U.S. Principal Deputy CTO Alexander Macgillivray departs
Principal Deputy U.S. Chief Technology Officer Alexander Macgillivray on Thursday announced that he has stepped down from the role.
Macgillivray, who led the White House’s push on the need for algorithmic transparency, joined the Biden administration in December 2021 after previously serving as deputy federal chief technology officer during the Obama administration.
Following his departure, Deirdre Mulligan takes the role of U.S. deputy chief technology officer, according to a person familiar with the matter.
Mulligan is a professor in the School of Information at the University of California, Berkeley, and is on leave from the institution while serving in the White House. In February she was installed as U.S. deputy chief technology officer for policy, and has also worked as principal adviser to the National AI Initiative Office.
Macgillivray, who led the White House’s push on the need for algorithmic transparency, joined the Biden administration in December 2021 after previously serving as deputy federal chief technology during the Obama administration.
Before working in government, he held private sector roles as deputy general counsel at Google and general counsel at Twitter. It’s unclear where Macgillivray will work after leaving the White House.
“I am thankful for the support of WHOSTP Director Arati Prabhakar and am excited to see all the great work to come from the phenomenal Tech Division,” Macgillivray wrote on Twitter on Thursday afternoon.
“It was a huge privilege to get to work here again as part of the Biden Administration. I am extremely grateful and more than a little sad that my time is up,” he added.
Macgillivray during a speech on tech policy at the State of the Net Conference in March of this year highlighted three key goals of the Biden administration, which included improving federal privacy protections for Americans’ personal information and closing digital infrastructure gaps.
The OSTP, which Macgillivray is leaving, was established by Congress in 1976 and has a wide mandate to advise the president on the effects of science and technology on domestic and international affairs.
Details of Deirdre Mulligan’s new appointment were first reported by Axios Pro.
Watchdog finds IT security issues at VA medical center in Minnesota
A Department of Veterans Affairs medical center in Minnesota has multiple information technology deficiencies, including outdated operating systems, missing security patches, and non-operational video surveillance, the agency’s inspector general said.
In a Thursday report, the VA’s Office of Inspector General revealed that the St. Cloud VA Medical Center didn’t meet federal information security guidelines in three of the four areas it investigated: configuration management, contingency planning, and access controls. The only category without deficiencies was security management controls.
The VA has struggled to implement the information security standards in the Federal Information Security Modernization Act of 2014 (FISMA), according to the report. The inspector general found the VA “continues to face significant challenges meeting the law’s requirements” in a fiscal year 2021 audit.
The inspector general made eight recommendations to the information and technology chief information officer and two to the medical center director in the Thursday report, including implementing more effective processes for vulnerability management, inventory of network devices, and preventing use of prohibited software.
While the inspection was specific to the St. Cloud center, the report noted “other facilities across VA could benefit from reviewing this information and considering these recommendations.”
Among the issues found in the review were deficiencies in the medical center’s vulnerability management, which the report said “prior FISMA audits have repeatedly found.”
Those issues included operating systems that weren’t supported by the vendor anymore and missing security patches in applications. While the Office of Information Technology (OIT) routinely scans for vulnerabilities, it didn’t detect all of the issues the inspection team found when it used the same tools for vulnerability scanning, the report said.
Security patches hadn’t been applied in several devices with “critical and high-risk vulnerabilities,” the report said. “Without these controls, VA may be placing critical systems at unnecessary risk of unauthorized access, alteration, or destruction.”
The review also found that the medical center failed to keep an accurate inventory of its information systems and discovered 19 “special-purpose systems” running Windows XP, which the report said “has not been supported in over eight years and is prohibited by OIT.”
The medical center’s data center also didn’t have an operational video surveillance system when the inspection team visited the facility, which it said “minimizes incident response capabilities of the security force in the event of compromised security controls.”
In a response included in the report, the assistant secretary for information and technology and chief information officer agreed with most of the recommendations and said he submitted action plans.
The CIO didn’t agree with the inspector general’s recommendation for a more effective inventory of network devices, arguing devices the inspection team found that weren’t accounted for in inventories were improperly identified.
OPM director urges agencies to permit telework as wildfire smoke blankets D.C.
The head of the Office of Personnel Management has written to agencies across the federal government instructing them to take “all available” steps to protect the health of employees from wildfire smoke, including by permitting telework.
