TMF awards $9M for 2 projects at smaller agencies
The Technology Modernization Fund Board awarded $9 million for two projects modernizing systems and protecting personal data at the U.S. Postal Regulatory Commission and the Selective Service System on Monday.
PRC will use the $2.6 million it receives to modernize its website and systems for improved public participation and oversight of the U.S. Postal Service, while SSS will use its $6 million to bolster cybersecurity around the personal information of tens of millions of Selective Service registrants.
The latest round of TMF funding targeting small agencies comes after the American Rescue Plan infused $1 billion into the fund to address urgent IT modernization and cyber challenges, a process that began with the award of $311 million across seven projects at five agencies.
“This funding will allow the PRC to modernize internal and public-facing tools and give their customers a better digital experience,” said Clare Martorana, TMF Board chair and federal chief information officer, in an announcement. “And it will allow SSS to move quickly to scale technical operations to meet the nation’s needs through a cloud-first software and data architecture that protects the data of millions of customers.”
TMF funds will be distributed to both agencies incrementally as they hit performance targets and delivery milestones assessed at quarterly TMF Board reviews. PRC will initially receive $2 million and SSS $1.8 million.
The TMF Program Management Office and General Services Administration will provide technical support to project teams until the projects are completed.
Smaller agencies, in particular, benefit from the TMF’s flexible funding model because they generally lack the budgets and technical staff to sustain transformative initiatives.
The SSS’s project involves migrating Registration, Compliance and Verification (RCV) software, a high-value asset, to the cloud for increased security and an improved user experience. RCV will be continuously available from redundant locations and use advanced data analytics for decision making while increasing the protection for personally identifiable information and reducing maintenance costs.
PRC’s oversight of USPS has grown more complicated due to the pandemic, workforce shortages and supply chain disruptions hindering mail delivery and increasing traffic to PRC’s website and docket system. The 20-year-old docket system, with its antiquated data environment and analysis tools, is at imminent risk of failure.
The agency intends to replace its systems with cloud-based applications: a new website, docket system and data management system for faster data analysis and reduced operation and maintenance costs.
“GSA supported the commission with a program management team that helped us through every stage, from initial proposal creation to evaluation before the TMF Board,” said Erica Barker, PRC secretary and chief administrative officer, in a statement. “The TMF investment will accelerate the deployment and scaling of key initiatives, helping the commission meet its mission of ensuring the transparency and accountability of the Postal Service to the American public.”
Cyber Command has deployed to nations 27 times to help partners improve cybersecurity
U.S. Cyber Command has deployed personnel to foreign nations 27 times in the last four years to help partner nations shore up their cyber defenses against threats, a top general said.
These so-called hunt forward operations involve physically sending defensively oriented cyber protection teams from the Cyber National Mission Force to foreign nations to hunt for threats on their networks at the invitation of host nations.
“We deploy teams globally, over 27 times in the middle of a global pandemic, to ensure that we can actively engage with our adversaries in foreign space, one, to reinforce our relationships with our partners and allies, but also to ensure that whatever our adversaries are doing in their near abroad, they can’t do that back here in the United States,” Maj. Gen. William Hartman, commander of the Cyber National Mission Force, said Friday during a presentation as part of the Air Force Association’s Air Warfare Symposium.
The Cyber National Mission Force is responsible for tracking and disrupting specific nation-state actors in foreign cyberspace in defense of the nation. These teams are separate from those that support specific combatant commands. It is the only cyber force within Cyber Command that essentially conducts offensive and defensive operations, though Cyber Command describes both as defensive operations — one focused on internal networks and the other on preemptive activity in foreign cyberspace against a potential threat.
Cyber Command has been conducting these types of operations for several years now. Officials say they are mutually beneficial because they help bolster the security of partner nations and provide Cyber Command — and by extension, the U.S. — advanced notice of adversary tactics allowing the U.S. to harden systems at home against these observed threats.
A Cyber National Mission Force spokesperson clarified to FedScoop that there have been 27 total hunt forward operations since 2018, though most of them have occurred since the COVID-19 pandemic in March 2020. They also added that these were 27 separate deployments to 15 nations, including Montenegro, Estonia and North Macedonia, though some deployments were to the same nation multiple times.
