Made with FlowPaper - Flipbook Maker
SPRING 2021 TRIBALNETONLINE.COM what IS possible...4 | tribalnetonline.com Copyright © 2021 TribalHub® All rights reserved. TribalHub is the parent company of the organizations: TribalNet™, TribalWise™, TribalValue™ and TribalFocus™. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. Although the author and publisher have made every effort to ensure that the information in this publication was correct at press time, the editor, authors and publisher do not assume and hereby disclaim any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from negligence, accident, or any other cause. E: contactus@tribalnetonline.com P: 269-459-9890 TRIBALNETONLINE.COM We hope this issue brings a symbolic ray of sunshine to all of our readers! My overly optimistic mindset has come in handy in the last year or so as we've all had to consume so much negative. We at TribalHub recognize and empathize with our readers for the struggles that may have occurred both in their personal and professional lives this past year, I say that 100% from the heart. I do hope though that for at least a moment when this all started (and along the way) that our readers have said to themselves, "this can't last forever" or "the silver lining of all of this is". I know I did and still continue to find things that are part of my life and workplace that aren't just different but actually better. Good things...in fact GREAT things can come out of chaos. And if chaos isn't a word you could use in describing 2020 and the first part of 2021, I might need to freshen up on the definition. In this issue TribalNet is sharing the good, the positive, the creative, the innovative, the trend-setting, the boundary pushing, the things that make our lives, communities and busi- nesses better. We all deserve to consume all that's positive- - so this issue we are making an effort to focus on all of what's good and all of what IS possible . We want to bring back the vibes in 2021- we hope you will join us. Shannon Bouschor TribalHub, Director of Operations shannonb@tribalhub.com WELCOME TO TRIBALNET’S MAGAZINE FROM SHANNON BOUSCHOR TRIBALHUB’S DIRECTOR OF OPERATIONS Find and Follow Us On: LinkedIn https://www.linkedin.com/company/tribalhub/ Online Community https://community.tribalhub.com/ Podcast Channel https://tribalhub.podbean.com/ BE SURE YOU'RE PLUGGED IN TO THE HUB ALL YEAR LONG! P. 8 TRIBAL GOVERNMENT VS. COVID-19: A DIGITAL TRANSFORMATION IN THE FACE OF THE PANDEMIC by Aaron Wheeler P. 60 TELEMEDICINE SOFTWARE USE IN INDIAN COUNTRY by Reese Weber P. 32 SPORTS BETTING PARTNERS A TRIBAL PROPERTIES JOURNEY- SELECTING, ESTABLISHING AND \ WAGERING OPPORTUNITY by Richard Rader P. 20 THE ANATOMY OF A SUPPLY CHAIN ATTACK by Marcus Fowler AGNECY UPDATES 16 IHS: Indian Health Service 22 FirstNet 30 NTIA: National Telecommunications and Information Administration 46 FBI-CJIS: Federal Bureau of Investigation - Criminal Justice Information Services Division 50 FCC: Federal Communications Commission 61 USDA/RD: United States Department of Agriculture Rural Development 68 CISA: Cybersecurity and Infrastructure Security Agency TRIBALHUB HAPPENINGS 3 TribalNet Conference Networking Events 3 Meet 2021 TribalNet Conference MC- Dr. James Stallcup ("aka Jimmy Joe Coltrane") 4 Stay Plugged into the Hub 7 TribalHub Associate Members 13 Q&A with Tribal Hospitality F&B Leaders 18 Security- Tribal Information Sharing & Analysis Center 26 TribalHub Industry Insights 31 TribalWise Online Training 38 2021 TribalNet Advisory Boards 38 TribalFocus Consulting 52 TribalValue Program and Partners 62 Hear from Your Peers- Improving Security Posture 64 TribalHub Membership - 2021 70 TribalNet Conference and Tradeshow FEATURES 8 TRIBAL GOVERNMENT VS. COVID-19: A DIGITAL TRANSFORMATION IN THE FACE OF THE PANDEMIC by Aaron Wheeler 10 THE JOURNEY TO THE CLOUD by Charles Scharnagle, George Wood & Greg Howe 20 THE ANATOMY OF A SUPPLY CHAIN ATTACK by Marcus Fowler 24 THE HISTORY OF TELEHEALTH IN AMERICAN INDIAN AND ALASKA NATIVE COMMUNITIES by Reese Weber 28 TRIBAL PRIORITY WINDOW... NOW WHAT? by Forest James 32 SPORTS BETTING PARTNERS A TRIBAL PROPERTIES JOURNEY- SELECTING, ESTABLISHING AND WAGERING OPPORTUNITY by Richard Rader 34 TODAY'S FORECAST: CLOUDY by Josh Weber 36 2.5 GHZ TRIBAL SPECTRUM BROADBAND –WHAT’S COMING TO ALASKA? by Shawn Williams 40 THE BRAVE NEW WORLD OF NFT S by Ram Patrachari 42 THE PANDEMIC ACCELERATED COMMUNICATION REVOLUTION INSIDE HOTEL ROOMS by Karm Choudhry 44 THE GAME HAS CHANGED by Glenn M. Wilson 49 TRIBAL GOVERNMENT DECISION POINTS IN THE EXERCISE OF DATA SOVEREIGNTY by Christopher Chaney 53 BANKROLL ON FOOD SERVICE