In a memo sent Thursday, OPM Director Kiran Ahuja said federal agencies, where possible, should allow staff — especially those considered high-risk — to work from home.
“As much of the country experiences dangerous air quality conditions from the ongoing Canadian wildfires, the U.S. Office of Personnel Management (OPM) is reminding Federal agencies to be proactive in protecting the health and wellbeing of our Federal workforce,” Ahuja wrote.
She added: “OPM would also like to remind agencies of the various workplace flexibilities that may be used to reduce health risks associated with dangerous air quality levels. Agencies are encouraged to permit employees, particularly those with high-risk medical conditions, to telework from home on a day when air quality conditions are dangerous.”
The OPM chief sent the missive to all government chief human capital officers, as thick smoke from Canadian wildfires blanketed Washington D.C., along with other major cities in the northeast, Ohio Valley and Mid-Atlantic regions of the U.S. According to the Washington Post, air quality is likely to be severely reduced in these areas for at least the next 24 to 48 hours.
In her missive, the director noted that agencies can deploy other measures to help protect the health of their staff, including by allowing those with flexible work schedules to adjust arrival and departure times to avoid peak commuting hours and to request the use of annual leave or earned compensatory time off.
While telework is not an option for certain government employees, including those working on national security issues or handling certain sensitive data, some agencies have retained a degree of flexibility for staff following the COVID-19 pandemic.
In January, the National Archives and Records Administration reached an agreement with the American Federation of Government Employees union, as part of which all permanent positions at the agency will now be eligible for telework.
At the end of November, the National Science Foundation signed a four-year collective bargaining agreement with the AFGE that included expanded telework and remote work for employees.
Advocates of the increased use of telework at government agencies say that it can be especially beneficial for recruiting staff in areas such as cybersecurity and IT because departments can seek potential candidates from across a wider geographic area.
However, telework has also proved politically contentious, with some lawmakers arguing that fewer employees in the office has resulted in the reduced availability of government services.
Agencies, military among customers hit by scheme involving counterfeit Cisco equipment
A Florida resident’s multi-year scheme selling counterfeit and fraudulent Cisco networking equipment that yielded over $100 million in revenue impacted government agencies and the military, the Justice Department said Tuesday.
The counterfeit devices had “numerous performance, functionality, and safety problems” and their failures caused “significant damage to their users’ networks and operations – in some cases, costing users tens of thousands of dollars,” the DOJ said.
The disclosure that the military and government were among the customers of equipment was included in the DOJ’s announcement that Onur Aksoy, 39, pleaded guilty to the operation in the District of New Jersey on Monday.
The DOJ didn’t immediately provide more information about the purchases by the government agencies and military. The release didn’t include details about which agencies purchased the fraudulent equipment.
Aksoy, who is a dual citizen in the US and Turkey, was the CEO of at least 19 companies based in New Jersey and Florida, 15 Amazon storefronts, and 10 eBay storefronts that sold the counterfeit goods, the DOJ said. Those companies and storefronts were known collectively as the “Pro Network Entities.”
The scheme operated by importing “tens of thousands of low-quality, modified computer networking devices” from China and Hong Kong that were made to appear new with counterfeit Cisco labels, documentation, packaging, and software, the DOJ said.
“The Chinese counterfeiters often added pirated Cisco software and unauthorized, low-quality, or unreliable components – including components to circumvent technological measures added by Cisco to the software to check for software license compliance and to authenticate the hardware,” the DOJ said.
The department estimated the total retail value of those devices was in the hundreds of millions of dollars.
Cisco asked Aksoy to cease and desist trafficking the equipment in seven letters sent to him between 2014 and 2019, the DOJ said. Askoy’s attorney responded twice with forged documents.
Askoy pleaded guilty to mail fraud and “conspiring with others to traffic in counterfeit goods, to commit mail fraud, and to commit wire fraud.”
His sentencing is scheduled for Nov. 6 where he’ll face four to six-and-a-half years in prison, under a plea agreement conditionally accepted by the court Monday, the DOJ said. He will also forfeit $15 million in gains from the scheme and pay back victims in full under that agreement.
