Nextgov/FCW - All Content

Appeals court removes limits on DOGE access to SSA data despite ‘alarming’ revelations

Natalie Alms — Fri, 10 Apr 2026 17:39:00 -0400

A federal appeals court vacated a court order limiting the Department of Government Efficiency’s access to sensitive data at the Social Security Administration on Friday, handing the Trump administration a victory in its quest to reverse the restrictions.

A majority of the U.S. Court of Appeals for the Fourth Circuit said that three organizations suing SSA weren’t able to show that irreparable harm was likely without action from the court, reversing a lower court’s preliminary injunction from last year that had blocked DOGE from accessing data.

This follows a January court filing in which the government conceded that DOGE associates may have improperly accessed sensitive data at the agency.

A DOGE employee signed an agreement to share SSA data with an unnamed political advocacy group that wanted to overturn election results in certain states, the government said in a correction to the record. That filing also revealed that much of DOGE’s data access occurred outside of official protocols — and that SSA still doesn’t know the full scope of DOGE’s data access and sharing, which included the use of an unauthorized server.

“The government’s recent acknowledgments are alarming and raise serious questions about its earlier conduct before the district court,” the Friday opinion reads.

The court called recent reports about another SSA whistleblower accusing an ex-DOGE associate of planning to take sensitive data on U.S. citizens with him to his job at a government contractor “even more alarming” in its majority decision written by Judge Toby Heytens.

The court made its decision to reverse the limit on SSA’s data access based on the record before the district court at the time it issued the preliminary injunction, Heytens wrote, noting that the new revelations can be considered by the lower court down the line.

The Supreme Court already temporarily gave DOGE access to SSA data again last summer in an unsigned decision. On Friday, the Fourth Circuit deferred to the Supreme Court and sent the case back to the district court.

Judge Robert King argued in a partial dissent that the court should have assessed the merits of the preliminary injunction on the basis of the new, corrected record.

“We now know that SSA and the other defendants provided patently false information to the district court in the preliminary injunction proceedings,” wrote King. He said prior rulings were “rendered on a materially erroneous record. And we know that, going forward, we should not accord the defendants any benefit of the doubt or readily trust in anything they say.”

The government also admitted in its correction to the record that two DOGE associates were also granted access to sensitive data after a court issued a temporary restraining order last March blocking DOGE’s access to SSA data.

SSA houses sensitive information like the addresses, Social Security numbers and dates of birth of millions of Americans.

The coalition of unions and retiree advocates suing SSA argues that DOGE got unauthorized access to this information, violating privacy laws and putting Americans at risk.

“We look forward to continuing this case in the district court, seeking discovery, and getting to the bottom of this harmful conduct, including demonstrating the harms of DOGE’s actions that now appear to extend to the integrity of U.S. elections,” said Skye Perryman, president and CEO of Democracy Forward, which is representing the plaintiffs in the case.

]]>

DHS intelligence office restructuring would still keep it under ODNI oversight

David DiMolfetta — Fri, 10 Apr 2026 15:34:00 -0400

A significant White House plan to fold the Department of Homeland Security’s primary intelligence unit into DHS headquarters for the coming fiscal year would not affect its oversight under the Office of the Director of National Intelligence, an administration official told Nextgov/FCW.

The new reporting structure, unveiled last week in the president’s FY27 budget request, would combine the Office of Intelligence and Analysis and the department’s Office of the Secretary and Executive Management, Management Directorate and Office of Situational Awareness into a single unit reporting to the DHS secretary.

But I&A would still be considered a member of the intelligence community, said the official, who was granted anonymity to discuss the changes.

“The planned, internal DHS structural changes noted in the president’s budget submission will not impact I&A’s membership in the [intelligence community] and will not impact ODNI’s oversight over I&A as a member of the IC,” the administration official said.

I&A’s status as an official U.S. intelligence component under the budget proposal has not been previously reported. ODNI, led by Director of National Intelligence Tulsi Gabbard, manages the nation’s 18 spy agencies.

The intent to keep I&A under ODNI management could be a reprieve for lawmakers and stakeholders concerned about future oversight of the office. The reorganization of the intelligence shop, which would require congressional approval in upcoming appropriations talks, would mark the most significant change to the office to date, following efforts made last year to sharply scale it back.

I&A was slated for major workforce reductions in President Donald Trump’s second term, as Nextgov/FCW first reported last July. Those plans, which would have only kept some 275 people working at the office, drew major pushback from law enforcement organizations and Jewish groups that long relied on the agency to disseminate timely intelligence about threats that concern state, local, tribal and territorial communities. One international organization privately warned Congress that the proposed cuts would create “dangerous intelligence gaps.”

The downsizing was put on hold just days later, but I&A reignited efforts soon after to more gradually shed its workforce. As of late last year, the office had around 500 full-time employees, a figure that preserved more staff than the initial plans to cap the workforce at 275, though that still halved the 1,000-person operation in place earlier last year. It’s possible that more people have since departed.

The office falls within the purview of the Senate and House Intelligence committees, but its status as a DHS component also subjects it to oversight from the Homeland Security panels in both chambers.

In November, Nextgov/FCW reported that the House Intelligence Committee privately weighed a measure in the annual intelligence community authorization bill to significantly curtail the size and scope of I&A. The provision would have barred the office from gathering and analyzing intelligence, effectively turning I&A into a clearinghouse for intelligence findings produced elsewhere and stripping it of standard spy agency collection authorities.

As part of its mission, I&A helps manage a series of fusion centers around the country that facilitate intelligence sharing between federal agencies and state and local law enforcement, raising questions about stakeholder engagement under the proposed restructuring.

I&A was born as part of the creation of the Department of Homeland Security after the Sept. 11 terrorist attacks to coordinate intelligence on homeland threats and expand information sharing with state and local authorities. For years, lawmakers on both sides of the aisle have sought to reform the unit amid concerns about domestic overreach and partisanship.

Its placement in DHS has put it at the center of recurring jurisdictional tensions with the FBI, which drives much of the nation’s domestic intelligence, counterterrorism and counterintelligence work under the Justice Department.

]]>

Tech bills of the week: Boosting export controls; AI-focused workforce development; and more

Alexandra Kelley and Edward Graham — Fri, 10 Apr 2026 15:13:00 -0400

Matching export controls

A group of bipartisan senators introduced a companion bill to an earlier House measure that updates semiconductor export control laws to ensure that adversaries cannot purchase key pieces of technology and equipment for semiconductor manufacturing from either the U.S. or its allies.

The Multilateral Alignment of Technology Controls on Hardware Act, introduced on Wednesday, aims to harmonize export controls among the U.S. and its allies to ensure that critical technologies do not fall into the hands of adversarial nations, like China.

Introduced by Sens. Jim Risch, R-Idaho, Pete Ricketts, R-Neb., and Andy Kim, D-N.J., the MATCH Act is also cosponsored by Sen. Chuck Schumer, D-N.Y. On the House side, companion legislation was introduced by Rep. Michael Baumgartner, R-Wash.

“Idaho and America are at the leading edge of semiconductor innovation. It is vital we maintain this position by strengthening our export controls and closing loopholes that our adversaries exploit to obtain critical technologies like semiconductor manufacturing equipment,” Risch said in a press release. “The MATCH Act will prevent adversaries from undermining the U.S. semiconductor industry and threatening our national security.”

The bill targets the essential, or “chokepoint,” inputs for semiconductor manufacturing as the main subject of the new export controls. If passed, it would prohibit the sale of these chokepoints from the U.S. and allies to countries of concern.

Prepping the U.S. workforce for AI

Rep. Tim Walberg, R-Mich., introduced a measure on Monday to reauthorize and update the 2014 Workforce Innovation and Opportunity Act to include new provisions that enhance the country’s workforce development in the AI era.

A Stronger Workforce for America Act of 2026 hinges on facilitating access for adult learners to apprenticeships, sector partnerships and employer-led training, all housed within the Department of Labor.

The bill also allocates funding for upskilling workers through “individual training accounts,” hands-on learning and other employer-led and industry-centric initiatives.

“The workforce is evolving rapidly, and legislation designed over a decade ago is no longer meeting today’s demands,” Walberg said in a press release. “This bill modernizes a struggling and underutilized workforce development system, delivering reforms that strengthen participant outcomes and ensure greater accountability for taxpayer dollars. This is a win for employers, job seekers, and taxpayers alike.”

A second piece of legislation also seeks to update the Workforce Innovation and Opportunity Act. Introduced on Monday by Rep. Michael Baumgartner, R-Wash., the amendment focuses on adding a “Workforce data quality initiative” to the larger 2014 law.

Expanding the timeframe for penalizing export control violations

A House measure introduced on Wednesday seeks to strengthen export control laws by extending the timeframe for addressing violations of U.S. law and clarifying that “a civil case is considered commenced when a charging letter is issued.”

The proposal — from Reps. Ryan Mackenzie, R-Pa., and Joaquin Castro, D-Texas — would increase the statute of limitations for export control violations from five years to 10 years “for both civil enforcement actions and criminal prosecutions.”

The legislation comes amid a recent bipartisan, bicameral push to enhance U.S. export controls so that adversarial nations, like China, cannot easily gain access to sensitive technologies or semiconductor manufacturing equipment made in America.

“As bad actors develop sophisticated tactics to get around U.S. export controls and put our national security at risk, it’s essential that U.S. authorities have the legal tools they need to fulfill their missions,” Mackenzie said in a statement. “This bipartisan bill updates our laws to match today’s challenges, giving law enforcement more time to investigate complex cases and enforce accountability for those undermining American interests.”

Making data centers pay for increasing energy demands

Democrats in the House and Senate introduced legislation on Thursday to place the onus of high electricity costs on data centers, rather than making surrounding residents shoulder the financial burden of high power demands.

The bill — introduced in the House by Rep. Paul Tonko, D-N.Y., and in the upper chamber by Sen. Chris Van Hollen, D-Md. — is in response to the growing electrical needs of data centers powering artificial intelligence technologies. While these centers underpin many of the emerging capabilities transforming public and private sectors, they require massive amounts of energy to operate, which can strain electrical grids and hike up bills.

The proposal, called the Power for the People Act, would direct the Federal Energy Regulatory Commission to require that data centers pay for local transmission upgrades that have previously been passed down to local communities, as well as create “a data center load queue” to help offset the electrical demands of the centers. The bill would also direct the Energy Department, as well as state regulatory authorities and nonregulated electric utilities, to work to create “data center rate classes” to assign appropriate costs to the centers.

“Families are already paying higher prices for everything from groceries to healthcare, to gas, to utilities — they shouldn’t be forced to also shoulder the costs for companies building data centers,” Tonko said in a statement. “Our Power for the People Act balances the need for data center development without pushing those costs onto consumers.”

Upgrading and expanding access to quantum research facilities

House lawmakers want to give researchers and scientists working within quantum information sciences and technologies the necessary tools to ensure the U.S. is leading in quantum-based systems.

Introduced on Thursday by Reps. Andrea Salinas, D-Ore., and Jim Baird, R-Ind., the Quantum Instrumentation for Science and Engineering Act directs the National Science Foundation to award grants that fund shared research facilities and specialized equipment used by universities, startups and laboratories.

The bill seeks to amend the National Quantum Initiative Act –– which expired in 2023 –– to permit NSF to outfit qualifying research facilities and laboratories with the equipment and resources necessary to field QIST research and development.

