The votes are in for the 2025 FedScoop.

See the winners!

What the midterm results mean for federal IT leaders

While control of Congress following Tuesday’s midterm elections is likely to remain unsettled for several more days, Republicans are still poised to take over the House of Representatives, setting up many confrontations with the Biden administration over the next two years.  

Speaking with FedScoop, senior members of the federal tech policy community explained what this could mean for day-to-day operations at the IT departments of government agencies, and outlined key issues C-suite leaders will have to face during the 118th Congress:

Increased oversight

Federal agency leaders can expect increased oversight from Republican lawmakers as they ramp up opposition to the  administration’s agenda. In particular, chief information officers and other senior officials with direct responsibility for IT project management should expect more frequent calls to attend congressional hearings and respond to questioning from lawmakers.

Scrutiny of the federal agencies that have substantial funding increases including the Internal Revenue Service, Department of Homeland Security, Federal Trade Commission and Federal Communications Commission is likely to be especially in-depth and potentially hostile.

As one federal IT policy expert told FedScoop: “The Republicans in the House are super-focused on oversight, and of the federal agencies, IRS is likely at the top of the list. They are not thrilled with the $80 billion allocated to the agency as part of the [Inflation Reduction Act].” 

Another IT policy expert agreed with this characterization and said the IRS would need to be ready “to make the case that investment in IT services is going to streamline and improve services for citizens.”

Republicans in both the House and Senate have expressed staunch opposition to the $80 billion the IRS received from the Inflation Reduction Act, of which $4.8 billion is allocated for revamping the agency’s antiquated IT and cybersecurity systems.

A September letter from Republican senators to outgoing IRS Commissioner Chuck Rettig sounded the alarm over “speculative return-on-investment” estimates from the IRS and Treasury Department over IT spending, including $347 million relating to a Foreign Account Tax Compliance Act compliance program.

Sens. Chuck Grassley, R-Iowa, and John Thune, R-S.D., last week announced their intention to introduce legislation that would give Congress a direct say in how the $80 billion in fresh funding for IRS is spent.

Carl Szabo, vice president of the tech industry group NetChoice, told FedScoop that Reps. James Comer, Cathy McMorris Rodgers and Jim Jordan all of whom are slated to lead major committees in a GOP-led house are sponsors of a bill to protect speech from government interference, and that they’re likely to use their new power to pursue deep-dive investigations into the tools being used by agencies, including DHS, to tackle misinformation.

Departure of expertise

A changing of the guard among lawmakers is likely to reduce focus on certain cybersecurity policy proposals including FISMA and FITARA reform. If the Republicans take the House, Rep. Gerry Connolly, D-Va., will lose his position as chairman of the House Oversight Subcommittee on Government Operations.

“No longer having Connolly setting the agenda will be a major setback for the federal IT community,” said one federal IT policy source. A potential Republican successor for Connolly remains uncertain, with lawmakers such as Rep. Nancy Mace, R-S.C., being floated as a candidate.

IT policy sources also emphasized that it will take several months for the Republican Party to hire sufficient staff to reshape the House committees, and that the likely structure of subcommittees remains uncertain. The House Oversight steering committee could, for example, establish a subcommittee focused specifically on federal IT operations.

In addition, heightened scrutiny from lawmakers raises the specter of further government agency IT leadership departures, even as government departments struggle to hire and retain cybersecurity talent. As one IT policy source: “If you’re going to get the s*** kicked out of you, are you going to stick around?”

Federal IT policy leaders speaking with FedScoop warned of a pressure-cooker environment on the Hill arising from the increased pace of oversight, but added that agency leaders have been preparing for this outcome and should have the support mechanisms in place to rebuff partisan attacks.

“Don’t forget that agencies and the White House are expecting this and have staffed up with lawyers and senior advisers,” said one policy expert.

Disinformation focus

House Republicans have expressed their intent to interrogate DHS’s attempts to tackle misinformation and disinformation. 

“All the key House Republicans that will lead tech-related committees are sponsors of legislation to protect speech from government interference, which would affect DHS activity significantly,” added Szabo. “They’ve openly said they’ll do a deep-dive investigation into misinformation and disinformation reduction efforts by the Biden administration and the tools and technologies the federal government is using to push social media platforms and the tech industry to moderate content or censor.” 

Democrats say disinformation — false information spread deliberately — is a threat to democracy and national security. However, an increasing number of Republicans regard attempts to counter disinformation as a threat to First Amendment rights.