Officials have noted that these types of operations were pivotal in helping defend domestic U.S. elections against foreign threats, conducting 11 hunt forward operations in nine different nations as part of the 2020 elections.
“What started as three countries in focus on defending the 2018 elections, has increased significantly,” Lt. Gen. Charles Moore, deputy commander of Cyber Command, said in November 2021 during an event hosted by C4ISRNET. “Our primary goal is obviously to get out and see what we can learn about adversaries and what their intentions and what their tools and what their infrastructure and what their [tactics, techniques and procedures] might look like. Bringing that back to help inoculate or defend the United States, but not just us, to share it with the global cybersecurity enterprise, which is exactly what we’ve done.”
Officials have noted that these operations are a key component to Cyber Command’s operating concept of persistent engagement, which seeks to challenge adversary activities wherever they operate.
Cyber Command has publicly disclosed malware found during these operations as a means of informing the general public to beware and patch, but also to burn these tools for adversaries causing them friction.
At the time, Moore said they had disclosed close to 30 pieces of malware.
“It really makes the adversary have to pay attention to everywhere that we’re operating,” he said. “Just the virtue of knowing that we’re going to be in many different places around the world trying to perform these operations, gain insights in what they’re doing and how they’re doing it and what tools they have, they have to take additional precautions, which imposes costs on them or they have to elect not to perform those operations to begin with.”
In last year’s budget request, the Department of Defense appeared to ask for less money associated with these hunt-forward operations.
The prior year’s request, DOD sought $431.6 million for cooperation with allies and partners to conduct hunt forward operations as opposed to a $147.2 million request in Fiscal Year 2022.
CISA revising Zero Trust Maturity Model to better align it with CDM services
The Cybersecurity and Infrastructure Security Agency intends to revise its Zero Trust Maturity Model to better align its programs and services with governmentwide adoption of zero-trust security architectures in 2022.
CISA is in the process of revamping its Continuous Diagnostics and Mitigation (CDM) program to deploy zero-trust capabilities that increase its visibility into agencies’ networks, which in turn allows it to help them mature their architectures.
CISA quickly released the Zero Trust Maturity Model last summer — not because it was required by the Cybersecurity Executive Order requiring zero trust adoption — but to inform agencies how they could use CDM to support key aspects of zero trust-like asset management.
“We’ve done a lot of work with [Trusted Internet Connections] so far,” said John Simms, TIC senior technical advisor at CISA, during an ATARC event Thursday. “But CDM is another area that I think could benefit from additional explanation and connectivity to the zero trust pillars in the federal strategy.”
A month into the release of the Federal Zero Trust Strategy and CISA has had several discussions with the Office of Management and Budget about developing metrics assessing agencies’ progress adopting zero trust in key areas like segmentation, phishing-resistant multi-factor authentication, and data, Simms said.
The Federal Zero Trust Strategy didn’t set hard deadlines for agencies to be a certain percentage compliant with zero trust pillars because OMB is aware they need to adjust their budgets.
But OMB does want CISA supporting agencies as the entire government transitions to zero trust for however long it takes to get there, whether it be three years or 10, Simms said.
“I suspect, based on what I’m hearing is that, they’re going to be looking for demonstrable progress in those key areas and looking at the plans that the agencies are submitting here within the next couple of weeks,” he said. “They’re going to use those to continue the dialogue with the agencies — not just from the federal CIO’s office but also the resource side of OMB, where your budget examiners and resource officers and desk officers are engaging with the agencies — because it’s about bringing together the entire support mechanism that the agencies rely on.”
Nand Mulchandani steps down as Joint Artificial Intelligence Center CTO
Nand Mulchandani announced Thursday he has stepped down from his role as chief technology officer of the Pentagon’s Joint Artificial Intelligence Center.
William Streilein, a staff member of the Massachusetts Institute of Technology’s Lincoln Laboratory, has joined the JAIC to fill Mulchandani’s vacancy.
A Silicon Valley serial entrepreneur, Mulchandani took the CTO role in June 2019, about a year after the JAIC was created. He also served as interim director after Lt. Gen. Jack Shanahan, the JAIC’s first leader, left the team in mid-2020.
