Former federal officials question Secret Service records retention policy following deletion of Jan. 6 texts
Top IT officials and lawyers within the Secret Service are responsible for the major failures in collecting text messages within the agency related to the Jan. 6 Capitol attack because they left it up to individual agents to back up their data, multiple former federal government officials said.
Top IT officials at the Secret Service, including Chief Information Officer Kevin Nally, did not follow and execute the agency’s legal document retention policy, leaving it up to individual agents as to whether or not they preserved relevant text messages in regards to the Jan 6th attack or any other text records that are legally required to be archived, sources familiar with the agency’s policies told FedScoop.
The controversial deletion of Secret Service phone data around the time of the Jan. 6 Capitol riot has raised awareness of wider systemic problems with federal government digital records preservation.
Currently, the prevailing norm for preserving text message communications within federal agencies is that individual employees are expected to back up and share their work phone records manually.
Federal IT sources canvassed by FedScoop said this problem could be solved by requiring that all text messages about official business sent by any federal agency employee be automatically saved in an internal database and sent to NARA for archiving.
It remains unclear whether most federal agencies store and backup text message communications from work issued phones on an internal server or a government certified cloud service which would enable digital records to be retained even if an individual employee deletes those records on their own device.
While Secret Service Director James Murray and Department of Homeland Security Inspector General Joseph Cuffari are the top officials who are legally responsible for the preservation of agency records to be safeguarded and submitted to the National Archives, the day-to-day training and execution of data collection from agents occurs through the agency’s chief information officer (CIO) and the general counsel.
“It seems that individual agents made the call as to whether to delete their messages or not,” a former senior Secret Service official told FedScoop. “It’s not good governance to leave it up to individuals to do what they want. This needs to be fixed and tightened.”
“It’s not good governance to leave it up to individuals to do what they want. This needs to be fixed and tightened.”
– Former senior Secret Service official
The former official said that it was the responsibility of the Secret Service’s CIO and general counsel to ensure that digital records like text messages are correctly preserved.
“What thought was given to maintaining these records? Not much it seems. No one seems to be going through the trouble of archiving them as they should. Either way it’s not a good look,” the official added.
Although it’s unclear what motivated some individual Secret Service agents not to preserve their phone records around the time of the Capitol riot, government data privacy experts say that IT leaders within the agency are ultimately responsible.
“One of the key problems with this Secret Service episode is the reliance on the good faith of Service employees to back up federal government records – whether it be out of laziness, forgetfulness, bad judgement or something else,” said Nick Schwellenbach, senior investigator at the Project on Government Oversight (POGO), a prominent government watchdog.
“The Secret Service as an agency failed here, but leaders like the CIO and the general counsel have primary responsibility. These high level leaders dropped the ball,” Schwellenbach added.
The Secret Service says it is fully committed to the Jan. 6 investigation and the principle of preserving digital records for posterity.
“The United States Secret Services fully respects and supports the important role of the National Archives and Records Administration in ensuring preservation of historical and government records. The agency will have our full cooperation in this review and we will complete the internal review of our information as directed and promptly respond to their inquiry. The Secret Service has long standing established policies regarding the retention of Government Records,” a U.S. Secret Service spokesperson told FedScoop.
The inspector general of the Department of Homeland Security, under which the Secret Service operates, sent a letter to Congress in early July to inform lawmakers that text messages sent by agents around the Jan. 6 Capitol riot had been deleted.
The Secret Service claims the text message erasures were part of a long-planned “system migration,” but such actions have prompted a criminal investigation by DHS after agency investigators could only find one pertinent text message regarding Jan. 6 from over 20 agents that are subject to congressional subpeonas.
The text messages have become particularly significant after former Trump White House aide Cassidy Hutchinson highlighted during a House hearing that former President Donald Trump allegedly tried to wrestle control of a Secret Service vehicle in order to try and join his crowd of supporters at the U.S. Capitol on Jan. 6.
One former top Secret Service official speaking on the condition of anonymity reiterated that responsibility for the failure to preserve relevant text messages lies with agency leadership rather than with individual agents.
“The Secret Service and the director have to take responsibility for the lost texts and documents related to Jan 6th, but did the director even have knowledge of this occurring, I doubt it,” said Ralph Basham, former director of the Secret Service between 2003 to 2006 and former commissioner for U.S. Customs and Border Protection between 2006 to 2009.
