Nextgov/FCW - Authors - Adam Mazmanian

DOD plans $1.4B sole source extension for Leidos on health care record

Adam Mazmanian — Wed, 23 Oct 2024 16:23:00 -0400

The Pentagon is planning a $1.5 billion sole-source extension for Leidos to act as integrator on MHS Genesis, the Defense Department's electronic health record program, according to contracting documents released late last week.

Leidos won the 10-year contract to implement MHS Genesis in 2015. The original value of the contract was $4.3 billion, but that was later increased to about $5.5 billion to cover an expansion of the service to the Coast Guard and to support a common baseline for sharing with the Department of Veterans Affairs.

MHS Genesis is a system of systems that includes the Oracle Health electronic health record — which was operating as Cerner at the time of the original contract award, before its $34 billion acquisition by Oracle — along with the Henry Schein dental record and other systems that support billing, development and more.

The Defense Health Agency signaled in the spring of 2023 that it might be ready to put the MHS Genesis sustainment contract out for competition. But in the sole source justification released on Oct. 18, DHA, on behalf of the Program Executive Office, Defense Healthcare Management Systems, stated that it wanted to wait until the MHS Genesis architecture is modernized and migrated to the cloud before looking to the open market for a new integrator — in part because of heightened security concerns.

"In February 2024, the Change Healthcare ransomware attack caused the government to review the state of its documentation amid new security and operational vulnerability concerns," the agency said in the sole source justification document.

The sole source extension is expected to be awarded by July 28, 2025, according to contracting documents. The extension includes additional work for Leidos, notably "the services associated with migrating to the cloud in addition to the services at a scale and complexity…which are required to support the MHS Genesis solution into the continuous support phase as a defense business system."

PEO-DHMS is proposing a 3-year extension at a dollar value of $1.13 billion and a nine-month transition option at $263.3 million. That means an open competition for MHS Genesis sustainment won't hit the market until 2028, at the earliest.

The sole source justification isn't binding. Any vendors who want to be considered for the work can make their case by the end of the month, however winning the business away from Leidos is going to be difficult, according to the terms set out in the contracting notice.

The MHS Genesis program was declared fully deployed in March 2024. The system went live at a few Pacific Northwest sites in 2017, with subsequent waves of deployment extending MHS Genesis to more than 3,600 DOD locations including 100% of DOD garrison facilities, covering a patient population of 9.6 million and 194,000 clinical users.

The sole source notice also indicates that MHS Genesis is currently in the midst of deployment to the National Security Agency.

]]>

The AI journey at State

Adam Mazmanian — Tue, 22 Oct 2024 12:00:00 -0400

The State Department is one of the early adopters of workplace artificial intelligence, with use cases in place covering translation, media summarization and other aspects of the production of written materials for use in diplomacy. We spoke to Matthew Graviss, who leads data and AI at State, in late August to discuss progress on delivering AI-powered tools to the agency's 80,000+ workforce. This article has been edited for length and clarity.

Nextgov/FCW: State really seems to have gone all-in on AI. You're executing on an enterprise AI strategy that is involving people from every corner of the agency. Can you give us an overview of the strategy and an update on where you are right now?

Graviss: It's really an exciting time at the State Department when it comes to using technology to enable diplomacy. We've had an exciting year since the AI strategy got signed in October of last year. We started moving quickly, as you suggested at the top, we established an AI conference governance board. I co-chair the governance board with the deputy secretary. We have an AI steering committee that is really focused on driving the implementation of the AI strategy for the department.

There are a lot of folks across the department that are really energized and really engaged in bringing these kinds of capability to our workforce. When you look at the strategy, it can come across as pretty straightforward, and that's by design. We have a goal on infrastructure. We have goals on culture, communication and training. We have a goal on policy and governance and ensuring that we have the guardrails around the technology that we employ. And then we have an innovation goal that's focused on really that last mile delivery.

Nextgov/FCW: How are you onboarding AI tools?

Graviss: The partnership with the chief information officer, Dr. Kelly Fletcher, has been game-changing when it comes to delivering secure and safe technology for the department. We went through an experience of open source, generative AI models and large language models. We went through an experience of onboarding in a secure way, through the FedRAMP process and and through our own security processes, to bring models into the department.

Nextgov/FCW: You're the chief data officer and the chief AI officer. Why does it make sense to have those roles intertwined?

Graviss: I'm excited to have both hats. Good AI rides on good data. You know, other parts of the State Department will come to us and say, "Hey, we need this AI model to do X, Y and Z." We say, "Sure, send us the data," and the data is not ready. And so data readiness, in our view, has been key. We have the Data.State platform that we've been maturing over the last several years. It's designed to create data access across the department to enable more data informed diplomacy. We've done extensive work on data sharing and data governance to ensure access, to ensure accountability, to ensure transparency.

The other thing I'll point out is .. the CIO and I focused on AI use cases where we were using publicly available tools on publicly available data, like media summarization and things like that. That started to increase the culture and the literacy across the department, while at the same time we were executing those other goals of the strategy, getting the infrastructure ready, and preparing our data for use in AI.

Nextgov/FCW: Secretary of State Antony Blinken spoke at an event in June, which you moderated, to introduce AI to agency employees. What does it say about State's commitment to AI that the agency head is prioritizing employee engagement?

Graviss: It is a really big deal when you can get your cabinet-level agency head to spend time, not just during that event but leading up to the event, and getting to know the progress that we've made, and getting to see some of the tools in action. What leadership spends their time on is a strong indicator and mover of progress.

Nextgov/FCW: You mentioned in June at the event that you were getting a lot of feedback from power users of AI products and services. How is that sort of workforce response kind of driving your efforts and supporting your efforts?

Graviss: We've combined our delivery of technology with a very robust communications program and training program to really understand and educate people on how to use it, but also to create that feedback. So I'll give you an example: We really started doing a lot of robust cybersecurity testing, and ethics testing. As we grew, we started asking for feedback. So they started to not only spotlight where they're seeing it work well, but they're "grooming the backlog." to use some software terms. They are grooming the backlog of what should come next based on what they're seeing as the need. And so we've aligned our roadmap to what the employees need across the board.

Nextgov/FCW: As we close in on the 1-year anniversary of the public release of the enterprise AI strategy, what updates can you share?

Graviss: I'm really excited about one development on the workforce front. We have this bureau chief data officer program that we started a couple of years ago trying to get data leaders and AI leaders in each of the bureaus and headquarters to be as close to policy decision makers as possible. We have over the last couple years onboarded 15 bureau chief data officers, and we're putting out an announcement in the next couple of weeks for more bureau chief data officers. So we're really excited about that, because I think that's the next wave.

We need to create both the ecosystem, from an infrastructure standpoint, but also create these leadership roles that can take advantage of the technology opportunities that are placed in front of us So keep an eye out for playbooks that the State Department develops that can that can hopefully elevate the adoption of this kind of technology across the government.

]]>

Meet the 2024 Rising Stars

Adam Mazmanian — Fri, 20 Sep 2024 12:14:00 -0400

We were frankly blown away by the experience and impact of this year's group of Rising Stars. This isn't a group of promising newcomers but a cadre of seasoned early-career leaders with responsibilities for nine-figure budgets, key cybersecurity projects, online voter registration and much much more.

The variety of experience and roles represented by the 15 individuals on this year's list highlights the opportunities for advancement available to talented, ambitious and skilled technologists in federal, state and local government and with contractors serving the public sector. We're grateful to everyone who made nominations, and we're delighted to have collaborated with our colleagues at Route Fifty to identify this year's class of Rising Stars.

We'll be publishing profiles of our winners in the coming weeks. And we'll be hosting a Cocktails and Conversation happy hour event on December 12 at the National Union Building — an opportunity to mix and mingle with some of the winners. We hope you'll be able to join us!

2024 Rising Stars

Jessica A. Bailey
Contract Specialist, Federal Acquisition Service
General Services Administration

Anthony Boese
Research Programs Manager, Office of Research and Development
Department of Veterans Affairs

Zachary N. Bogart
IT Specialist
Department of State

Gabby Burke
Social Health Information Exchange Lead, Office of eHealth Innovation
State of Colorado

April M. Harding
Director User Experience Services, Office of Online Services
IRS

Brittaney Harkness
Geographic Information Systems Developer, Bureau of Technology
Cook County (Ill.) Government

Matthew Mudrak
Technician Senior Staff, 2nd shift Mechanical Lead
ASRC Federal

James K. Oliver
Assistant Product Manager, Army Training Information System, Program Executive Office Enterprise Information Systems
U.S. Army

Gabe Paley
Assistant Secretary for Technology
New York State Executive Chamber

Nick P. Pettini
Senior Threat Analyst
SOSi

Danielle Rowell
Chief of Cyber Engineering
Office of Personnel Management

Samira Sadat
Software Engineer, Vote.gov
General Services Administration

Sheina Sim
Research Geneticist, Agricultural Research Service
U.S. Department of Agriculture

Kira Tebbe
Product Manager, Digital Service at Administration for Children and Families
Department of Health and Human Services

Alyssa Zeutzius
Deputy Chief Cyber Officer for Policy
New York State

]]>

OpenAI, Anthropic to collab with NIST on AI safety testing

Adam Mazmanian — Thu, 29 Aug 2024 14:57:00 -0400

The U.S. government will get an advance look at new artificial intelligence models from industry leaders OpenAI and Anthropic as part of a new safety testing collaboration announced on Thursday by the National Institute of Standards and Technology.