A Cisco spokesperson said: “We are committed to protecting our valued customers and legitimate authorized Cisco channel partners and maintaining the integrity and quality of Cisco products and services. We thank our colleagues in U.S. law enforcement for their investigative actions, the successful indictment, and the work that led to today’s outcome.”
They added: “The Cisco Brand Protection team also appreciates the strong collaboration with Amazon’s CCU for jointly making the criminal referral that brought this individual to justice.”
Director of Amazon’s Counterfeit Crimes Unit Kebharu Smith said: “This guilty plea sends a strong message to bad actors that selling counterfeits has severe consequences.”
He added: “We are grateful for the collaboration with Cisco and the work of the U.S. Department of Justice to bring this counterfeiter to justice.”
Editor’s note, 6/8/23: This story was updated to include comment from Amazon.
Bill to create bipartisan commission on regulating AI expected later this month
Congressman Ted Lieu, D-Calif., said Wednesday that later this month he will introduce bipartisan legislation that would create an artificial intelligence blue-ribbon bipartisan commission or a jury of experts to make policy and legal recommendations on how best to regulate AI.
“I’m working on bipartisan legislation to create a blue-ribbon bipartisan commission to make recommendations as to what kinds of AI we might want to regulate and how we might want to go about doing that because then that report of recommendations will be public and transparent,” Lieu told FedScoop on the sidelines of the AWS Public Summit in Washington.
Lieu, who is a member of the Artificial Intelligence Caucus and one of three members of Congress with a computer science degree, has taken an increasingly prominent role in AI policymaking and leadership in Congress.
“The bill would allow the Senate and the House and both parties plus the President to appoint members. It would be equally bipartisan, and it sets certain requirements. So you’ve got to appoint both private and public sector people and so on and that will be introduced sometime later this month,” Lieu added.
The bill is being co-led by Republican Rep. Ken Buck, R-Colo., who with Lieu in April introduced the bipartisan Block Nuclear Launch by Autonomous Artificial Intelligence Act, legislation aimed at safeguarding the nuclear command and control process from any future change in policy in order to prevent AI from making nuclear launch decisions.
The Artificial Intelligence Caucus was created in 2017 to help educate members and their staff on the technological, economic and social impacts of advances in the technology.
Earlier this year, Lieu introduced the first measure in Congress that was written entirely by the popular online AI tool ChatGPT with a nonbinding resolution on how to comprehensively regulate AI in Congress.
Lieu’s congressional office is also one of the first not to have restrictions on the use of ChatGPT within its internal functions for any and all purposes, the California congressman said.
He highlighted that federal agencies need to be given the power and resources to better tackle the risks and concerns associated with AI, which he hopes a new blue-ribbon commission could help with.
“So I think we need to get more regulators in our federal agencies who are more cognizant and attuned to the unique risks and aspects of AI,” Lieu said.
Accenture, Alight and Thrift Savings Plan board hit with lawsuit over botched transition to new system
A class action lawsuit filed Thursday alleges that federal employees and uniformed service members suffered substantial financial hardship due to a botched transition to a new system for a savings and investment plan for federal government employees that the plaintiffs say has serious flaws.
Seven plaintiffs who are participants of or eligible for benefits from the Thrift Savings Plan (TSP) – a Federal Government-sponsored retirement savings and investment plan similar to 401(k) plans – joined together to file a class-action lawsuit against Accenture Federal Services (AFS), Alight Solutions and the five members of the Federal Retirement Thrift Investment Board in the U.S. District Court for the District of Columbia.
“AFS and Alight completely botched the migration of TSP’s services due to an array of technological and staffing shortfalls that have virtually brought the services offered by TSP to participants to a screeching halt,” the plaintiffs state in the class actions suit.
“Defendants’ failure to ensure the timely payment of Hardship Withdrawals, Non- Hardship Active Withdrawals, Out of Service Withdrawals, Death Benefits, and TSP Loan proceeds is not a one-off situation but instead is caused by systemic flaws in TSP’s system,” the lawsuit states.
The lawsuit alleges that the TSP program’s delay and failure to disburse funds within the program to beneficiaries has forced military personnel, veterans, and federal employees who use TSP to be forced to procure high interest consumer loans as alternatives so they are able to pay their bills and avoid home foreclosures, repossessions, and other hardships.
