Technology Modernization Fund use may be worked into the FITARA scorecard
Agency and industry experts want the House Government Operations Subcommittee to consider grading agencies on their use of the Technology Modernization Fund (TMF) as part of the Federal Information Technology Acquisition Reform Act (FITARA) scorecard.
While not every agency has applied for or received some of the $1 billion injected into the TMF last month, those that do could be rewarded on the FITARA scorecard in some way, said Kevin Walsh, director of IT and cybersecurity issues at the Government Accountability Office, during a subcommittee hearing Friday.
The suggestion comes as the subcommittee considers how to continue evolving the FITARA scorecard and worry mounts over just how quickly the TMF Board intends to approve IT modernization projects.
“There’s probably a bit of concern that if the $1 billion doesn’t get consumed, what does that mean for the future of the TMF,” Joe Flynn, public sector chief technology officer at tech company Boomi, told FedScoop. “To that end, one of the things I think you’re going to really see is they’re going to start to look at maybe a scoring on agencies and how they’re actually taking advantage of the TMF.”
Rep. Gerry Connolly, D-Va., who chairs the subcommittee, said he hopes GAO is monitoring the TMF Board’s criteria for project approvals. He also introduced a bill called the Performance Enhancement Reform Act.
If passed, the bill would require agencies to include IT modernization investments, system upgrades, staff technology skills and expertise, and stakeholder feedback in their annual performance plans.
“To determine the scope and feasibility of IT modernization [chief information officers] must be more involved in agency performance planning,” Connolly said.
Agencies should “absolutely” be planning how to secure or eliminate their oldest systems, Walsh said.
The TMF will help modernize agencies’ legacy systems if the funding is used effectively,” Walsh said. “The challenge is going to be ramping up that team that manages the TMF to make sure that they have the expertise necessary to oversee these projects.”
An evolving scorecard
The Department of Labor was the only agency to receive A grades in six of seven categories on this latest FITARA scorecard and one of a few agencies to receive two TMF awards. Used in conjunction with the department’s working capital fund and IT modernization appropriations, the money helped digitalize its Temporary Labor Certification Program in January for $2 million in annual savings.
“I shudder to think what would’ve happened to that printing operation during COVID-19,” said Gundeep Ahluwalia, CIO at DOL.
Agencies’ FITARA scorecard grades have continued to improve despite the removal of easy As, like the software licensing metric, from the last scorecard.
Some federal officials have criticized the scorecard for its changing expectations as a result.
“It is a bit of a moving target, but you have to think of the technology landscape as a moving target,” Flynn said. “The idea of these five-year strategic roadmaps don’t exist anymore because the speed of technology is moving so quickly.”
The subcommittee may expand the scorecard’s cyber category in light of the SolarWinds hack, start grading agencies’ implementation of the Federal Data Strategy or evaluate artificial intelligence use, he added.
“Softer” areas like how well agencies serve citizens, human capital skills and gaps, and IT acquisition cadres and strategic sourcing remain difficult to measure, but the subcommittee could begin scoring federal websites’ accessibility in accordance with the Individuals with Disabilities Education Act, Walsh said.
“The subcommittee will continue to evolve the scorecard in ways that facilitate tracking improvement over time,” Connolly said. “While adding new metrics as necessary to raise the bar on what is needed across the federal enterprise.”
DISA’s Dave Bennett to retire at end of April
Long-time Defense Information Systems Agency leader David Bennett will retire from the agency April 28, DISA announced Thursday.
Bennett will finish his career as director of operations, a job he has had since 2016. Before that, he served as chief information officer, director of implementation and sustainment and director of enterprise services.
It’s unclear who will replace Bennett or what his next move will be. Bennett served in the Army, rising to the rank of colonel before retiring from uniformed service.
Bennett helped push DISA to adopt more analytics in its assessments of networks and operations, saying during a 2016 event produced by FedScoop analytics were the key to harnessing the power of big data.
“We are seeing real-world scenarios right now, both in performance and cyber, that are kind of scary,” Bennett said. “We too often, without analytics, shoot in the dark.”
As a workforce leader he focused on empowering others to help achieve DISA’s mission of securing the Department of Defense’s networks, he said.