NIST's AI Safety Institute, established under the Biden administration's AI executive order, will get to preview "major new models" from the two companies in advance of their public release and will have ongoing access to the models. The institute intends to share feedback with the two companies on safety improvements and plans to work with counterparts at the United Kingdom's AI Safety Institute on recommendations, according to a news release.

“Safety is essential to fueling breakthrough technological innovation. With these agreements in place, we look forward to beginning our technical collaborations with Anthropic and OpenAI to advance the science of AI safety,” institute director Elizabeth Kelly said in a statement. “These agreements are just the start, but they are an important milestone as we work to help responsibly steward the future of AI.”

The AI Safety Institute launched in February 2024 and is charged with developing testing methodologies and testbeds for research on large language models. In addition, the institute is intended to explore options for detecting and identifying AI generated content and come up with ways to operationalize those activities for federal government use.

The agency isn't sharing the memorandums of understanding that lay out the arrangements for sharing the models for testing purposes because of "commercial sensitivities," a NIST spokesperson told Nextgov/FCW.

"We are happy to have reached an agreement with the US AI Safety Institute for pre-release testing of our future models," OpenAI CEO Sam Altman said on social network X. "For many reasons, we think it's important that this happens at a national level. US needs to continue to lead!"

The arrangement with OpenAI and Anthropic constitutes just one safety testing front for NIST. The agency is also supporting an AI red-teaming exercise being held by Humane Intelligence in October. The company is looking for AI researchers, cybersecurity experts, data scientists and more to participate in ways to hack and stress test generative AI models submitted by participating companies.

]]>

FBI is losing track of classified and sensitive data, watchdog finds

Adam Mazmanian — Thu, 22 Aug 2024 16:54:00 -0400

The FBI needs to do a better job keeping track of electronic media slated for destruction and disposal at bureau facilities, according to an advisory memo from the Justice Department's Inspector General publicly released on Thursday.

The bureau isn't labeling and tracking internal hard drives with sensitive and even top secret national security information once they're removed from computers and servers, according to the memo from DOJ IG Michael E. Horowitz, and FBI officials aren't able to confirm when such drives were destroyed in accordance with bureau policy. Similarly, thumb drives, flash drives and floppy disks are also being handled in ways that don't comport with bureau policies.

"The lack of accountability of these media increases the risk of loss or theft without possibility of detection," Horowitz wrote.

The memo also notes that drives slated for destruction are often subject to insecure storage. In one instance cited by Horowitz, an open, unwrapped pallet holding internal hard drives extracted from bureau computers was stored for almost two years in a facility shared with other FBI functions including mail sorting and information technology acquisition. Almost 400 people including contractors had access to the pallet.

"Both the FBI supervisor and contractor confirmed that they would not be aware if someone was to take hard drives from the pallets because these assets are not accounted for or tracked," Horowitz said.

The Office of Inspector General made three recommendations to the FBI about bringing its media storage methods in line with bureau standards. The FBI concurred with the recommendations, which were not detailed in the memorandum.

]]>

Senate panel advances House-led TMF update

Adam Mazmanian — Thu, 01 Aug 2024 12:09:32 -0400

A Senate committee passed a bill reauthorizing the central revolving fund administered by the General Services Administration to support IT modernization.

The Modernizing Government Technology Reform Act passed the Homeland Security and Government Affairs Committee on a vote of 10-1.

The bill, which passed the House of Representatives in May, extends the Technology Modernization Fund through 2031. If the reauthorizing legislation is not passed, the fund will

sunset in December 2025.

First established in 2018, the TMF is a mechanism for federal agencies to tap a pool of funds for modernization projects. Agencies submit applications to the TMF Board and winning proposals are funded via the central pot of money appropriated by Congress.

The original plan for the fund was to have agencies repay TMF awards through future savings, to keep the fund solvent. However, the Biden administration relaxed repayment requirements in the wake of a $1 billion plus-up to the TMF via the American Rescue Plan Act. The reauthorizing legislation requires that agency repayments of TMF awards be sufficient to keep the fund operational through 2031.

The bill also tasks agency chief information officers with developing lists of legacy IT systems, with special attention to those that pose security, privacy and operational risks to the federal government, and sharing these with Congress.

]]>

Acting Secret Service head suggests that better tech could have thwarted would-be Trump assassin

Adam Mazmanian — Tue, 30 Jul 2024 18:04:43 -0400

The acting head of the Secret Service told Congress on Tuesday that additional tech will be deployed to campaign events in the wake of the attempted assassination of former President Donald Trump on July 13 in Butler, Pa.

Ronald Rowe Jr., who was tapped to lead the Secret Service after the resignation of Kimberly Cheatle, told a joint hearing of the the Senate Homeland Security and Government Affairs Committee and the Senate Judiciary Committee that a lack of communications capacity, radio interoperability challenges and the absence of a counter-drone system were all key elements that allowed Thomas Crooks to evade Secret Service detection and fire eight shots, nicking Trump in the ear, killing one rally attendee and wounding two others.

Rowe told lawmakers that he visited the Butler Farm Show site and lay in the same position as the shooter to "to evaluate his line of sight," as one of his first acts as agency head.

"What I saw made me ashamed," Rowe said. "As a career law enforcement officer and a 25 year veteran with the Secret Service, I cannot defend why that roof was not better secured. To prevent similar lapses from occurring in the future, I directed our personnel to ensure every event site security plan is thoroughly vetted by multiple experienced supervisors before it is implemented."

Improvements include directing the Secret Service CIO to shore up bandwidth at campaign events with "redundancies as far as cellular on the ground or additional repeaters," Rowe said. He added that counter-drone technology was not deployed and that the Secret Service declined an offer from a state or local agency to operate a surveillance drone at the site. Crooks himself flew a drone on the periphery of the site hours ahead of the shooting, and, had this shown up on a DHS counter-drone system, he would have been singled out for special attention by Secret Service agents.

Rowe noted that the use of counter-drone tech is "a little complex" and requires layers of approval.

"State and locals don't necessarily have this ability to do that. It does require coordination with the [Federal Aviation Administration] because it…could impact commercial travel," Rowe said.

Radio interoperability with state and local authorities continues to pose challenges for the Secret Service, Rowe said.

"It's not just about being able to find whatever frequency our local counterparts are on and then just piping it in," Rowe said.

Crooks reportedly used a laser-powered golf rangefinder from his sniper position. Rowe told lawmakers that such gear is going to be banned at campaign events in the future.

Rowe also said that the Secret Service would begin recording agency radio traffic at campaign events. There's no record of conversations among Secret Service agents from the Butler event. Recordings of communications among state and local law enforcement are currently being used as part of ongoing investigations by the FBI and other agencies.

Social profiles

At the same hearing, FBI Deputy Director Paul Abbate revealed that the agency had unearthed a social media account "believed to be associated with the shooter" with posts dating back to 2019 and 2020.

"There were over 700 comments posted from this account. Some of these comments, if ultimately attributable to the shooter, appear to reflect anti-Semitic and anti-immigration themes, espouse political violence, and are extreme in nature," Abbate said in his opening statement. He declined to specify the platform in question because the FBI hadn't confirmed the account belonged to Crooks.

Separately, Crooks may have had an account on the far-right social network Gab, according to an exchange between Abbate and Sen. Marsha Blackburn, R-Tenn., at the hearing.

Abbate said they were still "awaiting returns from a number of the companies, to include other social media companies as well" in response to possible social network activity by Crooks.

]]>

OMB rewrites cloud buying rulebook

Adam Mazmanian — Fri, 26 Jul 2024 13:39:00 -0400

The White House revamped the federal government cloud buying policy Friday, giving the Federal Risk and Authorization Management Program's first major update since its launch in 2011.

The new guidance issued July 26 was required under legislation enshrining the FedRAMP program into law, and also purports to be "responsive to developments in federal cybersecurity and substantial changes to the commercial cloud marketplace that have occurred since the program was established."

