The votes are in for the 2025 FedScoop.

See the winners!

Technology Modernization Fund rescission: A chance to change course or the end of the road?

Last week, the Senate Financial Services and General Government Appropriations Subcommittee took an axe to GSA’s Technology Modernization Fund, proposing to rescind $290 million in previously appropriated funding. This move follows related action by the House Appropriations Committee earlier this year to zero out funding for TMF in their fiscal year 2024 bill. Clearly, TMF has a problem, at least in the eyes of congressional appropriators. Sadly, Capitol Hill’s concern is neither new nor unwarranted as there has been a growing chorus of policymakers in recent years concerned about the transparency and direction of this once-heralded program.

As someone who was involved in the very early stages of the discussion on the concept that became TMF, and a former congressional committee staffer myself, I share many of the concerns of my former colleagues in Congress. The TMF must find a way going forward, if it is to go forward, to be more open and transparent with Congress and the American public about the projects TMF has funded. Even as a close observer of the program, it’s often hard to tell exactly what’s being funded, who’s involved, and what we expect to achieve. If I were wearing my old congressional staffer hat, I’d be frustrated too.  

That said, when I heard the news last week, I was among the first to point out the important role that TMF has played in funding critical zero-trust cybersecurity and customer experience initiatives, helping in many ways to implement the requirements of the cyber and CX executive orders, as well as laws like 21st Century IDEA that are, for all intents and purposes, unfunded mandates. I said then, and I’ll say again: I think the proposed congressional action to rescind $290 million from TMF is short-sighted, particularly at this moment in our history. With our federal networks facing near-daily cyber incursions from rogue nation-states like Russia and China, we should be investing more, not less, in cybersecurity and IT modernization — and TMF is one tool in that toolbox.  

So, what do we do?  

First and foremost, let’s not give up on TMF. If Congress doesn’t think all of the projects that TMF has funded are worthy, sunlight is the best disinfectant. I encourage rigorous oversight, as the House Oversight and Accountability Committee is doing on the $187 million login.gov award, to determine where improvements can be made. If there are projects that Congress determines should not be funded, tackle those on a case-by-case basis.

Second, the TMF program management office needs to commit to being more open and transparent, as I noted above. Where’s the annual report to Congress that walks through what was funded, why it matters, who’s involved, when it will be completed, and expected outcomes? Something as simple as this would go a long way. The TMF PMO also needs to learn to promote their successes, acknowledge their failures and make the structural changes that may be necessary to get the program back on more solid ground. 

And about that requirement to pay back the “loans.”

The Senate Financial Services and General Government report accompanying the fiscal 2024 appropriations bill highlighted the lack of reimbursement by agencies that have received TMF funds as one of the main reasons for the proposed rescission. After the TMF received the $1 billion infusion from the ARP, OMB and GSA — having listened to agency concerns — issued new guidance related to the TMF. That guidance, in addition to encouraging the prioritization of both CX and cyber-related submissions, offered three new reimbursement paths: full, partial and zero. The reason for this, as I understand it, was that agencies had expressed concerns that the requirement for full reimbursement made participation in the TMF a bridge too far for many. Why? At the end of the day, true savings are hard to identify and even harder to realize (and cost avoidance isn’t real money). Often, even after an IT modernization project is complete, there is a time of transition, where the old and new systems may have to run side-by-side. The financial result of this is that whatever savings we may have hoped to find are likely to take a while to (or may never) be realized and you can’t pay back what you don’t have. The reality is that some reimbursement flexibility is necessary. Or as we saw in the early days of TMF, no one will want to participate. Congress needs to recognize and accept the reality of the reimbursement requirements.  

I’ll close with this, paraphrasing what I told FedScoop last week: The TMF is not perfect, but it has provided a key source of funding for a variety of projects that may not have been funded otherwise. If Congress is serious about IT modernization, improving customer experience and protecting critical federal networks, TMF must be part of the equation going forward.

Mike Hettinger is a former House Oversight Government Operations Subcommittee staff director and founder of Hettinger Strategy Group.