It also seeks to expand access to said facilities and labs to better enable information sharing and hands-on learning experiences for students.

“Quantum science is among the world’s fastest-growing areas of research, and leading in quantum research carries significant implications for innovation, our economy, and our national security,” Baird said in the press release. “The U.S. has led the world in quantum science for years. By further investing in this research, this legislation will help ensure we maintain our global competitive advantage.”

]]>

Data is a strategic asset and a strategic vulnerability

Riccardo Di Blasio — Fri, 10 Apr 2026 14:45:00 -0400

A foundational theme has underscored nearly every recent global security discussion: the role of data in national security. What has become clear from conversations with security and government leaders is that data is no longer a secondary concern; it is a primary strategic asset and a critical vulnerability.

National security now rests on a bedrock of data. This is not a distant concept but a present-day reality. Defense systems, intelligence operations, emergency response grids and critical public services are all built upon vast, interconnected data infrastructures. The rapid integration of artificial intelligence has amplified this trend, transforming data into both a nation's most powerful tool and its most exposed flank. One prevailing theme across these discussions is the urgent need to shift our thinking about data security from a technical issue to a strategic imperative.

Cyber operations as geopolitical instruments

A major point of consensus among global security leaders is that we are living through a consequential transition. Cyberattacks are no longer isolated technical events but potent instruments of geopolitical pressure. Leaders shared perspectives on how digital disruptions have evolved into direct threats to social, economic and political stability.

When a nation's hospitals are disrupted, its power grid destabilized or its government services taken offline, the impact is felt far beyond the digital realm. These attacks are designed to test public trust just as much as they test technical defenses. They intentionally blur the line between cyber warfare and traditional security threats, creating a new front in international statecraft. Yet, as many leaders have noted, the strategic response has not kept pace, with data resilience often remaining siloed as an operational concern. This framing is now dangerously outdated.

Elevating data resilience to critical defense infrastructure

Modern defense strategies have long recognized the importance of readiness, redundancy and resilience in physical assets. A key takeaway from recent discussions is that the same logic must now be applied with equal rigor to our digital infrastructure. Data integrity, availability and recoverability are foundational pillars of national resilience.

Without these pillars, even the most advanced defense capabilities are fundamentally compromised. A military force, an intelligence service or a public agency cannot function if its data cannot be trusted, accessed or restored under pressure. This point was particularly emphasized in conversations around the accelerating use of AI for intelligence analysis, threat detection and decision support. The message was clear: data resilience must be elevated to the level of critical infrastructure protection.

Untrusted data creates unreliable intelligence

The effectiveness of AI systems is entirely dependent on the quality and integrity of the data they consume. As one panelist noted, when that data is incomplete, corrupted or inaccessible, the resulting intelligence is not merely flawed — it can be actively misleading. In high-stakes national security environments, this is not a theoretical risk.

Corrupted data directly affects situational awareness, compromises decision-making and can ultimately dictate strategic outcomes. As AI becomes more deeply embedded in national security systems, the connection between data resilience and operational credibility becomes absolute. These discussions reinforce a clear reality: you cannot have a credible AI strategy without a robust data resilience strategy to support it.

The necessary shift from prevention to continuity

This evolving threat landscape demands a strategic shift away from purely perimeter-based cybersecurity models. Instead, security leaders and experts are calling for architectures designed for inevitability — systems built on the assumption that disruption will occur. The focus must be on withstanding, isolating and recovering from incidents quickly.

Resilience is not about preventing every breach; it is about ensuring continuity when a breach happens. It is the crucial difference between a temporary disruption and a lasting destabilization. This shift in mindset also requires a more rigorous approach to the technology ecosystem itself.

Trust in technology is now a security prerequisite

A recurring theme was that national security depends not only on what technologies are deployed but also on who builds, operates and maintains them. Trusted vendors, transparent governance and accountable supply chains are no longer abstract policy goals. They are now essential prerequisites for secure outcomes in a deeply interconnected world.

As data flows across borders and through complex systems, trust must be designed into the infrastructure from the start, not layered on as an afterthought. This requires a new level of scrutiny and collaboration between public and private sectors to establish and enforce standards.

Partnerships are the architecture of modern security

One of the most resonant conclusions emerging from global security dialogues is that no single entity can secure the digital future alone. No government, no private company and no alliance can independently manage the scale and complexity of these challenges.

Partnership — across borders, sectors and institutions — is the new architecture of modern security. The discussions centered on how to ensure these partnerships are grounded in shared standards for resilience, transparency and accountability. Building this collaborative framework is the central task for the years ahead.

Securing data Is securing the future

It’s clear that the global security landscape is evolving faster than our traditional frameworks. Data sits at the center of that evolution. Treating it as a strategic asset and defending it accordingly is not simply a matter of technology policy; it is a fundamental component of national resilience. As we look toward the future, the nations best prepared to navigate uncertainty will not be those with the most data, but those that have invested in making their data secure, resilient and worthy of trust.

Riccardo Di Blasio is the Senior Vice President, North America Sales at NetApp.

]]>

US push to counter hackers draws industry deeper into offensive cyber debate

David DiMolfetta — Fri, 10 Apr 2026 12:22:00 -0400

The U.S. government has an offensive cyber wish list, and the private sector is already bidding. Many federal contractors back the effort, though they still have deeper questions about semantics and where offense ends and defense begins.

Terms like “disruption,” “cyber effects” and “defensive operations” were flung around in discussions at the RSAC Conference in San Francisco last month, one of the largest cybersecurity gatherings in the world. In discussions during and after the conference, Nextgov/FCW sought to learn how industry players perceive the vision under President Donald Trump to punch back harder against cyber adversaries, and how those industry leaders might contribute to the cause.

For the past year, industry executives and U.S. officials in closed-door meetings have weighed the concept of enlisting private sector cyber titans to hack for the government, inspired by the centuries-old practice of letters of marque and reprisal that made waves in the old days of naval warfare. But last month, National Cyber Director Sean Cairncross appeared to pour cold water on the concept.

He told audience members at an event that there’s “an enormous amount of capability on the private sector side,” but that he’s “not talking about private sector, industry or companies engaged in a cyber offensive campaign.”

Cairncross said he wants to use the “ability of our private sector … to inform and share information so that the [U.S. government] can respond” either defensively or in a more agile way to enemy hackers. His remarks came after the release of Trump’s national cyber strategy, whose first pillar focuses on ways to create obstacles for foreign state cyber operatives and criminal hackers.

But nearly a dozen interviews with industry stakeholders and former officials indicate that it remains an open question where companies draw the line on cyber offense and where the government does. The boundaries around offensive cyber are often blurred, and the private sector is still trying to learn its place. That uncertainty leaves more questions than answers about how offensive cyber operations should be structured, regulated and integrated into a broader U.S. national security strategy.

New market force

There’s consensus among security leaders that the private sector doesn’t want to be deployed for offensive hacking, said Adam Marrè, chief information security officer at Arctic Wolf. The talk of “hacking back” comes up every five to ten years, he said, but those talks break down every time for a number of reasons, mainly because of legal and ethical concerns.

Still, there’s no indication that the global cybersecurity environment is calming. Foreign adversaries would “absolutely” want access to powerful exploits that can steal information or wreak havoc on systems, Marrè said.

“[Adversaries] are mainly worried about what’s effective. So if it works, and if it ain’t broke, don’t fix it,” he said. “But if I can find a more exotic exploit that is going to allow me to have more access or access without being detected, or be able to get to somewhere I haven’t been able to get before, 100% they’re going to be looking for that."

Governments across the world are hankering for the latest and greatest hacking tools, said Elad Schulman, CEO of Lasso Security.

“If we are not developing capabilities, our enemies are developing those capabilities,” he said. “That is why we need to assume that, at any point in time, someone will find and use exploits against us.”

For years, companies have helped develop special technologies for the U.S. government’s secret cyber missions. But the new White House cyber strategy’s offensive focus sets a tone for companies and their investors, said Rob Joyce, the NSA’s former cybersecurity director.

“There’s been companies that are defense industrial base firms that know how to sell to the government, and there’s been some very boutique cyber companies that sell into the military cyber and intel community,” he said. “But this has the whole community and people out here in Silicon Valley who are not government-adjacent talking about ideas that they can help with in offensive cyber. I think it changes that ecosystem a little bit.”

Joyce is now a venture partner at DataTribe, which invests in early-stage cybersecurity companies often led by people who worked in the intelligence community. He said the government is in the market for an array of cyber capabilities, including vulnerability scanning, exploit development, tooling to analyze cyber threat data and digital infrastructure to obscure the origin of covert cyber operations.

This week, the cybersecurity world was sent into shock when Anthropic revealed it was holding back a powerful frontier AI model that could find previously undiscovered vulnerabilities at mass scale. The intelligence community is already eyeing its capabilities, Nextgov/FCW reported.

Still operating defensively

Many practitioners are advising the cyber ecosystem to invest in defensive measures, regardless of the White House’s more offensive posture.

“Being a defender, an ounce of prevention is worth a pound of cure,” said Ryan Anschutz, the incident response lead at IBM’s X-Force threat intelligence arm and a former FBI official. “A defensive prevention perspective, I think, would have more of an impact … than offensive capabilities, which, quite frankly, some arms of the federal government — their offensive capabilities far surpass the private sector.”

Even among companies that simulate adversary cyberattacks to improve network defenses, known formally as red-teaming, the definition of “offensive hacking” can get fuzzy.

“Would you classify offensive hacking as going out and fingerprinting the threat that was attacking you to gain the threat intelligence?” Anschutz said. “Is that offensive? Where does that change? Where’s the line drawn between what is offensive and what’s not offensive?”

The answer depends on who you ask.

Hacking back, in the sense of breaking into adversaries’ computer systems for data and geopolitical intelligence, takes a level of access that only belongs in the government space, said another industry executive that works closely with the intelligence community on cyber matters.

Google’s threat intelligence arm recently came out swinging with discussions of its new disruption unit, though executives soon quashed the notion that the unit is “offensive” in any way, arguing that removing infrastructure that hackers sit on is a defensive move that impedes their forward operations onto U.S. and allied systems.

Some companies are building out advanced defensive cyber solutions at as rapid a pace as the offensive market, a sign that a more capable offense is driving equally urgent demand for stronger digital shielding.

“We had just seen too many examples over and over again of how burned out these poor kids in these security operations centers are, how just overwhelmed at the enormity of all the alerts, all the boxes always flashing red,” said Bill MacMillan, a former CIA official and now the chief product officer at security operations center solutions provider Andesite.

“We have to transform. We have to adopt this technology because this is the threat environment and the resource environment that we’re operating in,” he said.

Considering new frameworks

The offensive philosophy in Washington, D.C., has made some cyber experts weigh the pros and cons of the current legal environment that facilitates hacking activities.

The NSA, Cyber Command and others are permitted to take more aggressive cyber actions to stop foreign adversaries and criminal hacker gangs. This week, the FBI said it covertly sent shutdown commands to kick Russian state-backed hackers out of thousands of routers housed in organizations around the world.

The move, like many FBI takedowns of digital infrastructure, required court authorization. More broadly, some of the most sensitive intelligence operations do not rely on a standard U.S. court warrant at all.

Even so, private companies lack those authorities. They may build the capabilities used in cyber operations, but — like a defense contractor manufacturing a missile — the decision to deploy them and the consequences that follow rest with the government, not the company.

