FedScoop » News http://fedscoop.com Federal technology news and events Tue, 18 Nov 2014 15:56:58 +0000 en-US hourly 1 Commentary: E.U. data privacy rules threaten medical research http://fedscoop.com/eu-data-privacy-rules-threaten-derail-medical-research/ http://fedscoop.com/eu-data-privacy-rules-threaten-derail-medical-research/#comments Tue, 18 Nov 2014 15:45:42 +0000 http://fedscoop.com/?p=65639 Proposed European data privacy regulations could dramatically hamper medical research efforts in the E.U., raising questions of unintended consequences for U.S. policymakers.

The post Commentary: E.U. data privacy rules threaten medical research appeared first on FedScoop.

]]>
(iStockphoto.com)

Under a proposed E.U. regulation, each time a researcher reuses data or does a follow-up study, he or she must obtain consent from each patient in the original study — many of whom may have moved, died or misplaced the researcher’s correspondence (iStockphoto.com)

The Europe Union’s continuing efforts to regulate data in the name of privacy protection is raising growing concerns in the medical research community — and elsewhere — about the potentially costly unintended consequences of those rules. Their concerns should send a cautionary signal to U.S. policymakers considering “privacy-at-any-cost” changes to data laws and regulations without regard to their negative effects.

Case in point: Last March, the European Union proposed the General Data Protection Regulation (GDPR). The new privacy rules would dramatically harm the ability of researchers to conduct medical research throughout all of its member states. If allowed to pass in its current form, many in the medical community believe the GDPR could cost the European Union not only medical knowledge and money, but human lives as well.

The GDPR was created to protect Europeans’ personal data. In pursuit of this goal, it forces organizations that process personal data to obtain informed consent each time they want to use that data for a purpose other than for what it was originally collected. As the Center for Data Innovation’s Travis Korte has argued, while these regulations have chilling effects on many big data initiatives, their greatest potential for harm is in medical research.

Every day, researchers analyze data in an attempt to solve many of today’s pressing medical problems, from unlocking the cure to cancer to slowing the outbreak of Ebola. Unfortunately, the GDPR would greatly hinder these efforts by making it more difficult to reuse data and by greatly increasing overall costs to researchers.

Under the proposed rules, each time a researcher reuses data or does a follow-up study, he or she must obtain consent from each patient in the original study — many of whom may have moved, died or misplaced the researcher’s correspondence. This creates burdensome hurdles that are not only logistically difficult and sometimes completely infeasible, but limit the reusability of important, lifesaving data. For example, under the GDPR, when a patient dies, their data becomes effectively unreachable because he or she is unable to give consent for reuse.

By enforcing this policy, Europe would effectively outlaw big health databases like the United Kingdom’s National Health Service database, which gathers records from patients in England to spot side effects for new drugs and detect outbreaks of infectious diseases.

This policy would also levy burdensome costs on researchers who are often already strapped for funds. Medical researchers would face excessive time and fiscal costs if they are forced to re-obtain explicit consent from hundreds of thousands of patients every time they use a data set. For example, one E.U.-funded project used data from 7,000 patients to conduct a genetic study of colorectal cancer.

By compelling researchers to spend more resources on compliance, their focus will be diverted from what matters most, their lifesaving research. Data takes time and energy to compile and process. Could you imagine how costly it would be to find and obtain consent from each of those 70,000 patients — especially for a follow-up study months or years down the road — long after they have already consented?

A lot of the European Union’s tax revenue, not to mention the tax revenue of individual member states, goes to medical research. In fact, from 2007 to 2013 the E.U. spent €6.1 billion ($7.8 billion) on medical research, discounting individual member countries’ efforts. Therefore, it stands to reason that Europeans would want to get more “bang for their buck” by reusing data across multiple studies. By maximizing the reuse value of data, the European Union can maximize the potential of their tax dollars, and researchers can make sure that every dollar counts.

There are many solutions that could be incorporated into the GDPR to help it address these problems. For use of data after death, the GDPR should offer a mechanism to “donate your data to science,” giving blanket consent for a patient’s data to be used after their death. This would allow researchers that are studying rare diseases with limited access to patients to achieve effective sample sizes. The GDPR should also be more explicit about when organizations must seek consent to reuse data, or allow organizations to ask once to obtain consent for the reuse of data for multiple purposes. This “one-time consent” framework would reduce costs and regulatory uncertainty for organizations, as well as help address the problem of consent after death.

The European Parliament is still in the amendments phase, and the European Union is not expected to adopt final language for GDPR until late 2014, with final rules coming into force by 2016. The Europe Union should use this opportunity to increase the GDPR’s cost-effectiveness and promote medical research to help save lives.

The lesson here for U.S. lawmakers is that blindly pursuing ever-more-stringent privacy regulations can seriously harm consumer health and welfare. As Congress considers initiatives like 21st Century Cures to accelerate technology-aided innovation in health care, it should avoid overly prescriptive privacy proposals that risk chilling advancement in medicine and other fields. Instead, policymakers should craft narrowly targeted rules to mitigate specific harms, protect individual privacy and ensure medical research can flourish.