ODNI awards Leidos $375M technology and analytical services contract

The Office of the Director of National Intelligence has awarded federal contractor Leidos a $375 million prime contract to provide the agency with intelligence, technical, financial and management services.

As part of the contract, Leidos will provide ODNI with a wide range of technology services including systems integration, cybersecurity, science and technology, IT project management, security and risk management.

The company will provide further management services including facilities support, assets, logistics and information.

The cost-plus-award-fee contract has a one-year base performance period and six one-year options. 

It is the latest major contract win for Leidos, which provides a range of technology and R&D services to government agencies including the Pentagon and the intelligence community.

Last year, the Defense Information Systems Agency issued an $11 billion contract to the company to consolidate the networks of non-warfighting defense support agencies.

Prior contract awards include a $390 million contract from the Department of Homeland Security for low-energy portal systems, which are used to conduct non-intrusive inspections of passenger vehicles.

The contractor also holds key military research and development contracts with the Pentagon. In December, the Air Force Research Lab picked Leidos to work on a new hypersonic platform that could both gather intelligence on adversaries and attack them.

Small business government contracting hits record high of $163B, SBA says

The federal government awarded $162.9 billion in contracts with small businesses in fiscal year 2022, exceeding its goal for working with small vendors and setting a record high, the Small Business Administration said.

The figure represents a 5.6% year-over-year increase in the volume of small business contract awards made by the U.S. government, up from a total of $154.2 billion during fiscal year 2021.

Over a quarter of federal government contract dollars — 26.5%  — were awarded to small businesses in the last fiscal year, SBA Administrator Isabella Casillas Guzman said Tuesday at an event hosted at NASA’s Washington headquarters. The Biden administration’s goal was 23%. 

Guzman said the federal government overall received an “A” on the SBA’s scorecard for work with small businesses for the last fiscal year. A total of ten federal agencies received an “A+” for their work with small businesses.

Guzman highlighted NASA at the Tuesday event, praising the agency for working “hand-in-hand” with small businesses to ensure access to contract vehicles. The agency received an “A” for fiscal year 2022.

Pam Melroy, NASA’s deputy administrator, said the agency invested $3.6 billion in 1,700 small businesses exceeding its own goal. Small businesses made up 18.4% of NASA’s contracts in fiscal year 2022, Melroy said. The agency’s goal was 15.75%.  

“That’s real money. That is real contribution to our mission, and our mission is pretty exciting because we’re working to go back to the moon,” Melroy said. “Not this time just to visit, but to live and to create the ability for humans to have a sustained presence throughout the solar system for science and exploration.”

Twenty-five small businesses contributed to the work that went into the Mars Perseverance rover, Melroy said. Small businesses worked on the rover’s robotic arm and the blades of the Ingenuity helicopter that works alongside Perseverance, she said. 

NASA also partnered with 491 small businesses in creating the James Webb Telescope, Melroy said. That work included solar cells, batteries, thruster vales, and the sun shield that allows the telescope to look into deep space, which Melory called “probably one of the most significant technical achievements of the James Webb Space Telescope.”

While government-wide contracting for socioeconomic categories like small disadvantaged business and service-disabled veteran-owned small business exceeded goals, historically underutilized business zone (HUBZone) small business and women-owned small business (WOSB) were below targets, according to an SBA release Tuesday.

HUBZone small businesses were awarded a record $16.3 billion, despite not meeting the goal of making up 3% of total eligible dollars, SBA said.

Meanwhile, women-owned small businesses made up 4.6% of the fiscal year 2022 eligible dollars, which was below the administration’s goal of 5%. The total amount awarded to those contracts did increase by about $1.9 billion from the previous year, however.

SBA said it “remains dedicated to collaborating with contracting agencies, actively pursuing future changes to achieve the 5% WOSB goal.”

Only two of the 24 CFO Act agencies received below a score of “B.” The Department of Health and Human Services received a “C” and the Department of Veteran’s Affairs received a “D.” 

Sam Le, director for policy planning and liaison at the SBA, said in an interview with FedScoop that NASA does particularly well with its small business subcontracting.