“Nand Mulchandani has been an extraordinary patriot, technologist and friend. As a serial-entrepreneur, his expertise in systems implementation and application brought a welcome set of perspectives and connections that have really accelerated the department’s efforts,” Lt. Gen. Michael Groen, director of the JAIC, said in a statement. “His passion for technology, industry understanding, and business acumen helped to mature the JAIC from a nascent organization to one that supported COVID response, wildfire suppression, autonomy platforms and a wide range of capabilities. Nand is a true patriot, stepping in to join the JAIC with a focus on ‘giving back’ to our warriors.”
During his time at the JAIC, Mulchandani also played a part in scaling the JAIC from a small office in the Pentagon to a larger organization, now under the leadership of the Department of Defense’s newly installed chief digital and AI officer.
“I’m glad to see the ‘startup’ JAIC transformed into the CDAO, which is part of the normal journey for any great technology organization, and happy that the Department is starting to embrace the power of technology to transform the way it operates and to retain our competitive edge,” Mulchandani wrote on LinkedIn. “While there is no question we have some big challenges ahead of us, I don’t think we have ‘lost’ the race to peer competitors.”
In his leadership roles at the JAIC, Mulchandani spoke frequently about injecting responsibility and ethics into AI, the importance of public-private partnerships in developing AI and how critical the technology will be to the future of combat.
Mulchandani is leaving the door open for a possible return to public service later down the road, he said. “There is a strong chance that I might pop back up in another part of the US Government focused on national security and technology, and hope to share that news soon. Given everything going on in the world today and where things are headed, I don’t want to be sitting this one out.”
Kurt DelBene: VA can do ‘better job’ of defining clear checklists for future EHR rollouts
The Department of Veterans Affairs’ chief information officer said his department can do a “better job” of ensuring it adheres to clear checklists ahead of future IT system rollouts as part of the Electronic Health Records modernization program.
In an interview with the Wall Street Journal’s CIO Journal, Kurt DelBene described the process of improving IT management, especially within the federal government, as an incremental process.
“This isn’t about changing the ship and ship’s direction, it’s about getting these disciplines in place and then turning the crank over and over again,” he said. DelBene added: “I think we can do a better job in our future rollouts in terms of preparedness in terms of having very clear checklists of what constitutes ready to roll.”
The comments come as the former Microsoft executive pushes ahead with plans to reshape the Department of Veteran Affairs’ electronic health records modernization program, which has continued to attract criticism from lawmakers and frontline health workers.
In February 2021, the Government Accountability Office recommended that the VA stop rolling out its new EHR at medical centers to conduct “critical” tests on the new system. The department has since announced a timeline that will see the new Cerner system deployed to a range of medical centers and Army bases during 2022.
Speaking at a press briefing last month, DelBene said government agencies must have enough knowledge of the technology projects they undertake to be able to work closely with IT contractors and to challenge them where necessary.
DelBene at the time described working with private sector IT contractors as a “two-way street” and said agencies will achieve better outcomes with highly specific demands from the staff working alongside federal employees.
DelBene was sworn in as VA CIO in December last year, shortly after the department created two new senior technical management positions to oversee the EHR program: a new deputy CIO for EHR and a program executive director for EHR integration
During a prior stint in government, DelBene was tapped by then-President Obama to turn around the troubled Healthcare.gov website. He has a history of leading large, complex technology teams, and at Microsoft, he was president of the division that helped transition the company’s software package to a cloud-based format.
GSA to create 6 new categories for small business contracts under Services MAC solicitation
The General Services Administration will create six additional small business acquisition categories for federal contractors as part of the recently established Services Multi-Agency Contract solicitation.
Following industry consultation, the agency said Monday it will award additional indefinite-delivery, indefinite-quantity contracts in the following areas: 8(a) small business, HUBZone small business, service-disabled veteran-owned small business, total small business, woman-owned small business and unrestricted.
Services Multi-Agency Contract, which is known as Services MAC, is a follow-up contract to GSA’s One Acquisition Solution for Integrated Services (OASIS). OASIS allowed agencies to use the federal government’s buying power to acquire services ranging from IT support to electronic and information warfare systems for the Department of Defense.
The new IDIQ contract categories will stand separate from the contract vehicle’s existing proposed structure, which is divided into the following specific domains: business administration, environmental, financial, human capital, logistics, management and advisory, marketing and public relations, social services and technical and engineering.