One of the key changes in the marketplace is the explosion of cloud-based software. When the program launched in 2011, agencies were looking to cloud to provide infrastructure on-demand. The program is looking to widen its aperture and extend capacity to meet the challenge of vetting software-as-a-service products for federal government use. An oversight report released earlier this year dinged the General Services Administration for the slow pace of process improvements to the program.

Program updates include streamlining the security assessment process to facilitate the reuse of existing assessments as well as cross-agency reciprocity, leaning into automation to allow for machine-to-machine communication of security documentation and a push to grow the program by providing additional authorization pathways for vendors and agencies.

“This highly anticipated guidance further equips GSA to make it safe and easy for federal agencies to deploy state-of-the-art technology to deliver better service to the American people," agency administrator Robin Carnahan said in a statement.

The contents of the new guidance won't come as a surprise to federal technology buyers or vendors; draft guidance was circulated for comment late last year and the process of retooling FedRAMP has been in the works since the 2022 passage of authorizing legislation in the National Defense Authorization Act.

Rep. Gerry Connolly, D-Va., the sponsor of the legislation, told an industry audience earlier this month the FedRAMP program was in "limbo" pending OMB guidance. Today, he applauded the news of the guidance required under his bill.

"Today’s release of OMB’s official FedRAMP guidance is good news for federal agencies and the stakeholders who rely on the FedRAMP process," Connolly said in an emailed statement. "Implementation of the FedRAMP Authorization Act and continued improvements to FedRAMP will ensure the program is executing its mission of cloud safety and security for federal agencies in a way that does not sacrifice the efficiency and accessibility that stakeholders need to engage with the federal government."

]]>

A decade of data at Transportation

Adam Mazmanian — Fri, 26 Jul 2024 11:59:01 -0400

If there's a dean of the federal chief data officer community, it's Dan Morgan. When Morgan joined federal service in July 2014 as the first-ever chief data officer at the Department of Transportation, he ran a one-man show. Today, under the Foundations for Evidence-Based Policymaking Act of 2018, large federal agencies are required to have a CDO. The law also established a Federal Chief Data Officers Council, along the lines of other federal communities of practice.

The CDO operation at DOT now boasts a full-time staff of 14 feds plus contractor support. Morgan himself serves on the executive committee of the CDO Council and recently wound up a term as vice chair.

He spoke with Nextgov/FCW in July ahead of his 10-year anniversary on the job. This interview has been edited for length and clarity.

Nextgov/FCW: You were the original CDO at the Transportation Department. How has the job changed over the years?

Dan Morgan: When I began, open data was really controlling the conversation, and what started to happen in the wake of me starting was also a really big emphasis on financial transparency and high-quality open data.

So the DATA Act happened before the Evidence Act happened. [The Digital Accountability and Transparency Act required federal agencies to publish financial and spending data in open, machine-readable formats. - Ed.] Maybe because it was called the DATA Act, it turned into something that I got involved with. And it was an incredible partnership between me as a brand-new chief data officer and our chief financial officer, working through the implementation issues inside the agency.

It was a great opportunity to get exposed to how many different parts of government get involved in a project like this — from budget officers to financial managers to procurement to financial assistance to contractor registrations at [the General Services Administration] to everything we do inside the agency itself. It's a really, really huge project, but I think it helped solidify some of the thinking that we do around open data and the best practices.

Nextgov/FCW: And the Evidence Act followed not long after the DATA Act.

Morgan: And what the Evidence Act does is it doubles down on open data and makes what was executive branch policy law. But then it says, 'Hey, remember, there's a whole lifecycle here.' And so the job expands. It's no longer just about open data driving your work. It's about lifecycle management and strong data management practices and building that foundation.

At the same time, my chief data officer family had been growing along the way. And all of a sudden my family got huge because every agency got a chief data officer, which was awesome. Now I have people to talk to, which is kind of important, it turns out. But I think what the Evidence Act actually has done has helped us level up the conversation. To take the fullness of the data lifecycle and really bring data management practices from beginning to end. Alongside that came the federal data strategy.

Nextgov/FCW: How is DOT using open data?

Morgan: There's really wonderful open data stories inside the DOT, and I can't take any credit for them. The reason that you can track a plane moving across your phone screen to see when your loved ones are going to land is because the Federal Aviation Administration was good at open data long before I got here. The reason there are companies like FlightRadar24 and FlightAware is because the FAA is good at open data. We don't talk about that story enough.

I work in a culture that is very much about openness and collaboration. The Department of Transportation is, I think, unique among other federal agencies, because we work so much with state and local governments. But to build good transportation projects, it requires community engagement. And to build a good transportation project, you don't just need transportation data. You need information about the Earth. You need information about the soil, you need information about the weather. All of those things don't come from the U.S. Department of Transportation. They come from other federal agencies. It's the power of all of those open data sets that allows us to understand the environment where we're trying to build these projects.

Nextgov/FCW: And how has that changed over the years? The ability to cross-pollinate with other agencies and their data? Is it easier to do now than it was?

Morgan: No. That's why the CDO Council has a Data Sharing Working Group. I think the challenges are well-documented, and the solutions are not easy.

But I think a lot of the guidance that we have is written for a very human environment. If you want to get to a better place, we need to write guidance for a machine-to-machine kind of contract, and learn to trust each other because we have to have shared baselines. We'll never achieve our machine hopes and dreams if we continue to write guidance for a human age.

Nextgov/FCW: What kind of experiences and skill sets should people come to the job with? Is there an ideal background for a CDO, or are you looking for a diverse set of skills?

Morgan: I love our diversity. We do an annual survey of ourselves. That was one of the things that I pushed for. So we ask questions about backgrounds, how long people have served in their roles and what their reporting relationships are.

There are some CDO roles that are very squarely placed inside their missions or in their policy office. And that makes very good sense for them and for their agency because that's where their problems are. There are others who are more aligned with their IT organizations. I'm one of them. We didn't have enterprise tools or a champion for creating some of these enterprise tools for data. We needed to make those investments, and it made sense to be aligned to the CIO. There are CDOs who have systems engineering backgrounds, there are CDOs who have philosophy backgrounds. And I think we're stronger as a community for it.

Some CDOs are also serving as their agencies' chief AI officers. And that works for them in their agencies. It kind of depends on what's happening with the individual agency.

]]>

ServiceNow parts with president and public sector head after internal probe

Adam Mazmanian — Thu, 25 Jul 2024 13:53:00 -0400

ServiceNow, a supplier of cloud-based enterprise software tools, parted with its president and chief operating officer, CJ Desai, and its head of public sector, Raj Iyer, after an internal investigation found violations of company policy, the firm said in an earnings report released on Wednesday. The report stated that Desai's departure was the result of a mutual agreement.

Longtime ServiceNow executive Chris Bedi was named interim chief product officer, the company said in a statement.

The company said that the hiring of Iyer to lead public sector business development was at issue.

In a May 2024 filing with the Securities and Exchange Commission, ServiceNow said it had "received a complaint that raised potential compliance issues during the procurement process related to one of its government contracts."

Iyer announced plans to step down as Army CIO in January 2023, and joined ServiceNow in March 2023. Iyer's government departure took place on the heels of the Army's $432 million deal to consolidate ServiceNow licenses via reseller Carahsoft.

According to a report in Bloomberg, the company informed the Department of Justice, the Office of Inspector General at the Department of Defense and Army procurement officials of their internal probe.

"ServiceNow is in the process of completing its investigation and will continue to cooperate with all government entities including the Department of Justice. They are reviewing this matter and we are cooperating closely with them as it moves towards resolution," a company spokesperson said in an emailed statement.

"There's no federal business that we foresee we will need to unwind. Full stop," ServiceNow's Chief Financial Officer Gina Mastantuono said on a July 24 earnings call in response to a question from an analyst.

"While we believe this was an isolated incident, we are further sharpening our hiring policies and procedures as a result of the situation,” said Bill McDermott, the company's chief executive.

]]>

White House cyber czar office adds new deputy

Adam Mazmanian — Wed, 24 Jul 2024 12:26:12 -0400

Former Google lawyer and cybersecurity professor Harry Wingo is joining the Office of the National Cyber Director next week, the White House announced Wednesday.

Wingo's public sector experience includes service as special counsel at the Federal Communications Commission, counsel to the Senate Commerce Committee and a stint as assistant professor at the National Defense University's College of Information and Cyberspace. Wingo is a graduate of the Naval Academy and served as a Navy Seal officer for more than six years.

"Harry’s lifetime of leadership will greatly contribute to our team’s mission to advance our Nation’s security, economic prosperity, and technological innovation through cybersecurity policy leadership," National Cyber Director Harry Coker said in a statement.

