Customs drones spent 80 percent of time in border, coastal areas

U.S. Customs and Border Protection drones spent more than 80 percent of their time in border and coastal areas, according to a new report from the Government Accountability Office.

In the report, GAO researchers looked at flight hour data for CBP drones, or unmanned aerial systems, from fiscal year 2011 to April 2014. They found that roughly a fifth of the drones’ flight hours took place in restricted or foreign airspace — perhaps as a result of an equipment malfunction — or were used for training, transit and disaster missions.

The report, released Tuesday, evaluates a Department of Homeland Security review on whether its border drone program complies with privacy laws and civil liberty standards, and whether the drones’ activities were limited to border areas. Researchers looked not only at the DHS review, but they also reviewed privacy laws and interviewed DHS staff for the report.

GAO researchers note that DHS drones aren’t restricted to border areas by law, though they are limited by Federal Aviation Administration requirements and CBP policies.

The report comes amid ongoing uneasiness about the effect that drones could have on privacy. Indeed, Rebecca Gambler, director of the GAO’s Homeland Security and Justice unit, said in a cover letter for the report there have been “questions regarding the scope of CBP’s authorities to collect and use aerial surveillance.” However, the GAO report noted CBP has measures in place to help make sure its program observes privacy rules.

“DHS’s review contains information on CBP procedures on collecting, retaining, storing, and disseminating images from UAS, among others, to help ensure compliance with privacy and civil liberty laws and standards,” according to the report.

While the DHS review did not elaborate on how it has developed a written institutional framework to protect privacy, the GAO report did find that CBP has or plans to issue such policies.

“As highlighted in the report, U.S. Customs and Border Protection, Office of Air and Marine (OAM), operates their unmanned aircraft systems with an oversight framework and procedures that help ensure compliance with privacy and civil liberty laws and standards,” CBP told FedScoop in an email. “The UAS provides a vital layer in CBP’s border security strategy – operating in a dynamic environment – adjusting coverage according to emerging trends and the needs of CBP personnel on the ground, to include along the southwestern border of the U.S. Equipped with state-of-the-art sensors and day-and-night cameras, the UAS provides real-time images to commanders and frontline agents to more effectively and efficiently secure our nation’s borders.”

CBP is tasked with protecting U.S. borders and hedging terror threats and illegal drug imports. Its Office of Air and Marine provides nine drones to patrol the border.

House Committee Report 113-91 tasked GAO with evaluating the DHS review. GAO received a copy of the department’s review, conducted by the Office of Civil Rights and Civil Liberties and the Privacy Office, in June to evaluate, and the agency presented its findings to congressional offices at the end of August.

The GAO did not make any recommendations in this report nor did DHS submit an official response.

Commentary: To protect that ‘kid in the garage,’ avoid regulating broadband under Title II

The iconic figures of the net neutrality debate are the kids in the garage and the dorm, the next Steve Jobs and Mark Zuckerberg, the ones everyone wants to protect. They are working feverishly day and night to create the next Facebook, Twitter, Twitch, Shutterfly, YouTube. They think about their friends, new games they would enjoy playing and new ways to connect. They think about the creatures they are bringing to life and how to make them more appealing or more frightening. They think about the code they are writing, its elegance and efficiency. If they are far enough along, they think about attracting investors and marketing their inventions.

They do not think about price regulation, quality regulation, privacy regulation and myriad other regulations. They do not think about federal and state commissions, hearing rooms and courtrooms. They do not think about the endless paperwork needed to prove compliance with rules promulgated by all those commissions. They don’t have to, because the applications they are developing are not regulated.

They may not even know that the reason their work is not subject to regulation by the Federal Communications Commission and 50 state commissions is that it qualifies as an information service under the Communications Act. Each of their inventions will use telecommunications to reach its audience, but it inherently involves data manipulation and storage and, under the current FCC interpretation, that is enough to keep it from being a telecommunications service, which is enough to assure that it will not be subject to common-carrier regulation under Title II.

