FedHealthIT’s Executive Vice President, Susan Sharer sat down recently with Cesar Tavares, Octo Consulting’s Sr. Director of Technology, to discuss a recent blockchain initiative at HHS.
What was the Project?
The genesis of this came from a Government-wide Department of Homeland Security’s Continuous Diagnostics & Mitigation (CDM) directive that asked agencies to implement security monitoring in the hopes of strengthening security postures.
There are multiple ways agencies could act on this directive, like implementing an auditing process or a dashboard able to identify issues. At the Department of Health & Human Services (HHS) specifically, Chief Technology Officer Oki Mek and Chief Information Officer Jose Arrieta, are spearheading the Agency’s efforts to leverage emerging technologies that can help solve multiple challenges with one solution, and there was an opportunity to apply our expertise with blockchain.
How does it Work?
CDM relies heavily on log data, and as part of its process looked at specific use cases with HHS’ consolidated acquisition solution, especially those dealing with its log auditing. As any technologist can tell you, every computer generates logs that help determine what happened at any given point. The challenge with this process is that a small percentage of these logs can be corrupted or have inconsistencies or vulnerabilities. If the data from these logs cannot be trusted, that could lead to damaging security vulnerabilities and unreliable CDM reports.
When we sat down and conducted human centered-design (HCD) we found that employees at higher levels within the Agency thought they were getting what they needed from the process, but as we went through the organization chart and spoke with HHS’ information security officers, we heard they were spending weeks and months chasing down a small amount of identified issues, sometimes never knowing definitively what actually happened when they could have been focusing their time on the larger picture.
Our vision was to create a quick source of truth and usability to ensure logs couldn’t be changed; that they were available in real-time, at a low impact and cost, and of course, that they were secure. Ultimately, we wanted to roll out a trusted system.
Blockchain creates Logchain
Using blockchain to analyze transactions, we were able to track what was deleted or updated, by whom the changes were made and on what machine, and in so doing, we created Logchain. The real power of blockchain is the usability and the distributed nature of the data. The idea is for HHS to have the power to add other customers or programs through nodes that will ultimately develop an economy of log assets. Having this, agency leaders can always know what happened during a transaction, which has the potential to be implemented enterprise-wide through this blockchain network.
There are still some policies in place that need to be adapted to allow for connecting different network nodes, and there are still some technical challenges ahead, but this project is a great start. The story showcases the capability that is there and can be applied in different use cases.
There is great potential for a lot of technologies, but you don’t know what you don’t know. To learn what works for your organization you have to test the unknown, to put these technologies in place, allow your team to try them and to let them evolve. Fortunately, HHS has leaders like Oki and Jose who are willing to take the risk required to push their organization forward.
About Cesar Tavares
Cesar Tavares is Senior Director of Technology and Innovation at Octo, where he helps federal customers in their IT modernization efforts to implement emerging technologies such as blockchain, AI, ML, DevSecOps, and others. In particular, he is passionate about blockchain and its potential to transform government processes and systems in order to become more agile, innovative and disruptive. He has more than 20 years of experience in both the federal and commercial space with a client list that includes GSA, USDA, FDIC, USCIS, Cigna, Anthem, WarGaming, Motorola, Nike, and AOL.
A premier provider of technology solutions, Octo empowers federal agencies to modernize faster. It specializes in Agile scalable software development, user experience design, and cloud solutions tailored to meet the unique needs of federal agencies. Known for challenging the status quo and exploring new ways to deliver value, Octo builds flexible IT solutions that evolve with missions, delivering results that last.