Wingo takes over the post formerly held by Jake Braun.

]]>

Biden looks to preserve tech, cyber legacy with veto threat

Alexandra Kelley, Adam Mazmanian, Edward Graham, and David DiMolfetta — Mon, 22 Jul 2024 17:35:16 -0400

Just one day after President Joe Biden’s decision to shutter his bid for reelection and endorse his number two Kamala Harris in the race against Donald Trump, the administration issued a veto threat against a key spending bill in part because of cuts to key tech priorities.

The administration warned Monday it would veto the House-passed Financial Services and General Government Appropriations Act. As Biden’s time winds down, the policy statement could double as a laundry list of the administration’s tech and cyber accomplishments.

The White House is looking for Congress to pass the $75 million request for the Technology Modernization Fund in the fiscal year 2025 budget. The revolving fund, which supports IT modernization and cybersecurity efforts at federal agencies, got a $1 billion boost under the American Rescue Plan Act, which is nearly depleted.

Biden also warned that a failure to fund the Information Technology Oversight and Reform account at the Office of Management and Budget could result in “layoffs of 251 of 278 staff across [the U.S. Digital Service] and the office of the Federal Chief Information Officer,” which would threaten modernization efforts across government agencies including the Departments of Veterans Affairs, Health and Human Services, Treasury and the Social Security Administration.

The message also complains about efforts to eliminate the ability of the Securities and Exchange Commission to enforce recently adopted cybersecurity rules.

Mike Hettinger, a former senior congressional staffer who lobbies on behalf of technology companies, said the plus-up of the TMF was one of Biden’s signature achievements when it comes to modernization of government IT.

“There’s no way we get a billion dollars without the money going through the American Rescue Plan,” Hettinger told Nextgov/FCW in an interview. “That's tremendous. He recognized the need to promote technology modernization enough to put the money forward.”

Biden also wants to restore funding to the Federal Citizen Services Fund at the General Services Administration, noting that cuts would hamper the ability to follow through on the administration's guidance to the Trump-era 21st Century Integrated Digital Experience Act.

Hettinger noted that the IDEA Act guidance “was something we couldn't get the last administration to do,” and said that generally “that’s a lot of progress in what amounts to three-and-a–half years.”

"No president has done more to drive meaningful, lasting change in how people interact with government services than President Biden," Code for America CEO told Nextgov/FCW in an emailed statement. "He issued a first-of-its-kind executive order on improving the customer experience, making it easier for people to navigate safety net programs, file taxes, claim retirement benefits, and renew passport [and] fostered critical collaborations between government and civic-tech organizations, like Code for America, to build a more inclusive, responsive digital age that works for all."

But IT modernization, even at the scale of IRS legacy tech, is only part of the story. As Hettinger pointed out, there’s a “long tail” of tech policy emanating from executive orders on artificial intelligence, customer experience and cybersecurity that could establish continuity between Biden’s term and possible Harris presidency.

However, on other tech policy matters including antitrust, a Harris administration could serve as a soft reset for executive branch oversight of big tech.

Harris, who represented California in the Senate, has built close ties with the tech industry, given the presence of Silicon Valley startups and tech giants that have permeated everyday societal life, said Adam Kovacevich, a former Google policy director who now leads Chamber of Progress, a center-left tech policy think tank.

It doesn’t necessarily mean Harris would always side with tech companies, especially on kids’ safety issues or AI ethics, he said, but it could help stave off more intensive oversight activity that the FTC and Justice Department have pounced on, having filed several lawsuits against tech companies since Biden took office.

“Biden decided to outsource business regulation to the left,” Kovacevich said. “I just don’t think she’s coming at this from the same posture that Biden did, which is needing to throw the left a bone on these topics,” he said.

Divyansh Kaushik, a senior fellow at American Policy Ventures, told Nextgov/FCW that her background in California politics positions her to have a strong dialogue with the tech industry. He specifically cites Harris’s involvement in the beginning of California’s data privacy policymaking, long before the state’s landmark data protection law was adopted.

“Harris will likely continue President Biden’s vision on AI and is expected to bring a nuanced approach to tech policy more broadly, balancing robust scrutiny with an appreciation for innovation,” Kaushik said. “Her work on data privacy, including brokering agreements among leading tech companies, highlights her commitment to protecting Americans' digital rights.”

Artificial intelligence

As vice president, Harris was tasked with serving as the administration’s ‘AI czar’ to promote the safe adoption of the emerging capabilities, and to promote the AI executive order to industry and global stakeholders.

Harris is anticipated to stick to the Biden administration’s perspective on safeguarding Americans from the potential misuse of emerging AI and machine learning systems.

“There's been a fairly consistent message from this administration, and Harris has helped articulate a good chunk of that vision,” Adam Thierer, a senior fellow at the R Street Institute, told Nextgov/FCW. “So I would think it would largely be steady as she goes, in terms of a Harris AI vision being a continuation of the themes we've already seen developed in the Biden administration.”

Thierer notes that much of the policy language still operates at a relatively high level of generality, making it hard to know what precise policies Harris was directly responsible for.

“I do think she was active, however, in this process,” Thierer said. “I think in some ways, I think it’s probably safe to say she was more active in the formulation of these AI policies than President Biden was in some sense.”

Rep. Yvette Clarke, D-N.Y., who has been a leading voice in Congress for more transparency around the use of AI generated content in political campaigns, said Harris “stands among our strongest and most resolved advocates for the safe use of artificial intelligence.”

“At a fundamental level, she understands both the profound opportunities for good this emerging technology offers, as well as the serious possibilities for harm inherent to it — from threats to our cybersecurity and the biases saturating algorithmic decision-making processes, to the abuses of explicit, non-consensual deepfakes and the flaws of facial recognition, the shortcomings and failings of AI are pervasive and entrenched in these systems,” she told Nextgov/FCW in a statement.

During a speech last year ahead of the AI Safety Summit in London, Harris said that she and President Biden were “committed to working with our partners in Congress to codify future meaningful AI and privacy protections.” But she added that the international community also needed to work together to mitigate AI’s harms on vulnerable populations.

“Just as AI has the potential to do profound good, it also has the potential to cause profound harm,” she said. “From AI-enabled cyberattacks at a scale beyond anything we have seen before to AI-formulated bio-weapons that could endanger the lives of millions, these threats are often referred to as the ‘existential threats of AI’ because, of course, they could endanger the very existence of humanity.”

Harris is also likely to continue fulfilling the requirements of Biden’s October 2023 executive order on the safe, secure and trustworthy use of AI, which outlined how federal agencies should use the technologies while taking steps to mitigate their potential risks.

The vice president also took the lead in announcing final AI guidance issued by the Office of Management and Budget in March, which was required by Biden’s order.

During a press call on the release of OMB’s memo, Harris said she believed “all leaders from government, civil society and the private sector have a moral, ethical and societal duty to make sure that artificial intelligence is adopted and advanced in a way that protects the public from potential harm while ensuring everyone is able to enjoy its full benefit.”

Harris also played a key role in securing voluntary commitments from AI companies to manage the risks posed by AI and met with leading AI firms to discuss the importance of establishing safeguards around their technologies’ use. She has also engaged with consumer and civil rights groups to discuss ways of limiting AI’s negative impact on American workers.

“Vice President Kamala Harris has demonstrated a clear commitment to upholding civil rights values in governing emerging technology, including artificial intelligence,” Koustubh “K.J.” Bagchi, vice president of the Center for Civil Rights and Technology at The Leadership Conference on Civil and Human Rights, told Nextgov/FCW, adding that “at every step of the way, Harris has been a trusted messenger, speaking to the importance of protecting people’s rights and safety amid the industrial revolution of our time.”

Surveillance tech

On privacy and surveillance policy, civil liberties groups are hopeful that a Harris administration may turn the tide in their favor.

As a senator, she backed a measure pushed by privacy hawks that would have added a warrant requirement to Section 702 of the Foreign Intelligence Surveillance Act. The spying power allows intelligence agencies to warrantlessly collect the communications of foreigners abroad for use in national security investigations but has come under fire for a function that permits collection of Americans’ communications when they speak with a foreign target, raising concerns over whether the tool violates Fourth Amendment rights.

Biden in April signed a two-year extension of the law without the warrant measure in place. The intelligence community has frequently argued a warrant obligation would slow down ongoing terrorism investigations and gut the effectiveness of 702. The tool, which spy agencies say is vital for stopping cyberattacks and tracking terror threats, contributes to a major chunk of President Biden’s daily briefings.

“If Harris were to win, civil liberties advocates hope being ‘unburdened by what has been’ won’t mean flipping from her strong voting record and statements on the need for serious FISA reform,” said Jake Leperruque, who helps lead the Security and Surveillance Project at the Center for Democracy and Technology.