“Mentoring and empowerment are both critical to enable personal and professional growth for your workforce,” he previously told WorkScoop. “Leaders invest their time in helping others identify opportunities for growth and professional development through career management advice and feedback. Empowerment builds two-way trust and facilitates personal growth.”
USCIS automating pre-processing of immigration cases
U.S. Citizenship and Immigration Services is focused on automating functions that will help pre-process immigration cases for adjudication, according to CTO Rob Brown.
Natural language processing helps harvest names for adjudicators and flag potential fraud when applicants’ stories don’t align, machine learning (ML) combs biographic and biometric data to identify people with USCIS benefits, and network analytics make connections regarding their relationships and employers, Brown said.
New tools will dissect supporting evidence related to immigration cases, making it easier for adjudicators to make decisions to award people benefits like green cards.
“Now we start to think about a lot of that pre-processing of adjudication really up front, as opposed to it being manually done or swivel chaired at an adjudicator’s workstation or workstations,” Brown said during an AI in Government event. “So providing a lot of that information upfront.”
Computer vision and optical character recognition will be used to validate documents and classify evidence, so adjudicators can click on what they want rather than sort through.
Identity proofing like mobile verification and sentiment analysis are proving more challenging, Brown said.
“We, I feel, need industry experts and assistance in looking at what does this mean from a privacy perspective and abating some of the challenges therein,” he said. “What does this mean from a security perspective?”
Identity validation presents a number of cyberattack vectors when doing something as seemingly benign as verifying photos or videos of people.
Presentation-layer, man-in-the-middle, and backend and data poisoning attacks are all possible.
“Simple things like Avatarify and even TikTok technologies have creeped in,” Brown said. “So I feel this is an area we need a lot of help with.”
Brown also hopes to deal with ML and artificial intelligence “sprawl” by consolidating toolsets and platforms to provide a more robust continuous integration/continuous delivery (CI/CD) pipeline.
Proper experimentation on algorithms that accounts for security and their sharing is also important, Brown said.
USCIS is still trying to solve the problem of data bias by automating algorithms to filter out biased data, audit pipelines and flag where data quality issues persist, Brown said.
Brown hopes to see more adaptive automated services embedding customer and adjudicator personas before 2025.
VA to pause rollout of new EHR sites during review
Officials told lawmakers the Department of Veterans Affairs will stop the rollout of its modernized electronic health record system at new sites while the administration conducts a “strategic review” of the $16 billion program.
The VA officials said they want time to examine any potential problems with the EHR at the Mann-Grandstaff VA Medical Center in Spokane, Washington — the first facility to bring the system online. Prescription mix-ups and delays in care have led to lawmakers and others calling for the VA to pause its work to fix issues that could harm patients.
“The strategic review covers a full range of program areas, including productivity and clinical workflow optimization, a human-centered design effort to understand what veterans want to see from VA’s patient portal and a sandbox environment that will allow employees at future implementation sites to conduct interdisciplinary, team-based rehearsals of these workflows in the new EHR solution,” Dr. Carolyn Clancy, VA’s acting deputy secretary, told the House Veterans Affairs Technology Modernization Subcommittee.
VA Secretary Denis McDonough first announced the review with few details late last month. At the time of his announcement, the review was said to last 12 weeks.
The decade-long EHR modernization program will migrate VA’s patient records to a Cerner Millennium-based cloud platform that comes with an all-new user interface for clinicians. It’s a massive overhaul from the current health IT system that will replace much of the front and back ends of the VA’s EHR. The system is designed to become completely interoperable with the Department of Defense’s version of the modernized system. The DOD has already launched the EHR at several military hospitals with fewer publicly-known issues.
The Government Accountability Office in February recommended VA pause the EHR’s rollout, a request the department was initially lukewarm on. But the VA appears to be heeding the watchdog’s call now.
The next center slated to get the new system is in Columbus, Ohio, but it’s unclear now when that might be given the pause. The timeline of EHR’s site launches has been delayed several times in the past due to the need for more training and the transferring of resources during the early days of the pandemic.
Ann Dunkin picked to be Energy CIO
Ann Dunkin will return to federal service as a CIO, this time at the Department of Energy.
Dunkin will soon be tapped to take over the Energy CIO role, which has been vacant since Rocky Campione left government earlier this month, sources close to the matter told FedScoop.
