Made with FlowPaper - Flipbook Maker
P. 28 CYBERSECURITY BEST PRACTICES: ACHIEVING ZERO TRUST by Andy Jabbour Copyright © 2022 TribalHub® All rights reserved. TribalHub is the parent company of the organizations: TribalNet™, TribalWise™, TribalValue™ and TribalFocus™. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. Although the author and publisher have made every effort to ensure that the information in this publication was correct at press time, the editor, authors and publisher do not assume and hereby disclaim any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from negligence, accident, or any other cause. E: contactus@tribalnetonline.com P: 269-459-9890 TRIBALNETONLINE.COM So. Much. Great. Info!!!! This Spring we are bringing you a PACKED edition of TribalNet's magazine! I am loving the energy that is leaping off the pages from our feature articles and into the minds of our readers. Our agency updates are also full of updates that are critical to tribal governments, health facilities and enterprises and a big thanks to our advertisers for this issue who are providing amazing products and services for our industry. I am also so thankful that we have much more of a clear path and picture of the year ahead this Spring vs this time last year. I am thrilled we are able to provide you with so much great info on the TribalHub, TribalNet and Tribal-ISAC happenings for 2022 and beyond. The digital format of this edition gives us the opportunity to deliver some of our content in an even easier way- using technology to enhance your experience. The theme of this edition is Technology Leading- People, Purpose, Passion. We imagine this theme to be interpreted by our readers in many ways and guess what, that's the point! Technology is at the center of it all. It drives people, purpose and passion. It enables people, purpose and passion. It enhances people, purpose and passion. You get the point. But don't take it from me, take it from all of our awesome contributors this edition and go ahead. Read on... Shannon Bouschor TribalHub, Director of Operations shannonb@tribalhub.com WELCOME TO TRIBALNET’S MAGAZINE FROM SHANNON BOUSCHOR TRIBALHUB’S DIRECTOR OF OPERATIONS SPRING 2022 SPRING 2022 AD INDEX 2 Tukuh Technologies, a Tepa Company 7 Cayuse Native Solutions 11 Fortinet Federal 13 Baicells 15 Adtran 17 FireANTS 19 Omnico 21 AmericanChecked 23 1 st Dragon 24 Arctic IT 29 JTEK Data Solutions 33 Nevotek 35 Acres 37 M S Benbow & Associates 39 Handel IT 43 Tribal-ISAC Share Golf 47 Tribal-ISAC 49 OIGA 4 | TribalNetOnline.com P. 32 SOFTPHONES: THE NEXT EVOLUTION OF THE HOTEL ROOM PHONE by Karm ChoudhryP. 6 CULTURE IS THE ANSWER TO LEADERSHIP by Israel Stone AGENCY UPDATES 10 CISA: Cybersecurity and Infrastructure Security Agency 14 NTIA: National Telecommunications and Information Administration 27 FirstNet: First Responder Network Authority 40 FCC: Federal Communications Commission 48 FBI-CJIS: Federal Bureau of Investigation- Criminal Justice Information Services Division 54 IHS: Indian Health Service TRIBALHUB HAPPENINGS 3 Networking at TribalNet 2022 3 Hear from TribalNet Conference MCs 8 TribalHub Cybersecurity Summit 20 TribalNet 2022 Advisory Board Members 30 TribalNet 2021 Highlights 38 TribalHub Regional Events 41 TribalValue Working for YOU 45 TribalHub Members Get More 51 TribalHub Get Connected 55 TribalHub Associate Members 56 2022 TribalNet Conference & Tradeshow FEATURES 6 CULTURE IS THE ANSWER TO LEADERSHIP by Israel Stone 9 THE BRIDGE BETWEEN PRIVACY & IT SECURITY by John Polling 12 BROADBAND SUCCESS by Forest James & Joni Theobald 16 Q&A WITH FIREANTS- CRYPTO 18 MEET NEW GUEST DEMAND by Shawn Harris 22 TRIBAL COUNCIL & EXECUTIVE GUIDE TO LEVERAGING INFOMATION TECHNOLOGY by Larry Wolff 26 TRIBAL COMMUNITY RECIEVES NEW ADDRESSING SYSTEM FOR NEXT-GENERATION E911 CAPABILITY by Joel Hanson 28 CYBERSECURITY BEST PRACTICES: ACHIEVING ZERO TRUST by Andy Jabbour 32 SOFTPHONES: THE NEXT EVOLUTION OF THE HOTEL ROOM PHONE by Karm Choudhry 34 IS IT TIME FOR NIGC TO ADOPT A FRAMEWORK FOR THE MICS? by Brent Hutfless 36 ARE BLENDED NETWORKS THE FUTURE OF WIRELESS by Kit Keen 42 THE HOLY GRAIL OF MODERN CYBERSECURITY by Bill Travitz 44 INFORMATION TECHNOLOGY PROJECT MANAGEMENT by Dr. Byrian Ramsey 46 BUILDING A SECURITY-CONSCIOUS CULTURE by Rebecca Fisher 50 Q&A WITH STEVE NEELY AND JEFF DEBROSSE- AI & ROBOTICS P. 12 BROADBAND SUCCESS by Forest James & Joni Theobald P. 54 AGENCY UPDATE- IHS: INDIAN HEALTH SERVICE TribalNetOnline.com | 5 P. 26 TRIBAL COMMUNITY RECEIVES NEW ADDRESSING SYSTEM FOR NEXT- GENERATION E911 CAPABILITY by Joel HansonARE LEADERS BORN OR DEVELOPED? There are arguments to be made on both sides of this question. I want to share a story with you about how I came into leadership at the “Bob and Mary Stone Summer Camp” for Underprivileged Native Youth. When I was younger, while all my friends were on their way to real