But what happens if a firm is hacked and wants to take action? There’s room to discuss “stand-your-ground” laws that could permit companies to respond to intrusions, at least to a certain degree, said Philip George, executive technical strategist at Merlin Cyber.

“Obviously, there are some authority issues and some rules of engagement concerns, and we don’t necessarily want everyone returning fire or preemptively thwarting an attack,” he said. But if attacked in cyberspace, “what’s the extent that I can return fire, to at least take down infrastructure that may be targeting me?”

Asked if such a legal authority constitutes a counter-attack, he clarified it as a “counter-action” or “counter-response” because the former term carries “a lot of weight.”

Some serious conversations will need to be had about the future of legal measures under this offensive posture, said John Fokker, head of threat intelligence at Trellix and a former official in the Dutch National Police’s High-Tech Crime Unit.

“If authorities are operating in the grey area with certain private sector entities, I’d much rather define and start talking about that grey area,” he said.

Information-sharing between the public and private sectors — a cornerstone of modern efforts to stop cyberattacks — should also continue, he said, though he argued the process should be streamlined given the number of existing groups.

But one executive said they expect the U.S. government will ultimately find ways to involve private contractors in offensive cyber operations, even as the administration publicly draws limits.

“I believe that the government will contract for cyber operations under carefully crafted contracts,” said Kevin Spease, president at ISSE Services. “It simply depends on how you define it.”

He pointed to past U.S. conflicts where private firms supported offensive missions, arguing cyber operations could follow a similar path.

The rationale, Spease added, comes down to capability. The government, in both civilian and defense agencies, already predominantly relies on technology made by the private sector for day-to-day operations.

“The private companies have far better expertise,” he said. “Sometimes it’s easier to have a contractor do it.”

]]>

Judge renews procedures for 702 surveillance program that could soon lapse

David DiMolfetta — Fri, 10 Apr 2026 10:40:00 -0400

The Trump administration notified Congress that the government’s top intelligence court last month renewed its endorsement of a contentious surveillance program, letting it operate for another year even though it’s set to expire soon without reapproval from lawmakers, according to two people familiar with the matter.

But the judge on the Foreign Intelligence Surveillance Court who issued the March 17 ruling raised concerns about filtering tools the FBI, NSA and other agencies use to sift through raw data collected under the program — known as Section 702 of the Foreign Intelligence Surveillance Act — one of the people said.

Both people spoke on the condition of anonymity to discuss details about the sensitive nature of the recertification, some components of which are classified.

Section 702 allows spy agencies to compel internet and telecom providers to turn over contents of phone calls, emails and text messages of foreigners located abroad without a warrant, but, in doing so, agencies can also incidentally collect Americans’ data if they are communicating with a foreign target. The program is set to expire April 20, unless lawmakers vote to reauthorize it.

Collected 702 communications are stored in classified databases, where analysts query them for foreign intelligence. Search terms — known as “selectors” — can include names, phone numbers or email addresses of targeted individuals. Analysts may use tools to search stored U.S. person data when they believe doing so is reasonably likely to return useful information for national security investigations.

The New York Times first reported details of the recertification and said that, per the judge’s ruling, agencies must reengineer filter tools because the court found that narrowing results to an American’s collected communications effectively turns a foreign-target search into a U.S.-person query subject to stricter limits. Nextgov/FCW has not independently confirmed those details.

Unclassified talking points on the certification obtained by Nextgov/FCW say the White House has until April 16 to appeal the order or correct the issues presented by the court. The court “determined that the proposed approach for the discreet technical capabilities at issue could present deficiencies,” according to the talking points, and the Trump administration is “working expeditiously to understand the mission impact of the court’s order,” it adds. The judge’s concerns about the querying process suggest spy agencies may not be consistently applying safeguards meant to protect Americans’ data after being collected.

The White House did not return a request for comment by the time of publication.

The administration is seeking a clean 18-month extension of the spying power in Congress, which, if approved, would extend it until October 2027.

Privacy advocates argue that a warrant requirement should be mandated for searches of U.S. person data collected under 702. The intelligence community has historically argued against that measure, saying it would slow down timely investigations and prevent analysts from acting on hunches as they track national security threats.

Several lawmakers from both sides of the political aisle, including Trump supporters, have backed warrant reforms for the law.

The recertification and ruling from the judge could give privacy and civil liberties groups more runway to challenge how spy agencies handle Americans’ data under the program.

“The FISA court’s recertification of Section 702 is another demonstration of the same pattern we have seen time and time again. The intelligence agencies find workarounds, compliance breaks down, and the public only finds out after the fact. A clean reauthorization represents more of the same. Real reform requires warrants for Americans’ communications,” said Kia Hamadanchy, senior policy counsel at the American Civil Liberties Union.

Under Section 702, the court annually reviews and approves the procedures governing how agencies collect, handle and search data. The recertification allows the program to continue under court-approved rules, but it does not extend the underlying law and can surface compliance gaps that require agencies to change certain procedures.

A declassified version of last year’s certifications shows the FBI used an “Advanced Filter Function” that allowed users to “select a specific FBI casefile number or facility, using a drop-down menu or search bar” to review communications of individuals in contact with foreign targets.

But the FBI later “deactivated” the tool after the Justice Department found that selecting those individuals “resulted in queries of raw information,” rather than merely sorting the results of prior searches, and that the government lacked sufficient records to determine whether those queries complied with applicable requirements. Those queries could have included communications involving U.S. persons, which would trigger stricter rules on how the data is accessed and used.

The split between the court’s recertification process and Congress’s role in renewing Section 702 can create legal gray areas. The intelligence court approves the rules governing the program, but only lawmakers can extend the authority itself, raising questions about compliance if the statute lapses.

In 2024, two service providers privately warned they would stop complying if the law was not renewed, despite the program having been recertified that year.

Section 702, enacted in 2008, codified parts of the once-secret Stellarwind surveillance program created under the Bush administration after the Sept. 11, 2001, attacks. In 2013, former NSA contractor Edward Snowden disclosed documents detailing how the authority was used, fueling a global debate over privacy and mass surveillance.

The program is frequently used to track myriad national security threats, including hackers, terrorist groups and foreign intelligence operatives. This week, around four dozen former national security officials urged Congress to renew the spying power before it expires.

Editor's note: This article has been updated to include details from the unclassified talking points on the certification that were obtained by Nextgov/FCW.

]]>

Treasury debuts effort to share cyber threat intel with crypto firms

David DiMolfetta — Thu, 09 Apr 2026 16:25:00 -0400

The Treasury Department said Thursday it will begin sharing cyber threat intelligence with cryptocurrency firms following a string of incidents in which hackers siphoned off millions of dollars in customer funds.

The department’s Office of Cybersecurity and Critical Infrastructure Protection announced the effort to “provide timely, actionable cybersecurity information to eligible U.S. digital asset firms and industry organizations, helping them better identify, prevent, and respond to cyber threats targeting their customers and networks.”

Under the program, qualifying U.S. digital asset firms and industry groups that meet agency criteria will be able to access the same threat intelligence the department already distributes to traditional financial institutions at no cost.

The move signals Treasury is increasingly treating cryptocurrency firms as part of the nation’s core financial infrastructure, folding them into existing cyber threat-sharing channels as officials grow more concerned about the scale and sophistication of attacks targeting the sector.

“Cyber threats targeting digital asset platforms are growing in frequency and sophistication,” said Cory Wilson, deputy assistant secretary for cybersecurity at the Treasury Department. “This initiative expands access to actionable threat information that helps firms strengthen defenses, reduce risk, and respond more effectively to incidents.”

Cryptocurrency is becoming increasingly central to U.S. entities seeking to go after hackers, as such bad actors often seek to steal cryptocurrency or use it as a payment method to exchange stolen data.

North Korea has built a reputation for installing shadow workers in firms around the world to steal cryptocurrency and other financial assets to fund their regime, especially its missile program. Earlier this month, DPRK-aligned hackers stole some $285 million from Drift Protocol, a Solana-based decentralized derivatives exchange, in a breach that wiped out more than half of the platform’s total value in the system.

]]>

When the storm hits: What Hurricane Katrina still teaches federal leaders about continuity of operations

Erika Dinnie — Thu, 09 Apr 2026 14:33:00 -0400

One of the most vivid lessons from my Public Buildings Service career came from a building manager responsible for a federal courthouse in downtown New Orleans during Hurricane Katrina.

As floodwaters rose and much of the city lost power and communications, he faced a situation no training manual had fully anticipated. Supply chains were cut off, transportation routes were impassable, and communications systems were unreliable at best. There was no playbook for a disaster of that magnitude.

What he relied on instead was preparation, relationships and resourcefulness as he worked through the night to secure and preserve the historic courthouse.

That story stayed with me during every continuity exercise and operational planning session throughout my years supporting the Public Buildings Service and federal IT continuity of operations (COOP). It reinforced something that every government technology leader eventually learns: continuity is not a binder on a shelf. It’s a living capability that must be built, practiced and refined long before a crisis occurs.

During my time leading IT COOP functions, our teams planned and exercised scenarios across the spectrum of modern threats. These included natural disasters affecting federal facilities, extended power outages impacting data centers and telecommunications infrastructure, civil unrest disrupting transportation and staffing availability and enterprise-scale cybersecurity incidents affecting mission systems.

While each scenario had unique characteristics, four factors repeatedly proved decisive whether organizations maintained operations or became overwhelmed by the scenario.

The first factor is communication.

In any major incident, primary communication systems are often the first capability to fail. Networks go down. Cellular towers become overloaded. Email systems become unreachable.

Organizations that maintain situational awareness during a crisis are those that have established redundant communication channels in advance. That means more than knowing satellite phones exist somewhere in the organization.

It means pre-positioning alternate communication devices at key locations, training personnel on how to use them and establishing out-of-band communication protocols that operate independently of primary networks. These systems must be exercised regularly so teams know how to use them when stress levels are high and time is limited.

Continuity planning must assume that primary systems will fail. The goal is ensuring operations do not fail with them.

The second factor is supply chain resilience.

One of the earliest lessons from the response to Katrina was how quickly supply chain assumptions break down during a regional disaster. Vendors cannot reach affected areas. Fuel deliveries stop. Hardware replacements that normally arrive overnight may take weeks.

For federal agencies that rely heavily on specialized equipment and service providers, this creates significant operational risk.

Resilient organizations address this risk by asking difficult questions of their partners before an incident occurs. Where are vendor warehouses located? Could they be affected by the same regional event that impacts agency facilities? What inventory exists today for critical equipment and consumables? Can shipments be redirected to alternate facilities if primary locations become inaccessible?

Supply chain resilience is often viewed as a procurement issue. In reality, it is a strategic continuity function that must be integrated into COOP planning from the outset.

The third factor is the ability to reconstitute operations quickly from an alternate site.

The true test of a COOP program is not the existence of documentation but whether an organization can resume mission-critical functions fast enough to maintain its responsibilities to the public.

Speed matters. Every hour of downtime can affect citizen services, regulatory oversight and public trust.

Successful reconstitution depends on three elements working together. First, access to critical records and documentation. System configurations, operational procedures and mission data must be accessible from alternate locations through secure and verified backup systems.

Second, clear chains of command. During a crisis, ambiguity about authority can paralyze an organization. Personnel must know in advance who is responsible for key decisions and who assumes authority if primary leaders are unavailable.