In particular, Republicans have expressed concerns about a February bulletin from DHS saying the federal government plans to work with public and private sector partners, including major social media companies, to reduce the “proliferation of false or misleading narratives, which sow discord or undermine public trust in U.S. government institutions.” 

 CISA also published a report in June setting out plans to tackle misinformation and disinformation that some Republicans have warned could result in censorship under the guise of national security or election security. 

DHS provoked the ire of Republicans and stirred national controversy in April with its launch of a Disinformation Governance Board. The agency was pressured to backtrack and shut down the committee after it received criticism from both sides of the political aisle.

Digital record-keeping

Another key area where technology leaders can expect further attention from a Republican-led House of Representatives is in the area of digital record-keeping.

Top House Republicans earlier this month called out Securities and Exchange Commission Chairman Gary Gensler for inconsistencies and hypocrisy with digital record-keeping laws. Such criticism is likely to become more vocal, and it could result in fresh investigations being launched.

The controversial deletion of Secret Service phone data around the time of the Jan. 6 attack on the U.S. Capitol revealed wider systemic problems with federal digital records preservation. Republicans have already sent Biden administration officials hundreds of record preservation letters indicating their intent to probe the administration for illegal behavior, including regarding federal transparency laws.

“Republicans took aim at the SEC and Gary Gensler recently, so we expect that to continue in the majority because they’re mad at him for his ideological agenda and his record-keeping stuff,” said James Czerniawski, senior tech policy analyst at the conservative advocacy group Americans for Prosperity. “The Federal Trade Commission, which regulates tech companies, will also face scrutiny from Republicans for their policies and spending, including through records preservation.”

House Republicans that are likely to control key committees, including Jordan, Comer and Tom Emmer, sent the SEC a letter Nov. 2 pointing to reports that the agency was “failing to comply with federal record-keeping statutes.” 

The GOP letter also referred to recent litigation showing that the “SEC is failing to identify and produce records of official business conducted on non-email or ‘off-channel’ platforms, such as Signal, WhatsApp, Teams, and Zoom.” 

In addition, Republicans have criticized SEC officials for using the private communications platforms for official business, without producing these records in response to open-record requests, while at the same time aggressively enforcing record-keeping laws on Wall Street banks. The SEC in September fined Goldman Sachs, Morgan Stanley and other financial firms over $1.1 billion after bankers discussed deals and trades on their personal devices and apps.

Republicans on the House Judiciary Committee in August also sent the Federal Trade Commission a letter outlining their intent to investigate recent watchdog findings of the agency’s use of unpaid consultants and experts, and instructed the agency to preserve all relevant digital records.

Benjamin Freed contributed to this article.

Biden to nominate Danny Werfel as IRS commissioner

President Biden intends to nominate Danny Werfel to be the next commissioner of the IRS, the White House announced Thursday.

Werfel served under both presidents Barack Obama and George W. Bush as acting IRS commissioner and Office of Management and Budget controller, respectively.

The managing director of Boston Consulting Group’s public sector practice would helm the IRS right as it’s received $80 billion — $4.8 billion for modernizing business systems and cybersecurity monitoring — via the Inflation Reduction Act.

Werfel oversaw the launch of IRS-related Affordable Care Act technology and weathered a multi-week government shutdown, after Obama appointed him to handle numerous congressional investigations into mismanagement and bias in determining the tax-exempt status of nonprofits in 2013.

As OMB controller he led implementation of the $787 billion American Recovery and Reinvestment Act with minimal fraud or error and ensured the Office of Financial Stability had a clean financial statement audit in its first year.

Werfel has been a co-host of Scoop News Group’s Gov Actually podcast since 2017.

DHS extends proposal deadline for $10B FirstSource III solicitation following changes

The Department of Homeland Security has extended the deadline for Phase II proposals for its $10 billion IT and software solicitation for the seventh time at offerors’ requests.

Offerors now have until 10 a.m. EST on Nov. 21 to submit proposals containing prior experience, past performance and pricing for the FirstSource III solicitation, after DHS amended specifications for the IT value-added reseller category.

The additional delay comes after eight offerors preemptively submitted bid protests with the Government Accountability Office. The protests came after details of the procurement’s second phase were sent out in early August.

DHS initially planned to award the 10-year solicitation — which will consist of five multiple-award, indefinite delivery, indefinite quantity contracts — in September 2021, but then it received an unanticipated 637 Phase I proposals from 325 offerors delaying the process.

The Phase II proposal deadline may shift again with another amendment forthcoming.