Alan McQuinn is a research assistant with the Information Technology and Innovation Foundation. Prior to joining ITIF, he was a telecommunications fellow for Rep. Anna Eshoo, an honorary co-chairwoman of ITIF. While part of the California Democrat’s team, McQuinn assisted with research and analysis for a variety of issues related to information technology and telecommunications.

The post Commentary: E.U. data privacy rules threaten medical research appeared first on FedScoop.

]]>
http://fedscoop.com/eu-data-privacy-rules-threaten-derail-medical-research/feed/ 0
How the Energy Department uses cybersecurity for asset management http://fedscoop.com/energy-department-asset-management-rick-lauderdale/ http://fedscoop.com/energy-department-asset-management-rick-lauderdale/#comments Tue, 18 Nov 2014 03:11:08 +0000 http://fedscoop.com/?p=65619 Rick Lauderdale took a three-person team and built an asset management platform that uses cybersecurity in a way never before seen, inside or outside government.

The post How the Energy Department uses cybersecurity for asset management appeared first on FedScoop.

]]>
asset management

Energy Department’s asset management platform gives stakeholders an enterprisewide overview of cybersecurity. (Credit: iStockphotos.com)

An IT asset management system for a government agency that employs more than 100,000 people should probably have more than three people working on it and should probably take longer than nine months to build.

Rick Lauderdale has proven otherwise.

Lauderdale, the Energy Department’s chief architect, has been spending the better part of 2014 refining a system that gives agency leadership an agile way to use the agency’s existing technology and phase out end-of-life software. While the primary focus of most IT management systems is lowering cost, Lauderdale’s system operates from a cybersecurity standpoint. As his team worked to integrate the program across the agency, they found that the platform’s security aspect set the table for all the other components of IT decision-making.

“No one has ever tied IT asset management to cybersecurity,” Lauderdale said during an interview with FedScoop. “I can tell you that our CFO office loves it, because now it’s allowing the stakeholders to look forward and try to predict what’s going to happen with the software and the hardware.”

Rick Lauderdale, Energy Department chief architect (courtesy Twitter)

Rick Lauderdale, Energy Department chief architect (Courtesy of Lauderdale)

The security focus comes from last year’s Energy Department hack, which compromised the social security numbers and birth dates of 53,000 former and current DOE employees. After Lauderdale determined the vulnerability was due to an out-of-date version of Adobe’s ColdFusion, he set out to create a system that mapped assets as well as managed the life cycles of all DOE assets.

Using a combination of enterprise portfolio management tool Troux and IT information repository Technopedia, Lauderdale has created a way for agency executives and the IT office to map out on-demand reports about potential vulnerabilities, redundant applications and measures that need to be taken to phase out end-of-life technology.

The system Lauderdale and his team set up allows stakeholders to create very granular data visualizations across the enterprise; managers can filter queries based on hardware manufacturers, phases, products and versions, then run it against Technopedia to determine safety, cost, further integration or a host of other filters. Earlier this year, the platform was key in helping DOE understand what Microsoft hardware products would need to be replaced as the company ended support for Windows XP.

Lauderdale said the system has allowed DOE to move away from being reactive about vulnerabilities and instead be more intuitive about asset management.

“It’s going to allow us to predict what is going to occur and then move forward aggressively to prevent any kind of vulnerabilities to the network,” he said.

While Lauderdale said this system “does not solve all the cybersecurity issues that are out there,” the size of the team that created the tool and the time frame within which the team created it has caught the attention of enterprises inside and outside the public sector. Lauderdale told FedScoop eight different federal agencies as well as private companies foreign and domestic have contacted him about the platform. It was also part of a case study recently published by market research firm IDC.

“[Asset management] has a huge gap that is both in industry and government, and that’s going to help them close it,” Lauderdale said.

Yet even with the provided agility and amount of information that can now be uncovered, Lauderdale said it’s still up to people to make sense of the data the platform can unearth.

“You’ve got to be smarter than the data,” Lauderdale said. “The data is telling you something, but if you’re not smarter than the data, you’re not going to be able to read the tea leaves, whether it’s right, wrong or indifferent.”

The post How the Energy Department uses cybersecurity for asset management appeared first on FedScoop.

]]>
http://fedscoop.com/energy-department-asset-management-rick-lauderdale/feed/ 0
Public and private research supports UAS commercialization http://fedscoop.com/uas-commercialization-academia-government-industry-use-drones/ http://fedscoop.com/uas-commercialization-academia-government-industry-use-drones/#comments Tue, 18 Nov 2014 03:05:59 +0000 http://fedscoop.com/?p=65611 As the Federal Aviation Administration's 2015 deadline for integrating small unmanned aircraft systems into the national airspace approaches, members of the private, public and education sectors are already looking into the ways they can use drones to make tasks easier and safer — with or without the FAA.

The post Public and private research supports UAS commercialization appeared first on FedScoop.

]]>
Credit: iStockPhoto

(Credit: iStockphoto.com)

As the Federal Aviation Administration struggles to stay on schedule to meet Congress’ 2015 deadline to integrate small unmanned aircraft systems into the national airspace system, a range of other public and private organizations are moving on new UAS research programs with an eye toward commercialization.