“NASA buys things that are sometimes difficult for a small business to provide on its own,” Le said. “They’re buying rockets and complex research and development, but despite some of those requirements, NASA’s still able to meet its small business goals and particularly push on the prime contractor to use small businesses at the subcontracting level.”

Editor’s note, 7/18/23: This story was updated to include further details of other agencies’ scorecard performance and comment from Sam Le.

Senators propose new bipartisan AI legislation focused on national health security

New bipartisan legislation proposed by Senators Ed Markey, D-MA, and Ted Budd, R-NC, on Tuesday would push the Department of Health and Human Services to take a more active role in studying the potential biosecurity risks created by artificial intelligence.

One of the bills, which is called ‘‘Artificial Intelligence and Biosecurity Risk Assessment” Act, would charge the HHS assistant secretary for preparedness and response with evaluating whether and how more advanced forms of artificial intelligence could be used to develop various types of biosecurity threats, including, for example, chemical weapons and novel pathogens.

The other bill — the ‘‘Strategy for Public Health Preparedness and Response to Artificial Intelligence Threats” Act — proposes broader responsibilities for HHS, including requirement that the agency develop a plan focused on the risks that AI might pose to national health security. That strategy would eventually need to be submitted to members of Congress.

“As AI grows in power and influence, we may face the real prospect of AI-generated threats like biological or chemical weapons,” said Budd in a press release published on Tuesday. “The federal government must not be caught flat-footed on these threats and should begin to prepare now.”

“Either we prevent the risks now, or Americans will be left dealing with the consequences for decades to come,” said Markey in a statement also included in the press release. “It is vital for us not only to understand the impacts of artificial intelligence on our health but to act with the urgency that this moment requires.”

The legislation comes as federal agencies continue to wrestle with how to study and regulate the risks created by artificial intelligence.

General Services Administration names 48 new US Digital Corps fellows

The General Services Administration has picked 48 early-career technologists to take part in the latest cohort of the United States Digital Corps’ fellowship program.

The group will support 13 federal agencies and joins the first round of fellows, which was announced last year. A full list of the new appointees is available here.

U.S. Digital Corps launched in 2021 to help bring early-career software engineers, data scientists and other technologists to federal service for a period. The program won a FedScoop 50 award in 2022.

Projects this second cohort of fellows will work on include helping two interagency “life experience” teams to support low-income mothers and families, advancing the White House Office of Science and Technology Policy’s year of open science, and supporting teams within the General Services Administration’s Technology Transformation Services division.

In a statement commenting on the latest cohort, GSA Administrator Robin Carnahan said: “For the second year, we’re bringing a diverse and highly talented group of technologists into government through the U.S. Digital Corps.”

“Growing this corps is another way we’re driving innovation and modernization while ensuring that Americans get the services they need –  when they need them – from their government,” she added.

U.S. Chief Data Scientist Dominique Duval-Diop said: “In an environment where developments in data science and artificial intelligence are happening daily, it’s crucial that we have a wide array of technical perspectives at policy tables to ensure these developments benefit all Americans and protect against potential harms.” 

Applications for the third cohort of USDC fellows, which will start work in summer 2024, will open this fall.

On inventorying operational technology, Amtrak may not be on track

In November of last year, Amtrak’s Office of Inspector General published an investigation into the federal rail service’s operational technology. These tools are critical to Amtrak’s service and affect everything from signals to train dispatching. But, according to the inspector general, the railroad wasn’t maintaining a standardized inventory of all its OT assets, exposing Amtrak to a range of cybersecurity risks.

Now, months later, it appears that Amtrak’s cybersecurity team has yet to make a complete and centralized inventory of its operational technology, and does not have “immediate access” to the separate spreadsheets where they are currently tracked. In an email discussing a related public records request, an Amtrak information and records manager told FedScoop that the office did not know which of the many employees referenced in the OIG report might currently have those spreadsheets.

The OIG report argued that Amtrak’s approach was “contrary to industry standards” and may increase “the risk of cyberattacks that could disrupt mission-critical operations.” Amtrak, of course, remains a critical service provider in the United States, and was responsible for transporting tens of millions of passengers last year alone.