“The CIO and the assistant director for technology would be really in charge of this data transition to ensure proper instructions and protocols were followed for text preservation,” said Basham.
“The CIO and the assistant director for technology would be really in charge of this data transition to ensure proper instructions and protocols were followed for text preservation.”
– Former Secret Service Director Ralph Basham
Federal government IT experts say that although individual agents play some role in the preservation of relevant digital records, the system created by senior tech leaders in an agency is key to fully preserving records under federal law.
“The CIO should have caught this issue, its malfeasance at a very high level, they should be held accountable. They’re meant to monitor such records once a month or once a quarter,” said a former National Archives IT official.
“Ultimately there’s a chain of command from the agent who uses the device and then goes up to the agency IG to finally report the data to the National Archives but the agency CIO plays the most critical role in the middle to ensure the data is preserved and sent onwards,” they said.
The former official also said emphasised that although the National Archives has issued guidance on how text messages and other digital records must be preserved in some fashion for archiving purposes, each agency has to create its own set of rules or a “schedule” that outlines the specific mechanism by which digital records are preserved and sent to the National Archives.
Multiple federal agencies appear to have highly flawed practices when it comes to capturing and preserving digital records, a top former National Archives lawyer said.
“Many big major agencies like DHS or DOD haven’t put in place policies of automatically capturing such digital records, compliance is very problematic with thousands or millions of text messages,” said Jason R. Baron, the former director of litigation at the National Archives.
Baron added that part of the problem is that the law which requires government employee communications to be preserved, the Federal Records Act, requires that messages in regards to government business must be preserved but the law doesn’t specify exactly how to do so.
“If you leave the archiving to individuals like Secret Service agents or DOD officials that are extremely busy people with different priorities this is bound to happen,” said Baron. “Someone within an agency, like the CIO or the legal team need to make sure records are captured in a 21st century context.”
Lack of identity engineers hinders agencies’ MFA adoption
Some agencies continue to struggle with implementing phishing-resistant multi-factor authentication because there’s a dearth of identity engineers in government, according to cybersecurity experts.
Identity, credential and access management (ICAM) program management offices or other governance bodies aren’t universal yet, despite the Cybersecurity and Infrastructure Security Agency encouraging them, because most federal investments in training produce red and blue teamers — offensive- of defensive-minded professionals.
The first pillar of the federal zero-trust architecture strategy released in January is identity: agencies managing identities to allow staff access to applications while protecting them with multi-factor authentication (MFA). But the National Institute of Standards and Technology’s National Initiative for Cybersecurity Education (NICE) Workforce Framework buries identity “three layers deep” in “nichey” network or software engineering roles, rather than making it a standalone position, said Matt Topper, president and solutions catalyst, at Uberether.
“Nobody ever talks about, ‘I want to be an identity engineer.’” Topper said, during an ATARC webinar Tuesday. “That makes you the best blue teamer because you actually understand how these things work together.”
In the past cyber professionals typically attended security or identity conferences but rarely both. Agencies’ increasing use of cloud and ICAM technology and attacks like the SolarWinds hack, where Active Directory Federation Services allowed infiltrators to gain administrative privileges, have “blurred the lines” between the two communities, said Grant Dasher, ICAM expert at CISA.
For instance, CISA Director Jen Easterly tweets regularly about phishing-resistant MFA, and red teamers use their knowledge of identity engineering to gain access to networks, Dasher said.
“I think that the number of people in our community who have deep identity expertise is not significant,” Dasher said. “And they sort of move around between the agencies or, in some cases, retire.”
Fostering that expertise means building those skills among a new generation of experts, who understand the parts of identity that are unique to government, industry and how they work together, he added.
That talent will be essential to moving agencies beyond the personal identity verification (PIV) and common access card (CAC) smartcard authentication that prevails across government to other factors, the adoption of which should increase with additional NIST guidance in the next year, Topper said.
The federal zero-trust architecture strategy emphasized new approaches to cyber and experimentation with authentication and network security.
“The lesson will be whether we can pull it off over the coming years,” Dasher said.
CISA is looking to simplify agencies’ adoption of cloud identity technologies and continues to develop the forthcoming Zero Trust Maturity Model.