When Michael Clemens, the assistant chief for Maryland’s Montgomery County Fire & Rescue Service, bought the first UAS for the department last year, he didn’t know the FAA prohibited it for nonrecreational use. In fact, it wasn’t until the device had been tested in open air several times when someone told him what he was doing might be illegal.

“We had the cart ahead of the horse here,” Clemens said Monday, speaking at the UAS Commercialization Industry Conference in Washington, D.C.

Clemens intended to use drone technology to provide an “eye in the sky” view of a burning building in order to determine what areas firefighters should concentrate their fight. The areas, or hotspots, could be identified through thermal imaging cameras mounted on a small quad-copter rotocraft UAS.

“We didn’t know where to put our streams, so [without a drone] we had to get into a [neighboring] high-rise building to look down at the fire,” Clemens said. “Most of our information that we see comes from the ground level. We don’t really get to see above it. I want to know how big the fire is, where it’s going and what I need to do to mitigate it.”

Though Clemens wanted to continue using drone technology to fight fires, he said he understood the need for the FAA to go through the process of ensuring that the devices could be safely integrated.

“I think the FAA has a job to do,” Clemens said. “We really respect what they’re doing. The test flight centers are really important. We think there’s so much opportunity, and we haven’t even scratched the surface.”

Now, Clemens and his department are in the process of applying for a certificate of authorization, or COA, from the FAA, which would allow them to operate drones under specific conditions.

The COA would be granted under section 333 of the 2012 FAA Modernization and Reform Act, which allows the agency to grant exemptions to the non-recreational drone prohibition. Earlier this year, the FAA granted an exemption for BP to operate UAS to check pipelines in Alaska for leaks and other faults.

According to Marty Rogers, the director of the Alaska Center for Unmanned Aircraft Systems Integration at the University of Alaska Fairbanks, BP has operated some of its missions through the center.

Since the COA for BP was granted in early June, the company has used drone technology to inspect its infrastructure and create geologic modules in Alaska’s North Slope. However, according to Rogers, the company’s aim is not to set the standard for UAS operation in the commercial space but rather to gather the information they need in a cost-effective, safe way.

“[BP is] absolutely, without a doubt, system agnostic,” Rogers said. “This is absolutely about the right data at the right time to support their missions.”

In addition to helping BP fly their missions out of the ACUASI, Rogers also leads the FAA-approved test site based out of the University of Alaska Fairbanks.

Through the test site, Rogers and his team utilize their fleet of more than 100 aircraft to fly UAS missions approximately 150 days out of the year. The missions focus mostly around research, including work with the National Oceanic and Atmospheric Administration to study polar bears and other endangered animals.

With UAS technology, Rogers said, the center can perform the “dull, dirty and dangerous” without putting lives on the line and for a relatively low cost.

“Because we’re able to fly so low, so quietly, we’re really able to get some great data” about wildlife and other difficult-to-reach places, Rogers said.

Science, research and commercial opportunities

In May, Rogers and his team traveled to Soldotna, Alaska, to help survey the Funny River Wildfire. After a few days of bureaucratic difficulties, the team flew several UAS missions over the fire in order to determine where the hottest areas were so that firefighters could concentrate efforts there.

“This was a commercial opportunity, but we were doing it as a science and research mission,” Rogers said. “We were really trying to refine our processes and get some actionable data.”

But academic research and pipeline observation are not the only applications for this technology. For example, NASA’s UAS-National Airspace project is looking at the development and testing of technologies that can make airspace integration a little more convenient for the FAA and drone operators, said Laurie Grindle, the program manager for the project.

Through a two-phase process scheduled to end in fiscal year 2016, the agency has started to evaluate various technologies that would be critical to integration, including sense-and-avoid systems that would allow drones or manned planes to know about the presence of the other and automatically redirect out of each other’s flight paths.

In the first phase of the project, Grindle said most of the testing was done in a completely virtual environment that shared content between the different NASA flight centers. Now during phase two, and continuing through the end of the project, the agency will do real-life flight tests to evaluate the quality of the integrated technology.

Yet from NASA to Montgomery County, Maryland, to Alaska, the drone operators said they had one thing in mind: commercialization. Although unmanned aircraft systems now are used for research purposes, the commercial possibilities of the technology are endless, Rogers said.

“We’re sort of going in some places that really haven’t been touched yet,” Rogers said. “We’re trying to help the commercial side. We don’t want to inhibit it at all.”

The post Public and private research supports UAS commercialization appeared first on FedScoop.

]]>
http://fedscoop.com/uas-commercialization-academia-government-industry-use-drones/feed/ 0
Patent office holds first cybersecurity partnership meeting http://fedscoop.com/patent-office-holds-first-cybersecurity-partnership-meeting/ http://fedscoop.com/patent-office-holds-first-cybersecurity-partnership-meeting/#comments Tue, 18 Nov 2014 02:16:08 +0000 http://fedscoop.com/?p=65614 The U.S. patent office held its first cybersecurity partnership meeting with members of the tech community Friday.

The post Patent office holds first cybersecurity partnership meeting appeared first on FedScoop.

]]>
At a meeting between federal officials and members of the tech community, U.S. Patent and Trademark Office Deputy Director Michelle Lee emphasized the part her office can play in fighting a “multibillion-dollar crime wave” sweeping the globe.