The Telecommunications Act of 1996 created a clear-cut distinction between an information service and a telecommunications service. Based on that distinction, the FCC classified broadband Internet access — which also blends telecommunications with data manipulation and storage — as an information service. The Supreme Court has affirmed the FCC’s interpretation of the law. But the FCC is now under tremendous pressure to reclassify broadband Internet access as a telecommunications service subject to common-carrier regulation under Title II. If it does so, many Internet services and applications will also find themselves subject to reclassification.

Blurring that distinction will change our kids’ thought process radically. Once they understand the innumerable obligations that being subject to federal and state regulation will place on them, every creative thought will be filtered through the questions: “Am I creating an information service or a telecommunications service?” and “How do I change it to keep it from being a telecommunications service?”

Creativity does not thrive when it is focused on bureaucratic contortions. The creators of Facebook, Twitter, Twitch, Shutterfly and YouTube did not sit in their garages and dorm rooms contemplating the burdens of Title II regulation and ways to evade them. But if the advocates of reclassification get their way, they might have. All of those platforms look like telecommunications services once you start asking where the line is drawn: Exactly how little data manipulation and storage does it take to slide from the nirvana of information service into the nightmare of telecommunications service?

If the FCC yields to the pressure to reclassify, it will inevitably blur the distinction between information services and telecommunications services. It will, no doubt, try to forbear from most of the regulations Title II automatically invokes, just as it will, no doubt, try to avoid trapping our kids in its net. But for many years, while the FCC’s forbearance is contested and its blurrier definition is tested and re-tested in court, our kids will be stuck in limbo. The investors they might have attracted will flee to less risky ventures. And if the courts decide that those automatically invoked rules should apply despite the FCC’s attempt to forbear, the FCC will not be able to undo the harm it never intended to do.

Millions of Americans have contacted the FCC, asking it to keep the Internet open. They want to protect these kids and their creativity. And they want to protect all those Internet services and applications on which they have come to rely and which they hope to adopt in the future. They want the FCC to enhance their choices, not to diminish them.

The alternate course using section 706 of the act, poses none of these dangers of reclassification. It allows the FCC to promulgate only those regulations that it believes are needed to protect the open Internet. It can target only those practices it considers harmful, and apply its rules only to those parties it intends to regulate. Section 706 provides a much safer way to protect the open Internet, our creative kids and consumers’ choices. It is the perfect example of the way the new network compact should work.

Anna-Maria Kovacs is a visiting senior policy scholar at Georgetown University’s Center for Business and Public Policy.

CMS extends Healthcare.gov Terremark IT contract, further delaying HP transition

Healthcare.gov’s second open enrollment period was supposed to be hosted by HP Enterprises Services, but the Centers for Medicare and Medicaid Services has yet again extended a contract with the site’s original Web host, Terremark, further delaying the transition to HP’s cloud.

CMS submitted a special notice Monday awarding Terremark, an IT subsidiary of Verizon Communications Inc., “an out of scope modification” to its initial contract for supporting the Affordable Care Act’s Healthcare.gov federal marketplace. Despite announcing before the site’s official launch that Hewlett-Packard Co. would take over hosting responsibilities for the marketplace, CMS has continually extended Terremark’s contract — once in February, again in July and now for a third time.

The latest award, according to the notice, adds to the “logical follow-on” contract extension needed “Enterprise Identity Management (EIDM) hosting and security upgrades,” a major focus of CMS and Healthcare.gov since launching last fall and especially in the wake of a malicious cyber attack in July. The EIDM had been supported by a separate contract that expired in September, according to the notice. The follow-on will continue through the end of open enrollment 2015.

With stability and security in mind, CMS will continue hosting Healthcare.gov’s returning users through Terremark’s services and balance some of the load from other features on HP, as well as Amazon Web Services, a subcontractor to HP. On the backs of three different hosts, CMS hopes this enrollment period will run a bit more smoothly.

“Our first priority is to ensure that millions more consumers will be able to enroll in quality, affordable coverage during the next open enrollment period,” a CMS spokesperson said. “Based on our lessons learned and provide sufficient time to ensure a stable site, we have instituted a plan to better manage peak traffic, while providing greater flexibility and scalability within the system. To achieve this and to accommodate the growing needs of consumers, we have decided to use three data cloud services, assigning each with specific responsibilities and measurable deliverables.”