She comes to the job after spending the past 15 months as Dell Technologies’ CTO for state and local government, building off of her three-year tenure prior to that as the CIO of Santa Clara County.
Before her time focused on state and local government, Dunkin served as CIO of the Environmental Protection Agency during the latter years of the Obama administration. Based on that work, she was called upon recently to serve as a member on the Biden-Harris transition team working with the EPA.
Shortly after the 2020 election, Dunkin penned a report with her former EPA CTO colleague Greg Godbout on how the Biden administration should think about scaling IT modernization and innovation across government, namely through the leadership of the General Services Administration.
Energy officials did not respond to FedScoop’s request for comment prior to publication.
Matt Cutts to depart as USDS administrator
Matt Cutts announced he’s stepping down as U.S. Digital Service director in a Medium post on Wednesday.
Deputy Administrator Edward Hartwig will fill the role in an acting capacity until a new administrator is appointed.
The changing of the guard comes as USDS receives additional funding, pursues new agency partnerships and looks to hire — all as it scales its operation modernizing government services and making them more accessible.
“USDS was created to provide private sector technologists an opportunity to serve their government for a short period of time,” Cutts wrote in his post. “This year, in addition to those that joined the civil service permanently, we’ve seen an impressive number of alumni return to serve their government a second time.”
When Cutts joined in 2016, two years into USDS’s existence, he only intended to stay on three to six months.
Now the agency seeks engineers, designers, product managers, acquisition strategists, and policy experts to continue its work. That work includes supporting the Centers for Disease Control and Prevention during the COVID-19 pandemic, streamlining financial relief, improving the immigration and refugee processes, aiding students with their loans, and reforming procurement and federal hiring.
USDS grew to a team of about 180 people and a network of 500 alumni under Cutts while becoming a farm system for federal chief information officers and chief technology officers.
“The team has created and deployed tools to help better fulfill the promises we’ve made to our veterans. We’ve digitized the naturalization process and reimagined hiring across the federal government,” Cutts wrote. “We began supporting states in building more responsive systems for the millions of Americans who rely on them.”
DOD implementing new enterprise ICAM tool to support zero trust
The Department of Defense is working to implement a new identity, credentialing and access management (ICAM) tool, a key part of its journey to a zero-trust cybersecurity model, the department’s chief information security officer said Wednesday.
The tool was developed by the Defense Information Systems Agency, which had previously solicited input from industry to help develop the technology to verify users on a network. The first users who will be offered use of the tool are in DOD’s financial management divisions and will be given access on a fee-for-service basis, DOD CISO David McKeown told senators.
“Right now we have an enterprise-level solution for ICAM,” McKeown told the Senate Armed Services Cybersecurity Subcommittee during a hearing on zero trust. “That will be the exemplar that we adopt across the board, throughout the department.” It’s unclear how long it will take to roll out the solution across the department.
ICAM is critical to zero trust because the model relies on being able to track user identities across the network and ensure data access is limited only to those who can verify they need it. In the current model of cybersecurity, defenses are placed at login points — or at the perimeter — but if an attacker can get past those first defenses, they have free reign on sensitive data. That’s not the case with zero trust, where with the help of ICAM solutions access is heavily limited even within a network.
The recent SolarWinds hack where suspected Russian intruders gained access to systems and then moved around networks looking for sensitive information has pushed DOD to adopt zero trust with even more zeal, McKeown said in the hearing. DOD has said none of its networks were compromised in the hack, but it has spurred action nonetheless.
“These recent events have lead us to accelerate the implementation of our zero-trust frame works,” McKeown said.
USPTO chief information officer most excited about new search algorithms
New search algorithms for relevant prior art most excite the U.S. Patent and Trademark Office’s CIO right now.
USPTO created the machine-learning algorithms to increase the speed at which patents are examined by importing relevant prior art — all information on its claim of originality — into pending applications sent to art units, said Jamie Holcombe.
Filtering data into haystacks allowing patent examiners to more easily find what they’re looking for — the needle — is the new paradigm for search algorithms, Holcombe said.
“The ability to search, especially the big datasets, gets me so excited,” he added, during an ACT-IAC event Tuesday. “Because that means we can unleash that power to anybody who can get on a computer and access the net.”