“We at the USPTO embrace our role in helping cybersecurity suppliers and providers bring their products and services to the market quickly and efficiently,” said Lee, a former Google Inc. executive, in a televised message at the meeting.

She made the remarks Friday at what was the patent office’s first cybersecurity partnership meeting. Held in Silicon Valley, the meeting brought together patent office staffers and members of the tech industry to discuss protecting cybersecurity intellectual property and encouraging the use of cybersecurity tools.

The goal of the partnership, Lee said, is to ensure the office issues timely, high-quality patents. She also noted that some patents could protect the U.S. and countries abroad from cybercrime.

Among the topics on the event agenda were how Alice Corp. v. CLS Bank International, a recent Supreme Court case on what is patent eligible, applies to cybersecurity; deciding between seeking patent protection for cyber technology or keeping innovations as a trade secret; and computer/network security patent applications.

Presenters also discussed the voluntary Framework for Improving Critical Infrastructure Cybersecurity, which was released by the National Institute of Standards and Technology nine months ago as a result of an executive order. The guidelines were created with collaboration from private industry.

Like Lee, presenter Nestor Ramirez, ‎director of USPTO’s Patent Technology Center 2400, noted that cyber weaknesses pose a major risk.

“The national and economic security of our nation relies on the function of our critical infrastructure,” Ramirez said. “Cybersecurity threats have the potential to destabilize our critical infrastructure.”

But he said the patent office was eager to examine strategies to better address the threat. Looking ahead, Ramirez told attendees that at the beginning of next year the patent office plans to host a roundtable for cybersecurity startups. Also, the agency is evaluating patent examiner training opportunities specific to emerging cybersecurity technology and best standards.

“We want to ensure that our examiners are kept up to date and abreast on the current state of the field so they have the knowledge and tools that they need to make sound patentability decisions,” he said.

The post Patent office holds first cybersecurity partnership meeting appeared first on FedScoop.

]]>
http://fedscoop.com/patent-office-holds-first-cybersecurity-partnership-meeting/feed/ 0
Foreign hackers may still have access to VA networks, IG says http://fedscoop.com/reporters-notebook-tuesday-shaping-bad-day-va-cybersecurity/ http://fedscoop.com/reporters-notebook-tuesday-shaping-bad-day-va-cybersecurity/#comments Mon, 17 Nov 2014 23:10:01 +0000 http://fedscoop.com/?p=65603 The Department of Veterans Affairs is still "actively monitoring" VA networks for traces of foreign hackers that successfully infiltrated its computer systems in 2010, and officials acknowledge that some of those groups may still have access to VA systems through unauthorized user accounts.

The post Foreign hackers may still have access to VA networks, IG says appeared first on FedScoop.

]]>
The Department of Veterans Affairs is still “actively monitoring” its networks for traces of foreign hackers who successfully infiltrated its computer systems in 2010, and officials acknowledge that “certain threat groups may still have access to VA systems using unauthorized user accounts,” according to the agency’s inspector general.

The attack, which made headlines in 2013 and has been attributed to state-sponsored hackers from at least eight different countries, led to an agencywide security effort that lasted more than a year, according to written testimony to be delivered Tuesday to the House Committee on Veterans Affairs by Sondra McCauley, the VA’s deputy assistant inspector general for audits and evaluations. FedScoop obtained a copy of the testimony in advance of Tuesday’s hearing.

Concerns about the continued presence of foreign hackers on VA networks comes on the heels of a Government Accountability Office report released Monday that shows VA cybersecurity officials did not retain forensic evidence related to known network intrusions, including the 2010 nation-state-sponsored attack, and allowed critical vulnerabilities in two key Web applications to go uncorrected for as long as 18 months.

The GAO report and the IG’s testimony will be the basis of Tuesday’s scheduled hearing of the House Committee on Veterans’ Affairs. Lawmakers plan to grill VA Chief Information Officer Stephen Warren and VA Chief Information Security Officer Stan Lowe on the department’s longstanding cybersecurity gaps. Warren acknowledged to reporters Friday that VA has been notified by the IG that the agency’s IT security controls remain a material weakness for the 16th consecutive year. McCauley’s testimony, however, provides the first detailed glimpse of the issues that contributed to VA’s failing evaluation.

“The financial management system uses an unsupported database with several known critical vulnerabilities that cannot be updated with security patches,” McCauley’s testimony states. In addition to software patches not being deployed in a timely manner, the IG also discovered several VA organizations were sharing the same networks and data centers with organizations that were not under VA’s central control and “often had critical or high-level vulnerabilities that weakened the overall security posture of the VA sites.”

“We continue to identify significant technical weaknesses in databases, servers, and network devices that support transmitting sensitive information among VA Medical Centers, Data Centers, and VA Central Office,” McCauley’s written testimony states. “For FY 2014 we once again found deficiencies where control activities were not appropriately designed or operating effectively. It is particularly disconcerting that a significant number of vulnerabilities we identified at VA data centers are more than 5 years old.”