“The team is still addressing the technical questions, but is pleased to provide responses to the contracting related questions,” reads DHS’ latest notice. “Another amendment will be issued to answer the technical questions and update the relevant solicitation documents.”

FirstSource III covers two categories, ITVAR and software, and is a small business set-aside with five tracks: 8(a)s, historically underutilized business zones (HUBZones), service-disabled veteran-owned small businesses; women-owned small businesses; and all small businesses. Each will have its own contract.

Phase I proposals had to include an offeror’s ability to perform work and supply chain risk management approach. Offerors “unlikely to be viable competitors” received an advisory down select notification from DHS saying as much to potentially save them money on proposal development, but they could still choose to continue with Phase II, according to the draft request for proposals.

Two offerors, DH Technologies and DH Concepts Group, withdrew their protests on Aug. 30. The rest — CounterTrade Products; iT1 Source; GovPlace, Inc.; Invicta Group; PatriaTech JV; and Better Direct — saw their protests dismissed Sept. 9.

NIST proposes project to improve cybersecurity at water utilities

The National Institute of Standards and Technology wants feedback on a proposed project that would pilot solutions to common cybersecurity risks faced by water and wastewater plants.

Run out of the National Cybersecurity Center of Excellence, the project would profile commercially available asset management, data integrity, remote access and network segmentation solutions to develop a reference architecture for the sector.

The pilot would respond to concerns heightened last year after a hacker remotely accessed a computer at a water treatment plant in Oldsmar, Florida and attempted to increase the lye in the water supply to dangerous levels. Despite being thwarted, the attack was a wakeup call for government and the water and wastewater systems (WWS) sector that has the NCCoE looking to secure data-enabled capabilities utilities are increasingly using to improve their service.

“There is apparent general consensus from WWS stakeholders that additional cybersecurity implementation references are needed to assist in the protection of its critical infrastructure,” reads the project description, which is open for public comment until Dec. 19. “The advancement of network-based approaches, together with an ongoing increase in cyber threats, merit the need for sector-wide improvements in cybersecurity protections.”

The NCCoE will create a pilot-lab environment for a case study with the goal of producing a NIST Cybersecurity Practice Guide with detailed steps for implementing the reference architecture developed. Ideally the guide will serve as a “starting point” for utilities in securing their production environments, according to the white paper.

WWS utilities increasingly rely on automation, sensors, data collection, network devices and analytics software, which increases the threat of a cyberattack. What’s more, their piped distribution infrastructure typically spans a large geographic area with operational technology (OT) likely reliant on supervisory control and data acquisition (SCADA) systems for real time sensor data transmission.

Industrial Internet of Things devices and platforms, like cloud-based SCADA and smart monitoring, further narrows the gap between OT and IT and increases utilities’ cyber risk.

While the project will focus on municipal-scale utilities, NIST wants to hear from as many WWS utilities as possible.

“In our efforts to ensure our guidance can benefit the broadest audience, the NCCOE is especially interested in hearing from water utilities of all sizes: small, medium and large,” reads the announcement.

Leidos hit with DOJ subpoenas as part of antitrust, fraud probes

Federal contracting giant Leidos is responding to federal grand jury subpoenas issued as part of two separate Department of Justice investigations, according to company filings. 

The publicly listed company received a request for documents in August relating to a criminal investigation by the DOJ’s antitrust division, as well as a request for documents arising from a probe launched by the department’s fraud division.  

Leidos disclosed details of the investigations in its third quarter results, but said it could not offer further guidance on investigation timings or likely outcomes.

According to Leidos, the DOJ’s antitrust division in August requested documents relating to three government procurements associated with the company’s intelligence group in 2021 and 2022.

“We intend to fully cooperate with the investigation, and we are conducting our own internal investigation with the assistance of outside counsel,” the company said in filings.

In September, the DOJ’s fraud division sought documents from the company relating to a second investigation. Leidos noted that this was launched after the company self-reported unspecified conduct that may have violated laws including the Foreign Corrupt Practices Act. 

Leidos is one of the largest providers of technology to federal agencies such as the Department of DefenseDepartment of Homeland Security and NASA.

The company reported revenues of $1.8 billion from DOD and Intelligence Community work during the third quarter of 2022 and revenues of $1.3 billion from contracts with other civilian government agencies.

The Foreign Corrupt Practices Act prohibits businesses from making payments to foreign officials to assist in obtaining or retaining business. Penalties can include up to five years in prison, $100,000 in criminal penalties and up to $10,000 in civil penalties.