summer camps, I was off to a much different kind of camp. My journey would begin early in the summer. My Uncle Bob would show up in his old Ford pickup truck with a camper top on the back. My brother and I would pack up our clothes and climb into the back of the truck and we were off on our journey from Michigan to Wisconsin. We knew from previous years that a few things were certain; first, when we arrived there would be black ash soaking in the creek waiting to be pounded into strips for black ash baskets, and second, that we were going to be put to work on my Aunt Mary’s family farm. This was the Bob and Mary Stone Summer Camp for Underprivileged Native Youth - MY “summer camp” experience, which taught me my first lessons in leadership. Over the summer months, my brother and I spent many long days pounding ash which resulted in bruised hands and some cuts, scrapes, and slivers. Very early on I decided that I had a stronger aptitude toward leading than performing the work. My uncle was a traditional man and used every opportunity to teach us a lesson. When I got caught trying to supervise the work being done instead of helping do the work, as expected, a lesson followed. This particular lesson was that as a leader, you can’t lead and won’t earn the respect of people without first doing the work yourself and building a relationship with those you work with. The lesson here was respect! As the summer went on, many other lessons followed, like the time I was working at the dairy farm and was afraid of the cows. Knowing this, unbeknownst to me, my uncle had a plan to break me of that fear. Across the muddy pasture was the wild cow barn. Each day those cows had to be turned out to pasture. My uncle gave me the responsibility of doing this. I would sneak along the fence, crossing through the pasture to the barn trying to remain out of sight. Once I got to the corner of the barn and eased my way up to the gate, I quietly flipped the latch and swung the gate open, positioning myself between it and the barn. When the cows were far enough away, I made my run to exit the pasture. In my mind, I felt like I was at the Running of the Bulls. When I reached the edge of the pasture, I turned around only to realize that I was never being chased. The lesson here was courage! Another lesson came when we were at a pow-wow and walking around looking at the vendors. I came upon a piece of artwork that I thought was a painting but after touching it, realized that it was a sand painting. That sand painting now included my personal touch – my handprint! I quickly moved on to the next booth, but my uncle knew what I had done and took me back over to the vendor to apologize. The man was very kind and forgiving. However, I knew that the lesson didn’t end there. My uncle spoke to me about honesty and the importance of being accountable for one’s actions. The lesson here was honesty! CULTUREIS THE ANSWER TO LEADERSHIP FEATURE | LEADERSHIP BY ISRAEL STONE ORGANIZATIONAL DEVELOPMENT DIRECTOR, LITTLE RIVER CASINO RESORT ABOUT THE AUTHOR Israel Stone, Organizational Development Director at Little River Casino Resort. Israel’s expertise ranges from executive coaching, organization transformation, succession planning to leadership development. Having twenty years training experience, Israel takes an innovative approach to development utilizing tribal culture and best practices creating unique programs for organizations. He is also a proud member of the Little River Band of Ottawa Indians. 6 | TribalNetOnline.com To close the digital divide after decades of substandard or nonexistent internet service, indigenous communities throughout the United States have embarked on broadband infrastructure projects. The respective projects for each tribe are unique from one another, and different stakeholders are in play at each one. These stakeholders include the tribes, various agencies, and internet service providers. Some tribes have initiated tribally chartered infrastructure projects on their own and have either become a provider or plan to. Others have partnered with a local provider on joint infrastructure projects where mutual ownership and operations occur. In many cases, tribes are working to identify ways to ensure that local providers reinvest a portion of government subsidies into indigenous communities to meet the internet accessibility needs of their citizens. In addition to the various types of projects currently in progress, the tribes are in different phases of development, making strategic planning critical to the projects’ success. Tribes that have completed a Comprehensive Economic Development Strategy (CEDS) may have a tight pulse on which projects may be impacted by broadband planning and can begin developing engineering solutions. Conversely, tribes in the early stages of planning, engineering, and funding require condensed studies and timelines in order