Subscribe to our daily newsletter.
Subscribe

CISA issues draft attestation form for government software providers

The Cybersecurity and Infrastructure Security Agency on Thursday published a draft attestation form for software providers working with federal government agencies.

The agency launched a 60-day request for comment period, during which industry is able to submit feedback on the document.

The new form was developed in collaboration with the White House and is based on practices established in the National Institute of Standards and Technology’s Secure Software Development Framework.

Software providers working with federal government agencies will shortly have to start signing the letters of attestation. The documents will be then collected by each department and held “in one central agency system” until CISA establishes a central repository.

Publication of the draft attestation letter format comes after the White House in a software supply chain memo issued last September set out new requirements for federal agencies to ensure that all third-party IT software deployed adheres to National Institute of Standards and Technology supply chain security requirements.

As part of this, they will have to ensure that attestation forms are collected from software contractors they work with.

That memo is one of several policy initiatives from the White House intended to improve cybersecurity standards across federal agencies. 

In March, the Biden administration published a new national cybersecurity strategy, which sought to shift the responsibility for maintaining the security of computer systems away from consumers and small businesses onto larger software makers. 

The White House strategy document planted a major flag in this debate on the side of those who would like to expose software makers to face liability. “Companies that make software must have the freedom to innovate, but they must also be held liable when they fail to live up to the duty of care they owe consumers, businesses, or critical infrastructure providers,” the strategy document argued. 

Editor’s note, 5/1/23, 1:30 p.m. ET: This article was updated to clarify that government agencies will hold software providers’ letters of attestation on an interim basis while CISA creates a central repository for the documents.

FAA seeks $19.6M to modernize NOTAM system in budget request

Federal Aviation Administration Acting Administrator Billy Nolen said Wednesday that his agency has requested $19.6 million to modernize its Notice to Air Missions system and retire aging applications that played a role in its systems going down earlier this year.

The federal official’s comments came during a House hearing scheduled to examine the FAA’s Fiscal Year 2024 budget request, just months after its computer systems crashed in early January, grounding domestic flights across the United States for nearly two hours.

The incident marked one of the largest examples of a major federal IT system outage caused by a damaged database file, and has raised questions about the pace of the Federal Aviation Administration’s ongoing Next Generation Air Transportation System (NextGen) modernization initiative.

“Funding to hire and train air traffic controllers is only part of the equation. They need modern equipment and fully maintained buildings to perform their duty. One such piece of equipment is the NOTAM system,” said Nolen.

“This request includes $19.6 million to retire our aging databases and applications and move to a more reliable, modern system. The request takes our modernization efforts one step further by providing $115 million toward accelerating other priority projects. This funding will allow the FAA the flexibility to respond to unexpected events and to increase capital investments when needed,” he added.

The FAA in January revoked access to its buildings and systems for tech contracting personnel from Spatial Front, who were directly involved in the deletion of key computer files that took down the agency’s Notice to Air Missions system (NOTAM) on Jan. 11. 

Speaking at a Senate hearing in February, Nolen said the FAA is approximately halfway through its modernization effort of the NOTAM system where it is transitioning to the standards set by the International Civil Aviation Organization (ICAO) which is intended to promote further global harmonization among neighboring Air Navigation Service Providers (ANSPs). 

It is also expected to provide improved accuracy and accessibility for pilots, dispatchers and NOTAM consumers. This modernization effort is expected to be complete by mid-2025 although the FAA is looking into ways to accelerate this current schedule, Nolen added.

OPM sets out vision to become ‘premier provider of human capital data services’

The Office of Personnel Management has laid out its vision to become the “premier” source of human capital data services across government in a new data strategy published Thursday.

In the three-year plan for fiscal years 2023 to 2026 the agency outlines four key objectives it will undertake to establish a single data ecosystem for government workforce data that all government departments are able to access.

OPM’s objectives include developing a data-driven culture, which includes the creation of a workforce with strong data and analytics capabilities, and delivering high-quality human capital data products.

In addition, OPM sets out in the strategy to fulfill the goals of leveraging technology and standards to improve data collection and implementing strong data governance protocols.