McCauley also plans to tell the committee Tuesday that VA faces new, emerging security challenges that the IG has not identified in previous audits, including the movement to cloud computing and the increasing threat posed by foreign nation-state hackers. According to the IG, VA entered into a contract last year to move more than 600,000 email users to a private cloud service. But the contract did not include a clause allowing the IG to access VA systems and data, effectively blocking the IG from conducting legal oversight and investigations.

The IG is also investigating multiple whistleblower reports to the IG hotline, including accusations that VA was hosting medical devices containing sensitive patient information “that are not effectively protected from unauthorized access,” as required by VA’s Medical Device Isolation Architecture. The IG is also investigating claims that VA was misrepresenting information in preparation for the fiscal year 2014 security audit.

Department of Veterans Affairs CIO Stephen Warren is scheduled to testify Tuesday on VA cybersecurity. "Veterans' information is well protected because we put mitigating controls in places where we can best simultaneously protect Veterans' information and not impede our ability to provide timely health care that they have earned and deserve," he said. (Credit: FedScoop)

Department of Veterans Affairs CIO Stephen Warren is scheduled to testify Tuesday on VA cybersecurity. “Veterans’ information is well protected because we put mitigating controls in places where we can best simultaneously protect Veterans’ information and not impede our ability to provide timely health care that they have earned and deserve,” he said in a statement. (Credit: FedScoop)

Sources on Capitol Hill told FedScoop that lawmakers are running out of patience with VA’s inept handling of critical security incidents that are known to have compromised veterans’ data, including a “significant” attack that occurred in 2012 and involved government-backed hackers in China and possibly Russia. According to the GAO study, although VA security operations center documented the actions it had taken to eradicate the foreign hacker threat, VA cybersecurity officials could not locate the forensics analysis report or other materials related to the incident.

“Officials explained that digital evidence was only maintained for 30 days due to storage space constraints. As a result, we could not determine the effectiveness of actions taken to address this incident,” the GAO report states. “In addition, VA has not yet addressed an underlying vulnerability that contributed to the intrusion,” GAO said. Although VA had planned to deploy a solution in February that would have corrected the weakness, it had not yet done so at the time of the GAO’s review. Auditors concluded VA’s networks remain vulnerable to similar incidents.

Meanwhile, a VA official who spoke to FedScoop on background said shortly after news broke of the nation-state hack into VA’s active directory domain controller, VA contracted with Mandiant to conduct a security audit. Mandiant, the company known for a 2013 report that documented the existence and activities of a massive Chinese government cyber espionage campaign, delivered a preliminary report to VA on Friday. The VA official said the report verifies the steps VA took in response to the attack and concludes the domain controller is no longer compromised.

As of May 2014, the 10 most prevalent critical security vulnerabilities at VA involved software patches that had not been applied, according to GAO. In some cases, these patches had been available for almost three years before being deployed. And due to multiple occurrences of each of the 10 missing patches, the total number of vulnerable systems ranged from 9,200 to 286,700, GAO said.

“At the end of our audit, VA officials told us they had implemented compensating controls, but did not provide sufficient detail for us to evaluate their effectiveness,” the GAO report stated. “Without applying patches or developing compensating controls, VA increases the risk that known vulnerabilities could be exploited, potentially exposing veterans’ information to unauthorized modification, disclosure, or loss.”

In a statement emailed to FedScoop, Warren said: “Veterans’ information is well protected because we put mitigating controls in places where we can best simultaneously protect Veterans’ information and not impede our ability to provide timely health care that they have earned and deserve.” Warren also said VA, like other large agencies, records a significant volume of threats, but VA’s “security posture is successfully keeping Veteran information safe, and as we believe that IT security is an evolving process, we’re always striving to improve.”

 

VA GAO security report 11-2014

The status of critical and high-risk vulnerabilities identified in two major VA Web applications, as reported Nov. 13 by the Government Accountability Office. (Credit: GAO)

 

 

The post Foreign hackers may still have access to VA networks, IG says appeared first on FedScoop.

]]>
http://fedscoop.com/reporters-notebook-tuesday-shaping-bad-day-va-cybersecurity/feed/ 0
HHS launches new cohort of Entrepreneurs-In-Residence http://fedscoop.com/hhs-adds-new-cohort-entrepreneurs-residence-program/ http://fedscoop.com/hhs-adds-new-cohort-entrepreneurs-residence-program/#comments Mon, 17 Nov 2014 22:54:08 +0000 http://fedscoop.com/?p=65604 IDEA Lab announced a new cohort for its Entrepreneurs-In-Residence program, which matches entrepreneurs from outside government with HHS employees to innovate on "high risk high reward projects" crowdsourced from within the agency.

The post HHS launches new cohort of Entrepreneurs-In-Residence appeared first on FedScoop.

]]>
Bryan-Sivak_Fedtalks

HHS CTO Bryan Sivak discusses IDEA Lab at FedTalks 2014. (Credit: FedScoop)

The Department of Health and Human Services’ IDEA Lab is signing a one-year lease on a handful of talented entrepreneurs to help solve some of health care’s biggest issues.