With the extension, Terremark will continue to serve as the main host of the marketplace and its data hub through the second open enrollment for returning customers and new enrollees with more complex needs.

According to the notice, “CMS plans on utilizing the HP Virtual Data Center as a development environment and alternate site for backup and eventually transition the work from the Terremark Federal Group Inc. site. This approach will better position CMS to implement a scalable, robust, and secure hosting site for the Open Enrollment period with adequate time for end to end testing of the marketplace systems. … There is no other source that could provide the required hosting services during OE 2015 at an acceptable level of risk. Terremark is best positioned to continue to provide these services until CMS is able to transition them to HP.”

HP will not stay completely in behind-the-scenes test mode, though. The CMS spokesperson confirmed that the company will serve as the host for the online Small Business Health Options Program, launching for the first time during this enrollment period to facilitate insurance for companies with fewer than 50 employees. Last year, businesses had to apply via paper. HP will also host the marketplace for agents and brokers.

Lastly, Amazon Web Services will support Healthcare.gov’s Marketplace 2.0, which will facilitate health insurance for new users.

“This decision represents the best path forward to ensure a successful second open enrollment period,” the spokesperson said. “It was made in order to improve the consumer experience and have sufficient time for testing before the next open enrollment period.”

Is all goes as planned, the transition to HP’s services should be made sometime after open enrollment ends in February.

Smart meters highlighted in updated NIST Smart Grid standards

Over the past few years, the federal government has devoted billions of dollars to help improve the nation’s energy grid. As we move toward an interoperable smart grid, the grid’s standards are changing as rapidly as its associated technology.

To accommodate these changes, the National Institute of Standards and Technology released an update Wednesday that further integrates the use of smart meters into the Smart Grid Interoperability Standards Framework.

Last updated in February 2012, the framework now includes 74 standards and protocols, including seven not included in prior versions. The biggest changes include protocols for smart meters, which allow engineers to monitor the grid’s flow of electricity to better maintain stability and efficiency.

“There’s been an emphasis on smart meters because of the importance of assessing [power use] within the grid, as well as the basic mechanism, to ensure accurate measurements by your utility company,” said David Wollman, deputy director of the Smart Grid and Cyber-Physical Systems Program Office at NIST.

According to the Department of Energy, more than 43 million smart meters were in use at the end of 2012, with nearly 90 percent installed in residential settings. The government estimates it will spend more than $5 billion on smart meter installation through its Smart Grid Investment Grant program.

The guide also includes updates to Smart Grid architecture standards, placing a growing importance on “distributed energy resources,” including non-traditional sources like solar and wind power.

“With this increased emphasis in being able to handle distributed resources, we evolved the conceptual model to give greater importance to generation coming from many different places in the system,” Wollman said. “The new smart grid needs to be able to handle distributed resources wherever they are. That includes on the customer’s premises or resources tied to the distribution grid.”

NIST also released an update to its smart grid cybersecurity framework, which works in concert with the agency’s larger cybersecurity framework. Smart meters have built-in two-way communication that records and transmits data instantly to energy providers.

You can view the updated NIST guide below, as well as a beginner’s guide to the new framework.

Congress.gov moves out of beta, adds new features

After more than two years, Congress.gov is finally moving out of its beta stage.

The official Congress.gov website — the federal clearinghouse for all things legislation — came on board with a few new features, including a resources section and a section consisting of live streams of committee hearings out of the House of Representatives. In addition to providing the live streams, the new website also includes an archive of hearings from January 2012 to the present.

In a blog post announcing the full launch, Andrew Weber, the legislative information systems manager at the Library of Congress, said despite the two year beta stage, the website launched out of beta faster than other common web initiatives.

“Today, I’m happy to announce we officially removed the beta label,” Weber said in the blog post. “That’s roughly three years quicker than Gmail took to remove its beta label, but we won’t give you the option of putting it back on.”

