses.

Why These Attack Methods are Successful

These attack methods succeed against Local Governments and schools due to the constantly evolving nature of cyber warfare. Like traditional warfare, attackers adapt, finding new ways in after one vulnerability is closed. Defenders must be equally dynamic.

Even with security measures like Endpoint Detection and Response (EDR), attackers find ways to bypass them. EDR relies on behavior analysis, which takes time, while attackers use advanced AI to quickly develop new methods. Local Governments and schools are often slower to adapt, giving attackers an advantage. The challenge is not just implementing security measures but continuously evolving defenses to keep up with new threats.

AI Versus AI

In the battle against evolving cyberattacks, Local Governments and schools must leverage advanced technologies like AI and automation. As attackers adopt AI to improve the sophistication and speed of attacks, defenders need equally powerful tools. Cybercriminals use AI to bypass traditional defenses, identifying weaknesses faster than humans can.

To keep up, Local Government and education sectors must deploy AI-driven systems to detect threats in real time. AI helps identify vulnerabilities, enabling proactive defense, while automation blocks threats at machine speed. For smaller institutions with limited resources, automation is especially crucial to defend against attacks effectively.

In a landscape where cyber threats continually evolve, matching the speed and sophistication of attackers is crucial for a strong cyber defense. Government agencies and educational institutions must stay vigilant, leveraging AI and automation to outpace attackers and protect the critical infrastructure and data that comprise the foundation of society.

Discover the latest trends in cyberattacks and learn how AI and automation are reshaping the fight against modern cybercriminals in Lumu Technologies’ webinar, “Emerging Cyber Attack Trends Targeting Local Government & Education.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Lumu Technologies, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Grammarly and Carahsoft: Elevating Secure, Private Government Communication

Posted on by Ty Rottare

Grammarly and Carahsoft have partnered to provide Government agencies with trustworthy AI assistance supported by robust security measures. Thanks to this collaboration, Government agencies gain access to Grammarly’s trusted AI assistant, which can help them improve communication and boost operational efficiency. This partnership marks a notable advancement in supporting Government agencies in navigating the evolving digital landscape.

Unlocking the Benefits for Government Agencies

As a recognized leader in providing IT solutions to the public sector, Carahsoft offers extensive experience navigating the Government procurement process. Combined with Grammarly’s AI assistant, their expertise creates a powerful resource for Government agencies aiming to improve efficiency and productivity. When your agency works with Carahsoft and Grammarly, you’ll experience the following benefits:

Grammarly Government Communications AI Blog Embedded Image 2024

Rapid Implementation: Our streamlined setup process enables agencies to implement Grammarly across their organization in one day. This allows teams to start benefiting from enhanced communication support almost immediately.
Time Efficiency: On average, our users save about 35 minutes per day per person on communication tasks. This time can be redirected toward more strategic tasks, leading to improved project outcomes and better service delivery to the public.
Enhanced Communication Quality: Effective communication is crucial for Government agencies. Grammarly’s tools help teams craft clear, concise, and impactful messages, ensuring that important information is conveyed accurately. With over 70,000 teams already benefiting from our services, our track record speaks for itself.
Boosting Brand Compliance: Our advanced communication tools can help agencies improve brand compliance by a remarkable 71%. This consistency in communication enhances public trust and strengthens the agency’s reputation.

Our Commitment to Privacy, Security, and Compliance

Grammarly’s commitment to enterprise-grade security offers significant benefits for Government agencies. As a trusted partner, Grammarly adheres to the highest industry standards, ensuring that sensitive information remains secure. The collaboration with Carahsoft further underscores this dedication. Grammarly provides tailored AI solutions that meet the specific security needs of the public sector. By emphasizing stringent security measures, Grammarly helps agencies confidently use their tools while safeguarding critical data.

Additionally, Grammarly’s subscription-based revenue model ensures that customer content is never sold, placing a strong emphasis on user privacy and control. This transparency is essential for Government agencies, allowing them to maintain oversight of their data usage at all times. With a solid foundation supported by third-party audits and certifications, Grammarly provides compliance and regulatory support that agencies can rely on, reinforcing their ability to operate within legal and ethical boundaries while maximizing operational efficiency.

Empowering the Public Sector with AI

Through our partnership with Carahsoft, we are dedicated to helping Government agencies lead, learn, and grow amid evolving demands. With Grammarly, your teams can confidently communicate, innovate, and serve the public more effectively.