The agency holds a wealth of data about federal civilian employees, from their initial recruitment to retirement, which it intends to use more effectively to help agencies make more strategic human capital decisions.

This new strategy is designed to align with the Federal Data Strategy Action Plans for 2020 and 2021 as well as the Workforce Priority section of the President’s Management Agenda. It includes a requirement for agencies to assess data and related infrastructure maturity, identify opportunities to increase staff data skills and identify priority data sets for agency open data plans.

In an introductory note to the new data strategy, OPM Director Kiran Ahuja said: “Given that OPM collects data on the Federal civilian workforce across the employee lifecycle, from recruiting to employment to retirement, the agency has a historic opportunity to become a hub for delivering data-driven policy, enhanced analytics, data standards and digital solutions that together are key enablers for strategic human capital management across the Federal government.”

Commerce Secretary Raimondo: NIST AI framework is ‘gold standard’

Commerce Secretary Gina Raimondo said Wednesday that NIST’s AI Risk Management Framework represents the “gold standard” for the regulatory guidance of artificial intelligence technology and has so far received a warm reception from industry.

Speaking to FedScoop shortly after a Senate Appropriations Committee budget hearing on Wednesday, the secretary emphasized that both regulating and fostering AI technologies remains a top priority of the Biden administration.

She said: “NIST has their risk assessment framework for AI, which industry likes and is kind of the gold standard actually … [A]nd we are also responsible for the legislatively created advisory board on AI.”

Raimondo added: “We’re thinking hard about how to hold companies accountable. The challenge is you don’t want to stifle innovation in a brand new area with massive potential.”

The Biden administration in recent months has worked to hold organizations accountable for addressing bias that may be embedded within AI systems while also promoting innovation. In October, it published an AI ‘Bill of Rights’ blueprint document, which was followed by NIST’s voluntary risk management framework in January.

Speaking with this publication, the Commerce Secretary said also that her agency’s National Artificial Intelligence Advisory Committee (NAIAC) would in late May release its first final formal report with guidance on how the U.S. government should regulate and leveraging AI technology. 

A draft of the NAIAC report, which was released on Tuesday, recommended that the White House encourage federal agencies to implement either the NIST’s AI Risk Management Framework (AI RMF)—or similar processes and policies—to help address risks such as  bias, discrimination, and other social harms that could be created in all phases of the AI technology creation process.

In that draft, some NAIAC members advocated that the committee work on creating a foundational rights-based framework, such as the one laid out in the White House’s October 2022 Blueprint for an AI ‘Bill of Rights’ and lamented the committee’s more immediate and tactical approach. 

Raimondo added: “You know, when a new area with massive potential emerges and it has risks related to misinformation and deep fakes etc, that are massive. So we are working in the interagency and with the White House as aggressively as possible to figure out our approach.” 

The Department of Commerce set up NAIAC in September 2021 to advise the president and federal agencies in accordance with the National AI Initiative Act of 2020, and 27 members were appointed last April. 

The committee issues recommendations on U.S. AI competitiveness, workforce equity, funding, research and development, international cooperation, and legal issues.

Editor’s note, 4/28/22: This story was updated to clarify that NAIAC members have advocated for a rights-based framework, such as the White House’s AI ‘Bill of Rights’ document.

Code for America’s union negotiations break down

Watchdog calls for DOJ immigration review office to update data management guidelines

The Government Accountability Office has called for the Justice Department’s Executive Office for Immigration Review to update guidelines for data management in a new report.

According to the watchdog, EOIR does not have current rules governing the need for reporting secure, objective and useful information to the public. These include the requirement to run regular reports to identify and address any data anomalies.

GAO said: “[U]pdating its guidelines for disseminating quality information could help EOIR ensure that it consistently provides the public with accurate, reliable data on the immigration court system. In addition, while moving immigration cases from a paper-based system to an electronic system for case documentation has garnered many benefits, unforeseen system outages have disrupted work at immigration courts.” 