IDEA Lab announced a new cohort for its Entrepreneurs-In-Residence program, which matches entrepreneurs from outside government with HHS employees to innovate on “high risk high reward projects” crowdsourced from within the agency, according to a blog post. This latest group, four entrepreneurs with varying backgrounds in private sector innovation, was selected from the most talented applicant pool yet, the blog said.

During the 12-month period, the entrepreneurs will use agile and lean methodologies to address problems that might require unconventional thinking or lack the typical resources needed for a solution.

The third HHS Entrepreneurs-In-Residence class is:

  • Danny Boice, the co-founder and CTO of conference call startup Speek, will help the Administration for Community Living explore how the elderly and disabled use technology and media to access services.
  • Mark Scrimshire, co-founder of consumer-focused health care company HealthCa.mp, will team with the Centers for Medicare and Medicaid Services to help redesign its Blue Button initiative as a Data-as-a-Service platform for third-party applications.
  • Paula Braun is a data scientist with Elder Research Inc. Braun, who started her career as a Presidential Management Fellow, will re-enter federal government for a year to help the Centers for Disease Control and Prevention create a next-generation Electronic Death Registration System.
  • David Portnoy, co-founder and CTO of Symbiosis Health, will help the HHS Office of the Chief Information Officer and the HHS IDEA Lab build public-facing research database applications for the department’s massive amount of data.

Bryan Sivak, CTO at HHS and leader of the IDEA Lab, talked highly of the EIR program recently at FedScoop’s annual FedTalks event. Though there are several innovative programs under the IDEA Lab umbrella, the CTO focused much of his keynote on the anecdotal success of HHS’ Entrepreneurs-In-Residence.

Limiting the entrepreneurs’ term to 12 months, he said, is vital to program’s ability to bring rapid solutions to major problems.

“The 12-month thing is really important because with 12 months, by definition if you only have 12 months to solve the problem, you almost by definition have to do things differently,” Sivak said. “You cannot follow standard bureaucratic procedure.”

Sivak keyed in on an entrepreneur from the program’s first class, David Cartier, a 25-year veteran of UPS tasked with helping create an electronic tracking system for organ donations while at HHS’ Health Resources and Services Administration.

“They brought David in because he had all this experience with UPS with [radio-frequency identification] tagging and tracking and could help them do this,” Sivak said. But Cartier’s experience was mostly with “innovation practices and design thinking and human-centered design,” not medical procedure. So, Sivak said, he spent quite a bit of time in operating rooms and realized technicians, nurses and doctors found it cumbersome to handwrite between 30 and 70 labels for the organs transplanted each night. It not only leaves room for human error, like poor transcriptions, but it also takes quite a bit of time, Sivak said. “When you’re working with organs, every minute counts.”

His solution? A mobile printing and barcode system, as Sivak called it, to be used in operating rooms for the rapid tagging and dissemination of the organs.

When Cartier’s time was done and the solution’s pilot wrapped up, they took the systems away from the operating rooms because it was meant to be no more than a test phase. The operating room users, though, demanded it be brought back, Sivak said. “And to me, that’s as good as you can get, right? The users of the system want to continue using it.”

The post HHS launches new cohort of Entrepreneurs-In-Residence appeared first on FedScoop.

]]>
http://fedscoop.com/hhs-adds-new-cohort-entrepreneurs-residence-program/feed/ 0
OPM director defends preference in hiring vets http://fedscoop.com/opm-director-defends-preference-hiring-vets/ http://fedscoop.com/opm-director-defends-preference-hiring-vets/#comments Mon, 17 Nov 2014 13:00:23 +0000 http://fedscoop.com/?p=65572 Responding to a question live-tweeted to her during a digital town hall Friday, Office of Personnel Management Director Katherine Archuleta didn't miss a beat in defending the federal government's push to hire veterans.

The post OPM director defends preference in hiring vets appeared first on FedScoop.

]]>
Responding to a question live-tweeted to her during a digital town hall Friday, Office of Personnel Management Director Katherine Archuleta didn’t miss a beat in defending the federal government’s push to hire veterans.

Celebrating her first year in the administrator role, Archuleta invited the public to ask her questions about the future of the federal workforce in an open forum hosted via Google Hangout. About halfway through, she received the tweeted question on veteran hirings:

But that’s a misconception, she said, before going on to defend veteran hiring.

“First of all, I’m going to say that I am a very, very strong proponent of veterans preference,” Archuleta said. “I believe that the men and women who serve in our military and come home need to have an opportunity to continue their service.”

Archuleta further vouched for the returning soldiers saying it gives the federal government a chance to leverage “those skills, that experience, how do you organize, how do you schedule, how do you develop the strategies for implementing,” which she said are “skills we need in federal government.”

But the woman who tweeted the question might have some ground to stand on thanks to a study released in August by the U.S. Merit Systems Protection Board. MSPB, which resides as an independent agency in the executive branch as a guardian of the federal merit system, found that there might be some undue preference for hiring veterans in the federal government, or at least that’s how some of the federal workforce perceives it.

“In an MSPB survey, 6.5 percent of respondents indicated that they had observed inappropriate favoritism towards veterans while 4.5 percent reported observing a knowing violation of veterans’ preference rights,” MSPB reported. “The survey data showed that employees are less likely to be engaged and more likely to want to leave their agencies if they report having observed either of these two types of conduct.”