CONVENIENCE WITH THE 365 PICOCOOLER by Melissa Bombetto 54 CHAMPIONING TRIBAL CYBER SECURITY STRATEGY - LEAD FROM THE TOP by Jennifer Lyn Walker 58 HOW PORTAL TECHNOLOGY HELPS TRIBES SAFELY SERVE THEIR MEMBERS by Rob Jacobs 60 TELEMEDICINE SOFTWARE USE IN INDIAN COUNTRY by Reese Weber PRODUCT SPOTLIGHTS & MEET YOUR VENDORS 12 GIG 14 NexGen 63 GAN SPRING 2021 AD INDEX 2 Nutanix 6 Adobe 6 OIGA 9 Fortinet 11 eConnect 17 NextGen 19 Arctic Wolf 21 Darktrace 23 3M 25 Healthpac 27 Power & Tel 27 Link Technologies 29 Tibco 33 Kambi 35 Casino Cash Trac 37 CHR Solutions 41 Cendyn 43 Nevotek 45 Veeam 47 GAN 47 intelligentTag 48 Handel IT 51 Dell Technologies 53 365 PicoCooler 55 RSM 56 NATRC 59 Arctic IT 61 Summit Partners 67 Esri 69 DocuSign SPRING 2021 | TRIBALNET MAGAZINETRIBAL-ISAL MEMBERSHIP Available to tribally owned s, enterises, ts and healcens. embership (1 Use)………........$ rship (1-4 Users)………….......$ ership (up ts)……….$ re as of Januar021 and are subject to change. ribal-ISAC support options are available separately. RIBAL-ISAC MEMBERSHIP INCLUDES MEMBERSHIP TING PARTNER TRIBALHUB*. Strengparedness and resilieout cyber security annd costly breaches hoson by joining the nati a member of this safribal security infod on improving the secd tral enterprise. already includes member tribes from ited States that are active in monthly receiving daily and weekly threat information, and confidentially sharing vital and timely information to the Tribal-ISAC community. Join us today or learn more by registering or watching the new member video online at www.tribalisac.org. SUPPORTEDBY: PHONE:269-459-9890•EMAIL:contactus@tribalhub.comAfter identifying a target, attackers then leverage a vulnerability in target zero to send malicious code for broader delivery to primary targets. Attackers will look for the right mix of vulnerability and target accessibility, and will then create their access point and the gateway for the attack will be open. In the case of SolarWinds, this was via a software update. Since vetting or identifying every external code alteration in specific upgrades or third-party updates would be incredibly difficult, it is unrealistic a company would identify an update as malicious. On the other hand, it is equally unrealistic to simply halt all software updates and upgrades, as many of these are fixing newly identified bugs or vulnerabilities – so, there is little way for companies to protect against these attacks. No company wants to be the victim, or worse, the delivery mechanism for a supply chain attack. When it comes to third-party suppliers, the reality is that their vulnerability becomes your vulnerability by extension. Because you can’t be the one that secures their environment, you need to be able to monitor and detect all activity they conduct within your digital enter- prise. Fundamentally, rules-based tools fail to do this, as the rules are constantly changing, which is why thousands of organizations are leaning on technologies like AI to be able to identify even the most subtle indicators of attack within an enterprise – even if that attack has never been seen before. In fact, while attackers may be able to success- fully bypass a prevention-centered defense strategy via a supply chain attack, if their attack is detected and disrupted the second they attempt to operationalize their access, a full-blown attack can be prevented. By moving laterally within an environment, exfiltrating data, or encrypting files, attackers expose themselves, leaving an opening for defenders to detect and disrupt the attack. Ultimately, the benefit of an AI strategy within cybersecurity is the ability to detect and disrupt attacks like these the moment attackers strike. A self-learning, unsupervised application of AI technology allows it to respond to attacks of speed and scale instantaneously, anywhere in the supply chain. Even if an organization is breached, it is possible with high levels of visibility and deep knowledge of your envi- ronment for business operations to continue, undisrupted, and for cyber resilience and data security and assurance to stay intact. T he threat actors behind the infamous SolarWinds campaign targeted software supply chains as an avenue into corporate infrastructures in order to spread malware at an incredible speed and scale. Through compromising a trusted supplier, the attackers managed to infect organizations at even the highest levels of business and government, revealing the glaring fallibility of legacy security tools. Now that supply chain attacks are increasingly entering the public conversation, it is critical that we understand what drives them. Why do attackers look