Un-inventoried operational technology presents different risks than un-inventoried information technology, but the OIG report still noted that Amtrak’s “practices for identifying and tracking OT assets are not effective because it does not manage the cybersecurity of these assets with an enterprise-wide approach.” David Tochen, an attorney who focuses on transportation issues at Fox Rothschild, and who served as general counsel at the National Transportation Safety Board, called the November OIG report “quite sobering.” 

“It prevents you from understanding your exposure attack surfaces,” added Kevin Kumpf, a chief strategist at the cybersecurity firm Cyolo who has written about rail security. “You must establish a baseline. You must do vulnerability scanning to prevent ransomware. If you’re gonna do vulnerability scanning, you have to know all your assets to scan.”

The inspector general’s report pointed to several concerning anecdotes. In one instance, for example, the Department of Homeland Security sent a security alert to Amtrak’s Information Security team about a potential vulnerability, only to have the Information Security team email “five business department employees” to figure out if any of their assets could be impacted by the issue flagged by DHS.   

When FedScoop filed a public records request for these spreadsheets in July, Amtrak sent a response noting that “Amtrak employees are maintaining OT asset data in separate inventories and spreadsheets, none of which are tracked” and that “[c]ybersecurity does not have immediate access to these spreadsheets.” Amtrak is in the process of developing a centralized asset management system, the response email to FedScoop noted, but did not say when it would be complete. 

Some experts question the overall significance of the issue. The OIG report was “really overblown,” according to Patrick Miller, the CEO of Ampere Industrial Security. Many larger organizations, and particularly those dealing with legacy OT, operate as Amtrak has, he argued. Most of the assets that Amtrak might be dealing with are not connected to the internet, and there are unlikely to be frequently delivering software updates, anyway, Miller said.

“It will improve your security posture,” Miller told FedScoop. “But will it make it to a state where they can patch it when Microsoft issues a patch every Tuesday? No, it won’t do that. And not because they can’t do it or won’t do it or they’re negligent, but just because you just can’t do that with OT. It just doesn’t work that way.”

The report, which was partially redacted, noted that management expected to address all the issues by December 2023. 

The safety and security of passengers and employees is our highest priority, and we are always looking to improve security. The OIG report outlined four recommendations. We have addressed two of the recommendations. While we recognize the need for continuous improvement of the company’s cybersecurity posture, Amtrak continues to make significant investments in cybersecurity and a plan is in place to address the other two recommendations to meet the deadline for completion.”

FedScoop reached out to Amtrak’s press office to comment in early July and requested more information on the status of several recommendations that the Office of the Inspector General made, which included creating a network diagram to fully understand the scope of its OT assets and forming a working group focused on tracking these systems.

In a statement, Amtrak said: “Amtrak is in compliance with TSA’s Security Directives for cybersecurity, which includes an inventory of critical cyber systems. We have also submitted a Cybersecurity Implementation Plan that details our steps to protect these critical systems. Additionally, a Cybersecurity Assessment Program has been developed to proactively assess critical cyber systems to determine the effectiveness of the Cybersecurity Implementation Plan.”

The railway company added: “The safety and security of passengers and employees is our highest priority, and we are always looking to improve security. The OIG report outlined four recommendations. We have addressed two of the recommendations. While we recognize the need for continuous improvement of the company’s cybersecurity posture, Amtrak continues to make significant investments in cybersecurity and a plan is in place to address the other two recommendations to meet the deadline for completion.”

Kumpf pointed to a Transportation Security Administration security directive released last October that directed owners and operators of rail services to submit a cybersecurity implementation plan for agency approval. As part of the cybersecurity measure, these operators are supposed to implement several requirements related to operational technology.