OPM has several vet-friendly hiring initiatives, and recently the office announced a new STEM focus under its Vets to Feds Career Development Program. This addition will be the program’s fourth since 2011.

Later in the discussion, Archuleta continued her stand for veterans and specifically the women who leave the military after serving. She said this is one of her major focuses as vice chairwoman of the Veterans Employment Council, an honor she shared with Department of Veterans Affairs Secretary Bob McDonald.

“Together, we’re focused in on how we can bring more women veterans into the federal workforce,” she said. “The skills that women veterans can bring to us and to the federal service is really important, and I want to bring more.”

The director addressed another group underrepresented in federal government, millennials, during her town hall. While the future of the federal workforce won’t get the preferential treatment veterans do, Archuleta said OPM is at work making sure those young minds consider the federal workforce.

“We’re going where they’re at,” she said. “We’re using social [media] a way that we’ve never used it before.” OPM is using social applications like Twitter and LinkedIn, as well as plain language, humor and graphics, hoping to reach to them.

Additionally, Archuleta said there’s a working plan to revamp USAJobs.gov. Right now the agency is using Lean Six Sigma to audit the application process and make it a more meaningful to reduce the time in hiring new talent.

The post OPM director defends preference in hiring vets appeared first on FedScoop.

]]>
http://fedscoop.com/opm-director-defends-preference-hiring-vets/feed/ 0
Watch Terry Halvorsen’s FedTalks 2014 keynote http://fedscoop.com/watch-terry-halvorsens-fedtalks-2014-keynote/ http://fedscoop.com/watch-terry-halvorsens-fedtalks-2014-keynote/#comments Mon, 17 Nov 2014 07:31:13 +0000 http://fedscoop.com/?p=65601 Watch as Terry Halvorsen, acting chief information officer for the Defense Department, commands the stage during his FedTalks 2014 keynote.

The post Watch Terry Halvorsen’s FedTalks 2014 keynote appeared first on FedScoop.

]]>

Watch as Terry Halvorsen, acting chief information officer for the Defense Department, commands the stage during his FedTalks 2014 keynote.

The post Watch Terry Halvorsen’s FedTalks 2014 keynote appeared first on FedScoop.

]]>
http://fedscoop.com/watch-terry-halvorsens-fedtalks-2014-keynote/feed/ 0
Hagel launches defense innovation effort http://fedscoop.com/hagel-launches-defense-innovation-initiative/ http://fedscoop.com/hagel-launches-defense-innovation-initiative/#comments Mon, 17 Nov 2014 00:19:47 +0000 http://fedscoop.com/?p=65587 Secretary of Defense Chuck Hagel announced a sweeping new innovation effort Saturday designed to help the Pentagon maintain its technological and readiness edge in the face of a major reduction in the size of the military and unprecedented budget pressures.

The post Hagel launches defense innovation effort appeared first on FedScoop.

]]>
Defense Secretary Chuck Hagel makes remarks during the Reagan National Defense Forum at the Ronald Reagan Presidential Library in Simi Valley, California, Nov. 15. Hagel is on a five-day trip visiting troops across the United States. (Credit: U.S. Navy Petty Officer 2nd Class Sean Hurt/DOD)

Defense Secretary Chuck Hagel makes remarks during the Reagan National Defense Forum at the Ronald Reagan Presidential Library in Simi Valley, California, Nov. 15. Hagel is on a five-day trip visiting troops across the United States. (Credit: U.S. Navy Petty Officer 2nd Class Sean Hurt/DOD)

Defense Secretary Chuck Hagel, concerned with the deterioration of the military’s readiness and technological edge after more than a decade of war and massive budget pressures, announced a sweeping effort Saturday to accelerate the pace of innovation in everything from leadership development to new technologies and weapons systems.

Speaking Saturday at a defense forum hosted by the Ronald Reagan Presidential Library, Hagel said Deputy Secretary of Defense Robert Work has been tasked with overseeing the new Defense Innovation Initiative, which he described as “an initiative that we expect to develop into a game-changing third ‘offset’ strategy.”

The ambitious plan comes as the Pentagon faces a very real possibility of a return of sequestration-level budget cuts as modern adversaries, such as China and Russia, continue to increase military spending on technologies designed specifically to counter U.S. military strengths.

On the technology front, the centerpiece of the new innovation initiative will be a so-called Long-Range Research and Development Planning Program that will help “identify, develop and field breakthroughs in the most cutting-edge technologies and systems – especially from the fields of robotics, autonomous systems, miniaturization, big data and advanced manufacturing, including 3-D printing,” Hagel said. This program will run into the next decade and beyond, he said.

“In the near-term, it will invite some of the brightest minds from inside and outside government to start with a clean sheet of paper, and assess what technologies and systems DOD ought to develop over the next three to five years and beyond,” Hagel said.

Hagel acknowledged the changing tech innovation landscape and alluded to a likely expansion of the Defense Department’s contracting universe to include non-traditional system providers. “We all know that DOD no longer has exclusive access to the most cutting-edge technology or the ability to spur or control the development of new technologies the way we once did. So we will actively seek proposals from the private sector, including those firms, and from those firms and academic institutions outside DOD’s traditional orbit,” Hagel said.