The Executive Office for Immigration Review is responsible for conducting immigration court proceedings, appellate reviews and other hearings to administer U.S. immigration laws. As part of this remit, the department reports immigration statistics on its website and also publishes statistics in response to Freedom of Information Act (FOIA) requests.

As well as identifying areas for improving data management, the watchdog has called on EOIR to improve workforce planning and its performance appraisal program for immigration judges.

GAO has proposed six concrete recommendations for the organization, including that its director establishes guidelines for disseminating quality information to the public and develop qualitative and quantitative processes to measure whether judicial tools are meeting the needs of users.

The office has taken remediation action in areas including management practices, workforce planning and immigration judge hiring, following recommendations made as part of a previous GAO report published in 2017.

Biden administration announces crackdown on discrimination and bias in AI tools

Four major federal agencies announced Tuesday that they are teaming up to crack down on the use of artificial intelligence tools that perpetuate bias and discrimination.

The Biden administration will use existing civil rights and consumer rights laws to take enforcement action against AI systems and automated systems that allow discrimination, top leaders within ​​the Justice Department, the Federal Trade Commission, the Consumer Financial Protection Bureau, and the Equal Employment Opportunity Commission pledged on Tuesday.

With AI tools increasingly central to private industry and soon potential government decisions about hiring, credit, housing and other services, top leaders from the four federal agencies warned about the risk of “digital redlining.” 

The officials said they were worried that inaccurate data sets and faulty design choices could perpetuate racial disparities and they pledged to use existing law to combat such risks.

“We’re going to hold companies responsible for deploying these technologies, and making sure that it is all in compliance with existing law. I think we are starting the process of figuring out where we’re identifying potentially illegal activity,” said Rohit Chopra, Director of the Consumer Financial Protection Bureau.

“And we’ve already started some work to continue to muscle up internally, when it comes to bringing on board data scientists, technologists and others, to make sure we can confront these challenges,” Chopra added.

The four federal agencies are taking the lead on holding AI companies and vendors responsible for any harmful behaviour because they are the key agencies in charge of enforcing civil rights, non-discrimination, fair competition, consumer protection, and other legal protections to citizens.

Each agency has previously expressed concern about potentially harmful uses of automated systems.

“There is no AI exemption to the laws on the books,” said trade commission Chair Lina Khan, one of several regulators who spoke during a news conference to signal a “whole of government” approach to enforcement efforts against discrimination and bias in automated systems.

Khan said the FTC recently launched a new Office of Technology, which is focused on hiring more technologists with expertise to fully grasp how AI technologies are functioning and potentially causing harm and have the capacity in-house to deal with such issues. 

AI and automated system companies that are government vendors or contractors could also be targeted by the federal government enforcement crackdown.

“So with respect to vendors and employers, obviously, we have very clear enforcement with respect to employers, depending on the facts, and this is true of pretty much every issue that we might look at is very fact intensive. 

“I want to emphasize that there may be liability for vendors as well. And it really depends on how they’re constructed,” said Charlotte Burrows, Chair of the Equal Employment Opportunity Commission (EEOC). 

“There are various legal authorities with respect to vendors and other actors that may be involved in the employment process and developing these tools. So it really just depends on what that relationship is with and what the role that the AI developer or the vendor may have with respect to the employee and processes, both for our authority with respect to interference under, for instance, Title Seven of the Civil Rights Act, or the ADA, which is actually quite a broad interference provision,” Burrows added.

House lawmakers introduce bipartisan VA electronic health record reform bill

House lawmakers have introduced bipartisan legislation that would reform the Department of Veterans Affairs’ electronic health record modernization program if it passes into law.

The bill, if it passes into law, would compel the VA to take a range of measures to reform the troubled EHR program, namely establishing program management within the Veterans Health Administration and reorganizing the management of the current reporting structure for the EHR functional champion and deputy CIO.

Details of the bipartisan proposal follow a raft of legislation introduced by lawmakers on both sides of the aisle seeking either to reform or abandon entirely the IT modernization program.

The legislation also calls to restrict the monetization or selling of veterans’ data by any internal or external entity conducting work for the VA

For the five VA medical centers currently operating the new EHR system, the bill would require the VA to ensure they meet or exceed performance baselines before taking the EHR live at any additional locations.