The years 2023-25 should prove pivotal for MFA adoption, especially with planned NIST guidance on derived credentials and digital identity guidelines, Topper said.
NIST Special Publication (SP) 800-63-3 Revision 4 is expected out this fall and will, for the first time, include a dedicated SP 800-63C Federation and Assertions. The document will cover identity federation between agencies, industry partners and citizens; federated authentication transactions and identity federation assurance levels.
“Those are super exciting because those are going to set the next decade of identity standards and patterns that we’re going to follow,” Topper said.
Health experts seek separation of IT and policy contracts at national organ transplant network
Senior health experts have called for the federal government to separate the technology and policy arms of the nonprofit responsible for operating the U.S. national organ transplant network, citing concerns over its failure to modernize IT systems, including a key software component called DonorNet.
Splitting the Organ Procurement and Transplantation Network (OPTN) contract, which United Network for Organ Sharing (UNOS) has won for 36 years, into two contracts covering IT requirements and regulatory responsibilities would end a monopoly disincentivizing regular system updates, experts say.
DonorNet is a component of UNOS’s organ-patient matching system, which is known as UNet. DonorNet is designed to allow organ procurement organizations (OPOs) to input health data on donors and match organs to them.
“I don’t think a monopoly is really serving us well, so I do think we need to split up. And I think we need to engage experts. There are experts that exist for a reason, and I think UNOS very much has tried to do everything and ended up being the master of nothing. And that’s a real problem for our patients,” Dr. Jayme Locke, director of the Department of Transplantation at the University of Alabama Heersink School of Medicine, told FedScoop at a Senate hearing Wednesday.
Testifying at the hearing, Diane Brockmeier, president and CEO of Mid-America Transplant, said: “Patients deserve a transparent, accountable system that works on their behalf. To protect patients, I urge Congress and the administration to separate the OPTN functions into different contracts so that patients can be served by best-in-class vendors.”
Executive Director of AdventHealth Transplant Institute Barry Friedman also warned of a “conflict of interest” related to the management of IT functions by UNOS.
“[T]he IT tools they offer transplant centers come with additional costs — despite these being essential for the safety and management of organs,” he said in testimony.
All three experts were speaking Wednesday at a Senate Finance Committee hearing convened to address failures in the organ transplant system.
“I don’t think a monopoly is really serving us well, so I do think we need to split up [the contracts]”
Dr. Jayme Locke, director of the Department of Transplantation at the University of Alabama Heersink School of Medicine
The experts’ comments follow a draft U.S. Digital Service report, obtained by The Washington Post, concluding that UNOS lacks the technical capability to modernize UNet, which was launched in 1999. UNOS disputes the report’s findings, but multiple witnesses representing the donation and transplant community at Wednesday’s Senate Finance Committee hearing on OPTN recounted voicing problems with DonorNet — the part of UNet that organ procurement organizations (OPOs) use to input health data on donors and match organs to them.
“The consistent response was UNOS IT did not have the bandwidth to address this work,” Brockmeier added in testimony to lawmakers. “The limitations of the UNOS technology are delaying and denying transplants to patients that are dying on the waitlist.”
Nowhere is that more apparent than with the U.S.’s “disturbingly” high one-in-four kidney discard rate, Brockmeier added.
Algorithms a cause for concern
The approximately 8,000 kidneys that weren’t transplanted in 2021 were victims of UNOS’s “entrenched and cumbersome” algorithms for allocating organs, said Dr. Jayme Locke, director of the Division of Transplantation at Heersink School of Medicine.
“You have to go sort of in order when data clearly have shown that introduction of multiple, simultaneous expiring offers would result in more efficient placement of kidneys,” Locke said. “And this would decrease our cold ischemia time.”
Locke told FedScoop she doubts UNOS consults with applied mathematics experts, like the National Kidney Registry did, to optimize its matching algorithms and echoed Brockmeier that the nonprofit’s IT team frequently cited a lack of bandwidth, when it took years to add data fields for unacceptable antigens to place kidneys faster nearly a decade ago.
UNOS has a team of Ph.D. statisticians and another Health Resources and Services Administration contractor statistically models proposed organ allocation policies for OPTN to choose from, said CEO Brian Shepard in an interview.
“That kind of advanced math has always been a standard part of our organization and of our process,” Shepard said.