Third, delegation of authority. When primary decision-makers cannot be reached, other personnel must be empowered to act. Delegation is not a bureaucratic formality; it is a fundamental requirement for operational continuity.

The fourth factor is technology readiness.

Modern federal operations depend on complex digital systems, which means continuity planning must account for the resilience of networks, applications and data environments. Agencies must determine which systems are truly mission-critical and define the minimum viable environment required to restore those capabilities.

This may include redundant network paths, alternate data center or cloud environments, endpoint management tools capable of operating in degraded network conditions and secure out-of-band administrative access.

However, the most important step is testing.

A system that has never been exercised during a continuity drill remains an unknown quantity. The worst time to discover a configuration error or access control issue is during a real-world incident.

Organizations that recover most effectively from disruptions share one additional characteristic: continuity is embedded in their culture.

Leaders regularly ask “what happens if” questions during planning and procurement discussions. Staff time is dedicated to exercises and scenario planning. Gaps discovered during testing are treated as valuable intelligence rather than problems to conceal.

Today’s federal agencies face an expanding range of potential disruptions. Natural disasters remain a constant risk, but they are now joined by cyber threats capable of disabling systems across entire enterprises, geopolitical instability affecting supply chains and infrastructure failures that can cascade across interconnected networks.

Make continuity planning an operational discipline rather than a compliance exercise. The next major disruption is on the horizon. The question for federal technology leaders is not whether their organizations will face disruption but whether they will be ready when it arrives.

Erika Dinnie joined MetTel as the Vice President, Federal Strategy & Planning, to further expand MetTel’s growing Public Sector team based in Washington, D.C. Prior to joining MetTel, Ms. Dinnie served as the GSA’s Associate CIO for Digital Infrastructure Technologies for nearly ten years, overseeing GSA’s IT infrastructure, systems, software, and applications for its 17,500-user base. Before joining the GSA, Ms. Dinnie was Assistant Commissioner, Head of Workplace Services for Public Buildings Service (PBS) from 2011-2014.

]]>

CIA plans for ‘AI coworkers’, deputy director says

David DiMolfetta — Thu, 09 Apr 2026 14:09:00 -0400

The Central Intelligence Agency aims to integrate artificial intelligence-powered “coworkers” into analysts’ workflows in the coming years as part of an effort to rapidly adopt the emerging capabilities for use in intelligence-gathering and analysis, a top official said Thursday.

CIA Deputy Director Michael Ellis said these AI coworkers would be housed in agency analytics platforms to help with basic tasks, though humans would still be looped into the process.

“It won’t do the thinking for our analysts, but it will help draft key judgments, edit for clarity and compare drafts against tradecraft standards,” he said in a speech at a Special Competitive Studies Project event focused on AI and the intelligence community. The AI tools would provide triage assistance and flag trends for human analysts to conduct further review.

Within a decade, the CIA will treat AI tools as an “autonomous mission partner” and officers will manage teams of AI agents in a hybrid model to increase the speed and scale of intelligence work, Ellis added.

Last year, the agency had more than 300 AI projects, and, for the first time in its history, AI was recently used to generate an intelligence report, he said.

The remarks provide a rare public glimpse into how one of the nation’s top spy agencies is integrating frontier AI systems into its day-to-day operations, and they signal that such platforms are expected to become a daily feature of officers’ workflows in the near future.

The CIA primarily executes and coordinates human intelligence gathering overseas, often done undercover. Officers recruit and manage foreign assets to clandestinely gather intelligence on areas like economics, terrorism and cyber threats.

Much of that work often involves the use of technology, though some have recently argued the advent of advanced AI tools may push the CIA more toward old-world tradecraft techniques.

But there have been benefits to technological investments. The agency recently elevated its Center for Cyber Intelligence into an entire mission center, a move that’s “paying dividends already by allowing us to deploy new tools to the field and gain more access to priority targets,” Ellis said.

“The battle of cybersecurity will be a battle of artificial intelligence,” and whoever capitalizes on the best AI models will wield “enormous power,” he added. “Having a new mission center centered around cyber intelligence will put us on the path to secure the upper hand.”

The agency also recently announced a new acquisition framework to overhaul how it integrates technology into its missions.

In an effort to track how foreign adversaries like China are using advanced AI and other technologies, the CIA doubled its technology-related foreign intelligence reporting, said Ellis. Those intelligence products focus on technology use abroad and can include findings on areas like semiconductors, cloud computing, infrastructure, cybersecurity or R&D.

Ellis did not mention Anthropic’s recent Project Glasswing announcement, a consortium announced earlier this week meant to help secure critical software against AI-driven attacks. The project was fueled by a powerful, non-public Anthropic frontier model the company says has already uncovered thousands of vulnerabilities but could be weaponized in the wrong hands.

The intelligence community and its industry partners are already examining and discussing how such a model may impact the future of cyber missions, Nextgov/FCW reported Wednesday.

Earlier this year, Anthropic declined to ease restrictions against its tools being used for domestic surveillance or fully autonomous weapons for Pentagon use, triggering a “supply chain risk” designation from the Defense Department and a White House order that all federal agencies phase out their uses of Anthropic tools. The company has legally challenged the move.

Ellis did not single out Anthropic specifically, though he cautioned that the CIA “cannot allow the whims of a single company” to constrain its use of AI and said the agency is looking to diversify across multiple vendors to preserve operational freedom.

]]>

OpenAI national security lead endorses ‘appropriate human judgment’ in AI

Alexandra Kelley — Thu, 09 Apr 2026 12:59:00 -0400

Workforce transformation and the application of “appropriate human judgment” will be necessary when incorporating advanced artificial intelligence capabilities into defense operations, according to OpenAI’s head of national security policy.

“I do think there's a workforce transformation that we're facing where we're going to have to educate a generation of analysts, of service members, of Foreign Service officers, to ensure that they're still applying — in the Pentagon, they call it ‘appropriate human judgment,’” Sasha Baker, head of National Security Policy at OpenAI, said during a Thursday conference hosted by the Special Competitive Studies Project.

In defense operations, the consequences of an incorrect decision fueled by AI systems are “much greater” depending on the use case, Baker continued. Her comments come amid the ongoing fallout between Anthropic and the Pentagon over how AI products contracted by the federal government should be used in warfighter operations.

Just after the Trump administration canceled the contract between the Pentagon and Anthropic and further blacklisted the company in federal operations, OpenAI announced a deal with the Pentagon and said the agency agreed to Anthropic’s original stipulations: prohibitions on U.S. citizen surveillance and human presence in autonomous weapons.

“When you think about the potential for AI transformation, it really impacts the entire spectrum of the work that we do as a national security community, from making your paperwork a little bit easier and more efficient all the way to potentially revolutionizing the targeting cycle,” Baker said.

Baker reiterated OpenAI’s prioritization of safety in advanced AI deployment during the conference, saying that, as of now, no large language model is foolproof, including OpenAI’s flagship model ChatGPT. Baker mentioned OpenAI’s Trusted Access program as a filter for AI models with a level of safety applied, such as user protocols.

Baker’s comments were in response to the recent announcement of Project Glasswing, a new Anthropic program that is distributing the company’s high-powered beta Claude Mythos Preview model to select tech companies as a means to test its cyber capabilities.

She also briefly discussed the latest OpenAI model, Spud, which is still in development, saying cybersecurity is top of mind ahead of its release, similar to the process Anthropic is taking with its Mythos Preview model.

“As Spud leaves the laboratory environment and becomes widely accessible, we do want to make sure that cyber defenders get a chance to both understand the model capabilities and potentially use it to patch vulnerabilities that might otherwise become significant from a national security perspective,” Baker said.

In addition to expanding on OpenAI’s security posture when crafting and deploying its AI models, Baker discussed her effort to bring OpenAI engineers to Congress, the White House and the Pentagon to evangelize the technical facts about AI with policymakers and to foster smart, strategic AI adoption in government workflows.

“I do worry a little bit that we'll try a bunch of wrong things before we get to the right thing,” she said. “I hope that we get there before there is a crisis that really forces us to galvanize and come together. I think we can do it.”

]]>

Treasury is creating a database with pandemic aid recipients’ sensitive information

Natalie Alms — Wed, 08 Apr 2026 17:44:00 -0400

The Treasury Department is pooling information about people who received benefits from pandemic-era relief programs in a new, central database it says will be used to conduct program audits.

It’s the latest front in the Trump administration’s efforts to centralize government data, including information typically held by states about people who receive nutrition benefits and jobless aid. Many of the administration’s previous attempts have been subject to lawsuits.

Critics say the department’s required notice for the system is imprecise, overly broad and runs afoul of privacy laws governing the federal government. Treasury is amassing addresses, financial data, Social Security numbers and other data in the new system, which it says it may cross-match with other government data.

Typically, these types of notices are “routine matters that do not warrant comment,” Steve Sharpe, senior attorney at the National Consumer Law Center, said in a statement. “But the scope of this notice is an astonishing and dramatic departure from prior Treasury practice.”

The NCLC, a nonprofit focused on economic justice, called the new system a “baseless violation of privacy” in a comment on the February notice that it submitted with over 40 other organizations, including many state and local legal aid groups.

Treasury’s plan “could be construed to reach millions of individuals,” the comment reads.

The database will include information about the individuals and entities, like small businesses, receiving benefits from eight department programs, Treasury’s notice says. Congress created many of these during the pandemic to provide emergency relief.

Other programs feeding data into the new system, like one created to rebuild the Gulf Coast after the Deepwater Horizon oil spill in 2010, have no relation to the pandemic. The new system could also include other programs administered by the Treasury in addition to those listed in the formal filing, the notice says.

Local governments administer some of these programs, and they’re already required to report subrecipient and vendor information, the National League of Cities, the United States Conference of Mayors and National Association of Counties say in a comment, which also emphasizes the cost that reporting new data would entail, especially after some of these programs have been shuttered following the end of the pandemic.

Treasury did not respond to a request for comment. But if it moves forward with the new system as described in the notice, it will be saving information about a long list of people — not only those who receive assistance, but also people “associated” with the nonprofits, small businesses and other entities that received or delivered aid. The system will also house application information, which could include sensitive financial information.

The nonprofit Association of Public Data Users wrote in its comment that the notice “seems designed particularly to obfuscate the purpose of the collection and potential uses of the data.”

Although the stated purpose of the system is for audits, “we suspect the unstated purpose of the system of records is not to audit at all, but to get access to the information held by states that Treasury cannot otherwise directly compel them to submit to the federal government,” continues APDU’s comment, which it submitted with nine other organizations.

The Trump administration has pressured a range of state and local entities to share data with the federal government since the beginning of last year, including voter files.

The Electronic Privacy Information Center argues in its comment, which got sign-on from other organizations like the Center for Democracy and Technology, that the new system runs afoul of the Privacy Act’s principles of minimizing data collection, calling the proposed program “illegal and reckless.”

The notice signals more of the same “data grab playbook” from the administration, John Davisson, litigation director for EPIC, told Nextgov/FCW.

“Time and again we've seen this administration exploit personal data to construct wildly exaggerated narratives of waste and fraud, to carry out brutal immigration enforcement tactics, and attempt to undermine the right to vote,” he said.

]]>

HHS replaces COBOL-based payroll system

Edward Graham — Wed, 08 Apr 2026 17:23:00 -0400

The Department of Health and Human Services has successfully replaced an outdated, COBOL-based payroll system “with a secure, cloud-based platform that reduces administrative burden and improves service delivery,” the agency announced on Wednesday.