TSP serves as a tax-deferred retirement savings plan for approximately 6.5 million members of the uniformed services and other federal employees, similar to 401K plans offered to private-sector employees and manages more than $838 billion in assets.
The plaintiffs are seeking relief from the defendants to immediately disburse proceeds for all approved TSP loans and withdrawals as well as appropriate damages for plaintiffs and class members’ losses.
The suit also requests a declaration that defendants are financially responsible for all notice and relief and requires that the defendants pay both pre- and post-judgment interest on any amounts awarded as well as attorneys’ fees as permitted by law.
The plaintiffs are demanding a trial by jury on all issues.
Commerce names five new leaders for CHIPS research and development office
The Department of Commerce has appointed five new technologists to boost research and development within one of the agency’s CHIPS Act-focused offices.
The agency has named Lora Weiss as director, Eric Lin as deputy director, Neil Alderoty as executive officer, Richard-Duane Chambers as associate director for integration and policy and Marla Dowell as director of the CHIPS research and development metrology program within Commerce’s CHIPS Research and Development Office.
The CHIPS Research and Development Office is one of two offices at the Department of Commerce created by the passage of the CHIPS and Science Act of 2022. It is responsible for programs focused on making American semiconductor manufacturers globally competitive and works alongside the CHIPS Program Office, which is responsible for semiconductor incentives.
Weiss joins the Department of Commerce office from Pennsylvania State University, where she is senior vice president for research and oversees the research of 12 academic colleges, seven interdisciplinary research institutes and the university’s Applied Research Lab.
Lin was previously interim director of the CHIPS Research and Development Office, and before that was director of the NIST Material Measurement Laboratory.
Alderoty has worked at NIST for more than 30 years, most recently as executive administrator of the Commerce subagency’s Material Measurement Laboratory.
Chambers joins the CHIPS R&D Office from the Senate Committee on Commerce, Science and Transportation, where he served as a senior professional staff member.
Dowell takes up her new appointment after most recently serving as director of the NIST Communications Technology Laboratory.
Commenting on the appointments, NIST Director Laurie Locascio said: “To make the CHIPS R&D programs into bustling centers of innovation, we need the country’s best people to execute our vision. These are the experts who will propel CHIPS for America and the nation’s semiconductor sector forward.”
Commerce Secretary Gina Raimondo added: “These leaders bring exactly the depth and breadth of organizational, programmatic and technical leadership experience that CHIPS needs to stand up new, transformational R&D programs.”
Locascio announced the appointments during remarks made to the Industrial Advisory Committee on June 6.
Microsoft launches generative AI service for government agencies
Microsoft on Wednesday launched its new Azure OpenAI Service for government, which the company says will allow federal agencies to use powerful language models including ChatGPT while adhering to stringent security and compliance standards.
The new service will allow government departments to adapt models including GPT-3 and GPT-4 for specific tasks, including content generation, summarization, semantic search, and natural language-to-code translation.
The language models will run within Microsoft’s cloud service for U.S. government agencies, Azure Government.
“If you’re an Azure Government customer (United States federal, state, and local government or their partners), you now have the opportunity to use the Microsoft Azure OpenAI Service through purpose-built, AI-optimized infrastructure providing access to OpenAI’s advanced generative models,” Bill Chappell, Chief Technology Officer, Strategic Missions and Technologies at Microsoft said in a blog post shared with FedScoop.
“Microsoft has developed a new architecture that enables government agencies to securely access the large language models in the commercial environment from Azure Government allowing those users to maintain the stringent security requirements necessary for government cloud operations,” Chappell added.
Notably, Microsoft says all traffic used within the service will stay entirely within its global network backbone and will never enter the public internet. The technology giant’s network is one of the largest in the world and made up of more than 250,000 km of lit fiber optic and undersea cable systems.
The tech company added that the Azure OpenAI Service does not connect with Microsoft’s corporate network, and that government agency data is never used to train the OpenAI model.
The Azure OpenAI Service can be accessed using REST APIs, Python SDK, or Microsoft’s web-based interface in the Azure AI Studio, and all Azure Government customers and partners will be able to access all models.
Microsoft is doubling down and highlighting its data, privacy, and security protections offered to government customers by encrypting all Azure traffic within a region or between regions using MACsec, which relies on AES-128 block cipher for encryption.