UNOS IT has about 40 software engineers and testers and 150 operations, customer advocacy and information security staff helping align algorithms with changing organ allocation policies proposed by public-private OPTN committees and approved by its board of directors. The team also develops new features and tools based on the needs of the donation and transplant community.
While UNet is required under UNOS’s OPTN contract, the organ shipment GPS trackers the nonprofit piloted and the organ transportation logistics application it’s developing for OPOs and transplant centers are not.
“The transplant community promoted the use of GPS tracking for organ shipments, and UNOS piloted an organ tracking system,” said Barry Friedman, executive director of AdventHealth Transplant Institute, during the hearing. “This system was not dependable, therefore we opted out, and now we’re working with a company that uses less-expensive, higher-quality trackers and can monitor shipments in real-time.”
Greater IT expertise required
Friedman expressed disappointment there’s no requirement for OPOs and transplant centers to use GPS tracking of any kind, which the OPTN board could vote on after a public comment period. A quarter of OPOs, around 15, use UNOS’s vendor-agnostic GPS tracking service, Shepard said.
Hearing witnesses further criticized the UNOS Organ Center’s rigid system for finding flights for organs. In one instance an organ was rescued from being left to rot in a cargo hold overnight because the center opted for a direct flight from San Francisco to Birmingham, Alabama, rather than an earlier flight to Atlanta, from where the organ could have been driven, according to Locke.
A team of IT experts overseen by OPTN would be preferable, she said.
UNOS is working on a new Offer Filters project that analyzes transplant hospitals’ organ acceptance patterns over the last two years in order to suggest ones they’re likely to accept and flag those they aren’t.
“There’s always a longer list of things to do than there is money to do them,” Shepard told FedScoop.
The Senate Finance Committee plans to continue its two-and-a-half-year investigation of OPTN by examining the roles of federal agencies like HRSA, which oversees the system, and the Centers for Medicare & Medicaid Services.
HRSA’s OPTN contract is up for renewal in 2023.
“The federal contract that UNOS has had for decades is up for renewal, and this is an opportunity to fix things,” said Sen. Ron Wyden, D-Oregon, to end the hearing. “And on this committee, in a bipartisan way, we are determined not to miss this opportunity to get this fixed.”
Breaking the OPTN contract up could make it harder for IT staff tasked with developing solutions to engage with the doctors and patients on its policy committees throughout the process, Shepard said.
But it’s not a dealbreaker for UNOS either.
“We certainly would bid on the tech piece of the contract, whether it was integrated into the policy piece of the contract or not,” Shepard said. “We do think there are real advantages to seamless, integrated communication between the software engineering groups and the policy writing groups.”
Former Space Force tech chief highlights JADC2 hurdles, encourages experimentation
Experimentation should be prioritized and considered vital to achieving the Pentagon’s ambitious plans to enable the military’s next-generation command and control architecture, according to the Space Force’s former chief technology and innovation officer.
The Defense Department’s Joint All-Domain Command and Control (JADC2) concept aims to connect and leverage all the sensors, shooters and associated assets in its enterprise — across land, sea, air, space, cyberspace and the electromagnetic spectrum — and apply data, cloud and artificial intelligence capabilities to help service members make more informed decisions much faster. Awards are being made on an ongoing basis to enable this new way of operating, but the concept is still in its infancy and the Pentagon has a lot to accomplish to make it happen.
“JADC2 — I think it keeps a lot of people up at night because it’s such a huge opportunity. We all see it. It’s almost as if we can taste it,” Kim Crider told FedScoop during an interview on Wednesday. “It would just give us such an advantage to be able to do this. We’ve made so many investments in all of these capabilities and we want to be able to maximize our ability to use them. So, everyone wants to do this. We’ve been talking about this for a long time.”
Now the managing director of AI innovation for national security and defense at Deloitte, Crider is a retired Air Force Major General and most recently served as the Space Force’s chief technology and innovation officer, after previously serving as the Air Force’s chief data officer. Drawing from her varying experiences in and out of government, Crider shed light on multiple obstacles DOD must confront to enable JADC2, and why she thinks experiments should be at the forefront of the approach for all components involved.
“Overcoming the challenges both culturally and technically through experimentation is really the key. There are challenges on both sides,” she said. “So, let’s do experiments. Let’s work with these capabilities and let’s work through both sides of that problem.”