For more information on implementing Grammarly within your agency, visit our website or contact Carahsoft today! Together, we can enhance Government operations’ efficiency and ensure that every message counts.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Grammarly, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

How to Accelerate the Journey to Government Compliance with CCM

Posted on by Esty Peskowitz

Government agencies are inundated with a vast amount of daily Governance, Risk, and Compliance (GRC) tasks and processes. Achieving regulatory compliance, an arduous process, can take up precious time that could be reallocated to other business-critical missions.

Continuous controls monitoring (CCM) is one solution. CCM leverages AI and extreme automation to help cut down on manual processes, allowing agencies to overcome regulatory hurdles, supercharge their staff, and make better risk-based decisions with fast, cost-effective automations.

Improving the Compliance Process

Creating a quality compliance report comes with heavy, manual processing time. CCM can help significantly by taking away some of the cumbersome brunt work, cutting 60-80% of the manual tasks required by GRC programs.

RegScale Government Compliance CCM Blog Embedded Image 2024

It can also help overcome hurdles to reaching valuable security authorizations. Completing an Authorization to Operate (ATO) package can take roughly six months to finish — but that process can be reduced to two weeks with the right CCM platform. CCM also gives agencies a leg up with gaining Continuous Authorization to Operate (cATO) by leveraging OSCAL, a machine-readable format that standardizes security control documentation and enables automated validation.

The Time-Saving Capabilities of Machine Learning and AI

In the past year, advances in machine learning (including large language models and generative AI) have created exciting new possibilities for GRC teams. AI and machine learning (ML) can offer everything from better data analysis to proactive risk management to a major reduction in manual processes. Here are a few of the most compelling use cases for AI-enabled GRC:

Help employees proactively monitor traffic
Review code for errors unlikely to be caught by the human eye
Explain complex controls and procedures in everyday language, bridging knowledge gaps
Generate accurate, up-to-date documentation in one click

Overall, AI allows agencies to move faster, with more accuracy, and with better visibility. To free up staff to complete mission-critical objectives, agencies should create their own AI/ML usage strategies and implement them within a Compliance as Code framework.

How RegScale’s CCM Leverages Compliance-Trained AI

RegScale’s AI-enabled platform, RegML, combines CCM and leading large language (LLM) tools to streamline compliance management with intelligent automation and precision. This approach improves compliance by significantly reducing manual labor and costs. It also provides user-friendly summaries and guidance and improves accuracy and precision in documentation, freeing up staff to focus on core business objectives.

RegML has four main AI features:

AI Extractor, which automatically derives compliance documentation from existing policies and procedures.
AI Explainer, which is designed to demystify control statements by providing users with simple explanations of intricate controls.
AI Author, which helps draft control implementation statements in the context of relevant regulations and requirements. This process allows writers to focus on editing a draft, leading to fewer errors and better accuracy.
AI Auditor, which identifies gaps in controls and provides suggestions for improvement. This frees up teams to work on more critical tasks like fixing gaps and implementing controls.

CCM and the Future

Today, more and more work is being done in the cloud. As data becomes ephemeral and serverless, cybersecurity has become more important than ever — as have the mandatory frameworks governing it. Meanwhile, regulations such as NIST’s Secure Software Development Framework (SSDF), the Digital Operational Resilience Act (DORA), the Security and Exchange Commission (SEC) rules, Cybersecurity and Infrastructure Agency (CISA) mandates, and the European Union’s AI Act have or are predicted to undergo changes.

These shifting frameworks only make CCM more integral, as its AI features allow users to ensure that they are thoroughly compliant at every step of the process. By freeing time for additional tasks, and by maintaining adherence to changing regulations, CCM enables organizations to improve their GRC programs and streamline their operations.

To learn more about how RegScale’s CCM platform provides a layer of security around AI usage, watch its webinar How AI is Revolutionizing Government Compliance.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including RegScale, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought leaders.

Third-Party Risk Management: Moving from Reactive to Proactive

Posted on by Tim Miller

In today’s interconnected world, cyber threats are more sophisticated, with 83% of cyberattacks originating externally, according to the 2023 Verizon Data Breach Investigations Report (DBIR). This has prompted organizations to rethink third-party risk management. The 2023 Gartner Reimagining Third Party Cybersecurity Risk Management Survey found that 65% of security leaders increased their budgets, 76% invested more time and resources and 66% enhanced automation tools to combat third-party risks. Despite these efforts, 45% still reported increased disruptions from supply chain vulnerabilities, highlighting the need for more effective strategies.