Recent cyberattacks on railways

June 2022Hackers target Lithuania’s state railway, airports, media companies, and government ministries with DDoS attacks. A Russian-backed hacking group claimed responsibility for the attack. 
November 2022Hackers damage Danish State Railways’ network after targeting an IT subcontractor’s software testing environment. The attack shut down train operations for several hours. 
December 2022Ukrainian government agencies and state railway systems hit with email phishing attacks. Emails obtained included information on kamikaze drone identification and deployed malware designed for espionage onto victim machines.
April 2020An unknown third party breaches gains unauthorized access to certain Amtrak Guest Rewards accounts.
Source: Center for Strategic & International Studies

“TSA is aware of this OIG Report and is engaged with Amtrak related to the TSA Security Directives. The Cybersecurity Security Directive, issued in October 2022, requires, among other items, operators to conduct an inventory of all cyber systems and identify those systems that meet the criteria for critical cyber systems,” DHS told FedScoop in a statement last week. “Amtrak is current in meeting the performance-based provisions of the Security Directive, and has identified the operator’s critical cyber systems.”

“TSA remains engaged with Amtrak, and we continue to work across the transportation system with owners and operators to strengthen their cybersecurity posture toward outcomes that ensure preparedness and resilience,” the DHS statement added.  

DHS did not share more information on how Amtrak is following the requirements of this directory without an inventory of operational technology.

“Historically, [TSA] directives have emphasized processes and reporting of security breaches in both Operating Technology (OT) and IT systems,” the Federal Railroad Administration, which has a role in certifying the cybersecurity of Amtrak’s positive train control systems, told FedScoop in an email. “However, TSA has recently focused on more prescriptive requirements to segregate OT systems from IT systems as well as methods to secure communications and internet-based systems.”

There’s a growing focus on railroad cybersecurity. Last November, hackers targeting a railway in Denmark shut down trains for several hours. In 2020, Amtrak announced that hackers had gained access to its guest rewards systems. The University of Maryland recently founded a center devoted to rail cybersecurity, citing the increased use of digital technologies in railway operations. 

At the same time, interest in the cybersecurity of operational technology is also surging, especially as technologies that help operate and support physical infrastructure become increasingly integrated.

The National Transportation Safety Board said it did not comment on issues the agency wasn’t investigating or had investigated in the past. The American Rail Association said it does not comment on its association members. 

Editor’s note, 7/18/23: This story was updated to include comment from Amtrak.

Microsoft appoints Candice Ling as head of federal business unit

Microsoft on Tuesday will announce the appointment of Candice Ling as senior vice president and head of the technology giant’s federal government business unit, FedScoop has learned.

The executive has over two decades of leadership experience in the tech sector and was previously vice president at Microsoft’s public sector division. In her new role, Ling’s priorities are expected to include using the company’s partnership with tech giant OpenAI to help agencies adopt artificial intelligence tools.

Ling’s appointment follows the departure of Rick Wagner, who last week stepped down as Microsoft Federal president.

In addition, the Redmond, Washington-based software giant has also named Roger Heinz to lead Microsoft’s communication sales and delivery team amid a slight reshuffle of its Strategic Missions and Technologies team, according to Microsoft job announcements shared with FedScoop.

The leadership reshuffle comes as Microsoft faces intense intense scrutiny after hackers based in China breached the email accounts of senior U.S. officials, an operation that utilized a flaw in a Microsoft product and was discovered thanks to a logging feature that costs customers extra. Biden administration officials, security researchers and members of Congress have questioned the company’s commitment to security in the aftermath of the hack and why Microsoft is upselling customers for core security features.

“In this new era of government, we are dedicated to and laser-focused on accelerating AI adoption in support of your mission,” Ling is expected to say of her appointment, according to remarks shared with FedScoop. “We are always honored to stand by you, and it is a wonderful privilege for us to lead the charge in the AI revolution together.” 

Ling has been with Microsoft for five years including two years as Microsoft Asia Government lead in Singapore and three years on its federal team in Virginia. Ling previously spent 19 years with Canadian IT consulting company CGI in various leadership roles.

The reshuffle also comes as Microsoft works to expand the services it provides to U.S. government agencies, including through the provision of artificial intelligence-assisted cloud technology.

Last month the technology giant launched its new Azure OpenAI Service for government, which the company says will allow federal agencies to use powerful language models including ChatGPT while adhering to stringent security and compliance standards.

That service is intended to allow government departments to adapt models including GPT-3 and GPT-4 for specific tasks, including content generation, summarization, semantic search, and natural language-to-code translation.