‘The technology has come so far to allow us to do this’
Crider has decades of experience dealing with many of the technologies and challenges that are related to today’s JADC2 efforts.
“I spent 35 years in uniform,” she said. “I really had no idea that I was going to stick around for 35 years, but one thing just led to another.”
Educated and trained as an engineer, Crider started her career on the Air Force’s large-scale systems acquisition and engineering team. Figuring out how to “bring people and technology together to create maximum effectiveness has certainly been a passion of mine,” she noted.
After about eight years, she transitioned into operational communications. There, she was “responsible for thinking about how to take these systems that are being delivered by somebody like me in my prior role, and actually operationalize them” out in the field, she explained. Crider served all over the world — in the Pacific, Europe and elsewhere. She said much of that service was focused on helping the military deploy secure communications and conduct cyber operations.
“So I happen to be at the ground floor, very fortunately, in that whole establishment of defensive and offensive cyber operations in the military. The Air Force [played] a leading role in that,” Crider said.
From there, she went out of uniform as a reservist to help defense-aligned companies grasp those emerging cybersecurity approaches and conduct large-scale technology implementations.
Eventually, she moved from a cyber focus to honing in on data and analytics.
“I was the Air Force chief data officer because I had experiences, again, from industry in how do you use data to help solve problems in environments that you’re trying to protect,” Crider said. “One thing led to another, and that then took me back to the space community, which was really the big new frontier, if you will.”
Space Force satellites, ground systems and other capabilities will be essential to making JADC2 a reality.
“The technology has come so far to allow us to do this. The challenges that we have, in some ways, they’re technical,” Crider explained. “I mean, not all of our assets can talk to each other. That’s a fact.”
DOD experts and industry partners are puzzling out how to make data translations, have more open interfaces between systems, and apply capabilities like AI and machine learning to better orchestrate and optimize the availability of certain assets to do certain tasks across a variety of domains. Still, at this point, “we don’t have complete interoperability,” Crider said.
She also pointed to funding challenges that will impact the realization of JADC2 if they remain unresolved.
Currently, the military’s networks consist of a lot of legacy parts and outdated capabilities, she noted, and are “still very slow.” In her view, the government has not been able to make all the investments required for the advanced cloud-based infrastructure to support the envisioned, ultra high-speed networks and computing solutions that need to be integrated through all of the different domains.
“We’ve got different networks on the ground, in the air and in space — and being able to pull all that together is going to take some investments. We’ve been investing a lot in phenomenal assets over the years, and we’ve got the best assets that money can buy. Now, we have to invest more in the infrastructure that it will take to pull all these assets together in a much more effective and efficient manner,” Crider said.
Serving in multiple military and industry roles, she also observed a number of structural obstacles associated with carrying out JADC2. The former Air Force and Space Force executive said DOD is “organized still as kind of service-level stovepipes,” where certain capabilities are purchased for the needs of specific military branches. Though there are some good reasons to function in this manner, much of the military’s technologies don’t seamlessly operate across all the services.
“We need to work through some of those organizational challenges that will allow for more of that cross-domain integration, cross-domain capability to be available and useful for all,” Crider noted. “Those would be some of the biggest challenges, and I certainly think that there are ways to get through that. There are efforts underway to move in a positive direction.”
Still, she urged for more trial-and-error efforts to be conducted early and often by those involved in this complex push toward JADC2.
“Experimentation is a big part of this, because another challenge is we’ve never really done this this way before,” Crider said.
‘We’re learning’
The Air Force’s Advanced Battle Management System (ABMS) is a core element that underpins the Pentagon’s plans for an overarching network to move information across all the warfighting domains. The Army’s Project Convergence and the Navy’s Project Overmatch are also contributing to the JADC2 effort.
“We saw, early on in the ABMS days, the value of experimentation,” Crider noted.
She reiterated that there is still a lot of work to do to allow for the seamless integration of ABMS across the Air Force and Space Force, as well as the other services. The initiative, though, provides a starting point for more engaged conversations between the services at the department level.
Officials involved in developing ABMS observed almost instant value in bringing Air Force and Space Force teams together to experiment with the architecture and its associated components in the initial development stages. Eventually, Army and maritime assets were also starting to be connected. Experimenting with all the different service partners and pairing their capabilities with emerging technologies like AI to enable some integration resulted in different courses of action presenting themselves. Joint commanders would therefore have increasing options to work through.
