The Social Security Administration is getting $23.3 million from the Technology Modernization Fund to implement multifactor authentication across its internal systems, part of a trio of recent TMF awards focused on cybersecurity and reliability.
The TMF announced three new investments today for SSA, the Treasury Department and the U.S. Agency for Global Media.
“With these new cybersecurity investments, TMF funding will increase the security of some of the nation’s most critical systems and sensitive data,” TMF Executive Director Raylene Yung said in a prepared statement. “The TMF is helping these agencies protect lives and livelihoods, safeguard intelligence and information integrity, and keep the programs the federal workforce relies on to serve the American public up and running.”
The SSA award will accelerate the adoption of MFA to reduce the risk of employee credentials being stolen.
“Millions count on Social Security for their benefits, and we are committed to secure systems that protect their personal information and allow our hard-working employees to provide the daily services and assistance American retirees and other beneficiaries depend on,” Sean Brune, SSA’s chief information officer, said as part of the announcement. “This investment will improve security and protections of our programmatic systems while avoiding potential agency costs and potential disruption of services.”
The funding will help SSA accelerate the implementation of its phishing-resistant, single sign-on MFA solution across all internal systems and services. Using phishing-resistant MFA is a key requirement for agencies under the federal zero trust strategy.
“SSA will address several applications that use legacy authentication protocols, eliminating long-standing technical debt associated with maintaining these services,” the project listing on the TMF website states. “SSA will also establish continuous monitoring and governance to ensure both, internal and external programmatic services remain compliant with federal security requirements and mandates.”
The TMF is also awarding the Treasury Department $11.1 million to bring the Treasury Foreign Intelligence Network (TFIN) into the cloud.
TFIN was established in 2006 and is used to share classified intelligence with other agencies. But the locally-hosted network is costly to maintain and has suffered service disruptions due to power outages on the local electric grid, TMF’s website explains.
The TMF project is expected to help improve TFIN’s reliability by transitioning it to a hybrid cloud solution.
Treasury plans on awarding a contract to an enterprise cloud services accredited for classified workloads. After the contract award, Treasury will migrate critical applications to the cloud and then adopt a software-as-a-service virtual desktop solution.
The project would make Treasury the first of the 18 intelligence agencies to implement a cloud email productivity software solution, according to the TMF website.
“Lessons learned from this project will help inform other agencies in subsequent adoptions,” TMF’s website states.
USAGM gets zero trust funding
Meanwhile, USAGM is getting $6.2 million from the TMF to implement a zero trust architecture across its global network.
“USAGM’s five news networks produce television, radio, and digital content in 63 languages and for a weekly audience of 410 million people. Because of our success in providing sought-after reporting in media-restricted environments, USAGM and our employees are frequently targets of harassment, hacking, and impersonation,” Amanda Bennett, USAGM CEO, said as part of the announcement. “This investment will dramatically improve USAGM’s IT security posture and reduce the risk of identity fraud and unauthorized access, protecting both lives and the integrity of our agency’s trusted journalism products.”
The TMF website notes USAGM’s “aging infrastructure” lacks the ability to “adequately correlate devices to individuals” and implement MFA across all applications. The agency’s cloud applications also can’t be defended with the same security as its internal network today, according to TMF.
The funding will help USAGM introduce a centrally managed “Master User Record” to help address identity governance and account management challenges, while also allowing the agency to implement a Secure Access Service Edge framework “to protect all the agency’s remote workforce and all of the agency cloud applications.”
USAGM will also participate in the ZTA Federal Agency Working Group to “utilize their shared experiences and lessons learned to optimize its ZTA implementation.”
Agencies have until the end of fiscal 2024, to implement a zero trust architecture on their networks. And Federal Chief Information Security Officer Chris DeRusha — who sits on the TMF board — has said an important tradeoff for agencies who receive TMF funding for zero trust, is sharing their knowledge and experience with other departments.
“We picked a few handful of agencies, and the compact we asked back from them, we said, ‘Hey, you’re going to get your money right now. Where others are trying to get their money in ’23 or future budget requests, we’re going to hand this to you right away,’” DeRusha said during last October’s Authenticate Conference. “And the compact back is, we need it to be an enterprise good. What you learn from this, we want to pull back in and work with [the Cybersecurity and Infrastructure Security Agency] and others from the center point to learn those lessons.”
Other agencies to receive zero trust architecture funding from the TMF, include USAID, the Office of Personnel Management, the Education Department, and the General Services Administration.