The new version of the site also includes an advanced search capability with 30 new fields that allow a user to search through nominations, the congressional record as a whole or by the name of any member of Congress. Earlier this year, the website expanded its search function to include 22 legislative data fields and introduced a browsing feature that was updated in the launch away from beta.

The browsing section of the site also includes a new calendar view identifying when Congress is or isn’t in session, and users can also browse by sponsor or co-sponsor and see the results of roll call votes.

The Library of Congress launched Congress.gov in collaboration with the U.S. Senate, the U.S. House of Representatives and the Government Printing Office. The beta version of the site went online in September 2012 when the Library of Congress announced it would eventually replace Thomas.gov, which had been the location of all online legislative documents since 1995. About a year ago, Thomas.gov officially began redirecting to Congress.gov, even while the site was still in its beta infancy.

According to a statement from the Library of Congress in 2013, the Thomas.gov infrastructure could not handle the capabilities that the next generation of the site, which would expand its use across different platforms, would require.

Treaties, House and Senate executive communications and an index of the congressional record will all be added in the next year, according to a release.

“Just because the beta label has been removed doesn’t mean we will not still be hard at work updating the website,” Weber said. “We have a plan for new features and enhancements to launch throughout the next year and beyond.”

The Congress.gov site is mobile friendly; however, the Library of Congress also hosts an app that provides the daily congressional record to iOS users. When the app was launched in January 2012, it pulled from the Thomas.gov database.

In the blog post, Weber said the 2014 updates and the features that came alongside the launch were based on feedback from users.

“We really value the feedback that we receive about Congress.gov,” Weber said. “Whether it is a comment on this blog via the feedback form, or a tweet, we read them all.”

Jim Karamanis, chief of web services at the Library of Congress, said in an email statement to FedScoop that most of the user feedback has been positive.

“This project has reached this milestone as the result of an extraordinary amount of teamwork from throughout the Library and our collaborators in Congress and the Government Printing Office,” Karamanis said. “We have been very gratified by the volume of feedback. Most has been positive, and we will continue to improve and update based on suggestions we receive from users.”

State CIOs say funding hinders data security efforts

As state government agencies continue to collect growing volumes of personal, business and health data, they are also becoming bigger targets for hackers looking to exploit that information. A new report warns, however, that government officials may be failing to fully grasp how vulnerable their agency applications and databases are to the kinds of costly cyber attacks that humbled corporate giants Home Depot and Target over the past year.

The report, released Wednesday by Deloitte and the National Association of State Chief Information Officers (NASCIO), found that state officials are making headway in their efforts to better secure the information they maintain. But the study also detected a significant gap in perceptions between state agency leaders and their IT security officers about how prepared state agencies are in responding to cyber attacks.

While half of the country’s states report year-over-year increases in cybersecurity budgets, 76 percent of responding state chief information security officers (CISOs) said those budgets remain insufficient to tackle the increasingly sophisticated cyber threats businesses and governments routinely face.

Moreover, the 2014 Deloitte-NASCIO Cybersecurity Study found that while 60 percent of state agency leaders said they are very or extremely confident in their state’s ability to protect information assets against cyber threats, only 25 percent of CISOs hold the same belief.

Read more about the report’s finding, reactions to the report and what it recommends for state CIOs and CISOs at StateScoop.

Symantec’s Jennifer Nowell discusses the challenges facing STEM

http://youtu.be/YAEC0h1evbo Jennifer Nowell, senior director for U.S. public sector strategic programs at Symantec, joins FedScoop TV to talk about the importance of STEM education and the challenges it faces.

VA official investigated for fraud loses lucrative DOE gig

The Energy Department has withdrawn an offer to hire Susan Taylor, the Veterans Health Administration’s deputy chief procurement officer, because of an investigation by the Department of Veterans Affairs inspector general that found Taylor violated numerous federal procurement laws and regulations.