to meet current demand. Over the past 10 years, funding has often been the most elusive component of a project, thanks to the legislative climate and lack of private funding sources. Funding for the execution of projects has not been considered a critical need. Instead, the focus has been on identifying where a project is in the” broadband roadmap.” The need for industry-standard designs, engineering, bill-of-materials, project timelines, and work breakdown structures have taken precedence. AGENCIES Agencies have the means to fund project planning and construction, but for a project to go forward, they require a mutually beneficial partnership to be in place. This need is fulfilled by tribes and providers. EnerTribe has had the privilege of working with hundreds of tribes across the country, offering individualized approaches to meet each of their unique needs. The following examples from three states describe the principles EnerTribe employed toward this end. CALIFORNIA With hundreds of tribes in California, collaboration between agencies and tribes is required to achieve a common goal. EnerTribe was contacted by several counties seeking technical assistance in their studies and it soon became apparent that the tribes and counties had similar ABOUT THE AUTHORS Forest is an enrolled citizen of the Tolowa Dee-n’i Nation specializing in infrastructure and economic development projects for indigenous communities. Forest and his team have decades of experience in planning, funding, engineering, and constructing broadband infrastructure projects for hundreds of tribes, dozens of agencies, and providers. Joni Theobald is a member of the Lac du Flambeau Lake Superior Chippewa Tribe in Wisconsin, and has been involved with many tribal broadband feasibility projects, as well as a panelist for the Connect American Funding and Understanding Erate (USAC) workshops. She led the northern WI tri-county broadband feasibility study, leading discussions and presentations on broadband needs to northern rural town boards. BY JONI THEOBALD COO OF ENERTRIBE BY FOREST JAMES CEO OF ENERTRIB 12 | TribalNetOnline.com FEATURE | BROADBAND ACTIVE PARTICIPATION BY ALL STAKEHOLDERS EQUAL SUCCESSFUL BROADBAND INFRASTRUCTURE PROJECTS BROADBAND SUCCESSINTERVIEW WITH CHRISTIAN DOUANGPHOUXAY CHIEF OPERATION OFFICER, FIREANTS CRYPTO INC. FEATURE | Q&A WITH FIREANTS- CRYPTO Q A In the simplest way possible, how would you define crypto? Cryptocurrencies don’t have a central computer or server. Instead, they are distributed across a network of thousands of computers. Networks without a central server are called decentralized networks. Instead of going through banks or third parties, users deal with each other directly. With no third parties, users don’t have to rely on the system for it to work. Therefore, users are in complete control of their money and information at all times. What are the biggest hurdles in the acceptance of crypto and how would you advise people to tackle those obstacles? Integrating cryptocurrency needs to be made simple. As developers increasingly realize how easy it can be to integrate crypto into their apps, a more equitable digital ecosystem will follow. How do you see crypto playing into tribal gaming operations? Crypto casinos and the technology used to build them are fantastic concepts. Tribal gaming operations need to adapt to the world of blockchain technology to avoid falling behind the competition. The appropriate and effective use of cryptocurrencies solves the most difficult challenge for players — the timely transfer of funds between accounts while maintaining complete transparency and security. What steps do you think tribal leadership could take to prepare the younger generation for what crypto might mean in their future? Education in cryptocurrencies and blockchain technologies is essential and will ensure tribal sovereignty and prepare the next generation to adapt to the latest innovations. What can you tell us about what your company FireANTS Crypto Inc does? FireANTS Crypto Inc. develops and utilizes cryptocurrencies to promote payment systems, tribal sovereignty, philanthropy, and the creation of a custom metaverse. FireANTS Crypto Inc. operates its own native FireANTS blockchain and is interoperable with other blockchains such as Ethereum and BinanceSmartChain. Anything else you would like to share with our readers? FireANTS Crypto Inc. is a crypto company that builds a metaverse that allows tribes to have their own secure, proprietary, dedicated virtual space. Come and join the FireANTS Crypto family! Question & Answer with 16 | TribalNetOnline.com THE FCC’S OFFICE OF NATIVE AFFAIRS AND POLICY MATTHEW DUCHESNE Chief 202-418-3629 matthew.duchesne@fcc.gov SAYURI RAJAPAKSE Deputy Chief 202-418-2579 sayuri.rajapakse@fcc.gov JANET SIEVERT Senior Legal Advisor 202-418-1362 janet.sievert@fcc.gov LLOYD COLLIER Legal Advisor 202-418-2712 