A Leidos spokesperson declined to comment further on the pending investigations.

Interior Department launches cloud solicitation with up to $1B ceiling

The U.S. Department of the Interior has issued final details of a single-source cloud procurement that could be worth up to $1 billion.

In a solicitation document published on SAM.gov, the agency set out requirements for an indefinite-delivery, indefinite-quantity contract, which is known as Cloud Hosting Service III (CHS III).

It comes after the U.S. Geological Survey in May issued a wide-ranging draft solicitation. Through the procurement, the Department of the Interior is seeking to obtain virtual private center cloud services that will support cloud and managed service requirements.

Interior hopes to support its core priorities of migrating technology services to the cloud and consolidating its data centers. The contract will have five-year base and three two-year options to extend. It has a minimum value of $10 million and a ceiling of $1 billion.

Throughout the proposed solicitation, the department has stressed the importance of moving agencies across Interior to a more standard, shared services IT experience away from local data centers while also providing flexibility for each of those agencies’ distinct IT needs and environments, as directed in the 2019 federal Cloud Smart policy.

This new CHS III acquisition comes as Interior’s Foundation Cloud Hosting Services contract, awarded to a group of 10 contractors in 2013 with a total ceiling of $10 billion, is set to expire next year. That contract saw a lengthy bid protest process led by losing bidder Centurylink.

At the same time, the General Services Administration is working on a governmentwide cloud blanket purchase agreement called Ascend as a part of the agency’s larger effort to develop a “Cloud Marketplace” for the federal government. With the eventual BPA, GSA wants to “provide a streamlined method for government agencies to acquire and implement secure, integrated commercial cloud service solutions, including cloud focused labor services.”

USPTO eyeing encryption-in-use technology to secure claims data

The U.S. Patent and Trademark Office is considering the adoption of encryption-in-use technology to protect data as it builds out its zero-trust security architecture, Chief Information Officer Jamie Holcombe told FedScoop on Tuesday.

Traditional encryption protects data at rest or in transit but not when it’s in use by on-premise or cloud applications, and disk encryption solutions degrade performance and can lock users out.

Encryption-in-use secures only underlying sensitive data, regardless of location, and analyzes requests in real time to block suspicious ones. According to Holcombe, it could help USPTO protect sensitive claims information because the technology is less likely than traditional forms of encryption to degrade performance.

“I have an obligation to disseminate all public data as best I can, but the things that I need to keep secret are the claims that the patent applicants file with us,” Holcombe said. “And it’s only good from the first application date to 18 months later, then something has to happen to it.”

Until then claims are USPTO’s version of “top secret,” he added.

The companies developing encryption-in-use are mostly startups, but Holcombe isn’t interested in those adding it to USB devices. He wants the capability in the data center.

“That’s where your cloud storage companies come in because they’re buying that technology from these little guys, but I want to get it before it’s sold to them,” Holcombe said. “If it comes wrapped with [Amazon Web Services], that’s fine.”

USPTO operates on a three-year, procure-and-replace cycle and is working with different tech companies to satisfy all the pillars of the federal zero-trust strategy: users, apps, data, network and devices.

The agency is trying to mature multi-factor authentication to protect users and working with Venafi on a device management solution. USPTO has a partnership with Netskope for secure access service edge. 

“We’re looking to spread that because that’s just one solution of many for the [zero-trust architecture],” Holcombe said.

NARA awards $65.7M contract for continued improvement of electronic records system

The National Archives and Records Administration awarded a contract with a $65.7 million ceiling to digital services firm Fearless to continue its transition from paper to electronic records.

Fearless will maintain and improve NARA‘s suite of Electronic Records Archives 2.0 applications across multiple teams with faster updates using DevOps and continuous integration, continuous deployment techniques.

NARA safeguards and provides public access to government records but needs to scale ERA 2.0 to handle the growing number of submitted records. ERA 2.0’s continued modernization is critical to the governmentwide effort to standardize and lower the cost of records management solutions.

“The ERA 2.0 system is a valuable resource for our democracy,” said Greg Crouse, ERA 2.0 contract program manager for Fearless, in the company’s announcement Wednesday. “Preserving government documents is an essential public service for any society with a government accountable to the people.”

Fearless will also develop new features to improve the ERA 2.0 user experience.

The ERA 2.0 contract’s first phase will cost $1.1 million with the potential for the vehicle to reach $65.7 million over five years.