An official stance remains to be seen, but there are signs that a hypothetical President Harris could lean more toward the side of the intelligence community now that she’s been on the receiving end of classified security briefings.

“My gut tells me that four years have given her a unique perspective on this, and that may inform her thinking today,” said Suzanne Spaulding, a former CIA and DHS official who now leads the Defending Democratic Institutions project at the Center for Strategic and International Studies.

A spokesperson for Harris did not return a request for comment by publishing time.

“The executive branch is not above the law. The President can override or bypass federal statutes that are clearly unconstitutional, but the Foreign Intelligence Surveillance Act, anti-torture laws, and the detainee transfer law are constitutional. As President, I would respect these laws,” Harris told the New York Times in a 2020 presidential candidate survey series.

Cybersecurity

A Harris administration could also focus on continuing to bolster the cyber policy groundwork laid under Biden’s time in the Oval Office, including the establishment of the Office of the National Cyber Director as well as the Bureau of Cyberspace and Digital Policy in the State Department.

In the wake of Friday’s mass IT outages linked to CrowdStrike and Microsoft, the conversations over reliance on a small number of major tech vendors must continue, said Kiersten Todt, a former chief of staff at CISA. “It’s not to say those two companies shouldn’t be involved, but we have to ask: what resilience do we need to be baking into our infrastructure?” she said.

Other themes should continue, said both Todt and Spaulding. CISA under the Biden administration has thoroughly pushed “secure by design” principles in which software manufacturers are encouraged to design their offerings with built-in security features that come pre-installed at point-of-sale.

Software liability, where manufacturers are held to account over poor feature design that enables cyberattacks, has become a major component of the Biden administration’s National Cyber Strategy that experts say should be continued under Harris. A new implementation plan of the strategy outlines nearly 70 objectives aimed at shoring up U.S. cyber posture, calling on the government to leverage “all instruments of national power” to make it harder for hackers to threaten national security and public safety.

“If those offices transition leadership to a Harris administration, there’s a lot of great work that has been done that has developed a foundation off of which the next iteration of leadership can certainly take it to the next place,” Todt said.

But ONCD may need to further integrate itself into future discussions with the National Security Council, said Spaulding. Former national cyber director Chris Inglis had clashed with Anne Neuberger, the deputy national security advisor for cyber and emerging technology, prompting him to resign early last year, Bloomberg reported last April.

Nextgov/FCW staff reporter Natalie Alms contributed reporting to this article.

]]>

Who are your rising stars?

Adam Mazmanian — Mon, 22 Jul 2024 06:00:00 -0400

Nominations are open for the 2024 Rising Stars program. We're looking to spotlight innovators across federal, state and local governments, as well as up-and-coming talent at contracting firms.

True government innovation takes a lot — strong leadership, organizational buy-in, talented industry partners, new technologies and, of course, individual change agents.

That's why we're so excited about this year's Rising Star Awards — a joint effort of Nextgov/FCW and Route Fifty – showcasing the up-and-comers who are driving change across federal, state and local governments.

We're looking for early-career phenoms whose leadership, innovation and all-around extra effort are having a powerful and positive impact. If you want some inspiration about what makes a Rising Star, take a look at our 2023 cohort.

Anyone in the government technology community is eligible — military and civilian, career and political, contractor, academic and association expert alike. Nominees must be less than 10 years into their government IT careers, and winners are chosen for their impact, so be sure to explain what a nominee did and what all that work accomplished.

Nominations for 2024 Rising Stars are now open, so submit yours today! The deadline to submit is August 14, 2024. Winners will be spotlighted in the Nextgov/FCW print magazine and celebrated at a special in-person reception on Dec. 11, 2024.

And please spread the word to help us celebrate all the top drivers of government innovation. To submit a nomination or learn more information, visit our nomination website.

]]>

Hitting the gas at Energy

Adam Mazmanian — Mon, 08 Jul 2024 06:00:00 -0400

Ann Dunkin has one of the coolest CIO gigs in government. Her job as the top tech official at the Department of Energy takes her to National Laboratories, nuclear security facilities, grid operations, supercomputing centers and more.

Dunkin is a seasoned public-sector tech official, with stints as CIO at the Environmental Protection Agency during the Obama administration and CIO of Santa Clara County, California. She's also worked in industry at HP and Dell. She recently marked three years of service at DOE and spoke with Nextgov/FCW about portfolio management, sustainability, supercomputing and the evolution of FITARA — the legislative framework that gives federal agency CIOs a seat at the table when it comes to IT budgeting.

This interview has been edited for length and clarity.

Nextgov/FCW: I wanted to talk about the Federal Information Technology Acquisition Reform Act, because you've seen it in action for a long time. How has the legislation changed the way agencies buy and deploy IT?

Ann Dunkin: I think FITARA changed the conversation differently in different departments. In the smaller ones, I think it really generated a very direct line of sight for the CIO for everything at a department. So if you've got, say, $100 million of IT spending, the CIO really got their arms around that.

It’s very different at a huge federal organization like Energy … with the National Labs and other sites which are several multiples larger than headquarters. And these are primarily government-owned, contractor-run. So there's a lot of complexity.

Overall, what I'd say is FITARA has certainly given CIOs more insight into what's going on at their departments. … I think it has probably been more successful than any of the previous efforts in changing the conversation.

Unfortunately, like many things in the government, the ability to say no is the strongest thing you've got. It's not what anyone really wants to be doing — saying, no. We want to find different ways to say yes, but ultimately, that power to say no is what drives this conversation.

Photo courtesy Dept. of Energy

Nextgov/FCW: When FITARA launched, there was a carve-out for Energy to allow the National Labs to do their own thing — to not give the agency CIO authority over high-performance computing investments. My understanding is that's kind of been wound down over the years, but there's this bigger conversation at Energy and elsewhere in government about where does HPC begin and where does IT end.

Dunkin: That DOE carve-out was in one of the defense authorization acts. I don't even think it was at the beginning, but it did show up I think [for] one year. But of course, something that lasted one year has ripples for a while.

I have oversight of high-performance computing, and … one of my predecessors reached an agreement with [the Office of Management and Budget] to just separate that out to show it as a separate item, which I think makes a ton of sense. It's about a billion dollars in DOE. And, you know, that program is run primarily by [the Advanced Scientific Computing Research program], which is an office within the Office of Science, but we collaborate really closely together.

So I'm not going to tell you that I could come in and say, this is how you're going to do supercomputing. I wouldn't and I don't think I could, but I'm certainly engaged in that program [to] understand what they're doing and work with them to try and ensure we're able to optimize the program.

We have two types of HPC. We have capability HPC [where] we're creating HPC, we're defining what that is, we're making it better. And then there's capacity, and that's the commodity HPC. Essentially, we're using it just to do stuff. And we can do that on premise, we can do it in the cloud, we can do it in a combination. And that looks a lot more like IT than that capability-building. If we were going to put our thumb on the scale, we would put it more on the capacity, but honestly, our supercomputing [assets] are super-well run. So I'm lucky that I can just work with them and it's all good.

FITARA has certainly given CIOs more insight into what's going on at their departments. … I think it has probably been more successful than any of the previous efforts in changing the conversation.

Nextgov/FCW: A sustainability rule just went into effect covering federal acquisition. How is it going to affect your work, and how do you think tech leaders should incorporate sustainability into their modernization plans?

Dunkin: Rules are useful. … For example, in cybersecurity, I don't have to argue with people about whether we should do something when there's a rule that says we do this.

Sustainable procurement runs in that same space, right? I don't have to argue with a vendor or within the organization that this is the right thing to do. We've got a rule in place ensuring that the hardware you buy is recyclable and reusable. There's data centers, so how do we reduce the energy utilized by our data centers? We also look to make sure that our cloud providers are using best practices.

The bottom line is, I don't personally see those requirements for sustainability as a constraint to us. I think it just helped drive us in the direction we want to go: reducing the overall IT footprint in terms of getting rid of duplicative systems. So, from the contracting standpoint, those rules just help us ensure that our cloud providers [and] our hardware providers [and] our service providers are playing by those same rules.

Nextgov/FCW: What modernization projects are you working on?

Dunkin: The biggest thing in terms of modernization that we've undertaken is modernizing our HR systems. We're moving to Workday. We've launched that, and we're collaborating closely with other folks around the government. There are a few folks who've done it. The Federal Reserve has done it. Some of our labs have done it. And so we're getting lessons learned from other people.

We're finishing our Windows 11 migration, which is kind of a boring modernization, but an important one.

The biggest public-facing infrastructure where there is legacy modernization going on now is at the Energy Information Administration. Their CIO is modernizing those systems [and] moving to the cloud. It's a great candidate for the cloud because EIA publishes statistics, so they tend to get hit [with traffic] when the statistics file, and then the traffic goes away for a while.