In September 2021, Microsoft combined its U.S. federal business unit with its Azure cloud team to create a new subsidiary as part of a reorganization of the technology giant’s U.S. public sector operation.

Microsoft has a long track record working with government agencies, and for nearly two years was embroiled in a legal dispute with Amazon after winning the Pentagon’s JEDI cloud contract.

Schumer: Congress has ‘no choice’ but to join the AI revolution

Senate Majority Leader Charles Schumer, D-NY, on Monday reiterated his support for a new framework for the regulation of AI that focuses on making innovation a “North Star” for the United States’ approach to the technology.

“Even when companies are good and want to have some of the protections that we need, if their competitors aren’t doing it, they’re going to be under huge pressure not to do it themselves,” said Schumer. “That’s why Congress must join the AI revolution. The federal government — we have no choice.”

Speaking alongside IBM CEO Arvind Krishna at an event in downtown New York, the senator repeated his support for his SAFE Innovation Framework. That framework, which was introduced last month, aims to focus on regulatory questions related to competition, open-source technology, and federal financial incentives that are raised by AI.

Schumer said he was particularly concerned with AI explainability — the idea that the technology must be able to articulate why it makes one decision, and not another, which he called one of the most “difficult” technical issues in AI. “You want the system to spit back some kind of satisfying answer,” he remarked.

Stalled immigration reform has also exacerbated technology workforce challenges, Schumer added.

The Senate Majority leader is now planning nine different forums, which will occur later this fall, that will focus on potential avenues for regulating the technology. The idea is to include members of private industry, but also skeptics and critics of the technology. These panels, called “Insight Forums,” will focus on issues including national security, privacy, and high-risk applications and bias, and the implications of AI for the workforce.

Schumer played a critical role in passing the Chips and Science package passed last year — Krishna cited that legislation as an critical milestone for US tech competitiveness. Notably, IBM’s semiconductor business, along with several New York fabs, upstate could be major beneficiaries of that package.

Schumer’s comments also come as federal officials, along with Congress, weigh myriad approaches to regulating AI.  There’s growing pressure on the US to catch up to the European Union, which recently passed a draft law called the AI Act. At the same time, federal officials are also searching for ways to push US companies to the forefront of global AI technology development — particularly as China continues to invest in the technology, too.

As the quest to regulate the tech ramps up, AI experts, activists, and civil rights groups have continued to highlight  the myriad harms that artificial intelligence can create or exacerbate, including misinformation, bias and discrimination, intellectual property issues, and data privacy and cybersecurity risks. 

Amid calls to both accelerate and rein in AI development, tech companies have — unsurprisingly — advocated for their own preferred regulatory paradigms. IBM has extensively promoted a “precision regulation” approach to artificial intelligence, which would involve focusing on particular tools and particular applications. The company has supported frameworks developed by agencies like NIST — and has opposed the notion of creating a new federal agency to focus on the technology. 

“We also believe one must not try to regulate the actual algorithms — or what we call the underlying computer science — all that is going to make it go to a place where the regulations are not there,” said Krishna.  “But you must regulate use cases because those are what drive the benefit and the harm that is there.”

Senate lawmakers propose $80M funding cut for US Digital Service

Lawmakers in Congress last week approved an appropriations bill for the 2024 fiscal year that would rescind $80 million in funding for the United States Digital Service, if it passes into law in its current form.

The Senate Committee on Appropriations on Thursday waved through language in the Financial Services and General Government Appropriations Act that would claw back the sum, which was awarded to USDS as part of a funding package included in the American Rescue Plan.

The move to recoup funds from the executive branch-housed technology unit comes amid concerns from senior leaders within the federal IT community over its transparency and use of funding.

Advocates for the White House digital services unit say it offers a mechanism for bringing senior Silicon Valley talent into government service for a defined period, and cite projects such as the COVID.gov website as an illustration of where it can be most successful. However, in recent months, government IT leaders and lawmakers have raised concerns about a lack of operational transparency from the unit.