HHS said the new platform is the culmination of an eight-month partnership with the Federal Aviation Administration and the Defense Finance and Accounting Service to transition away from the legacy system. COBOL is a computer programming language that is often considered antiquated, despite the coding continuing to underpin many federal government systems.

In a press release, the agency said it worked with the FAA to analyze “complex business logic and mapped system dependencies,” while end-to-end testing was conducted with the FAA, DFAS and internal HHS teams. HHS said it led the “design, development, and deployment of the [new] solution on a secure cloud platform.”

The modernized system will reduce maintenance costs and speed up payroll processing, according to HHS, which said "tasks that once required up to six hours of manual effort are now completed in minutes through automation, improving speed, accuracy, and reliability.”

The effort was led by the Office of the Chief Information Officer, which — until very recently — did not directly oversee three of the top agencywide technology roles. HHS announced on March 31 that it was reversing a Biden-era restructuring of the agency and would be consolidating the chief technology officer, chief data officer and chief artificial intelligence officer roles within OCIO.

In a statement, HHS CIO Clark Minor said “by replacing outdated technology and driving collaboration across agencies, we are increasing efficiency, strengthening security, and delivering more reliable, higher-quality services to the American people.”

HHS said replacing its COBOL-based payroll system with the cloud-based platform is in keeping with the Office of Personnel Management’s Federal Human Resources 2.0 initiative, which is working to combine more than 100 governmentwide HR systems into one platform.

In a brief detailing HHS’ proposed fiscal year 2027 budget that was released by the White House on Friday, the agency referenced OPM’s push to create a consolidated HR platform and said OCIO “will invest $16 million to maximize interoperability with this new governmentwide, secure, cloud-based system.”

]]>

Anthropic’s Glasswing initiative raises questions for US cyber operations

Patrick Tucker, Alexandra Kelley, and David DiMolfetta — Wed, 08 Apr 2026 17:08:00 -0400

Anthropic’s decision to hold back a powerful frontier AI model over cybersecurity risks, paired with a new initiative to study its effects on global networks, is prompting discussions about how such tools could reshape hacking operations within the U.S. intelligence community, and how they might be used to identify and exploit weaknesses in adversary systems.

The company unveiled Project Glasswing on Tuesday, seeking to help secure critical software against AI-driven attacks, with partners including Amazon Web Services, Apple, Cisco, Google, Microsoft and others. Those participants will gain access to Claude Mythos Preview, an unreleased model the company says has already uncovered thousands of vulnerabilities as Anthropic looks to steer its tools toward defensive cybersecurity use.

“The fallout — for economies, public safety, and national security — could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes,” the AI company said in a Tuesday blog. The Mythos Preview model “has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser,” it says.

The intelligence community is reacting to the news, according to a person familiar with the thinking of multiple IC agencies.

“They want secure code and to use AI to find network vulnerabilities as well,” said the person, who, like some others in this story, spoke on the condition of anonymity to describe sensitive internal deliberations.

Prior to any external release, Anthropic briefed senior officials across the U.S. government on Mythos Preview’s full capabilities, including both offensive and defensive cyber applications, said an Anthropic official. That engagement has included discussions with the Cybersecurity and Infrastructure Security Agency and NIST’s Center for AI Standards and Innovation, among others.

“Bringing government into the loop early — on what the model can do, where the risks are, and how we’re managing them — was a priority from the start,” the company official said.

Analysts inside the National Security Agency have also been casually chatting about the release of the Mythos model, another person familiar with the matter told Nextgov/FCW.

Multiple intelligence agencies and Defense Department components play roles in both offensive cyber operations and defending U.S. networks. Because offensive missions often depend on understanding a target’s defenses, tools like the Mythos model in the wrong hands could help adversaries identify and exploit weaknesses in critical systems. Agencies are already known to stockpile hacking exploits for future use.

The development is also drawing major attention and concern, in some cases, from cyber-focused firms that engage with the intelligence community.

“How is anyone supposed to defend against all of this at once?” said one executive at a cyber investment firm, alarmed by the scale at which the Anthropic model was able to identify vulnerabilities.

The Glasswing news is “scary and ominous” because it isn’t clear how Mythos Preview could be used offensively, especially if it falls into the hands of a foreign adversary, said Hayden Smith, a co-founder at Hunted Labs, a company focused on software supply chain risks.

It’s very possible the model could land in the possession of governments considered hostile to the U.S., he said, explaining that “even with deep vetting, the odds of Mythos flowing into the wrong hands is barely a hypothetical given the landscape of current attacks on the open source ecosystem and software supply chain.”

Because much of the internet runs on widely used open-source software maintained by developers around the world, tools like Mythos could uncover weaknesses in code that underpin large parts of the digital ecosystem.

That dynamic has come into sharper focus following recent software supply chain incidents that had widespread repercussions — including a compromise of the Axios JavaScript library disclosed last week — and amid concerns that some developers behind critical open-source projects are affiliated with companies the U.S. government considers tied to foreign adversaries.

Capitol Hill is also paying attention to the Anthropic development.

“We are already seeing cyber threat actors using AI tools to improve their capabilities, putting government, businesses and consumers’ security and personal information at risk,” said Sen. Mark Warner, D-Va., the vice chairman of the Senate Intelligence Committee. “As AI dramatically accelerates the discovery of new vulnerabilities, I hope industry will correspondingly accelerate and reprioritize patching.”

Observers have been awaiting the release of a model like Mythos Preview that could identify and exploit cyber vulnerabilities at scale for some time, said Morgan Adamski, the former executive director at U.S. Cyber Command and lead for PwC’s Cyber, Data & Technology Risk services.

“For those in the offensive cyber community, for the U.S. government, there’s obviously a huge potential there from an adversarial perspective,” she said in an interview.

But offense and defense are, in many ways, one and the same. If cyberintelligence analysts find a novel vulnerability in an enemy computer network, it’s possible a U.S. system might have the same vulnerability, too.

“There’s going to be a real equity conversation that occurs,” Adamski said. “If we exploit something in an adversarial network, we’re going to have to be able to defend against it in our own critical infrastructure.”

She also said to expect more of these innovations in the AI space, as “typically, when these types of models come out, other models aren’t far behind.”

In an interview, Gary DePreta, the senior vice president of Cisco’s U.S. Public Sector Organization, told Nextgov/FCW that the company’s participation in Project Glasswing is part of its larger aim to address cybersecurity threats while bringing the benefits of AI to its customer base.

“We’re going from an age of detect-and-respond — and as we automate with AI — to predict-and-prevent threats,” DePreta said on Wednesday. “We keep saying this phrase at Cisco: ‘there is a paradox of progress as it relates to AI and the enterprise.’ And what it simply means is the capabilities of AI are far exceeding the enterprise’s ability to implement it in a safe and secure way.”

Anthropic has become a major voice in the line AI companies are willing to draw in ethical uses of their technology, though that stance has drawn friction with the U.S. military. Earlier this year, the company declined to ease restrictions against its tools being used for domestic surveillance or fully autonomous weapons for Pentagon use, triggering a “supply chain risk” designation from the Defense Department and a White House order that all federal agencies phase out their uses of Anthropic tools. The company has legally challenged the move.

It’s possible that the Mythos announcement may reshape how the Defense Department interacts with the company.

The government “needs to make amends with Anthropic and help them and Glasswing members maintain the American lead on AI by preventing Chinese model theft,” said Leah Siskind, an AI research fellow at the Foundation for Defense of Democracies think tank.

“Anthropic is making the responsible call — but adversaries won’t,” she said. “China is already exploiting U.S. AI models to accelerate its own capabilities, and when they reach Mythos-level performance, they will weaponize it.”

]]>

As aircraft losses mount, Pentagon wants a software fix to see through the fog of war

Patrick Tucker — Wed, 08 Apr 2026 11:32:00 -0400

The U.S. planes that have gone down in the Middle East since the launch of Operation Epic Fury all lacked the same thing: a common operating picture that includes relevant intelligence and data. The Defense Innovation Unit announced Monday it’s looking for a fix.

The request: an open-architecture software suite to fuse real-time data into a credible picture of moving objects, threats, and conditions. The idea is to give pilots a broader understanding of reality in a way that is unremarkable to American motorists with easy access to data about ever-changing conditions but aspirational for air crews flying planes outfitted with antique computer hardware.

U.S. Air Force officials have warned of a lack of a common operating picture among airframes, particularly transport planes like C-130s, for years. But the loss of seven aircraft in just over a month, due mostly to communication errors and friendly fire, has exposed a big gap in how U.S. planes communicate with one another and with ground forces.

At the outset of the war on Iran, the U.S. lost three F-15E Strike Eagles due to Kuwaiti friendly fire. In March, they lost a KC-130 refueling tanker when it was involved in a mid-air mishap with a second tanker, due in part to a transponder failure but, again, pointing to a gap in the planes’ ability to fuse data to identify one another.

During the rescue effort that followed an Iranian shootdown of an F-15E Strike Eagle and an A-10 Thunderbolt on April 3, the U.S. destroyed two MC-130J transport planes when the planes were unable to take off from their makeshift runway, U.S. President Donald Trump said in a press conference on Monday.

“It was sandy, wet sand, so we thought there may a problem taking off because of the weight of the plane… And then we also had all the men jumping back onto the planes, and they got pretty well bogged down.”

It’s the sort of problem that access to real-time data on terrain, weather, and other factors could have solved. But most older transport planes lack up-to-date maps or terrain data, forcing crews to “rely heavily on pre-mission planning products, voice updates, and aging platform-specific displays,” according to DIU’s ask.

Because computer hardware varies widely throughout the U.S. aircraft fleet, the Air Force and aircrews frequently use workarounds such as software-defined radios or off-the-shelf communications equipment to get the data they need. But there is no common standard, which makes it difficult for aircrews to know what data they need.

“This problem is especially relevant for large, high-value airlift and tanker aircraft that utilize avionics and mission systems that are optimized for more permissive operations,” according to the announcement for DIU’s “Open Mission Engine” program. The new effort seeks software that can combine all the relevant friend, foe, intelligence, and logistics data into one place in real time, not afterward.

While the solicitation doesn’t mention Operation Epic Fury by name, the rising number of U.S. military aircraft mishaps shows how urgently the U.S. military needs a way to better let planes communicate with each other.

Among the features that DIU wants the new software “engine” to have is a “moving map” application that “uses relevant operational data into a single aircrew display, including blue-force awareness, threat and airspace overlays, mission updates, and route decision support.”

]]>

Former national security officials urge Congress to renew Section 702 before expiration

David DiMolfetta — Wed, 08 Apr 2026 10:54:00 -0400

Around four dozen former national security officials urged Congress to renew a contentious spying power before it expires later this month, asking that lawmakers ensure the reauthorization process doesn’t get entangled with other legislative matters, according to a letter obtained by Nextgov/FCW.

Section 702 of the Foreign Intelligence Surveillance Act allows the FBI, NSA and other intelligence agencies to gather overseas foreigners’ communications without a warrant.

The authority is legally limited to non-U.S. persons abroad, but it can sweep in Americans’ texts, emails and phone calls when they communicate with overseas targets, raising Fourth Amendment concerns from privacy advocates. It lapses after April 19 unless lawmakers vote to renew it.

“We cannot afford to let our Intelligence Community lose this tool that helps keep our nation safe, even for a day,” said the letter, which was sent earlier this week.