“The more we can do that through those kinds of experiments, the more we can look at what those opportunities are and what technologies give us the most bang for the buck,” Crider said.
In wars of past decades, the military services would fight jointly — but bring assets in separately and then figure out how to make them all work together. JADC2 is meant to pave the way for what Crider deemed “technical design and cultural integration” across the services, with interoperability baked in upfront.
“How are we going to do, no kidding, command and control with a set of joint capabilities all the way through? We’re learning. We’ve certainly evolved. We’re certainly doing better than we’ve ever done — but we’ve got to continue to work through all of those challenges,” she said. “And we’ve got to keep experimenting.”
Crider is no stranger to overcoming weighty national security challenges. She reflected on some of the difficulties that accompanied establishing a new military service — the Space Force — for the first time in 70 years, to improve U.S. space capabilities and operations.
“I told my folks that worked with me, ‘Look, guys, these are tough days. I know we’re all working an immense amount of hours here and it’s a lot of pressure. But every single day, we’re creating history. We are literally writing history — because what we’re doing today was not done yesterday … So, be proud of that. Be proud of the fact that every single day you’re putting a new step in the ladder of where this is heading,’” Crider said.
While the Pentagon has a long and rocky road ahead to implement its JADC2 vision, scale AI and prepare for the next generation of computing, among other technology priorities — Crider has “absolute confidence” that the U.S. “will prevail” in this endeavor.
“We will figure out how to do this and we’ll continue to be the best in the world, because we’ve got the people that are really committed and dedicated to the mission at hand and to the security of our country and the allies that are such an important part of making sure that we can maintain security around the world,” she said.
A three-stage approach to digitizing documents and workflows
The 21st Century Integrated Digital Experience Act (IDEA) began a shift in how citizens engage with government agencies. The law requires federal agencies to replace paper-based processes with digital applications and services. And when the pandemic hit in 2020, a new urgency took shape. Not only for government services to be digital but accessible, inclusive, user-centric and mobile-friendly.
A recent report, “Achieve mission success one stage at a time,” produced by Adobe, proposes a three-stage approach to digitizing documents and workflows that can help agency leaders build upon their existing digital modernization strategies.
The guide explores how to:
- Create better experiences for citizens and employees by digitizing document processes
- Secure document management with digital, signable and integrated document approval workflows
- Streamline processes to improve agency efficiency and drive down costs
- Simplify implementation and achieve quick wins and steady progress with a staged approach to digital document modernization
Read the full report and uncover a fresh, creative solution to solving your agency’s digital modernization challenges.
This article was produced by Scoop News Group for FedScoop for, and sponsored by, Adobe.
VA Cerner EHR system goes down for over 4 hours due to patient database corruption issue
The Department of Veterans Affairs had a significant outage within Cerner’s electronic health records system on Thursday, due to a corrupted patient database that could have caused major harm to VA patients due to the errors.
It is the latest problem to hit the VA’s troubled electronic health records modernization program, which has provoked ire from lawmakers and VA frontline medical staff.
The system went down for approximately three hours, resulting in downtime and delays to VA patients databases in the middle of the day, while the corrupted database was fixed and reprogramed.
“It meant that something is programmed incorrectly. It could mean bad data. In this case, it means they needed to rebuild the indexes (how the different files know where the patient data is in a different file),” said a source with visibility into the shutdown, speaking with FedScoop on the condition of anonymity.
“If this issue wasn’t found and corrected, one patients files could point to a different patients data. There is no way this should happen,” the source added.
VA and Cerner define a system outage as an “unscheduled system event where the entire EHR solution becomes unavailable to users and/or downtime procedures are implemented.”
The VA’s Office of Inspector General earlier this year published a trio of reports that identified major concerns about care coordination, ticketing and medication management associated with the EHR program launch.
The implementation of the VA’s new EHR system on an Oracle-Cerner developed platform to medical centers around the country has been delayed from its original estimates by at least one to two years due to long-identified issues with the program’s reliability and safety that could put veterans in danger.
The system rollout is far behind where it was expected to be at the moment, a top VA executive said during a Senate hearing in July.