Speaking with FedScoop, one currently serving government technology leader described USDS’s strategic plan as opaque and said it was often difficult to obtain operational details from the unit. “What the hell are they working on? What are they doing that is pushing forward the enterprise and the administration’s priorities?” they said, speaking with FedScoop on the condition of anonymity because they were not authorized to share their concerns.

In a statement to FedScoop, former Senate Homeland Security and Government Affairs Committee Senior Adviser Matt Cornelius said: “During my time in Congress, I was deeply critical of USDS’s leadership and financial management, especially their steadfast refusal to provide simple accounting data on how they were using the $200m they received under the ARP.”

“I’m glad that the Senate Appropriations Committee followed my public recommendation to rescind USDS’s ARP funds and believe the decision is a clear, powerful step towards enforcing greater transparency and fiscal responsibility in the office. If USDS is going to survive long term, they need to jettison their flippant disregard for Congress and be more forthcoming about their financial management practices and performance goals,” Cornelius added.

USDS, which was launched in 2014 by the White House provides consultation services to federal agencies on IT and technology issues and works to improve and simplify digital services and improve federal websites in particular.

During the past couple of years, the unit has sought to hire engineers, designers, product managers, acquisition strategists, and policy experts to expand its work. It has grown to a team of over 200 people and a network of over 500 alumni as of 2021 while becoming a farm system for federal chief information officers and chief technology officers.

That work includes supporting the Centers for Disease Control and Prevention during the COVID-19 pandemic, streamlining financial relief, improving the immigration and refugee processes, aiding students with their loans, and reforming procurement and federal hiring.

In particular, USDS played a key role in the COVID-19 rapid test website that launched in early 2022 in conjunction with the U.S. Postal Service to make 500 million rapid tests available on the heels of the Omicron COVID-19 variant’s rapid spread.

“Placing USDS back into the regular appropriations process will ensure that they are more transparent with Congress about the purpose of the office and the amount of funding they need to support their mission, and will allow Congress to set up necessary guardrails to ensure USDS effectively utilizes any future resources Congress allows them to receive,” said Cornelius.

In a statement, Rohan Bhobe, CEO of D.C.-based civic tech company Nava Public Benefit Corp., said: “Government agencies have made a lot of progress towards implementing the Biden Administration’s Customer Experience Executive Order, but there’s a lot of work that still needs to be done. Government services that are more simple, effective, and accessible to all can also save taxpayer dollars and help government agencies become more resilient. 

Bhobe added: “The technology expertise agencies like USDS and 18F have provided, in partnership with their civil service partners, has empowered many federal agencies to effectively deliver better digital experiences to millions of people. We hope Congress will continue to prioritize investing in technology infrastructure that helps millions of their constituents conduct business with their government every day.”

USDS did not respond to requests for comment.

Editor’s note, 7/17/23: This story was updated to include comment from Nava Public Benefit Corp.

Completing move to zero trust among Customs and Border Protection’s new IT goals

U.S. Customs and Border Protection identified moving to a zero-trust architecture as a top priority in the agency’s updated IT strategy.

The Department of Homeland Security agency identified the cybersecurity model as an area of focus in its IT strategy document for 2023 to 2027, which was published recently. Ensuring federal agencies adopt zero-trust architecture remains a top priority for the White House.

In the new report, CBP said one of its goals for the next four years is to shift its existing “perimeter-facing” cyber protection model to zero trust in an effort to “create a more robust and resilient security, simplify security management, improve end-user experience, and enable modern IT practices.” 

The move comes as the Biden administration has focused on zero trust implementation across the federal government to enhance cybersecurity. In January 2022, the Office of Management and Budget outlined a path for implementing zero-trust architecture throughout the federal government by 2024 and required agencies to start taking certain steps. 

Zero trust refers to a cybersecurity framework that includes continuous authentication throughout its architecture for improved security. The structure moves away from models with defenses that existed at only the perimeter of a network.

CBP also listed developing and maintaining its cyber workforce and improving cybersecurity awareness at the agency as part of its cyber goals. In addition to cybersecurity, CBP’s strategy includes goals for mission infrastructure, mission applications, trusted partners, enterprise IT governance and Chief Information Officer business operations.