A lot of modernization across the enterprise has been focused on getting out of legacy data centers and refactoring applications for the cloud. We've done some of that with finance, for example, but we don't have that huge infrastructure of public-facing applications. A lot of our internal applications are either grant systems — which do have some public interaction — or internal productivity systems or research systems. Most of those reside at the labs. There's always lots of ongoing modernization at the labs, plants and sites.

Much of our modernization efforts are deeply linked to hardware systems. We have large operational technology systems at the four federal Power Marketing Administrations that we use to manage the grid. We have large research implementations like the high-performance computers, and obviously the high-performance computing systems are constantly being refreshed.

We'd have a sequence if you watch across DOE: [The HPC] Frontier came on board at Oak Ridge. And next you'll see the new supercomputer at Argonne very soon, and then you'll see El Capitan out at Berkeley. So it's a very different challenge because we don't have this massive portfolio of legacy applications. But we definitely have our HR systems [and] our finance systems at headquarters that we're working through right now.

Nextgov/FCW: Cyber executive orders pose a management challenge — they come down to you as unfunded mandates on top of your regular work. How do you handle them?

Dunkin: It's like, be careful what you wish for. The rules are super helpful, but they're unfunded mandates. We absolutely have to focus on risk.

When I came to the government 10 years ago, we were really, really compliance-focused. We recognized a number of years ago that we need to focus on risk and the fact that we can't possibly meet all the compliance requirements to an organization. It's not just about funding. It's just simply about technology investments. So, you know, if you look at the [National Ignition Facility] out at Lawrence Livermore — which is a multimillion- if not multibillion-dollar investment in fusion energy — we're not going to say, well, let's replace that all with IPv6-compliant sensors. We're just not going to do that. The same thing goes with our older reactors or things like that. They're things we simply can't do because it would be a waste of money. So we're going to put other compensating controls around those.

There are some things we can't do because we don't have the money. We struggle with logging because it's very expensive and we don't have enough money allocated. And then there are some things that are sort of in the middle where there are technologies we should upgrade, but we don't have the money to do them, or we don't have the people to do it. So we really have to focus on prioritizing those mandates, looking at what's going to mitigate the most risk and making progress to meet the requirements at the same time.

Nextgov/FCW: Your job takes you into some more advanced technical areas as compared to other CIOs.

Dunkin: I get to go out to the labs and the plants and the sites and see amazing stuff, because I need to understand it to support it. We're supporting really exciting research, and that just makes the job so much more interesting. This is just a super mission. We're advancing the country and the world every day.

]]>

DHS cyber hiring program got off on the wrong foot, CIO says, but progress is showing

Adam Mazmanian — Wed, 26 Jun 2024 16:43:20 -0400

A top tech official at the Department of Homeland Security acknowledged to Congress today that a special hiring program could have been put to better advantage at a time when the department — and government writ large — is struggling to attract cybersecurity talent.

The Cybersecurity Talent Management System, authorized by Congress in 2014 and launched by DHS in 2021, has so far resulted in 345 job offers and 189 employees currently working in the Office of the Chief Information Officer at DHS, as well as at the Federal Emergency Management Agency and the Cybersecurity and Infrastructure Security Agency.

"While CTMS is delivering significant results, its rollout was not without challenges," DHS CIO Eric Hysen told the House Homeland Security Committee on Wednesday. "It took us too long from receiving the authority to launch the program and begin hiring under it, and our initial rate of hires has been slower than expected."

As Nextgov/FCW previously reported, it took DHS six months to make its first hire under CTMS, and the agency struggled to get its numbers up over the course of the first year of the program.

Hysen told Congress that the department has almost 2,000 cybersecurity vacancies and said that DHS "has committed to expanding CTMS" to include other agency components while also broadening the program to accommodate applicants specializing in artificial intelligence and data science.

Additionally, Hysen stressed that the individuals hired under the program are adding value to cybersecurity efforts, and because about half of the CTMS hires are at the entry level, DHS is able to build a bench of future managers and executives. Currently, CTMS is showing a 94% two-year retention rate for hires, which exceeds overall tech industry benchmarks, Hysen said. That means for the future, DHS could expect to see "reduced labor time and costs associated with recruitment and backfilling."

At the hearing, which included witnesses from cybersecurity operations at the White House, the Defense Department, and the National Institute of Standards and Technology, Rep. Seth Magaziner, D-R.I., noted that the Republican-led House of Representatives was intending to vote that day on a funding bill that would trim Hysen's budget by $2 million over last fiscal year and $6 million below the Biden administration's request.

"So I just suggest that perhaps we revisit that [since] this is a time to be doubling down on these recruitment efforts," Magaziner said. "So perhaps we can all work together to try to plus-up that funding as we go through the appropriations process."

]]>

TMF announces new round of awards amid funding uncertainty

Adam Mazmanian — Tue, 18 Jun 2024 16:39:00 -0400

The General Services Administration announced $31 million in funding for modernization projects at three federal agencies on Tuesday. These latest Technology Modernization Fund investments may be among the last underwritten by a $1 billion plus-up in the 2021 American Rescue Plan Act — and among the last issued by the TMF program if it's not renewed by Congress.

The Federal Election Commission received a $8.8 million boost to upgrade its legacy FECFile Online filing portal, which dates back to 1997 and can only operate on Windows-based machines. The update will modernize the software to operate in the cloud across a range of computing platforms.

At the Department of the Interior, the Bureau of Indian Education is getting a $5.86 million investment to modernize websites at bureau-funded schools. According to the funding announcement, many BIE-operated and -funded schools lack basic websites. The investment will support upgrades at more than 183 schools.

The Department of Energy is tapping a $17 million award to modernize its obsolete human resources infrastructure. According to the TMF announcement, the system last received a sizable investment more than 20 years ago. The new funding will take DOE's human resources operations across multiple systems into the cloud. David Turk, the agency's deputy secretary, said that the move to a commercial, cloud-based system means that DOE’s human capital solutions are future-proofed and will keep pace with global standards."

The fund, which boasts $950 million in ongoing projects across 60 agencies, was created in 2017 out of the Modernizing Government Technology Act. Historically, obtaining funding for the revolving fund has been a struggle, with appropriators from both parties taking issue with increasingly flexible payback requirements offered to agencies who dip into the fund. TMF has nearly exhausted its Rescue Plan Act funding.

There's bipartisan legislation in the works to reauthorize the TMF program, which is set to sunset next year, but House Republicans are looking to zero out funding for the program in fiscal year 2025 appropriations bills.

GSA Administrator Robin Carnahan is urging Congress to maintain support of the revolving fund, which allows cash-strapped agencies to take on needed modernization projects.

"GSA is committed to the TMF’s long-term success as a proven model for driving effective, impactful, and cost-effective IT modernization governmentwide,” Carnahan said in a statement. “It is essential that Congress provide resources to allow the TMF to continue to meet the growing demand for investments which address constantly evolving technology needs, threats, and advancements so that government can deliver better for the American people.”

]]>

DOD CIO resigns to take university post

Adam Mazmanian — Thu, 06 Jun 2024 12:54:00 -0400

The Defense Department's chief information officer is resigning from government service to lead the Bush School of Government and Public Service at Texas A&M.

The move was announced June 6. Sherman will exit government service at the end of this month.

John Sherman was confirmed by the Senate to serve as CIO in December 2021, and he'd been serving in the role on an acting basis before that. His leadership of tech at DOD spanned the Trump and Biden administrations.

At DOD, Sherman championed zero trust cybersecurity policies and was an advocate for research and development and fielding of artificial intelligence capabilities. He led the effort to pivot to virtual remote work for DOD staff during the COVID-19 pandemic, and he was a key player in the cancellation of the embattled Joint Enterprise Defense Infrastructure cloud contract, as well as the development of its replacement, the $9 billion Joint Warfighter Cloud Capability vehicle.

"Mr. Sherman has been a steadfast advisor and an innovative leader who has helped the department adopt and utilize modern information technology to keep our country safe," Defense Secretary Lloyd Austin said in a statement. “His technical expertise has proven invaluable in tackling a variety of digital challenges. His focus on mission readiness has ensured that each of the services is equipped with both the capabilities and the digital workforce necessary for modern warfighting."

Before joining DOD, Sherman served as CIO for the intelligence community in the Office of the Director for National Intelligence, deputy director for the CIA's Open Source Enterprise and as a deputy national intelligence officer on the National Intelligence Council.

Sherman and his wife Liz are both graduates of Texas A&M.