lloyd.collier@fcc.gov DERIK GOATSON Legal Advisor 202-418-1981 derik.goatson@fcc.gov AGENCY UPDATE: FCC FEDERAL COMMUNICATIONS COMMISSION (FCC) FEDERAL COMMUNICATIONS COMMISSION (FCC) is committed to ensuring that affordable and reliable at-home broadband service is available to everyone, everywhere. Core to that commitment is ensuring that tribal communities can connect, create, and thrive online. To help tribal communities recover from the dual health and economic hardships of the COVID-19 health crisis, the FCC is currently working to update our broadband coverage maps, develop new strategies to help connect schools and tribal libraries through our E-Rate Universal Service Fund support program, and expand our community partnerships to raise awareness about the new Affordable Connectivity Program, which provides eligible households on qualifying tribal lands a discount of up to $75 on their monthly internet bill. Affordable Connectivity Program (ACP): This $14 billion, long-term broadband affordability program was created by Congress in the Infrastructure Investment and Jobs Act and replaces the temporary Emergency Broadband Benefit (EBB) Program. The ACP offers eligible households a discount of up to $30 on their monthly internet service bill or up to $75 a month for eligible households on qualifying tribal lands. The ACP also provides a one-time discount of up to $100 towards the purchase of a laptop, tablet, or desktop computer. The ACP introduces new ways for households to qualify, removes pandemic-related eligibility qualifiers, and allows households to apply the monthly discount toward any internet service offering and taxes and government fees associated with their subscription. For more information about the ACP and how to enroll please visit https://ACPbenefit.org. Questions about the ACP may be emailed to ACPinfo @fcc.gov. The Commission is conducting extensive outreach campaigns in collaboration with participating providers, state, local, and tribal governments, and is currently seeking new outreach partners to help promote the program. Organizations and individuals interested in becoming an outreach partner are encouraged to sign up using this link: https://www.fcc.gov/acp. If you are an internet service provider that wishes to participate in the ACP you can access more information about the enrollment process here: https://www.usac.org/ about/affordable-connectivity-program/participate-in-acp. Broadband Data Collection: In the Broadband DATA Act, Congress directed the Commission to collect data on broadband availability and quality of service from providers and make this information publicly available on new coverage maps. Congress also required the FCC to establish processes for tribal entities and others to improve the accuracy of this data. As part of this broadband data collection, government entities – including tribal governments – are encouraged to submit their own broadband availability data, and will be able to separately submit data challenging service providers’ broadband availability maps. More granular and detailed data will provide all stakeholders with a better understanding of where additional investments are needed. To learn how to submit broadband availability data directly to the Commission or attend our next virtual workshop please visit https://www.fcc.gov/BroadbandData. For questions about our ongoing mapping efforts please email BroadbandDataInquiries@fcc.gov. AGENCY UPDATE | FEDERAL COMMUNICATIONS COMMISSION (FCC) 40 | TribalNetOnline.com W e’ve all heard the term zero trust in the modern cybersecurity lexicon – but what is it and how do we get there? Building a zero trust network is a particular challenge In a world with existing systems that must remain online and services that must continue to be available to constituents and customers. For those of you who are deep into cybersecurity, I apologize in advance for the high level of fluffiness to follow. Let’s address briefly the “what is it” question. Zero Trust Architecture (ZTA) is a set of principles – a roadmap – to thinking about security not as perimeter defense, but in terms of people (identity), services, and the movement of data (how much, where and what kind). A detailed description of what ZTA entails is well beyond the scope of this column. The National Institute of Standards and Technology has a publication that sums it up nicely. That document can be found here: Zero Trust Architecture (nist.gov). These principles can be implemented in different ways, over many different platforms, including cloud architectures, on premises, and hybrid environments. The pace of your journey to ZTA will vary depending upon the complexity of your operation, and to a large degree, the number and scope of legacy applications that you must support. In full disclosure, my perspective will come from implementing this across the Microsoft Azure