In an email obtained by FedScoop dated Sept. 12 — two weeks before the VA’s IG report was made public — Thomas Johnson Jr., the associate deputy assistant secretary for acquisition and project management in DOE’s Office of Environmental Management, announced the selection of Taylor for the career senior executive service position of director of the Office of Procurement Planning, effective Oct. 5.

Two senior officials at DOE familiar with the situation but not authorized to comment publicly, however, confirmed to FedScoop that the offer has been withdrawn based on the VA IG report’s conclusions. “DOE is not hiring Ms. Taylor,” said one of the officials with detailed knowledge of the job offer.

Taylor was the central focus of a damning 82-page investigation released Sept. 29 by the VA IG in which the agency said she abused her position and “improperly acted as an agent of FedBid in matters before the government.” The IG substantiated that Taylor had been giving FedBid, a private reverse auction company, preferential treatment, going so far as to disclose proprietary information and pressure contracting staff to award a task order for reverse auction services to FedBid. Although the IG referred the matter to the Department of Justice for criminal prosecution, DOJ did not press charges and recommended VA take administrative actions. 

“Had this information been known when the original offer was made, there’s no way an offer would have been extended,” the official said.

But members of Congress are still unhappy with the lack of action on behalf of the VA. In a letter sent Monday to VA Secretary Robert McDonald, Rep. Mike Coffman, R-Colo., chairman of the Veterans’ Affairs Subcommittee on Oversight and Investigations, demanded to know what punitive actions the agency plans to take against Taylor.

“The sheer extent of the abuse of power undertaken by Ms. Taylor at VA alone should warrant her termination,” Coffman wrote. Coffman contends in his letter to McDonald that Taylor had been simply reassigned within VA.

House Committee on Veterans’ Affairs Chairman Rep. Jeff Miller, R-Fla., called the VA’s inaction “a classic example of what’s wrong with government bureaucracy.”

“Instead of doing the right thing and holding people accountable, lazy bureaucrats are content to simply transfer problem employees to other areas of the government,” Miller said. “Everyone involved in this matter should be ashamed, especially Department of Justice officials, who need to have their heads examined after the inexplicable decision not to press charges as the OIG recommended.” Follow @DanielVerton

FDA releases guidance on medical device cybersecurity

The scary reality as more medical devices become interconnected and attached to a network is that those connections unveil new entry points for cyber threats. The Food and Drug Administration released final guidance Wednesday recommending that manufacturers take those security concerns into account from the inception of their design to mitigate cyber risks.

The guidance — “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” — recognizes key security steps manufacturers should take before submitting their devices for approval, such as identifying existing risks and assessing their impacts and likelihood of happening, exploring ways to limit device access and entrusting the security of its content and implementing features to detect and respond to any attacks. Failure to so “can result in compromised device functionality, loss of data (medical or personal) availability or integrity, or exposure of other connected devices or networks to security threats. This in turn may have the potential to result in patient illness, injury, or death,” the document states.

“There is no such thing as a threat-proof medical device,” said Suzanne Schwartz, director of emergency preparedness/operations and medical countermeasures at the FDA Center for Devices and Radiological Health. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.”

There’s a host of threats the FDA has its crosshairs on with these recommendations, including malware, unsecured or uncontrolled distribution of passwords, poor management of software updates and patches and other vulnerabilities from software or apps designed to prevent unauthorized access to the device.

Along with the guidance, FDA asks that manufacturers submit documentations about the risks involved with a planned device and how it plans to mitigate those risks, as well as any plans for patches or updates to operating systems or software.

While the FDA said cyber threats to medical devices are only perceived at this point and there are no reports “that any patients have been harmed as a result of cybersecurity breaches,” it is concerned of the possibility, one that’s surfaces in popular culture recently. Reports late last year surfaced that former Vice President Dick Cheney had his physician turn off the wireless feature of his pacemaker, fearing someone could hack it and alter its functioning to attack him. Cheney began questioning the possibility of such an attack when he saw an episode of Showtime’s “Homeland” in which the fictional American vice president was assassinated in that exact manner.

Of course, that’s just one extreme end of the spectrum. The FDA is also concerned with keeping personal medical information and other assets secure from intruders as well.