“I’m tremendously honored and humbled to be selected as the next dean of the Bush School," Sherman said in a statement. "The spirit of service and focus on preparing students for the future they instilled in the school will be our guiding light as we look to the challenges the next generation of leaders will face. Liz and I are excited to get back home to College Station and beginning this next chapter in our lives."

]]>

Google Cloud obtains FedRAMP High certification for more than 100 services

Adam Mazmanian — Wed, 22 May 2024 08:00:00 -0400

Google Cloud announced today that more than 100 of its cloud services are certified as meeting FedRAMP High standards for security.

The designation applies across Google's cloud services portfolio, and commercial customers will have access to the same FedRAMP-compliant services as federal, state and local government users, Leigh Palmer, vice president of technology strategy and delivery at Google Public Sector, said in a blog post.

The FedRAMP High designation is designed to cover systems housing data that would cause "severe or catastrophic adverse effect" if compromised, according to the FedRAMP program website. This covers health data, law enforcement records and financial systems, among others.

Some of the services that are now available to customers who require FedRAMP High certification include the Vertex AI platform, which can add automation, translation, text-to-speech and analytics services in call center operations, as well as Google Security Operations and Security Command Center, which offer cyber tools like threat detection and response.

Palmer told Nextgov/FCW that customers in areas like health care and cybersecurity "are now able to onboard because we have these certifications."

The FedRAMP designation comes a little more than a month after the cloud giant was certified by the Department of Defense to host classified data in its systems.

FedRAMP itself is undergoing modifications to comport with recent authorizing legislation. Recent changes include replacing the old Joint Authorization Board with a new FedRAMP Program Board designed to allow for more nimble security reviews in the fast-growing software-as-a-service category.

"I think this is a significant step forward. We're really excited about it." Palmer said. "It's not just good for Google. It's good for the whole industry."

]]>

GSA names 7 leaders to inaugural FedRAMP board

Adam Mazmanian — Tue, 14 May 2024 15:26:00 -0400

The General Services Administration is updating its signature cloud authorization program to feature a new board to take charge of provisional approvals.

The Federal Risk and Authorization Management Program Board is replacing the Joint Authorization Board as part of a series of changes under recent legislation that enshrines the program in statute. The legislation and subsequent draft guidance from the Office of Management and Budget are designed to create more pathways to authorization for cloud providers and to make it easier for agencies to team up to review solutions in the fast-growing software-as-a-service category.

"The FedRAMP Board intentionally comprises members from across government, bringing diverse perspectives from the frontlines of cyber and IT modernization efforts,” Drew Myklegard, the deputy federal CIO, said in a statement. "By harnessing their collective expertise, the board will play a vital role in adapting the FedRAMP Program to address the evolving cyber landscape and enable the accelerated adoption of secure cloud technologies across the government."

New board members are: Venice Goodwine, Air Force CIO ; Bo Berlas, GSA chief information security officer; Carrie Lee, deputy CIO at the Department of Veterans Affairs; David McKeown, defense department deputy CIO for cybersecurity; Hemant Baidwan, Department of Homeland Security chief information security officer; Sylvia Burns, CIO and chief privacy officer at the Federal Deposit Insurance Corporation; and Christopher Butera, senior technical director for the cybersecurity division at the Cybersecurity and Infrastructure Security Agency, housed at DHS.

The FedRAMP Authorization Act also prompted the development of a new roadmap for the program, released in March 2024. Its leaders pledged to reorient the program around customer service to set clear security expectations for vendors seeking authorization, streamlining reviews and using machine-readable tools to digitize the authorization process.

"While SaaS applications are used in government, and FedRAMP does have some in its marketplace, it’s not nearly enough and it’s not working the way that it should," the agency said in a statement announcing the March roadmap. "We know that for many companies, especially software-focused companies, it takes too much time and money to get a FedRAMP authorization. And we’re particularly cognizant that we need to scale and automate our own processes beyond where they’re at now if we want to meaningfully grow the FedRAMP marketplace."

]]>

House bill targets AI-generated comments in rulemaking

Adam Mazmanian — Wed, 08 May 2024 16:46:00 -0400

The House passed a bill on Monday that tasks federal agencies with managing computer-generated comments in rulemaking proceedings. The Comment Integrity and Management Act of 2024 passed without opposition on a voice vote.

The bill, sponsored by Rep. Clay Higgins, R-La., doesn't look to block comments generated by large language models like ChatGPT, Google's Gemini and others. Rather, the bill puts a legislative framework around existing efforts to identify and manage the flow of computer-generated comments to proceedings on Regulations.gov and elsewhere.

"The cornerstone of this bill is its commitment to ensuring that every comment submitted by electronic means comes from a real person, not an automated program," Higgins said on the House floor on Monday. "By requiring human verification, we are taking a significant step towards preserving the authenticity of public input."

Even before the advent of publicly available generative AI applications, policymakers were concerned about how to treat bulk submissions in response to federal agency rulemaking proceedings.

"The basic issue is that it has gotten easier for people to post comments online in a rulemaking," Rep. Jamie Raskin, D-Md., said on the House floor on Monday in support of the bill. "That is a really good thing because it means that the process of implementing regulations is more accessible, more transparent, more open, and more participatory, but a number of the agencies have found, I think, what Members of Congress have found. Sometimes you get the same paragraph 100 times, 1,000 times, or 3,000 times."

In one instance, the Federal Communications Commission's docket on the repeal of net neutrality policy in 2017 generated more than 22 million comments — more than 8.5 million of which were posted via a campaign led by broadband providers who wanted to see an end to the policy, according to a probe by New York's attorney general. There were 7 million comments traced to a computer science student, who attributed the comments to computer-generated names and addresses.

The Biden administration is also concerned about the issue. Its 2023 executive order on Modernizing Regulatory Review charges the head of the Office of Information and Regulatory Affairs with considering "guidance or tools to modernize the notice-and-comment process, including through technological changes…[including] guidance or tools to address mass comments, computer-generated comments (such as those generated through artificial intelligence), and falsely attributed comments."

One new wrinkle posed by generative AI, according to Mark Febrizio, a senior policy analyst at the George Washington University Regulatory Studies Center, is whether bot-generated comments can escape detection of tools designed to identify spam comments. In a 2023 paper, Febrizio argued that existing checks in place in the Regulations.gov platform could thwart efforts to flood proceedings with AI-generated comments.

These checks include a CAPTCHA interface to identify individual posters as human and, more significantly, a registration system used to authorize and track bulk comment submissions.

"Even with an unlimited supply of AI-generated content, a malicious user would quickly hit a bottleneck when trying to submit those comments on agency rules," Febrizio wrote.

Under the bill, any agency with its own rulemaking docket would be subject to policies similar to the one governing comments on Regulations.gov on the posting of AI-generated comments. Specifically, such policies would task agencies with publishing just a single representative version of mass comments, rather than having each listed separately in the docket, and publicly state the number of computer-generated submissions in a rulemaking proceeding.

The Office of Management and Budget is charged with issuing guidance for agencies to follow when implementing commenting policies and using "new technology to offer new opportunities for public participation in the rulemaking process." The bill tasks the Government Accountability Office with delivering a report to Congress with recommendations on how to identify computer-generated content, the prevalence of such comments and their actual impact on rulemaking.

]]>

Microsoft deploys air-gapped AI for classified defense, intelligence customers

Adam Mazmanian — Tue, 07 May 2024 09:00:00 -0400

Users of top secret IT systems may soon have access to generative artificial intelligence tools to draft documents, write code and analyze information.

Microsoft will announce later today the availability of GPT-4 in the Azure Government Top Secret cloud. The tech giant has been working for about 18 months on this effort, which includes the first-ever establishment of a new instance of ChatGPT specifically for classified U.S. government workloads.

The news that Azure OpenAI Service is being added to the top secret cloud will be announced this afternoon at the first-ever AI Expo for National Competitiveness hosted by the Special Competitive Studies Project, a tech- and security-focused think tank.

"We are going to have GPT-4 in an isolated environment for the first time," Bill Chappell, Microsoft's chief technology officer for Strategic Missions and Technologies, told Nextgov/FCW in an interview. "We've only done that for the U.S. government — and that's a big deal. They will have their own private instance of this capability isolated from the rest of the world."

The model will be available via classified cloud-based systems, but physically unconnected to the public internet. End users on DOD's classified network will be able tap the generative AI toolkit for a variety of uses, but they will not have the ability to train the model itself on new information and data because the model is air-gapped.

Chappell says he anticipates the benefits of the generative AI offering to include improved productivity, as well as more high-tech applications. Part of the motivation behind the effort is to give users on classified systems access to the same AI-powered tools that are available to users in non-classified government settings and in the corporate world.

"More mundane use cases are going to be huge to have across the [Azure Government Top Secret] cloud," Chappell said.