to leverage the supply chain and how are they able to conduct these attacks? Let’s start with the why. Many high-value target organizations have robust security and are therefore incredibly hard to breach head-on. However, motivated attackers will look to other methods to make their way inside. They can first target less secure third-party software or hardware suppliers, allowing them to effec- tively pivot through the underbelly, moving further up the supply chain to successfully reach the very heart of their target organization — all through ostensibly legitimate avenues. Now for how they are able to do this — the most critical first step is identifying target zero. Here, attackers will first select either a specific hard target or a specific supplier with access to multiple targets of interest. When a hard target is identified in advance, attackers can strategically go after each of its suppliers to optimize the chance of success. Alternatively, if the target is a specific supplier, attackers will be able to gain access to a large number of organizations by exerting the effort required to infiltrate only one. This was the case with the SolarWinds campaign, as well as previous attacks such as the hacking of a widely used downloadable computer software called CCleaner, which specifically targeted big names like Intel, Google, Microsoft, and Samsung. BY MARCUS FOWLER DIRECTOR OF STRATEGIC THREAT, DARKTRACE ABOUT THE AUTHOR Marcus Fowler spent 15 years at the Central Intelligence Agency developing global cyber operations and techni- calstrategies prior to joining Darktrace in 2019. He has led cyber efforts with various U.S. intelligence community elements and global partners, and has extensive experience advising senior leaders on cyber efforts. The Anatomy of a Supply Chain Attack 20 | tribalnetonline.com FEATURE | CYBERSECURITY AND AI STRATEGIESThe History of Telehealth IN AMERICAN INDIAN AND ALASKA NATIVE COMMUNITIES “C an a human body withstand space travel?” In the late 1950s, the race for space had NASA scientists trying to figure out how our bodies would physically react to the lack of gravity, space radiation, and traveling at the speed of rockets. By 1961, they were ready to launch the first manned space mission from the United States, Mercury 3 (MR-3), which sent astronaut Alan Shepard on a 15-minute sub-orbital flight. Shepard was equipped with a suit that not only provided him with oxygen and air pressure, but was also filled with bio-instruments that continuously monitored electrocardiogram, respiratory rate, and body temperature. With that, the notion of telemetry – or remote medical monitoring – was born. As space travel progressed, it was quickly realized that if astronauts were sent into the cosmos for longer periods of time, we’d have to figure out a way to solve medical emergencies in space, from earth. By utilizing satellites that had been sent into orbit, NASA expanded their relatively simple telemetry capabilities to include storing and forwarding photo and video uploads, remotely-guided treatments, and more in-depth telemetry technologies. In 1971, domestic policy in the US drove NASA to expand its relevance by utilizing existing technologies to stimulate the struggling economy. One proposal was that the modality used to remotely care for Apollo astronauts could be leveraged here on earth – connecting rural and remote areas in the US with distant health care providers. NASA partnered with Indian Health Service (IHS) to pilot the first terrestrial telemedicine program, providing remote health care to the Papago (now Tohono O’odham) people of Southern Arizona. The project, named Space Technology Applied to Rural Papago Advanced Health Care (STARPAHC), designed and tested technology that linked mobile support units. Using NASA satellites along with innovative methods such as microwave relays and VHS, they provisioned communication between physicians in remote clinic sites with the IHS hospital in Phoenix. The four-year project was considered a success; in the 1979 report “Technology Serves the People” Dr. Rashid Bashshur concluded that “the telemedicine concept had real merit not only for the Papago [Tohono O’odham] Reservation in overcoming accessibility 24 | tribalnetonline.com FEATURE | TELE-HEALTH BY REESE WEBER CHIEF INFORMATION SECURITY AND PRIVACY OFFICER, INDIAN HEALTH SERVICE, CALIFORNIA AREA OFFICE ABOUT THE AUTHOR In her current role, Weber works with Federal, Tribal and Urban healthcare facilities throughout California to improve their cybersecurity posture, technical infrastructure, privacy and security policies, and HIPAA compliance. In her 10 years at IHS, she served