Fearless is growing rapidly having won a $120 million blanket purchase agreement (BPA) from the General Services Administration in 2021, as well as one of the 10 spots on the five-year, $500 million BPA for broad IT and business services from the Centers for Medicare and Medicaid Services earlier this year. The company also works with the Small Business Administration, Defense Intelligence Agency, National Security Agency and Air Force.

SolarWinds agrees to pay $26M to settle shareholder lawsuit over 2020 cyberattack

IT software giant SolarWinds has agreed to pay $26 million to settle a securities class action lawsuit filed by shareholders over the cyberattack on the company’s Orion software platform and internal systems that was discovered in late 2020.

The technology giant disclosed the settlement in a regulatory filing on Nov. 3 and also warned it has received notice from the Securities and Exchange Commission that the regulator has made a preliminary decision to file an enforcement action against the company over the cyber breach.

“SEC staff has made a preliminary determination to recommend that the SEC file an enforcement action against the Company alleging violations of certain provisions of the U.S. federal securities laws with respect to its cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures,” SolarWinds disclosed in its 8-K filing. 

During the breach, which was disclosed in late 2020, suspected Russia-backed hackers used routine software updates to add malicious code into the company’s Orion software product, which was used as a vehicle for a major cyberattack launched against private and public sector entities.

At least eight federal government agencies had systems compromised as a result of the attack.

As part of the settlement, the software maker did not acknowledge any wrongdoing and alleged they were misled about its security apparatus in advance of the attack. The sum will be paid by the company’s insurers who authorized and approved the sum, according to an 8-K filing with the US Securities and Exchange Commission.

“The settlement, if approved, would require the Company to pay $26 million to fund claims submitted by class members, the legal fees of plaintiffs’ counsel and the costs of administering the settlement,” the company said in its 8K filing

The SolarWinds attack took place over the course of almost nine months and affected roughly 18,000 entities in total.

The cyberattack occurred because SolarWinds, an IT company that runs network management systems for thousands of clients, was infiltrated through the company’s Orion software updates distributing malware to its customers’ computers.

In early 2021, SolarWinds stockholders sued the company after the stock tanked from news of the supply chain attack on SolarWinds’s software, which was first publicly reported in December 2020. In the second half of 2021 the company asked a US federal judge to throw out the lawsuit, claiming that it was “the victim of the most sophisticated cyberattack in history,” and described the legal arguments of certain shareholders as a way to “convert this sophisticated cyber-crime” into an unfair and unrelated securities fraud lawsuit.

As a result of the Wells notice, the SEC could force the company to stop engaging in future violation of federal securities laws subject to the action, impose civil monetary penalties and other equitable relief within the agency’s authority. 

It remains unclear if or when the SEC will take enforcement action and what the potential consequences of this could be for SolarWinds.

Palantir reports 26% rise in government revenue at Q3

Data analytics and AI company Palantir has recorded a 26% year-on-year rise in government revenue for the third quarter of 2022.

Revenue at the technology giant’s business segment swelled to $274 million up from $218 million during the prior year’s period.

In a letter to shareholders accompanying the results disclosure, Palantir CEO and Co-Founder Alex Karp attributed the rise in government revenue principally to the expansion of the company’s work with the Department of Defense.

“The significant increase in contract value this quarter was principally driven by the expansion of our work with the United States military to support the deployment of artificial intelligence and machine learning capabilities to soldiers on the front lines,” Karp said.

Despite the uptick in revenue, total year-on-year growth of Palantir’s book of government business fell by eight percentage points from 34% to 26% during Q3, and the company’s overall adjusted operating income also declined by 30% to $81.3 million for the quarter.

In his missive to shareholders, Karp noted also that of $1.3 billion of government contracts Palantir signed during the third quarter, $987 million were with the U.S. government.

“We furthermore do not view the increase in contract value this quarter as an aberration but rather as a sign of a more fundamental shift in our business, from insurgent outsider to incumbent, particularly in the U.S. market,” Karp said.

Palantir has reaffirmed its full-year revenue guidance of $1.9 billion and raised its outlook for full-year adjusted operating income to between $384 and $386 million in response to the results.

Earlier in September, the company announced that it had renewed a case management software contract with the Department of Homeland Security, which is worth $95.5 million over a five-year period.

Under terms of that solicitation, Palantir will provide services to the department’s Homeland Security Investigations (HSI) division.

In an interview with FedScoop in August, Chief Operating Officer Shyam Sankar said partnerships with major hardware manufacturers would be key to the future growth of Palantir’s book of government business.