DOD must also embrace better business practices, Hagel said. “This means upgrading our business and information technology systems and processes, striking the right balance between civil service and contractor support and avoiding duplication of support functions.”

The new innovation effort will also focus on new operational concepts and methods of developing future leaders.

“America does not believe in sending our troops into a fair fight,” Hagel said. “But that is a credo we will not be able to honor if we do not take the initiative and address these mounting challenges now. DOD must continue to modernize our nation’s capabilities and sustain its operational and technological edge. And we must do so by making new, long-term investments in innovation.”

Part of the Defense Innovation Initiative memo issued Nov. 15 by Secretary of Defense Chuck Hagel. (Credit: DOD)

Part of the Defense Innovation Initiative memo issued Nov. 15 by Secretary of Defense Chuck Hagel. (Credit: DOD)

The post Hagel launches defense innovation effort appeared first on FedScoop.

]]>
http://fedscoop.com/hagel-launches-defense-innovation-initiative/feed/ 0
VA readies scheduling RFP amid onslaught of security challenges http://fedscoop.com/va-readies-scheduling-rfp-amid-onslaught-security-challenges/ http://fedscoop.com/va-readies-scheduling-rfp-amid-onslaught-security-challenges/#comments Fri, 14 Nov 2014 23:03:01 +0000 http://fedscoop.com/?p=65565 The Department of Veterans Affairs plans to release the long-awaited request for proposals next week.

The post VA readies scheduling RFP amid onslaught of security challenges appeared first on FedScoop.

]]>
The Department of Veterans Affairs plans to release the long-awaited request for proposals next week for the replacement to its patient scheduling system, the agency’s chief information officer confirmed today.

Stephen Warren, the VA’s CIO, told reporters the department is planning to release the RFP for a commercial scheduling system no later than Nov. 21. The new system will replace the current scheduling component within VA’s main electronic health record system known as the Veterans Health Information Systems and Technology Architecture, or VistA. VA plans to take 30 days to evaluate written proposals before selecting the best options. Finalists will then be required to develop full demonstration versions of their system for evaluation by VA schedulers, Warren said.

The announcement of the pending release of the RFP comes just days after the VA’s inspector general notified Warren that information security will remain a material weakness in the agency’s financial statement audit for at least another year. “I was disappointed, and I know the team was disappointed,” Warren said, adding that security officials have “redoubled” their efforts to ensure VA can show “constant improvement” to auditors when they return next year.

Meanwhile, Warren is scheduled to testify Nov. 18 before the House Committee on Veterans Affairs on VA’s continued cybersecurity problems. The committee is investigating longstanding cybersecurity gaps that may have allowed VA patient scheduling data to be manipulated as well as unanswered questions surrounding the department’s inability to respond to the committee’s repeated requests for information about its cybersecurity posture.

(Credit: Information Security Monthly Activity Report)

(Credit: Information Security Monthly Activity Report)

According to VA’s latest monthly information security report for October, released by Warren, the agency blocked more than 12 million intrusion attempts and blocked or contained more than 206 million pieces of malware. In at least 27 cases, malware was discovered on various medical devices, such as heart monitors. The department also reported at least 765 incidents involving the potential compromise of personally identifiable information belonging to veterans. Of those, 536 veterans were offered credit monitoring services by the VA, Warren said.

In addition to the monthly information security activity report, Warren’s office also released 18 pages of incident summaries that detail the locations and types of security incidents that occurred. Although the vast majority of cases involved unintentional mishandling of data or errors in mailing prescriptions, at least one involved inappropriate access to personal information by VA insiders.

That case, which occurred Oct. 1 at a VA facility in Dallas, involved at least a dozen employees in VA’s Human Resources Management Service who accessed electronic personnel folders and data from the Office of Personnel Management’s USA Staffing database containing employment information belonging to 90 individuals, some of whom were not VA employees. “Some access the records for better preparation, and some for curiosity,” the incident report states. “Also, the one person who looked at management eOPFs may have done it maliciously to share information with the Union,” the report states.

In another case, an employee from a community-based outpatient clinic in Hawaii discovered VistA reports containing personal health information, including full names and social security numbers, belonging to 55 veterans on the bottom of a magazine holder that had been setup at the Maui County fair from Oct. 2 through Oct. 5. A similar incident occurred Oct. 17 at a VA facility in Mountain Home, Tennessee, where a pharmacist is suspected to have discarded 109 pages of information containing the names and patient ID numbers of 106 veterans, as well as details about their medications. The documents were discovered by a housekeeper in a recycling bin located in the parking lot of the facility.

The events that led to the potential exposure of veterans’ personal information “follow the process, paper and people route,” Warren said. “The area where we continue to have to do more work and we continue to do more work is on the human side, in terms of individuals doing things they should not do or a process failure.  A lot of time is spent training and educating the workforce.”

VA security report 1

(Credit: Information Security Monthly Activity Report)

 

 

The post VA readies scheduling RFP amid onslaught of security challenges appeared first on FedScoop.

]]>
http://fedscoop.com/va-readies-scheduling-rfp-amid-onslaught-security-challenges/feed/ 0