TMF targets cybersecurity, zero trust and classified cloud with latest awards

The Social Security Administration is receiving $23.3 million from the Technology Modernization Fund to implement multifactor authentication in its internal systems, part of a trio of recent TMF awards focused on cybersecurity and reliability.

TMF today announced three new investments for SSA, the Treasury Department and the US Agency for Global Media.

“With these new cybersecurity investments, the TMF funding will enhance the security of some of the country’s most critical systems and sensitive data,” TMF Executive Director Raylene Yung said in a prepared statement. “TMF helps these agencies protect lives and livelihoods, maintain the integrity of information and information, and maintain the programs that federal officials rely on to serve the American public.”

The SSA award will accelerate the adoption of MFA to reduce the risk of employee badge theft.

“Millions rely on Social Security for their benefits, and we are committed to secure systems that protect their personal information and enable our hard-working employees to provide the day-to-day services and assistance that American retirees and other beneficiaries depend on ‘ Sean Brune, SSA chief information officer, said as part of the announcement. “This investment will improve the security and protection of our programmatic systems while avoiding potential agency costs and potential service disruption.”

The funding will help SSA accelerate the implementation of its phishing-resistant single sign-on MFA solution across all internal systems and services. Using phishing-resistant MFA is a key requirement for government agencies as part of the federal Zero Trust strategy.

“SSA will address multiple applications that use legacy authentication protocols, eliminating long-standing technical debt associated with maintaining these services,” reads the project listing on TMF’s website. “SSA will also establish ongoing monitoring and governance to ensure both internal and external programmatic services are compliant with federal security requirements and mandates.”

The TMF award comes as SSA also plans to release a new IT strategic plan soon, Federal News Network reported last month.

Treasury to put classified network in the cloud

The TMF also awards the Treasury Department $11.1 million to bring the Treasury Foreign Intelligence Network (TFIN) to the cloud.

Established in 2006, TFIN is used to share classified information with other agencies. However, the locally hosted network is costly to maintain and has suffered service disruptions due to power outages on the local power grid, TMF’s website explains.

The TMF project aims to help improve the reliability of TFIN by moving to a hybrid cloud solution.

The Treasury Department plans to award a contract to enterprise cloud services accredited for classified workloads. Once awarded, Treasury will migrate critical applications to the cloud and then implement a virtual desktop software-as-a-service solution.

The project would make the Treasury Department the first of the 18 intelligence agencies to implement a cloud email productivity software solution, according to the TMF website.

“Lessons learned from this project will help inform other agencies on subsequent adoptions,” says TMF’s website.

USAGM Receives Zero Trust Funding

Meanwhile, USAGM receives $6.2 million from the TMF to implement a Zero Trust architecture across its global network.

“USAGM’s five news networks produce television, radio and digital content in 63 languages ​​and to a weekly audience of 410 million people. Because of our success in providing coveted coverage in restricted media environments, USAGM and our employees are frequently the target of harassment, hacking and identity theft,” said USAGM CEO Amanda Bennett during the announcement. “This investment will dramatically improve USAGM’s IT security posture and reduce the risk of identity fraud and unauthorized access, protecting both the life and integrity of our agency’s trusted journalism products.”

The TMF website notes that USAGM’s “aging infrastructure” is unable to “appropriately associate devices with individuals” and implement MFA across all applications. According to TMF, the agency’s cloud applications cannot be defended with the same security as its internal network today.

The funding will help USAGM adopt a centrally managed “Master User Record” to address identity management and account management challenges, while allowing the agency to implement a Secure Access Service Edge framework “to support all remote employees of the… Authority and the entire authority to protect cloud applications.”

USAGM will also participate in the ZTA federal agency’s working group to “use their collective experiences and lessons learned to optimize their ZTA implementation.”

Agencies have until the end of fiscal year 2024 to implement a Zero Trust architecture in their networks. And Federal Chief Information Security Officer Chris DeRusha — who sits on the TMF board — has said that an important trade-off for agencies receiving TMF funds for Zero Trust is to share their knowledge and experience with other departments.

“We picked a couple of agencies and on the contract that we reclaimed from them, we said, ‘Hey, you’re getting your money right now. Where others are trying to get their money in ’23 or future budget requests, we will turn that over to you immediately,'” DeRusha said during the Authenticate conference last October. “And the compact back is, we need it to be a corporate asset. We want to catch up on what you learn from it and work with it [the Cybersecurity and Infrastructure Security Agency] and others from the center to learn those lessons.”

Other agencies receiving Zero Trust architecture funding from the TMF include USAID, the Office of Personnel Management, the Education Department, and the General Services Administration.