An initial request for information for Services MAC was published in June.
Commenting on the proposed new categories, Shane McCall, equity partner at Koprince McCall Pottroff, said that GSA’s approach to Services MAC could raise questions over small business teaming, which has been a point of discussion on other recent solicitations.
“There has been some confusion and limitations on how GSA values the past performance and capabilities of teaming partners versus the prime contractor,” he said. “That has been an area of consternation for offerors on similar multiple-award contracts. As more agencies use these large contracts, they become more and more high-stakes because they are used by so many agencies. So the contracting agency can really shape the pool of awardees by how they structure the scoring system for these contracts.”
Mark Hijar, founder of federal procurement consultancy Procurelinx, said that GSA’s approach could encourage small offers to go for a set-aside contract instead of an unrestricted contract in order to maximize their competitive position and reduce bid protests.
“The big question though will be how much actual funding will be issued through those set-aside vehicles. Because OASIS had set-aside lanes too – you just didn’t see as much activity as small businesses were hoping for there especially when DOD was the end user,” he said.
The creation of the new categories comes as agencies across federal government continue work to comply with President Biden’s executive order on advancing racial equity and support for underserved communities through the federal government, which is one of the first he signed after taking office.
NASA looks to consolidate apps and platforms across centers with new task order
NASA seeks to consolidate application and platform services at its 10 centers by merging requirements across several existing contracts into one, according to a request for comment posted to SAM.gov late last month.
The NASA Consolidate Applications and Platforms Services (NCAPS) task order will see the Office of the Chief Information Officer‘s Application Division turned into an Application and Platform Service (APS) line for developing new capabilities and technologies.
NASA’s OCIO is spearheading the move to a One NASA enterprise model for all functions like IT traditionally handled separately by centers.
“The NCAPS contract will be awarded during a period of significant transformation of mission support services to an enterprise operating model while maintaining mission focus, improving efficiency, recognizing local authority and valuing the workforce,” reads the draft performance work statement NASA seeks industry feedback on.
The task order covers general IT, customer support, information management services and integration of decentralized support contracts across NASA’s centers. Whichever contractor wins the award will be responsible for app operations and maintenance; compliance with Federal Information Security Management Act, National Institute of Standards and Technology and NASA policies; IT modernization; data analytics using machine learning and artificial intelligence; continual review of legacy apps; software licensing; and brokering cloud services.
APS will ensure apps are secure, reliable, interoperable and customer focused through agile development and with the help of IT Infrastructure Library service management practices.
NASA hopes the task order will improve customer partnerships and, in return, satisfaction; data management and access; security of data and IT assets, IT optimization; and retention of top talent.
Applicants must have Alliant 2 contracts to be eligible for the Alliant 2 best-in-class governmentwide acquisition contract. They must also have Top Secret facility clearance at the time their proposals are submitted.
The deadline for comments on the draft performance work statement is 4 p.m. ET on March 10, after which a draft request for proposals (RFP) is expected in May, the pre-solicitation conference later that month, the final RFP in July and the task order award in February 2023.
DOD must make smarter investments in 2023 budget, says Rep. Adam Smith
With a highly dynamic strategic environment and adversaries seeking to change the world order, the fiscal 2023 budget will be the most impactful and important of the last 25 years for the Department of Defense, according to the chairman of the House Armed Services Committee.
And as the U.S. is figuring out its role and how to brush back revisionist adversaries and competitors, it must be thoughtful about building and investing in its military, Rep. Adam Smith, D-Wash., said in an appearance Thursday at the American Enterprise Institute.
The U.S. cannot afford the types of large military build-ups that occurred during the Cold War against the Soviet Union. As a result, it must be smarter about investments and put more stock into emerging technologies.
“When you’re thinking about how we need to change the force, think about two things: information and survivability,” Smith said. “Those are the two keys. The ability to move information quickly, get it to the person who needs it the most in real-time and to protect that information infrastructure.”
The DOD is currently trying to transform the way it conducts warfare with a new concept dubbed Joint All Domain Command and Control, which seeks to more seamlessly connect sensor information to shooters to allow for faster decision-making.