Information vs Actionable Alerts

The constant evolution and splintering of illicit actors pose a challenge for organizations. Many threat groups have short lifespans or re-form due to law enforcement takedowns, infighting and shifts in ransomware-as-a-service networks, making it difficult for organizations to keep pace. A countermeasure against one attack may quickly become outdated as these threats evolve, requiring constant adaptation to new variations.

In cybersecurity, information is abundant, but decision-makers must distinguish the difference between information and actionable alerts. Information provides awareness but does not always drive immediate action, whereas alerts deliver real-time insights, enabling quick threat identification and response. Public data and real-time alerts help detect threats not visible in existing systems, allowing organizations to make proactive defense adjustments.

Strategies for Managing Third-Party Risk

Dataminr Third Party Risk Management OSINT Blog Embedded Image 2024

Managing third-party risk has become a critical challenge. The NIST Cybersecurity Framework (CSF) 2.0 emphasizes that governance must be approached holistically and highlights the importance of comprehensive third-party risk management. Many organizations rely on vendor surveys, attestations and security ratings, but these provide merely a snapshot in time and are often revisited only during contract negotiations. The NIST CSF 2.0 calls for continuous monitoring—a practice many organizations follow, though it is often limited to identifying trends and anomalies in internal telemetry data, rather than extending to third-party systems where potential risks may go unnoticed. Failing to consistently assess changes in third-party risks leaves organizations vulnerable to attack.

Many contracts require self-reporting, but this relies on the vendor detecting breaches, and there is no direct visibility into third-party systems like there is with internal systems. Understanding where data is stored, how it is handled and whether it is compromised is critical, but organizations often struggle to continuously monitor these systems. Government organizations, in particular, must manage their operations with limited budgets, making it difficult to scale with the growing number of vendors and service providers they need to oversee. Threat actors exploit this by targeting smaller vendors to access larger organizations.

Current strategies rely too heavily on initial vetting and lack sufficient post-contract monitoring. Continuous monitoring is no longer optional—it is essential. Organizations need to assess third-party risks not only at the start of a relationship but also as they evolve over time. This proactive approach is crucial in defending against the ever-changing threat landscape.

Proactively Identifying Risk

Proactively identifying and mitigating risks is essential for Government organizations, particularly as threat actors increasingly leverage publicly available data to plan their attacks. Transparency programs, such as USAspending.gov and city-level open checkbook platforms, while necessary for showing how public funds are used, can inadvertently provide a playbook for illicit actors to target vendors and suppliers involved in Government projects. Public data often becomes the first indicator of an impending breach, giving organizations a narrow window—sometimes just 24 hours—to understand threat actors’ operations and take proactive action.

To shift from reactive to proactive, organizations must enhance capabilities in three critical areas:

Speed is vital for detecting threats in real time. Using AI to examine open source and threat intelligence data helps organizations avoid delays caused by time-consuming searches.
The scope of monitoring must extend beyond traditional sources to deep web forums and dark web sites, evaluating text, images and indicators that mimic official branding.
While real-time information is essential, excessive data can lead to alert fatigue. AI models that filter and tag relevant information enable security teams to focus on the most significant risks.

Proactively addressing third-party risks requires organizations to stay prepared for immediate threats. By leveraging public data, they can strengthen defenses and act before vulnerabilities are exploited.

While self-reporting and AI tools are valuable, organizations must take ownership of their risk management by conducting their own due diligence. The ability to continuously monitor, identify and mitigate risks presents not just a challenge but an opportunity for growth and improvement. Ultimately, it is the organization’s reputation and security at stake, making proactive risk management key to staying ahead of today’s evolving threats.

To learn more about proactive third-party risk management strategies, watch Dataminr’s webinar “A New Paradigm for Managing Third-Party Risk with OSINT and AI.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Dataminr, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Leveraging Technology to Align with Environmental, Social and Governance Principles

Posted on by Jennifer Heath and Stephen Pyatt

Sustainability has evolved from a buzzword to a core element of facility management and corporate real estate. Facility managers and real estate leaders have a duty beyond regulations to meet Net Zero targets and reduce buildings’ environmental impact. Johnson Controls’ recent sustainability report highlighted that nearly 40% of global CO₂ emissions come from corporate real estate and office buildings, emphasizing the need to reduce emissions and energy use. Despite investments in smart building technologies and clean energy, global energy consumption and CO₂ emissions continue to rise. Embracing technology-driven sustainability helps facility managers optimize energy use, reduce emissions and create efficient, self-regulating buildings that align with Environmental, Social and Governance (ESG) principles.