Senior lawmaker raises ethics waiver concerns involving VA CIO
A senior Republican has called on the Department of Veterans Affairs to provide clarification about how the agency documents recusals and ethics waivers held by the agency’s chief information officer and other key officials.
In a missive sent on June 5 to Department of Veterans Affairs Secretary Denis McDonough, Mike Bost, R-Ill., said that the agency has so far failed to provide requested documents setting out how the agency collects information about recusals.
According to Bost, House Veterans’ Affairs Committee staff in late April held a meeting with VA CIO Kurt DelBene and VA Special Counsel Michael Waldman, during which it was established that the VA did not have a formal process in place for recording ethics waivers.
Bost wrote: “[VA Special Counsel] Michael Waldman confirmed that VA currently does not have a formal process in place to document Mr. DelBene’s recusals – or for that matter recusals of any of its executives – including recusals relating to former employment. Mr. Waldman acknowledged that it may be a good idea to start a formal recusal documentation process and volunteered to start discuss the idea internally and inform the Committee of their conclusions.”
“I am concerned that, more than a month after meeting with Mr. DelBene, I have not received a response from you or your staff,” he added.
In a previous note sent to Denis McDonough on May 10, Rep. Bost said that during the previous late-April meeting, DelBene noted that he had only twice interacted with Microsoft or its employees: once to discuss a problem VA was experiencing with Microsoft Teams software, and once when he had dinner with his former chief of staff to provide career advice.
In the May 10 note, Bost requested that the agency provide a written summary of its plan to document the recusals of DelBene and other senior executives, or its reasoning for not adopting such a measure.
All federal employees are required to abide by the ethics stipulations set out in the Code of Federal Regulation, and failure to do so carries criminal penalties.
These include a requirement that federal officials take appropriate steps to avoid any actual or appearance of loss or impartiality in the performance of their official duties, including through personal or another “covered relationship.”
Prior to his confirmation as VA chief information officer in December 2021, DelBene was an executive at technology giant Microsoft.
Earlier in his career, DelBene worked in the Obama administration for a brief time, during which he led improvement work on Healthcare.gov as a senior adviser to the secretary of the Department of Health and Human Services. While working on Healthcare.gov, he helped to troubleshoot issues encountered during the first open enrollment period.
DelBene is also married to Rep. Suzan DelBene, D-Wash.
In a statement to FedScoop, a VA spokesperson said: “The Biden Administration and VA are committed to the highest ethical standards for public officials. Consistent with those high standards, before joining the VA, CIO Kurt Delbene agreed to an Ethics Agreement whereby he was recused from involvement in Microsoft specific matters, including a number of specifically enumerated procurements and programs.”
He added: “VA and CIO Delbene have scrupulously adhered to that Agreement. In recent meetings with HVAC staff, it was requested that VA develop a formal process to document procurements or programs from which Mr. Delbene may be recused. VA has been working on finalizing such a formal documentation process and expects to respond to the Chairman Bost and the Committee shortly.”
Editor’s note, 6/6/21, 4:12 p.m. ET: This story was updated to include comment from the Department of Veterans Affairs.
USAID awards Accenture $329M information assurance and privacy contract
The United States Agency for International Development has awarded Accenture Federal Services a $329 million contract to manage information assurance and privacy programs at the agency.
According to a press release issued by the tech services and consulting firm, it will support the Office of the Chief Information Officer, within USAID’s Bureau for Management, and the contract has a 10-year performance period.
Commenting on the contract award, Accenture Federal Services Managing Director and USAID Client Lead John Roche said: “This contract award marks Accenture Federal Services’ first prime contract with USAID. We are thrilled to be tapped to lead this critical initiative for the Agency.”
“We look forward to delivering innovative, cost-effective solutions that protect the integrity, confidentiality, and accountability of the Agency’s information assets,” he added.
The award is the latest federal IT contract win for Accenture in recent months. Last month, the company was awarded, along with federal contractor Maximus, a spot on the Internal Revenue Service’s Enterprise Development, Operations Development IT modernization contract vehicle.
This came after the company in March was awarded an IT infrastructure operations and modernization contract worth $380 million by the U.S. Customs and Border Protection agency. That contract was awarded as a task order through the General Services Administration’s Alliant 2 governmentwide acquisition contract vehicle.