On the survivability piece, Smith noted that the force cannot be so vulnerable as to be crippled by cyberattacks and anti-satellite strikes that eliminate command and control and the ability to share information.
He noted that in challenging other world powers that seek to upend international order, the military’s crucial role will be deterrence.
“Deterrence matters. I think when you look at Ukraine, if Putin had thought that he couldn’t do what he’s doing right now, if Ukraine had had a more robust military, he wouldn’t be doing it,” Smith said. “As we look at the other nations in Eastern Europe as a starting point, the Baltics, Poland, Romania, shoring up our NATO responsibilities, deterrence is one way to keep peace in the world.”
New technologies, such as artificial intelligence and even drones, can play a huge part in that deterrence. Smith cited how small and inexpensive drones have turned the tide in recent conflicts, pointing specifically to Ethiopia’s civil war in which the government used small drones to gain control back from rebels seeking to overthrow it.
“That type of use of new technology is going to be the key to deterrence,” he said. “If China thinks that we have the ability to protect our systems and to be survivable and to make their systems vulnerable, that’s the best deterrence we can have. It’s not just a matter of building a lot of things, we have to make sure that those things meet the technological challenges of today’s warfare.”
When it comes to an actual number for the 2023 budget, Smith said he hasn’t landed on an exact number yet, but acknowledged it has to be bigger than previously thought.
“The Russian invasion of Ukraine fundamentally altered what our national security posture, what our defense posture needs to be. It made it more complicated and it made it more expensive,” he said.
Splunk appoints former Proofpoint exec Gary Steele as CEO
Splunk has hired the former founding CEO of Proofpoint to lead the company, taking over from interim CEO Graham Smith.
Gary Steele will start as CEO on April 11, and following his appointment, Smith will return to his previous role as chair of the board at the cybersecurity company.
Before founding Proofpoint in 2002, Steele was CEO of Portera and prior to that held leadership roles at Sybase, Microsystems and Hewlett-Packard. During has time at Proofpoint, he navigated both an IPO and a buyout by private equity giant Thoma Bravo.
Commenting on the appointment, Splunk interim CEO and Chair Graham Smith said: “ Gary is a visionary leader whose software and cybersecurity expertise, deep understanding of SaaS and recurring revenue models, and unwavering commitment to driving innovation and customer success on a global scale will be invaluable to Splunk on our path to $5 billion and beyond.”
Splunk’s data platform product is used by all three branches of the U.S. government, all cabinet-level agencies and all four branches of the military. In September, the company received provisional impact level 5 authorization from the Department of Defense, which allows its cloud service to process highly sensitive controlled unclassified information.
In June, California-headquartered private equity firm Silver Lake invested $1 billion in the company, to help support the transformation of the business as it moves from a traditional software-licensing arrangement to a cloud-based subscription model.
Last month, the Wall Street Journal reported that Cisco Systems had made a takeover offer worth more than $20 billion for the software company, which would have been the networking giant’s biggest ever acquisition.
HHS’s first chief AI officer departs after 1 year
The Department of Health and Human Services’ first chief artificial intelligence officer departed the agency Saturday.
Oki Mek intends to take two to four weeks off to figure out where he’s headed next, having spent 11-and-a-half years at HHS and one as CIAO.
The departure comes just as Karl Mathias takes over as HHS chief information officer.
Mek oversaw the launch of HHS’s much-anticipated AI website with 2022 priorities of increasing employee skills through its AI Community of Practice (COP) and issuing guidance on ethical algorithms from its AI Council. HHS also released its AI Strategy in January 2021 under Mek.
Mek previously expressed interest in establishing a virtual sandbox, like the one the Department of Defense’s Joint AI Center uses, for small-scale experimentation on use cases that benefit the entire enterprise in 2022. But that would require more funding, a larger team and convening authority, which he’d requested.
Other 2022 HHS priorities that will have to be taken up by Mek’s successor include developing an AI Use Case Inventory, allowing staff to track where and how applications are being deployed, and hosting AI Lunch & Learn Sessions with health sector innovators and data groups.
At the start of the pandemic, Mek was serving as senior advisor to then CIO José Arrieta.
Before HHS, Mek worked at the Department of Energy and served in the Army National Guard.
HHS did not immediately respond to a request for comment.