In addition, if VA and Oracle Cerner are unable to meet the requirements for the five sites within 180 days after enactment of the legislation, the bill would direct the agency to consider terminating or canceling the current contract.

The proposal was introduced by House Committee on Veterans Affairs Chairman Mike Bost, R-Ill., and Ranking Member Mark Takano, D-Calif. The House bill is companion legislation to the EHR Program RESET Act in the Senate, which is sponsored by Sen. Tester, D-Mont.

It comes after the VA last week announced that it would suspend the rollout of the Oracle Cerner-operated electronic health record system to any further locations as part of a program reset.

In a briefing at the time, the agency said the system will not be brought online at any further locations until it is “highly functioning” and issues at current locations are resolved, according to the VA. No timeline has been set for the continuation of the rollout.

Palantir to help Ukraine process data in war crimes investigations

Data analytics company Palantir is set to provide Ukraine’s prosecutor general with software to help investigators process data about alleged war crimes.

In an announcement, the company said the technology would allow Ukrainian investigators to build detailed virtual maps by integrating open-source intelligence with satellite imagery as well as to catalog large quantities of data.

Palantir said the software will be used to help authorities map the location of Russian military units to alleged war crimes and to collaborate securely with international partners.

Commenting on the agreement, Palantir co-founder and CEO Alex Karp said: “Software is a product of the legal and moral order in which it is created, and plays a role in defending it. We have built platforms to navigate the vast amount of sensitive data required for the prosecution of war crimes, and we are proud that our software is now being deployed in Ukraine to defend the West.”

Ukraine’s Prosecutor-General Andriy Kostin said: “Our goal is to build a web of full and comprehensive accountability for international crimes. Individual responsibility of Russia’s military and political leadership is an indispensable part of this. Our focus is on investigating and prosecuting the crimes of aggression and genocide.”

“To prove these crimes, we have to analyze a vast amount of evidence. For example, when investigating the crime of genocide, we look for the genocidal elements in individual war crimes, and at the same time, we examine patterns of criminal actions of the Russian military wherever the occupying troops were stationed. We have registered more than 78,000 war crimes,” Kostin said, adding that “analyzing this amount of evidence would be virtually impossible without modern IT solutions.”

Ukraine’s Office of the Prosecutor-General maintains a war crimes register that documents all recorded incidents of war crimes that have occurred during the armed conflict in Ukraine. These range from the destruction of property to willful killing, torture and rape.

News of the partnership comes after Karp recently emphasized Palantir’s mission to support the West — particularly the U.S. military and federal government — from adversaries like terrorist cells and developed nations like Russia and China who threaten democracy.

During a conversation at the World Economic Forum in Davos, Switzerland, Karp explained that, in his belief, “to make society work, there are basic functions that have to work, one of which is the reduction of terrorism, pushing back on, in my view, human rights abuses largely done by adversaries to the West.”

Food and Drug Administration seeks input on digital transformation plan

The Food and Drug Administration is seeking public input on a new data and technology modernization strategic plan.

The FDA, which is part of the Department of Health and Human Services, will collect evidence about technical capabilities to inform a new data and technology modernization strategy that it is working to publish by Sept. 30.

In particular, the agency is looking for evidence about how the adoption of new technologies could support its public health mission and regulation of the food and drug industries.

The new blueprint document will follow the publication of an initial technology modernization action plan by the FDA in September 2019.

According to the agency, the new plan will shape the agency’s future digital transformation and reflect spending requirements for the agency included in the fiscal 2023 appropriations bill. The appropriations bill allocated a total of $3.5 billion in discretionary funding to the FDA, which represented a $225 million increase from the prior year period.

Earlier this month, the FDA announced that it had signed a new contract with technology giant Oracle Cerner to develop artificial intelligence tools that could be used to extract information from electronic health records and improve understanding of the effects of medicine on large populations.

As part of that contract, the technology company will explore how machine learning and natural language processing can fill gaps in medical data collection.