as both the System Administrator and Information System Security Officer (ISSO) before becoming the California Area Office CISO. Weber holds an MBA from Brandman University, a graduate certifi- cate in Public and Non-Profit Leadership, a BBA in Information Systems, and the highest information security credential, Certified Information Systems Security Professional (CISSP).FEATURE | BROADBAND 28 | tribalnetonline.com Tribal Priority Window… Now What? 2020 was a year of chaos and opportunity. It was also the year that the precedence of “wireless spectrum” as a natural resource, owned by tribes, was born. The Tribal Priority Window saw approximately 400 tribes apply for 2.5 GHz Educational Broadband Service (EBS) licenses over tribal land. To date, approximately 240 licenses have been granted; the remainder are pending. If you are one of the 240 tribes you may be asking yourself, “Now what?” As a native broadband firm, we have worked with hundreds of tribes, and one of the most common questions we get is, “Where do we start?” While there is no one-size-fits-all approach, there are common principles that create unique broadband solutions for each community. It is important to understand that while the spectrum is a critical first step, the questions in front of us now are even more crucial. EBS spectrum is not a “silver bullet” — it is a prompt for action. This bankable asset and natural resource enables the proliferation of broadband across the reservation and creates the potential to lease the resource to another entity. This is not a cash cow. Rather, it is a critical piece of a complex puzzle that bridges the digital divide. The urgency of the matter requires an integrated multifaceted approach. At EnerTribe, the secret sauce to success is how we apply an indigenous methodology in the planning, design, and implementation. In the most basic form the broadband road map is: funding - planning - funding - engineering - construction - identify growth project - operations - maintenance. FUNDING Broadband networks are expensive. They require large capital investments and special- ized labor to build and operate. Because of the cost, our communities usually start with funding for planning. However, planning and construction ought to be tied together to maintain community momentum. In any case, there are three methods of funding. STATE AND FEDERAL GRANTS There are positive, even critical, ingredients to using grant funds. Some challenges might include department resources, project timelines, reimbursement processes, and compliance. However, grant funding does not always need a “linear form.” This means that multiple phases and grants should move forward in parallel whenever possible. CONTRACTORS Private funding is possible through contractors and investors. In such partnerships, it is ABOUT THE AUTHOR With an entrepreneurial spirit and great interpersonal communication skills, Forest brings a grassroots approach to solving the digital and economic divide found in North America for both native and non-native rural communities. Forest is a wireless engineer and a citizen of the Tolowa Dee-ni Nation and has helped hundreds of tribes plan, fund, and build $250,000,000+ in fiber, wireless, and network infrastructure projects. BY FOREST JAMES (CH’EE-TAA-GHEE-NE)CEO ENERTRIBE, INC. ACKNOWLEDGEMENT TO BYRAN MARCLE TECHNICAL EDITOR, ENERTRIBE, INC. O ptimizing the use of data across many departments can create opportunities that drive the vision of the organization. In recent years, many vendors have shifted their software deployments to either cloud or hosted solutions. Cloud offerings have the potential to provide a myriad of benefits. However, despite all those benefits, there is one question you may not be considering when making a purchasing decision: “What about my data?” If you do not ask that question, you may unintentionally create a roadblock preventing optimal use of your organization’s data. Gaming operations are unique when it comes to maximizing the use of data because of the number of systems that are often in place. Gaming properties of all sizes operate many different lines of business to provide the best experience for their customers and employees. Consider your operation for just a moment. How many different systems do you have in place for CMS, Table Games, Sportsbook, Kiosks, F&B, Hotel, Spa, Recyclers, GL, Timekeeping, etc.? If any one of these systems does not seamlessly fit into your organization’s data infra- structure, it can create the need for daily manual interventions. To avoid inadvertently creating roadblocks there are three questions you should ask yourself when considering a