Strengthening Risk Management with AI

FM:Systems Technology Environmental, Social and Governance Principles Blog Embedded Image 2024

As sustainability becomes a core focus in facility management, advancements in technology are reshaping how facilities are managed beyond environmental goals. Integrating artificial intelligence (AI) and smart building technology is now key to anticipating and responding to extreme events, like hurricanes, floods and earthquakes, adding a new layer to strategic management. The 2024 International Facility Management Association (IFMA) conference emphasized using building automation to assess facility vulnerabilities and centralized data to enable immediate, coordinated emergency responses.

AI also boosts operational safety and security by enhancing access tracking and visitor management. In emergencies such as fires or security threats, AI-driven solutions quickly identify occupants, aiding efficient evacuations with real-time alerts. These systems also support compliance with data privacy regulations like the General Data Protection Regulation (GDPR), ensuring strict data handling protocols.

Overall, integrating AI and smart building technology strengthens risk management, streamlines emergency responses and maintains data compliance, empowering facility managers to better protect people and assets.

The Innovation of Asset Maintenance in Buildings

While AI-driven risk management strengthens emergency response and security, smart building technologies are redefining day-to-day operations. Traditionally, buildings operated with isolated systems located in basements or ceilings. Connected buildings introduced monitoring for energy use through one or two systems. Smart buildings advance this by integrating building management systems (BMS) with various data sources to enhance performance, aiming for autonomous buildings powered by advanced AI to make decisions, recommend actions and predict failures.

A transformative tool in this field is the digital twin—a precise digital replica of a building and its operations. Internet of Things (IoT) sensors connect digital twins to building systems, allowing facility managers to predict system performance, such as HVAC efficiency during temperature spikes. Digital twins analyze real-time data for predictive scheduling and store essential asset documents like Original Equipment Manufacturer (OEM) manuals, accelerating issue resolution and improving efficiency. This shift enables proactive maintenance, reducing downtime and maximizing system availability.

Smart technology automates maintenance to optimize resources. For example, analyzing room bookings can guide maintenance efforts, avoiding unnecessary checks on unused spaces. Flow sensors in restrooms enable maintenance based on usage, saving time and resources. Real-time visualization of performance allows buildings to communicate with managers and prompt adaptive responses. Autonomous buildings can alert managers, suggest solutions and initiate corrective actions.

As facility managers adopt these innovations, focusing on data collection and analysis is crucial for optimizing operations. Transitioning to smart, autonomous buildings revolutionizes maintenance strategies and creates high-performing workplaces. Leveraging data from digital twins and IoT systems enhances decision-making, resource allocation and sustainable building management.

Supporting and Enhancing the Employee Experience

Optimizing facility systems through digital twins and IoT sensors paves the way for more than just operational efficiency. Real-time environmental adjustments support an organization’s most valuable asset: its people. Environmental data has become essential as employees prioritize well-being and productivity, especially after the COVID-19 pandemic underscored the impact of air quality on health. “Cognitive ergonomics” refers to how factors like air quality, lighting and sound affect cognitive abilities. Harvard partnered with Syracuse University and SUNY Upstate Medical University to conduct research into whether working in a “green building” resulted in better cognitive performance than “non-green buildings. Poor air quality is shown to cause fatigue, headaches and decreased focus, impairing productivity. According to the Harvard School of Public Health, improving workplace indoor air quality can increase employee productivity by up to $6,500 per person per year.

Inclusivity should also be central to workplace technology. AI-driven accessibility tools, such as text alternatives for signage, text-to-speech in lobbies and automated meeting transcriptions, ensure user-friendly experiences for all. Adhering to standards like the Web Content Accessibility Guidelines (WCAG) establishes sustainable, accessible workplace technology.

Focusing on employee experience helps facilities teams create adaptable, inclusive workspaces that boost well-being and productivity. Leveraging real-time environmental data and accessible technology ensures workplaces remain supportive, sustainable and responsive to employees’ needs.

While real-time adjustments enhance employee well-being and inclusivity, facility managers are also experiencing a broader shift in their roles. This evolution, driven by data and AI, transforms facility management from a reactive approach to proactive and strategic, demonstrating the transformative power of technology. By leveraging these tools, facility managers can align operational strategies with ESG objectives and Net Zero targets, creating workplaces that are sustainable, efficient and supportive of their greatest asset: people.

Watch FM:Systems’ webinar “People, Places, Planet: Leveraging Technology to Integrate ESG into FM Operations” to dive deeper into cutting-edge strategies and best practices that empower facility managers to drive innovation and enhance operational performance.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including FM:Systems, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.