It was signed by top intelligence and law enforcement veterans, including former NSA deputy director George Barnes, former FBI director Chris Wray, former director of national intelligence James Clapper and former CIA director John Brennan.

The letter pushes back on efforts made by some members of Congress to concurrently address the intelligence community’s purchases of commercial data without a warrant as part of the Section 702 renewal.

“Some have sought to use this reauthorization as an occasion to address concerns about government acquisition of Americans’ information from commercial data brokers,” the letter says. “But as you know, Section 702 is a targeted statute governing electronic surveillance of non-U.S. persons abroad. The matter of data broker purchases has nothing to do with Section 702, is fundamentally distinct from FISA, and should not be conflated with or delay the urgent need for the Act’s renewal.”

The letter’s signatories also reference a staff report issued last week by the Privacy and Civil Liberties Oversight Board that largely backed the use of Section 702 since its last renewal in 2024. That report has received major pushback from civil liberties groups, who have questioned its conclusions because it was produced under a sub-quorum policy with only one Republican member.

Privacy advocates argue that a warrant measure should be required for searches of U.S. person data swept up under 702. The intelligence community has traditionally argued against that measure because they say it would slow down timely investigations and prevent analysts from acting on hunches as they track national security threats.

Efforts to require warrants for 702 searches involving Americans’ communications came close to success during the 2024 reauthorization debate, when a House amendment failed after a 212–212 tie vote.

Some progressive members of Congress have sought to craft a softer version of a warrant measure that would grant some exceptions for certain U.S. person searches, according to two congressional aides with knowledge of the matter. One example of this could be an urgent case where intelligence analysts want to query an IP address to locate a U.S. organization and notify them that they were targeted by hackers, said one of the aides.

Both requested anonymity to speak candidly about closed-door legislative discussions concerning the surveillance power.

But time is limited. Congress is in recess this week, limiting lawmakers’ available calendar time before the authority’s expiration. April 19 falls on a Sunday, opening the possibility of lawmakers working on the weekend to reach a deal.

Many in Congress are still in a “wait-and-see” mode, despite Capitol Hill running up close to the renewal deadline. The whip count for lawmakers who would vote for or against cleanly renewing the spying power is not entirely clear, according to both the congressional aides.

The Trump administration is seeking a clean 18-month extension of the law and has sent top intelligence officials to Capitol Hill for meetings to discuss renewal with lawmakers and their staff. Several lawmakers from both sides of the political aisle, including Trump supporters, have historically backed warrant reforms for the law.

Section 702 allows the intelligence community to compel U.S. tech, telecom and information service providers to supply access to targets’ communications, in part because much of the world’s internet traffic transits backbone infrastructure based in the United States.

The statute was enacted in 2008, codifying parts of the once-secret Stellarwind surveillance program created under the Bush administration after the Sept. 11, 2001, terrorist attacks. In 2013, former NSA contractor Edward Snowden disclosed documents detailing how the authority was used, fueling a global debate over privacy and mass surveillance.

]]>

VA’s FY27 budget proposal seeks funding for additional AI adoption

Edward Graham — Tue, 07 Apr 2026 16:36:00 -0400

The White House wants to allocate more funds to the Department of Veterans Affairs to help expand the agency’s use of artificial intelligence tools in fiscal year 2027, according to several detailed budget proposals.

The Trump administration released its proposed FY27 budget on Friday, with the VA and other agencies subsequently releasing more detailed breakdowns of their suggested funding levels.

The agency’s funding proposal is unlikely to be enacted by Congress in its current form, as the legislative branch often reworks or fully overhauls White House proposals to meet lawmakers' policy goals, but the document nonetheless provides a window into VA’s priorities for FY27.

The administration is seeking $144.9 billion in discretionary funding for VA in the next fiscal year, with roughly $6.3 billion of that allocated for the agency’s IT systems.

A small — but noticeably growing — portion of these funds are earmarked for AI adoption and expansion.

The budget proposes allocating $130 million to the Veterans Benefits Administration “for automation and artificial intelligence investments modernizing veterans claims processing by reducing errors and delivering benefits to veterans faster.”

VA’s 2025 AI use case inventory listed 367 instances of the agency’s deployment of or experimentation with the emerging capabilities. Of this total, 28 of the uses were focused on improving government benefits processing for veterans and their beneficiaries.

In an FY27 budget document focused on the agency’s IT programs and electronic health record modernization project, VA also proposes earmarking $47.8 million for its “Decision Intelligence and Automation” activities. The budget breakdown says this funding would be for “shared automation and decision support capabilities, including the infrastructure and controls needed to develop, integrate, and govern artificial intelligence capabilities across the Department.”

VA says the boost in proposed funds for these activities — $4.7 million more than what was enacted in 2026, or an increase of around 10.9% — is needed to support additional uses of the emerging capabilities.

“The increase is driven primarily by the AI Infrastructure solution, enabling VA to pilot and scale AI tools that improve operational efficiency, enhance clinical decision-making, and support personalized care and benefits delivery, while sustaining governance frameworks for safe, effective, and ethical use,” the budget says. “The outcome is a secure, scalable AI ecosystem that strengthens decision-making and workflow execution across mission services.”

The agency also says further uses of AI and automated tools would reduce delays and allow VA staff and clinicians to better support veteran care.

According to the budget document, full-time equivalent employees have saved an average of 2-3 hours “through [the use of] generative AI tools at VA,” although it was not clear what timeframe was used to determine this amount. VA also says that 100% of its high-impact AI use cases are in compliance “with federal risk management practices.”

In a topline budget brief, VA says investments in AI would advance its research efforts “by providing a mechanism for directly translating new evidence into practice and pilot testing novel tools and solutions to revolutionize care."

The agency’s overall FY27 budget proposal also allocates $4.2 billion for the continued implementation of its new Oracle Health electronic health record, which is part of a broader federal effort to deploy one common, interoperable system across VA, the Defense Department, the U.S. Coast Guard and the National Oceanic and Atmospheric Administration.

VA paused most deployments of the new EHR software in April 2023 to address a host of usability and patient safety issues at the facilities where the system had been rolled out. The agency, however, is preparing to restart go-lives on April 11, with plans to deploy the EHR system at 13 sites in 2026 and then roughly double that amount in 2027.

While the agency is primarily focused right now on resuming the EHR modernization project, the budget proposal also says that efforts to migrate the system to Oracle Cloud Infrastructure will help it better adopt AI tools in the future.

“The ability of the Federal EHR to take advantage of artificial intelligence and other capabilities from industry hinges on successfully shifting the system to a cloud infrastructure,” the document reads.

VA’s 2025 AI inventory included five instances of the agency’s Office of Electronic Health Record Modernization — which is spearheading its deployment of the new system — seeking to adopt these capabilities.

This included one use case where the office was identified as being in the pre-deployment phase of rolling out a clinical AI agent into the new system, noting that “administrative tasks, manual documentation, and complex workflows within the Electronic Health Record (EHR) cause lower clinical efficiency and operational effectiveness.”

According to VA’s AI strategy, an updated version of which was released in October, early validation of the agency’s AI use cases will eventually allow them to be “incorporated into the EHR and many other information technology platforms through coordination between innovators and the teams managing those systems today.”

]]>

Pro-Iran hackers are targeting US industrial control systems, advisory says

David DiMolfetta — Tue, 07 Apr 2026 15:21:00 -0400

Iran-aligned hackers have exploited and disrupted operational technology control systems embedded in multiple U.S. critical infrastructure sectors, targeting equipment manufactured by Rockwell Automation, according to an advisory issued Tuesday.

The hackers have set their sights on the company’s Allen-Bradley line of programmable logic controllers, or PLCs, which are digital computers that interface with operational equipment to monitor and automate industrial processes like water treatment, power generation and manufacturing.

The cyber intrusions have, in some cases, resulted in operational disruption and financial loss, according to the assessment signed by the Cybersecurity and Infrastructure Security Agency, FBI, NSA, EPA, the Department of Energy and U.S. Cyber Command’s Cyber National Mission Force.

The disruptions occurred by manipulating data on human-machine interfaces and on supervisory control and data acquisition, or SCADA, displays, as well as harmful interactions with project files, it adds.

The advisory is the latest signal indicating that Iran-aligned hacker groups have successfully targeted and impeded U.S. systems amid the ongoing U.S.-Israel war against Iran that broke out Feb. 28.

It comes after an apparent Tehran-backed hacker group carried out a cyberattack against medical technology giant Stryker last month, which wiped employees’ phones and prevented workers from accessing their computers.

“The authoring agencies assess a group of Iranian-affiliated advanced persistent threat (APT) actors is conducting this activity to cause disruptive effects within the United States.” the advisory reads. “The group has targeted devices spanning multiple U.S. critical infrastructure sectors, including Government Services and Facilities (to include local municipalities), Water and Wastewater Systems (WWS), and Energy Sectors.”

A request for comment sent to Rockwell Automation’s media relations email bounced back.

Pro-Iran hackers have made a habit of targeting any computer systems tied to nations deemed foreign adversaries by Tehran, especially the U.S. and Israel. In late 2023, amid the Israel-Hamas war, one hacker group defaced the interfaces of water treatment systems in Pennsylvania, which had Israel-made Unitronics equipment built inside.

In 2020, Rockwell Automation acquired Israel-based Avnet Data Security, aiming to bolster the cyber posture of its industrial control systems and operational technology.

The assessment urged organizations to keep PLCs off the open internet, review logs for suspicious activity and lock down affected Rockwell devices to prevent unauthorized access. Unsecured internet-connected operational technology can expose industrial systems to remote access, giving attackers a pathway to disrupt or manipulate functions.

The Iran war has been widely expected to test the strength of U.S. cyberdefenses, and experts have warned that exposed devices would be a potential target for pro-Iran hackers.

President Donald Trump escalated his threats against Tehran on Tuesday, saying a “whole civilization will die tonight” if Iran doesn’t open the Strait of Hormuz by an 8 p.m. ET deadline.

Trump has promised to attack “every bridge” and power station in the country if a deal isn’t reached. Iran has promised a “devastating” response if such an attack occurs. Any sharp escalation could heighten the risk of retaliatory cyberattacks.

]]>

GSA to require agencies to pay for USAi after launching it as a free service

Natalie Alms — Tue, 07 Apr 2026 14:49:00 -0400

The General Services Administration will soon start charging other government agencies to use the generative AI suite that it launched as a no-cost service last year to help agencies test and adopt AI.

GSA offers some central technology services to other government agencies, in addition to managing the government’s real estate portfolio and procurement. It billed USAi as a free, secure environment in which agencies could experiment with different AI systems when it introduced the platform last year. The premise was that agencies could test multiple AI models for tasks like generating code and summarizing documents without each agency procuring and authorizing different AI models separately.

Currently, 15 agencies use the service, according to the agency’s budget request published April 3. USAi offers models from OpenAI, Amazon, Meta, Gemini for Government, Microsoft, xAI and Anthropic, and it includes a unified chatbot interface, an application programming interface — or API — and a management console to track metrics and set requirements.

Additional government agencies are on a waiting list to access USAi, which was framed as a way to supercharge AI adoption in government as part of the Trump administration’s AI strategy.

GSA will start charging agencies for USAi during fiscal 2027 as part of a “cost-recoverable model,” according to the agency’s budget documents. The change will support long-term sustainability and scale for the platform, a GSA spokesperson told Nextgov/FCW, noting that charging for services is consistent with how the agency runs other shared services.