The FDA has planned a workshop in October during which it will gather other government representatives, manufacturers, the medical industry, hospitals, cybersecurity professionals and others to collaborate on best practices for medical device security. This new guidance will complement prior FDA guidance for medical devices using software, and like it, these new recommendations are strong suggestions but not legal regulations or statutory requirements.

How the USPS can embrace tech and keep physical mail relevant

The financial future for the United States Postal Service might be uncertain, but according to two recent reports from the agency’s Office of Inspector General, innovative new products could pull the agency into the future.

In one report, focused on what the next generation of postal customers will look like, the OIG partnered with Deloitte to use scenario planning to understand what the customers of the future will need and expect from USPS.

The fast-paced and rapidly changing technological environment makes this transition different from previous customer shifts, the report said.

“Change used to be generational, driven by slow-moving and predictable forces like demographic shifts,” the report said. “Now, rapid technology innovation means that change is almost continuous and unpredictable.”

The OIG came up with a few main scenarios of what the postal customer climate could look like in 20 years and suggested ways the agency could innovate current offerings or decide on new products to feature.

In the “From Our Family to Yours” scenario, the OIG predicts that groups, not single customers, will give brands a seal of approval. To compete in this scenario, the post office could potentially offer a “trustmark” to some companies, allowing the agency to use its longstanding status with the public to verify the capabilities of other companies. One use of the trustmark could be through the verification of some sellers on websites like Craigslist and eBay, the report said.

In this scenario, the OIG also recommended the agency look into offering next-day printing for localized customers.

Similarly, in the OIG’s “All Eyes on You” scenario, customers will use technology to tailor products seen in a physical retail location to themselves online. For instance, after seeing a particular type of running shoe in a store, a user can go online and design a customized version. When the mail arrives the next day, the consumer will have a two-dimensional printout of how the shoe will look embedded with a QR code that can direct the user back online to finish the purchase.

“All Eyes on You” also encourages the post office to link physical addresses to permanent email addresses to facilitate a world of communication on and offline. The scenario also examines using driverless delivery and extra post office facility space as community centers or hubs to help small businesses and consumers innovate.

To facilitate other potential scenarios, the OIG’s report also recommended the Postal Service look into hosting an eLockbox – an online storage facility that is secured and backed by USPS – and offering on-demand 3-D printing, secure digital messaging and government concierge services.

The report also calls for the creation of what the OIG calls a “ZIP Code Facebook,” which would take a user’s location to enable a community sharing and chatting platform online.

Through the adoption and use of these various technologies, the OIG said USPS’ collection of data can bring more power to the consumer and help move the post office and technology into the world of the Internet of Things.

In the meantime, however, the OIG also looked at already existing mail technology and how the Postal Service can encourage advertisers to take advantage of some of the products to ensure the physical  product remains relevant.

Through embedding mail with QR codes, augmented reality technology, near-field communication chips and webkeys, marketers can bring about a new era of connected mail. This connected mail initiative would bind the physical mail product to a digital counterpart.

Through the use of near-field communication chips, a user would have the ability to make their mobile phones or NFC-enabled wearables interact with the mail in front of them to speed up commerce.

Although still in its early stages and still expensive, electronic mail – pieces of mail embedded with an electronic component – also offers marketers a chance to make their mail stand out just a little bit. Through embedded communication devices, video screens and mobile devices can even be included in marketing mail, the OIG report said.

“Electronics are getting thinner, and advertisers are getting more creative,” the report states. “With mobile in print technology, it is now possible to add a direct communication portal, such as a phone or text messaging system, into a direct mailpiece.”

The results of using these technologies and data to innovate the postal industry are “tremendous,” Postmaster General Patrick Donahoe said during the National Postal Customer Council Week event last month.

“As an industry we’re probably experiencing more challenges and opportunities than we ever have. That’s why it’s so important for us all to be on the same page in terms of strategies that can help grow your business and our industry,” Donahoe said. “Technology adoption is the key. You can look across the whole spectrum of our industry and see that nearly every aspect is evolving due to technology adoption.”