The EHR system rollout issues have in some instances, including at the center in Spokane, Washington, caused major harm in which a veteran at risk for suicide did not receive treatment because records disappeared in the computer system.
VA spokesperson Terrence Hayes said: ““VA experienced a system outage of its electronic health Record system on August 4, 2022, which also affected VA, Department of Defense and U.S. Coast Guard sites using the Oracle-Cerner EHR. At 12:07 p.m. EDT, Oracle-Cerner received monitoring alerts indicating an issue with one of its databases. The system was taken offline to execute recovery of the database, during which time the sites switched to standard downtime procedures.
He added: “During downtime of the EHR, medical personnel could still care for patients, but documentation occurred on paper. The system was fully restored for all end-users at 4:23 p.m. EDT, for a total downtime of 4 hours and 16 minutes. No data corruption or data loss occurred.”
Editor’s note: This story was updated to include comment and additional information from the VA.
Hicks reinforces DOD record-retention policies after allegations of Jan. 6 text message deletions
The Pentagon’s No. 2 issued a memo this week to reinforce federal laws that require Department of Defense personnel to retain digital records, such as text messages, following reports that senior Trump administration Pentagon officials did not retain messages concerning the Jan. 6 attack on the Capitol.
In the memo, published Wednesday, Deputy Secretary Kathleen Hicks reminds the DOD workforce that per the Federal Records Act and corresponding Pentagon policy, personnel must retain text messages and other digital messages as official federal records.
Moreover, Hicks orders in the memo that, effective immediately, “all mobile device service providers in DoD will capture and save the data resident on DoD-provisioned mobile devices when devices are turned in by users.” This will be enforced by the department’s chief information officer, secretaries of the military services and other component heads.
“The memo directs the DoD Chief Information Officer to work with DoD components to ensure this guidance is implemented across the department, and to work with the DoD General Counsel to assess existing policies and procedures and report within 30 days to the Deputy Secretary on any further actions they recommend to ensure compliance with the Federal Records Act,” Pentagon spokesman Todd Breasseale said in a statement.
Hicks’ memo comes after reports that the government-issued phones of top Trump administration Pentagon officials, including acting Secretary Chris Miller and Army Secretay Ryan McCarthy, were “wiped” before they left office. Nonprofit watchdog American Oversight filed a lawsuit after Jan. 6 seeking records related to the attack and published court filings in that case Tuesday.
According to those filings, the DOD and Army conveyed that it was department policy to turn in and wipe government-issued phones — an assertion that runs counter to the laws and policies Hicks cites in her memo.
Hicks also asks the DOD CIO and general counsel in the memo to assess the department’s retention policies and compliance with the Federal Records Act and report back to her within 30 days.
The DOD isn’t the only federal agency reported to have deleted text messages concerning the Jan. 6 attack. The Department of Homeland Security and, namely, its component the Secret Service are in hot water after it provided only a single text message in response to the DHS inspector general’s request for all exchanges in the lead-up and immediate aftermath of the attack.
Since then, lawmakers have taken aim at the IG itself claiming that it may have abandoned and covered up the agency’s failed efforts to collect records from the Secret Service. Lawmakers also asked the DHS IG Joseph Cuffari to recuse himself from the Jan. 6 investigation, saying he failed to notify Congress promptly that the Secret Service had refused for months to comply with the watchdog’s request for information relating to the attack.
IRS looks to boost security of federal tax information through computer reviews
The IRS Office of Safeguards seeks a contractor to support computer security reviews ensuring outside agencies are protecting the federal tax information provided them, according to a sources sought notice posted Tuesday.
The forthcoming task order, expected in the first quarter of fiscal 2023, will cover preparatory agency outreach, pre-review analysis of areas of concern, automated and manual computer security scans, reporting of results and findings, and responding to agencies’ submissions.
Safeguards verifies more than 300 federal, state and local agencies and contractors are complying with the Internal Revenue Code — when it comes to protecting the confidentiality of and preventing unauthorized access to federal tax information (FTI) — by identifying and mitigating risks of loss, breach or misuse.
“The Office of Safeguards has a need to increase security of FTI and to ensure consistent application of information security standards across all partner agency information systems by obtaining computer security review expertise and ancillary contractor support for the Safeguards Program,” reads the notice. “Safeguards seeks contractor support to optimize its processes, to reduce costs and minimize risk to FTI in possession of agency partners, while continuing to meet all regulatory and agency documented standards and guidance.”