“It allows GSA to continue operating and improving the platform, invest in security and infrastructure, and meet increasing demand across agencies without relying solely on appropriated funding,” they said.

GSA’s Technology Transformation Services runs the AI suite along with many other cross-government technology offerings, like the identity proofing and single sign-on system, Login.gov.

Agencies are required to pay to use some, but not all, of those services, as TTS relies in part on a revolving fund lawmakers require to be fully cost-recoverable — something the agency has struggled to do in the past. USAi, meanwhile, currently relies on funding from the Federal Citizen Services Fund, according to the budget request, which receives appropriations from Congress in addition to reimbursements from other agencies.

]]>

Trump proposes cutting CISA election security program in FY27 budget

David DiMolfetta — Tue, 07 Apr 2026 10:25:00 -0400

The Trump administration is hoping to eliminate roughly $700 million in programs across the Cybersecurity and Infrastructure Security Agency in fiscal year 2027, a sweeping set of cuts that translate to a net reduction of about $360 million after accounting for internal transfers and other adjustments, according to a detailed budget justification.

The proposal targets election security, workforce development, stakeholder engagement and a range of infrastructure protection efforts, marking one of the most significant overhauls of the nation’s civilian cyber defense agency since its creation.

The budget would notably eliminate CISA’s election security program entirely, including cutting funding for information-sharing support to state and local officials and removing dedicated election security advisors across the country.

The proposal would also end CISA’s support for the Elections Infrastructure Information Sharing and Analysis Center, or EI-ISAC, a key hub for sharing threat intelligence, cyber alerts and incident response resources with state and local election officials.

The moves would scale back one of the federal government’s main avenues for coordinating with state and local election officials on election cybersecurity risks like ransomware attacks, phishing campaigns and efforts by foreign adversaries to probe election systems and conduct influence operations.

The 2027 proposal would significantly scale back CISA’s stakeholder engagement operations, eliminating offices focused on stakeholder coordination and international affairs while shifting more responsibility for certain infrastructure security and emergency communications programs to state and local governments.

Any move to eliminate these stakeholder engagement functions could have far-reaching effects, as those offices serve as a main conduit between CISA and state, local, private-sector and international partners that play a role in protecting critical infrastructure in the U.S. and around the world.

The budget also calls for significant workforce reductions, including through cuts to funded but unfilled positions.

Collectively, the changes would eliminate roughly 867 positions across CISA, according to the budget justification, as more than 1,100 positions tied to program cuts would be partially offset by transfers into the agency and targeted hiring.

Also notable is the proposed elimination of CISA’s chemical security program, which would cut more than 200 positions tied to inspections and oversight of high-risk facilities. At the same time, roughly $300 million and hundreds of personnel from the Department of Homeland Security’s Countering Weapons of Mass Destruction office would be transferred into CISA, shifting broader chemical, biological, radiological and nuclear threat functions into the agency.

Congress would have to approve the entire budget structure in upcoming appropriations talks. Prior efforts to reduce CISA’s funding met resistance on Capitol Hill last year, when the White House sought roughly $490 million in reductions but ultimately faced pushback from lawmakers that significantly narrowed the scope of the cuts.

“CISA has a vital role in fulfilling DHS’s core mission, one that I continue to strongly support,” Rep. Andrew Garbarino, R-N.Y., the chairman of the House Homeland Security Committee, told Nextgov/FCW after this story was published.

“Congress has a responsibility to ensure the agency has the resources it needs to succeed,” he said. “I look forward to discussing this in greater detail with Secretary Mullin and having him testify for the first time before the committee in our annual budget hearing in the coming months.”

The budget preserves funding for various technical cybersecurity functions, including investments in threat hunting and analysis tools.

The proposal also includes about $4.9 million to support cybersecurity and incident response planning for the 2028 Los Angeles Olympics, designated as a National Special Security Event under DHS standards. The funding would support exercises, drone threat assessments and coordination with federal, state and local partners ahead of the games, even as the budget scales back many of the agency’s broader coordination efforts.

Additional funding would also be diverted toward CISA’s implementation of the Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA. Amid the ongoing DHS funding lapse, the cyber agency has been delayed in developing a final rule for the law, which, in essence, mandates critical infrastructure entities report major cyber incidents to CISA within 72 hours and ransomware payments within 24 hours.

Also notable is a small increase in funding and staffing for CISA’s Office of the Chief Counsel, which the justification cites as a rising volume of litigation, including cases on employment-related matters, as the agency moves forward with workforce reductions and other staffing changes. The increase suggests the agency is preparing for a heavier legal workload as it implements the proposed cuts.

The budget plans reflect long-standing skepticism from the Trump administration and its allies toward CISA, particularly over the agency’s role in 2020 election security efforts and concurrent work to counter false information online. Critics have argued the agency strayed beyond its “core” mission of infrastructure protection and federal cyber defense.

Cyber practitioners and former officials have frequently said that even the cuts put in place in the last year go too far.

“You don’t cut the fire department and then wonder why buildings burn. CISA isn’t the bureaucratic overhead; for practitioners it’s the lifeline between government intelligence and the private sector running the infrastructure this country depends on,” said Seemant Sehgal, founder and CEO of BreachLock, which sells a variety of cyberdefense services.

“Cutting its budget by $707 million, on top of what’s already been cut, is a gift to every nation-state actor that's been quietly targeting U.S. critical infrastructure,” he added.

The tensions between the Trump administration and CISA date back to the 2020 election, when its then-director Chris Krebs publicly affirmed the security of the vote and was subsequently dismissed by Trump. In his second term, Trump has continued to target Krebs, including ordering a federal investigation last year into his government tenure.

Editor’s note: This story was updated to include a comment from Rep. Andrew Garbarino, R-N.Y.

]]>

The IRS wants to shrink its workforce by nearly 4,000 — and use technology to make up the difference

Natalie Alms — Mon, 06 Apr 2026 17:35:00 -0400

The IRS has pushed out more than 28,000 employees since Trump’s inauguration. Now, it wants to lose another net 4,000 staff, according to new IRS budget documents.

The tax agency is banking on technology improvements to help it sustain performance at its lower headcount, it says in its fiscal year 2027 budget justification.

“Without modernization, the IRS would be unable to sustain performance with a reduced headcount,” the budget document says. The agency’s modernization budget “represents a prudent and necessary investment to sustain performance, enable future workforce efficiencies, and deliver enduring value to taxpayers and the Nation.”

The IRS estimates that staffing reductions of 4,875 employees will yield “significant savings” of over $777 million. The IRS budget doesn’t specify where or how these cuts would take place, and the IRS and Treasury Department did not respond to requests for comment. Overall, the administration has proposed a $1.4 billion reduction in IRS funding.

Even as the IRS says that it’s relying on technology to make up for a smaller staff size, its technology shop hasn’t been immune to staffing losses. The IRS has shed about 40% of its IT staff, according to Federal News Network, and 80% of its executives. The agency also reassigned 1,500 employees from its IT shop to the office of the chief operating officer last year.

AI “will be part of speeding up everything we’re doing,” Frank Bisignano, the IRS CEO, told lawmakers last month. “We are building an IRS that leverages advanced technology, empowers its workforce with better tools and delivers secure and easily accessible services.”

But Congress’ watchdog warned recently that staffing losses at the IRS have left skill gaps in AI areas that increase the risk that the agency’s AI efforts “will not succeed.”

The agency’s research, applied analytics and statistics unit — one of two main AI hubs at the IRS, helmed by the agency’s AI lead — lost 63 employees who supported the agency’s AI efforts as of May last year.

IT staff at the IRS have also been among those moved to work as tax examiners and contact representatives after the IRS failed to fully staff its divisions tasked with tax processing and customer service in the lead-up to the filing season.

The IRS is also proposing some hires in the new budget request.

The tax agency wants to hire 1,132 employees to “maintain customer service” to help implement the administration’s “One Big, Beautiful Bill” and staff its telephone line, according to the budget, which also previews a push for more online, self-service options for taxpayers so that they don’t have to rely on “assisted channels” in the first place.

This isn’t the first push to make up for staffing losses at the IRS since Trump took office. Last summer, the agency pivoted away from planned layoffs to hiring and reassignments to fill “mission critical skill sets.”

Danny Werfel, who served as IRS commissioner during the Biden administration, told Nextgov/FCW in a statement that “the most important next step is for the IRS to publish a detailed modernization plan that gives the public clear visibility into its technology priorities, timelines, and expected outcomes.”

“The plan should help make clear how, when, and at what budget, the IRS will make up for staffing reductions that may be impeding their stated objective to improve customer service, collections, and data security,” he continued.

That plan appears to be in flux as the IRS anticipates using up the last of its funding from the Inflation Reduction Act in fiscal 2028. Passed in 2022, the law originally gave the IRS almost $80 billion, although $54 billion of that has been rescinded by lawmakers. The IRS was using some of the funding for technology improvements, and now the IRS is re-evaluating its modernization plans as it anticipates the money running dry, the budget says.

Among the work that the IRS had been doing with IRA funding is trying to modernize some of its systems that date back to the 1960s. It appears that that effort is ongoing, as the IRS budget includes a push to modernize its mainframe tax processing systems that are built on over 15 million lines of COBOL, a legacy computer language that fewer programmers are now proficient in.

]]>

Government official impersonation scam complaints doubled in 2025, FBI report shows

David DiMolfetta — Mon, 06 Apr 2026 16:41:00 -0400

The number of complaints filed with the FBI that described cyberscammers impersonating government officials nearly doubled between 2024 and 2025 and resulted in some $800 million in losses last year, FBI data released Monday shows.

Recorded government impersonation complaints rose from some 17,300 in 2024 to nearly 32,500 in 2025, the FBI’s 2025 Internet Crime Complaint Center report shows. The center, dubbed IC3, documented some $797 million in losses in 2025 from those efforts, up from around $405 million in the year prior.

That type of scam was listed among the top five cyber-enabled fraud crimes by both number of recorded occurrences and amount of money lost. Other major cyber crimes include romance, tech support and investment scams.

The spike comes amid a broader surge in impersonation-based fraud, fueled by artificial intelligence-driven voice and messaging tools that can allow scammers to convincingly pose as government officials at scale.

AI was referenced 260 times in complaints involving government impersonations, the report shows, with $7 million lost in cases with those AI references. AI involvement was documented the most in complaints involving investment scams.

Government impersonation can be especially effective because scammers often exploit the built-in authority people associate with official institutions, prompting victims to act quickly out of fear of penalties, legal trouble or loss of benefits.

“It has never been more important to be diligent with your cybersecurity, social media footprint, and electronic interactions. Cyber threats and cyber-enabled crime will continue to evolve as the world embraces emerging technologies such as artificial intelligence,” the IC3 report says.

The increase coincides with a period of upheaval across much of the government’s workforce, though IC3 did not detail any evidence linking the rise in complaints to mass federal layoffs.

Cyber threats, additionally, continue to become more prevalent. Data breaches and ransomware were among the most prominent cyber threat complaints documented in 2025. Over 60 new ransomware variants — modified versions of ransom malware crafted by hackers to evade detection — were discovered last year, the report says. Government facilities also remain a top target of cyber adversaries.