platform. As many of you are aware, I am the IT Director for the Eastern Band of Cherokee Indians (EBCI). We were the victims of a ransomware attack on December 7, 2019, and we were completely incapacitated as a result. Fortunately for us, we were Microsoft 365 Enterprise E5 license-holders at the time. We were using a small fraction of the available capabilities then. Exchange online email was the major component and was one of the only systems still standing in the aftermath. The point of this is that there is nothing quite like a blank page to begin your ZTA journey. We’ve fully embraced the cloud and to a team member, would never go back. We are two years into the process of implementing ZTA and the benefits are numerous. With 20/20 hindsight in full effect, many of the legacy “perimeter defense” concepts employed at the EBCI were aggravating factors in the scope and speed of the attack. These weaknesses included complete “east-west” trust between our servers and endpoints, persistent administrative accounts, stale passwords, lack of multi- factor authentication (MFA), and the list goes on. So let’s focus for a few moments on the “How do you get there” piece of implementingZTA. THE HOLY GRAIL OF MODERN CYBERSECURITY FEATURE | CYBERSECURITY BEST PRACTICES BY BILL TRAVITZ DIRECTOR, OFFICE OF INFORMATION TECHNOLOGY, THE EASTERN BAND OF CHEROKEE INDIANS ABOUT THE AUTHOR Mr. Travitz is a 37 year, IT veteran. He has served the Enterprise, Small and Medium Business (SMB) as well as Federal, State, Local and Tribal Governments. He’s worked in network engineering, software development, information security and IT leadership. For 20 plus years he was President at Elant Systems, Inc, a provider of outsourced IT for SMB’s. Currently, he is the Director of the Office of Information Technology at the Eastern Band of Cherokee Indians. There he led a complete digital transformation effort from fully on-premises to a cloud based, zero trust architecture. 42 | TribalNetOnline.com SPRING 2022 | TRIBALNET MAGAZINE an intruder picks up an object, preventative measures can be applied. It’s like having a guard next to each object, willing to take it away if someone tries to move it without proper authorization – a dramatic oversimplification I grant you, yet it does illustrate the point. In the Microsoft Azure world, ZTA was implemented moving to a zero east/west trust architecture. No traditional AD Domain joins are allowed. The identity of the user controls all security and movement through the network. Further, all endpoints (devices) must be deemed compliant with the security model before they are allowed to attach. The criticality of an endpoint management system cannot be understated. It ensures that only authorized applications are allowed on devices and that they must be fully up-to-date to be given access. Implementing zero persistent admin (ZPA) using Azure Privileged Identity Management (PIM) is a major step forward. Just-in-time elevation is enforced through an approval matrix. There are no “service accounts” to be potentially compromised. ZTA cannot be properly addressed without considering the concept of data governance – the process of labeling data according to its sensitivity. You can then use AI tools to detect and prevent unauthorized data movement. We’ve only scraped the surface here. My final advice is to avoid trying to “boil the ocean.” Be deliberate and go for the low-hanging fruit. You’ll reap the rewards. As always, we’re here to help if we can. We’re in this together. First, you must fully embrace a “trust no-one” mindset. That includes external and internal threat actors. You must assume that you are already compromised. That is known as the principle of assumed breach. When you move there mentally, it’s a paradigm shift. You move from thinking about how to keep people out to assuming someone will gain access and considering what happens to your data when they do. You’ll be focusing on limiting the spread of the damage. Early on, we moved from the traditional security model, which is primarily device- centric, to an identity-centric architecture. In other words, we went from a castle with a moat and tall walls where, once inside, someone can move freely, to a place where once inside, a person’s whereabouts, objects they touch, and the relative value of those objects are tracked in detail. Further, when 1st Annual Tribal Share Golf Outing A day of HACKtivism - Fore the love of TRIBAL ISAC For more information on opportunities to play or sponsor this event contactus@tribalhub.com HOSTED BY: FUN, FOOD, DRINKS AND PRIZES A great way to start your week off at TribalNet! Conference & Tradeshow 23 RD ANNUAL MONDAY SEPTEMBER 12, 2022 8:30am Shotgun Start 4-Person Scramble The Club at ArrowCreek- Reno, NV Bus transportation to and from Grand Sierra provided Proceeds will support & fund Tribal Share/Tribal-ISAC, a 501c3 non-profit Next >