move to a cloud offering: 1. HOW DO I ACCESS MY DATA? Gaming has traditionally relied upon on-premises software deployments, which provide access to the thousands of data points generated each day on the casino floor. Cloud offerings rarely provide a database connection, but they do provide other methods to access your data. The most common data access point is offered through an API. APIs are generally licensed at an additional cost and can come in a variety of forms. Questions to take into consideration when an API is offered include: Do I have the internal IT skillset to pull data from the API? How flexible is the vendor if I would like an additional datapoint? How well-documented is the API? Are breaking changes published? Is there a limit to how often data can be accessed? Vendors may also offer flat file exports as an alternative to an API. These files are straightforward, and vendors have used them for years. There are a few other questions to ask if flat files are offered: How are the flat files delivered? At what frequency are the files delivered? Is the export in a format that is easy to work with (CSV, JSON, XML, etc.)? How flexible is the vendor if you would like an additional data point? BY JOSH WEBER VP OF SERVICES, CASINO CASH TRAC ABOUT THE AUTHOR Josh Weber is the Vice President of Services at Casino Cash Trac. He has over 20 years of experience in software delivery, technical solutions, customer relations, and consulting services. Since 1999 he has imple- mented dozens of complex projects for a diverse set of clients including international and domestic commodity trading firms, airlines, and bank across US, EMEA, and APAC. TODAY’S FORECAST: CLOUDY 34 | tribalnetonline.com FEATURE | CLOUD TECHNOLOGYO ver the next few months, tribes across America will be given the opportunity to equip their communities with affordable and fast broadband. This opportunity will be surprisingly affordable since the Biden Administration will help you pay for it. President Biden recently announced his focus on a trillion-dollar infrastructure bill – this means billions of dollars for roads, water, sewer, and broadband. There are two ways to get broadband (internet faster than 25X3): directly from a satellite provider (Starlink, HughesNet, Viasat) or from a telecom/tribal provider. Let’s explore the first option. Most of us have heard about the low earth orbit (LEO) satellite provider Starlink by SpaceX. Is it really all it appears to be? Many companies question the viability of Starlink’s business model. At Pacific Dataport we have more than 100 years of remote satellite tele- communications experience and collectively, we share great doubt Starlink will be able to sustain its low prices and fast broadband. As more people subscribe to Starlink’s service, one concern is there will be less capacity available per user. Starlink would also need to figure out how to build terminals for less than the estimated production cost of $1,500 each. At this point, they’re losing about $1,000 on each unit. There is also the challenge of orbital debris mitigation as well as the hurtle of sharing the 12GHz spectrum with competitors. Finally, to serve Alaska, they would need to develop affordable laser interconnectivity, build nearly 1,000 satellites with this feature, and launch them into polar orbit – after receiving permission from the FCC. This could take years. The second and more traditional business model of broadband delivery is one in which a satellite, fiber, or microwave middle-mile provider connects the local telecom or tribe to the internet, and the local provider sells broadband to residents. This model allows tribal ownership, independence, and the possi- bility of receiving grants to lower the retail price even more. Almost all of Alaska qualifies as tribal lands and the FCC Lifeline Emergency Broadband (EBB) program allows $75 per month towards each tribal household for some monthly plans, making the monthly cost to the consumer considerably more affordable. BY SHAWN WILLIAMS VP OF GOVERNMENT AFFAIRS AND STRATEGY, PACIFIC DATAPORT ABOUT THE AUTHOR Shawn Williams is the VP of Government Affairs and Strategy for Pacific Dataport in Anchorage. He’s a 40-year resident of Alaska and former Assistant Commissioner of Commerce for the State of Alaska. Shawn is a member of the Karuk Tribe of California, earned a BA in Economics at the University of Alaska, Anchorage and an Executive MBA in Strategic Leadership at Alaska Pacific University. Contact him directly at swilliams@pacificdataport.com . 2.5 GHz Tribal Spectrum Broadband – What’s coming to Alaska? FEATURE | BROADBAND IN ALASKA 36 | tribalnetonline.com Next >