]]>

CIA deception campaign helped US rescue downed airman in Iran, director says

David DiMolfetta — Mon, 06 Apr 2026 14:32:00 -0400

A deception campaign launched by the CIA bought time for U.S. forces to rescue an airman who went down in Iran on Friday, CIA Director John Ratcliffe said in a White House news conference on Monday.

The CIA deployed human assets and “exquisite technologies” to contribute to the rescue of the weapons systems officer of an F-15E Strike Eagle, Ratcliffe said. The aircraft’s pilot was rescued earlier upon the crash, but Iran was “desperately hunting” for the backseater who ejected further from his wingman and had moved away from the crash site.

The injured officer was found by the CIA in a mountain crevice but was still invisible to Iranian forces.

“Following the successful exfiltration on Saturday night, our intelligence reflects that the Iranians were embarrassed and ultimately humiliated by the success of this audacious rescue,” Ratcliffe said.

At the press conference, President Donald Trump said it was the CIA’s “genius” that contributed to the rescue and that the spy agency had spotted “something moving up the mountain.”

“This is at night. And they kept the camera on him for 45 minutes,” Trump said, suggesting the CIA had a covert surveillance capability — potentially a drone or satellite — available to track the airman’s movements.

The public remarks about the mission show how the Trump administration has made it a point to highlight contributions that CIA operatives have made toward its national security efforts.

Those include operations that targeted the government of ousted Venezuelan leader Nicolás Maduro. The agency has also taken a more public-facing posture, releasing recruitment videos aimed at sourcing in China. And in the months leading up to the Iran war, agency spies had been reportedly tracking the movements of now deceased Ayatollah Ali Khamenei.

]]>

Secret Service is embedding AI experts across the agency

Edward Graham — Mon, 06 Apr 2026 14:09:00 -0400

The U.S. Secret Service is pushing to onboard tech talent to help personnel better use artificial intelligence capabilities, according to the agency’s IT and AI lead.

In an interview with Nextgov/FCW, Chief Information Officer and Chief AI Officer Chris Kraft said the agency is undertaking a new program to embed AI specialists across its operations who can help turbocharge adoption of the tools.

Kraft said the initiative is essentially “a small group of AI experts that can bring expertise internal to the Secret Service, and then focus on our AI initiatives across the organization,” adding that “I think that there's a lot of value in having experts as federal employees, instead of just contracting for that capability.”

He teased out the hiring push in a LinkedIn post at the end of February, in which he shared a job posting from the Secret Service and said, “we’re building a new #AI program at the U.S. Secret Service.”

Kraft was formally appointed to the CIO role in December, after having served in the position in an acting capacity. Prior to joining the Secret Service, he served as DHS’ acting CTO and, before that, as that agency’s deputy CTO for AI and emerging technology.

While he was at DHS, he helped establish an AI Corps to bring AI experts into the agency to help personnel better leverage those capabilities. The Secret Service’s new AI program mirrors much of what DHS sought to accomplish with its own initiative.

Kraft said his experience working on both the technical and operational sides of agencies has shown him the importance of proving what AI is capable of — including whether or not the answer is the emerging capabilities or other technology.

“When you've got those deep technical experts that can focus on AI and other areas, I think it can be really transformative to increase your capabilities across the board,” he said. "And whether that's revisiting how you handle specific applications of technology or looking at implementing new capabilities, and then bring in that AI and data sciences perspective to help support large-scale operations.”

The Secret Service has already deployed some AI uses, including a tool to decipher license plates from poor-quality videos and photos. It has also been working with other agencies to leverage facial recognition technology.

Kraft said expanded uses of AI across the agency can further support agents and back-office operations.

“There’s so much information and data coming at people that it’s hard, in some cases, to absorb all that, and if artificial intelligence can help you absorb that vast amount of information and highlight what those things are that people should be looking at, I think that that’s a huge win,” he said.

While agencies have been steadily increasing their uses of AI over the past several years, adversaries and bad actors have also been leveraging the capabilities. Kraft said careful agency adoption of AI — with a human in the loop, workforce training and effective deployment — can help the Secret Service fully harness these tools. And that’s where he believes the AI program and hiring push can have a large impact on agency operations.

“I think having this internal team will really help us transform our [AI] adoption across the organization,” Kraft said.

]]>

The war against fraud should be a war for tech modernization

Stan Soloway — Mon, 06 Apr 2026 13:37:00 -0400

In her March 18 article (“Trump’s anti-fraud task force poised to scrutinize benefits programs”), Nextgov/FCW Senior Correspondent Natalie Alms reported on a new executive order formally establishing a task force to combat fraud in America’s public benefits programs.

The task force will focus on ensuring states — and, in 12 states, including California and New York, county governments — have adequate anti-fraud controls in place. If controls are deemed inadequate, the Trump administration may withhold funds for submitted and prospective claims, as recently demonstrated in Minnesota and New York. In addition, as Alms points out, the task force has been directed to address longstanding challenges associated with limited data sharing between state and federal governments.

To be sure, fraud is a real issue in public benefits programs. But while there certainly are cases of individual malfeasance, the data clearly show that the vast preponderance of improper payments (in Medicaid alone, the number could be as high as $30 billion or more) result not from individual cheaters, but from arcane systems and processes that are simply not suited to the size and scope of our current benefits infrastructure.

Simply put, as the executive order suggests but doesn’t highlight, the biggest issues affecting the integrity of our benefits programs are not “fraud" per se; rather, they lie in a lack of data sharing, inadequate and outdated tools and an overly complex web of programs, restrictive administrative requirements and processes.

Think of it this way: a war on fraud is certainly welcome, but we would do better to think of it as a war for tech modernization — overcoming the limitations of legacy systems and orthodoxies that drive improper payments and in many ways enable actual fraud.

Moreover, real, impactful change will not happen by fiat; it’s not enough to simply say a state “must” implement systems to track and validate (or not) beneficiary eligibility or payments. Doing so requires funding, expertise, collaboration between all levels of government, a willingness to tackle organizational disconnects and the flexibility for states to utilize tools and providers best suited to their unique situations.

Take Minnesota, for example. It is one of a dozen states where benefits are administered at the county level, and it has 87 counties. What it doesn’t have, however, is an effective system to track beneficiaries when they move. So, when someone moves from county A to county B — which happens all the time — there is no system in place to notify Medicaid. As a result, Medicaid will start paying two different counties for coverage of the same person. In a state the size of Minnesota, that amounts to significant taxpayer money; aggregated nationwide, the cost easily goes into the billions.

The point is this: improper payments, including individual fraud, are mostly a problem of aged technology coupled with outdated administrative rules and organizational constructs that hamstring governments at all levels.

Even in Minnesota, where we witnessed massive COVID relief fraud, the perpetrators were not individual beneficiaries but organized criminal entities which were able to exploit the state’s lack of modern technology — which otherwise would likely have detected their actions far sooner.

To add to the challenges, federal financial support to states for administering key benefits programs — such as SNAP nutrition assistance — is being reduced by roughly 50%, even as the (rightful) demands to root out fraud and waste grow.

With that in mind, the new anti-fraud task force must be a vehicle for two critical initiatives: First, a broad rethinking of administrative policies — including giving states and, where relevant, counties greater flexibility in how they administer the programs, deal with endemic workforce shortages and more.

This must include serious proposals to break down longstanding departmental, organizational and data silos, create integrated eligibility and administrative processes that can help harmonize and simplify the vast array of related programs, many of which serve the same families and rely on the same data to determine eligibility.

At the same time, the task force should be a vehicle for a concerted national effort to modernize the technologies that undergird the array of programs. A successful effort will require significant investments of tax dollars at the federal, state and local levels. As daunting as some of those investments might seem, when compared to the amount of money wasted today, it will be pennies.

Combating fraud is a noble exercise, but combating longstanding systemic barriers to innovation and performance is, in many ways, harder. Yet, its returns will be exponentially greater, improvements in program integrity will be more significant and the resulting restoration of trust in programs that serve those most in need will serve us all.

Stan Soloway is chairman of the National Academy of Public Administration and chair of the Center for Accountability, Modernization and Innovation, which advocates for innovations in public services delivery.

]]>

Tech bills of the week: Limiting adversaries’ access to US tech; and boosting cyber apprenticeships

Edward Graham — Fri, 03 Apr 2026 16:40:00 -0400

Expanding export controls on foreign adversaries

New legislation introduced by Rep. Ann Wagner, R-Mo., on Monday looks to bolster the federal government’s export control regime on sensitive U.S. technologies to ensure that adversarial nations are not able to leverage the capabilities to further their own economic ambitions.

Wagner said the measure, the Export Control Enforcement and Enhancement Act, would modernize U.S. restrictions on accessing sensitive technologies and “streamline the ability of the Departments of State, Defense, and Energy to quickly modify the list of foreign entities—ranging from governments to companies and research institutions—that pose a serious risk to our national security.”

Foreign adversaries, like China, have used U.S.-made semiconductors to bolster the development of their own artificial intelligence capabilities.

Wagner’s proposal would create a 30-day period for “proposed additions, removals, or other modifications” to the Department of Commerce’s Entity List so the government would “be able quickly address any efforts by our adversaries to cheat the system and obtain superior, American-made technology.”

Limiting bad actors’ access to chipmaking equipment

A bipartisan group of lawmakers in both chambers of Congress is also looking to tighten export controls on semiconductor manufacturing equipment through new legislation that would further limit the ability for China and other foreign adversaries to import the capabilities.

While the U.S. has already imposed significant restrictions on China’s access to semiconductors and related chip manufacturing components, Beijing has been able to skirt these measures by, in part, purchasing equipment from American allies or using shell companies.

The effort — introduced by Rep. Michael Baumgartner, R-Wash., on Thursday, and soon to be introduced in the upper chamber by Sens. Pete Ricketts, R‑Neb., and Andy Kim, D‑N.J. — looks to close these loopholes by prohibiting the sale of essential semiconductor equipment “to any destination inside a country of concern.”

The bill would also enhance restrictions on a series of specific Chinese companies, including Huawei, and require export controls to “apply uniformly” across the U.S. and its allies. If allied countries “cannot demonstrate progress” on enhancing their export restrictions within a 150-day deadline, the Commerce Department would be directed “to implement controls unilaterally.”

Baumgartner said the proposal, called the Multilateral Alignment of Technology Controls on Hardware — or MATCH — Act, would “ensure that America and our allies move in lockstep to close these gaps, defend our technological edge, and safeguard the supply chains that power everything from our weapons systems to our critical infrastructure.”

Boosting cyber apprenticeships

Bipartisan House legislation introduced on Tuesday would require the Labor Department to establish a grant program to boost Americans’ access to cybersecurity apprenticeship opportunities.

The measure, led by Reps. Susie Lee, D-Nev., and Brian Fitzpatrick, D-Pa., looks to address talent gaps in the nation’s cybersecurity workforce, which the lawmakers said included over 500,000 current job vacancies.

Their proposed grant program would be overseen by Labor and would “award competitive grants to businesses, industry and community-based organizations, workforce development boards, educational institutions, joint labor-management partnerships, and nonprofits to develop registered apprenticeship programs in cybersecurity.”

In a statement, Fitzpatrick said the bill “will provide the next generation of cybersecurity experts the opportunity to gain in-demand skills for high-paying jobs here in Pennsylvania and across the nation without the burden of student loan debt, while fortifying our critical infrastructure and safeguarding our data systems.”

Sens. Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., also introduced a companion measure to the proposal — the Cyber Ready Workforce Act — in the upper chamber.

]]>