The chosen vendor will also be responsible for risk-based modeling to select agencies for review; methodology updates; and assessing new projects, pilots and legislation.
The notice wants responses from interested vendors offering a fair market price by 3 p.m. EST on Aug. 12, 2022. Safeguards hasn’t decided on a small business acquisition strategy yet.
Jason Gray to join USAID as chief information officer
Outgoing Department of Education CIO Jason Gray is set to join the U.S. Agency for International Development as chief information officer.
He starts work in the new role at the agency on Aug. 15, and will become the first permanent CIO at USAID following the departure of Jay Mahanand in January, who left to take over as CIO at the United Nations World Food Programme in Rome.
Details of the federal IT leader’s new role come after FedScoop yesterday revealed that Gray is leaving the chief information officer role at the Department for Education, a position he has held since 2016.
Following his departure from that agency, deputy CIO Gary Stevens will serve as interim chief information officer.
According to LinkedIn, Gray previously held a variety of federal government technology leadership positions, including as chief information officer of the Defense Manpower Data Center. Other senior posts include a spell as chief information officer of the Miami VA Healthcare System and as chief technology officer of the National Naval Medical Center.
In its fiscal year 2023 budget request, USAID has sought $1.7 billion to invest in a U.S. direct hire workforce. This fresh investment is intended to support human capital initiatives and information technology programs to “significantly expand” the agency’s workforce.
USAID’s IT spending in 2022 has so far totaled $274.5 million, according to ITdashboard.gov.
Details of Gray’s next destination were first reported by Federal News Network.
Upcoming SOFWERX event to tackle challenges associated with omnipresent sensor networks
SOFWERX — an innovation hub focused on solving U.S. Special Operations Command’s toughest problems — is organizing an “innovation foundry” event to brainstorm the tools commandos will need in the future to conduct missions in environments where sensors are everywhere.
The confab, named IF11, will bring together U.S. and international Special Operations Forces (SOF), government officials, industry, academia and futurists to think through scenarios that the world’s most elite warfighters might face as the internet of things proliferates.
“The goal of the event is to develop concepts and approaches for the framework, technologies, infrastructure, and capabilities required to effectively conduct SOF operations in a world where omnipresent sensors track people, organizations, vehicles, and systems throughout their lives, at home and around the world in both the physical and virtual realms,” according to a special notice posted on SAM.gov.
Areas of interest include sensor design and development; radio frequency (RF) tech; low probability of intercept/low probability of detection (LPI/LPD) solutions; data analysis and visualization; communications; networking; autonomous systems, robotics, artificial intelligence and machine learning; and situational awareness tools.
The gathering, held in collaboration with Special Operations Command’s science and technology directorate, will include personnel from SOCOM’s Next-Generation Intelligence, Surveillance, and Reconnaissance and Tactically Relevant Situational Awareness (NGISR/SA) capability focus area, international S&T liaisons, and Joint Staff Intelligence (J2).
“To ground the discussion, IF11 participants will use a fictional mission scenario that reflects the future operating environment with omnipresent sensor networks that are part of the civilian infrastructure. This scenario will also consider the potential for additional sensor networks emplaced by military and intelligence organizations who may be friendly, neutral, or adversaries. Participants will emphasize the opportunities and challenges related to these sensor networks and their resultant information products, reflecting the complex interplays of social, technological, political, and cultural factors as they might play out in the 2035 timeframe,” according to the special notice.
SOFWERX and SOCOM want to explore how the command and its international partners can transition from relying on traditional ISR platforms and sensors to “future state-of-the-art methods to understand and conduct operations in this future environment, considering both offensive and defensive perspectives.”
They also want to identify ways to better collect, analyze, and disseminate data, and use that information to fight in contested or operationally constrained environments.
Those interested in attending the event must respond to the special notice by Aug. 15. The confab will be held Sept. 27-29 at the SOFWERX facility in Tampa, Florida, near SOCOM’s headquarters.
The IF11 initiative could eventually lead to business-to-business research and development agreements; other transaction agreements (OTAs) for research and prototype projects; procurement for experimental purposes; cooperate R&D agreements; prizes for advanced technology achievements; or Federal Acquisition Regulation-based procurement contracts, according to the special notice.