The announcement doesn't mean that classified users can immediately delegate document drafting chores to AI. Defense officials still need to sign off on the functionality before it can go live in classified U.S. government systems.

]]>

Education secretary pledges troubled online student aid tool will be ready for next fall

Adam Mazmanian — Wed, 01 May 2024 13:29:00 -0400

Education Secretary Miguel Cardona told Senate appropriators on Tuesday that the agency's online student aid form would be ready with improvements for students to begin submitting applications on October 1.

The tool debuted online in late December, in the middle of a busy college application season, but problems with limited uptime and bad data led to user complaints

"I do share the frustration you share," Cardona said in response to questions from Sen. Susan Collins, R-Maine. "Our kids deserve better, and we are working around the clock to make sure it improves. We've had delays. We had issues with some of the coding that we had to make changes to, and it is an overhaul. It's not just a new website."

Cardona steered clear of apologizing for the disappointing rollout, but he did acknowledge the confusion and anxiety experienced by students and by school administrators as a result of the rocky rollout of the online Free Application for Federal Student Aid tool.

Students typically face a May 1 deadline to commit to attending a college or university, but doing so can be problematic without knowing what kind of financial aid package they are in line to receive. The online form was designed to be dynamic to only require applicants to submit answers to necessary questions. The previous iteration of the form included 103 possible questions, but under the revised FAFSA applicants can skip up to 26 questions depending on the information they input. Despite the streamlined format, data shows that students are still facing challenges completing the application.

Sen. Shelley Moore Capito, R-W.Va., called the rollout of the new system "bungled" and said that " FAFSA completions are down 36% nationally compared to this time last year" and down almost 40% in her home state.

Later in the hearing, Cardona noted that the old form also presented challenges, and that he thinks that the digital FAFSA will improve accessibility across the board.

"I think one of the things that we don't really talk about a lot is that across our country we've normalized a 60% completion, 70% completion of FAFSA. It is our expectation as we work together to get those numbers closer to 90%, 95% of students filling it out," Cardona said.

]]>

Feds need to be careful when tapping generative AI for work

Adam Mazmanian — Mon, 29 Apr 2024 14:09:00 -0400

Generative artificial intelligence can help federal employees do their jobs better in certain cases, but there are risks to watch out for, according to the Office of Personnel Management.

The federal HR shop issued guidance today on the Responsible Use of Generative AI, which points out some key pitfalls — as well as benefits — of using the emerging technology in federal work, such as document drafting, coding, translation, data analysis and more.

First, it's important to make sure your agency has cleared employees to use GenAI apps in the workplace. Agencies have different policies about onboarding tools that assist in writing, computer coding and image generation. While these tools are often freely available over the open internet, it's up to agencies to authorize access. Some agencies may have their own enterprise GenAI tools. In any case, OPM notes, feds should "expect that your use of GenAI technology may be logged and monitored."

Even approved tools can generate outputs that aren't suitable for public-facing or even internal use, because of the potential for copyright infringement and plagiarism, as well as the release of personal information contained in training materials used by these large language models. Additionally, OPM notes the risk "to agency credibility if content is inaccurate, unreliable or discriminatory."

OPM urges feds to impose human checks on AI outputs before any publication or dissemination of written materials or AI-generated images. It is especially important to "review AI-generated material for potentially biased, harmful, stereotypical, or otherwise offensive language or images," the guidance states. Additionally, some agencies may require some disclaimer or watermark that identifies AI-generated material.

The guidance comes 180 days after the release of the Biden administration's executive order on AI. The White House noted separately that all federal agencies completed the 180-day deliverables contained in the order on schedule. These include, on the government operations front, guidance from the Department of Labor's Office of Federal Contract Compliance Programs on deploying AI in the workplace, as well as multi-agency guidance on the responsible and equitable use of GenAI in public benefits programs.

]]>

Government Eagle Award: David Shive

Adam Mazmanian — Wed, 24 Apr 2024 21:15:00 -0400

As the longest-tenured CIO in the federal government, David Shive has a knack for being in the room when innovation is happening.

In addition to leading tech at the General Services Administration, Shive is vice chair of the federal CIO Council and a member of the board of the Technology Modernization Fund, an office established by Congress to make strategic investments in agency tech upgrades.

Part of the reason why Shive is closing in on a 10-year chip as GSA CIO is the agency itself. Its position as the leading supplier of technology to federal agencies is “one of the things I love about GSA,” he said in an interview. He calls his post “a techie’s dream job.”

“One of the things that excited me about coming to GSA and has kept me around is the fact that we don’t do to our partners what we haven’t tried out on ourselves first,” Shive said. “What that means is a lot of our outward-facing products and services got their start on the inside, where we would have an idea and try it at scale within the agency first.”

Shive ticked off a long series of firsts at GSA, some predating his arrival. It was the first agency to have an internet connection on every desktop, the first to have an open-source software strategy, the first to hire a chief customer officer and the first to do agile implementation.

“And these firsts are because of a tendency to lean forward. But we don’t do it just because it’s cool,” he said. “We do it because we use ourselves as a proving ground to then scale some of that great thinking out through our products and services that we project out to the agencies and the citizens who are end users of these services.”

Shive has also seen the roles of government and private-sector CIOs morph over the years from serving as a “chief tech bean counter” managing a portfolio of technology investments to a true business advisor to the front office. And, Shive notes, it’s increasingly common to find tech experience on the resumes of top leaders.

“I suspect that in government, you may not see former CIOs coming in and running federal agencies, but what you’ll see are CEO types who have meaningful experience in tech domains, as a 21st-century executive should, and being able to employ those technology strategies to better support the business mission.”

Shive has also seen the pace of change accelerate dramatically inside of government, especially recently with hard pivots on cybersecurity, customer experience, digital identity, cloud adoption and more.

“When I talk with my private-sector CIO peers, they are shocked at how fast we move here in government. There’s been a long-standing misnomer that government operates at a very plodding pace, that we’re behind the private sector,” Shive said. “And you know what? That’s just not true. Having worked in both, I know that the quality of the technology outcomes supporting the businesses of the agencies that we serve is equal to or better than the best of the best out in the private sector.”

]]>

Industry Eagle Award: Nick Sinai

Adam Mazmanian — Wed, 24 Apr 2024 21:15:00 -0400

Nick Sinai can trace the launch of his career as a leader in government technology delivery to the 2008 financial crisis.

Sinai and his new wife had taken a red-eye flight to Italy for their honeymoon that September. Upon landing, Sinai learned about the collapse of Lehman Brothers from a newspaper headline. He’d been working at Lehman’s venture arm for about nine months and upon his return, he had to look elsewhere for work.

He was hired at the Federal Communications Commission to work on the National Broadband plan, an ambitious effort to incentivize the development of high-speed internet across the U.S. while transitioning to faster mobile technologies.

“That was my first exposure to policymaking as a grown-up, and it was tremendously exciting,” Sinai said.

That experience connected him with a new generation of government techies who were starting to focus on then-novel concepts like agile development and user-centered design. He joined the White House Office of Science and Technology Policy under Chief Technology Officer Aneesh Chopra as an advisor and served as deputy CTO under Chopra’s successors Todd Park and Megan Smith.

Before long, the Healthcare.gov debacle saw a lot of the staff of OSTP detailed to the rescue effort. Sinai stayed at OSTP, but some of the programs he sponsored supplied personnel needed to get Healthcare.gov on track — and helped supply a proof of concept for in-house digital innovation groups like 18F and the U.S. Digital Service.

The experience and knowledge gained at OSTP also provided fodder for the 2022 book Hack Your Bureaucracy, co-written by Sinai and former Veterans Affairs CTO Marina Nitze.

The tactics in the book are “fundamentally about understanding the organization and understanding people and processes and why things are the way they are before you go try and disrupt them and change them,” Sinai said. “Some people think ‘hack’ is a pejorative term, but we really see it as a way to improve government, and it starts with understanding the problem space and understanding the end users.”

Today Sinai works as an venture capitalist, but that description doesn’t cover his impact on the federal technology community.

“He has a deep understanding of the policymaking process … he has the judgment of an investor focused on early-stage companies capable of identifying sparks that might scale to deliver meaningful impact, and he is a talented operator who can see the kindling of promising ideas all the way through implementation,” Chopra told Nextgov/FCW.

A former colleague, Erie Meyer, now chief technologist at the Consumer Finance Protection Bureau, said that Sinai is “one of the first lifelines I call when I have a hard problem.”

“Nick is smart, tough and kind,” Meyer said. “I’ve learned a lot from him, but my favorite thing is the discipline of how to learn a lot from people. He’s constantly cultivating community, helping people stretch and asking sharp questions.”

]]>