Patent examiners previously had to scour three to four pages of single-spaces, text searches for relevant prior art assembled based on word relevance. Now examiners can search concepts like “chemical adhesion” and receive all the relevant prior art they need in one place.
Authorities to operate
One hurdle Holcombe faces as he attempts to test new innovations to modernize USPTO is that often they haven’t been approved by the Federal Risk and Authorization Management Program (FedRAMP).
Small businesses have a hard time ponying up the money needed for authorization, and the federal government is “overly oppressive” when it comes to compliance, Holcombe said.
If a new technology has potential, USPTO temporarily tests it in a sandbox to determine the minimum requirements needed to issue an authority to operate (ATO).
“We’re not exposing everything to it,” Holcombe said. “But I’m giving it enough time to grow to the point where it can comply with the minimum amount of bureaucracy that it has to comply with.”
The most important thing to Holcombe when issuing an ATO? That data at rest resides in the U.S.
Data in motion around the world can be encrypted, but the rest of the world is the “Wild West” when it comes to protecting stored data in accordance with other countries’ regimes and authorities, Holcombe said.
DOD’s innovation ecosystem is growing, but strict compliance is a barrier, DARPA director says
The number of innovative companies the Department of Defense is working with has increased in recent years, but a key roadblock remains compliance regulations, the head of the Defense Advanced Research Projects Agency told Congress Tuesday.
The growth of the innovation ecosystem is a welcome sign to DOD and is the result of outreach programs like the Small Business Innovation Research (SBIR) awards. But DARPA Director Stefanie Tompkins told senators that compliance requirements remain an obstacle to further growth of the innovation base, especially for small companies and some universities.
“We will be looking for ways to sort of meet them in the middle and find ways to make it easier for them to participate and while still being fully compliant with our requirements,” Tompkins told the Senate Appropriations Subcommittee on Defense.
While she did not name specific compliance regimes that are hampering growth of the innovation base, new requirements for contractors have been added in recent years, including the need to rid their networks of specific Chinese-made technology and to ensure their cybersecurity meets basic DOD standards.
Tompkins specifically noted some universities not being able to clear regulatory hurdles. In October, a group of universities asked for an exemption from the Cybersecurity Maturity Model Certification (CMMC), a new standard for contractors that will require them to pay for a third-party verification that their networks meet security controls. CMMC leaders have said that universities will not be exempt.
“We are going to be taking a hard look at potential barriers,” Tompkins said.
Other officials have voiced concern over the barriers CMMC could place on industry. Lauren Knausenberger, CIO of the Air Force, said she had “mixed feelings” on the program and worried some of the requirements were too strict.
“I would rather just say, ‘Hey let’s just give you some endpoint requirements,’” Knausenberger said about small sub-contractors that do not have the resources to meet some of the requirements.
Tompkins said it is important to keep growing the innovation base to meet growing technological threats. DARPA is engaged in research on artificial intelligence, hardware advancements and quantum sciences, among other areas, that often also have commercial applications.
“We are seeing that increase and we hope to see it even more,” Tompkins told Senators. “To get the best ideas and to get the best capabilities we need to be reaching the broadest possible and most diverse performer pool possible.”
Army to stand up multi-domain task force in Germany
The Army will stand up its second multi-domain task force, this time in Germany as the first unit focused on modernizing all-domain operations within Europe.
The Multi-Domain Task Force-Europe will lead the charge in implementing new combat operational constructs in Europe along with a Theater Fires Command, which will focus on increasing the range and precision of artillery through faster networks and data usage. More than 500 soldiers will be sent to Army Garrison Wiesbaden in Germany across both units, the Army says.
The task force will be comprised of artillery, missile defense, intelligence, cyberspace, electronic warfare and other elements and serve to combine their efforts through new networking technology. The task force will activate Sept. 16.
“The Theater Fires Command and Multi-Domain Task Force in Europe will enable U.S. Army Europe and Africa to synchronize joint fires and effects, control future long range fires across all domains and will create more space, cyber and electronic warfare capabilities in Europe,” said Col. Joe Scrocca, the spokesman for U.S. Army Europe and Africa.
The task forces are unique units of soldiers that are designed to implement the Army’s future concept of operations that will rely heavily on networking data across different domains, like air and land operations. The first task force was set up in the Joint Base Lewis-McChord in Washington to focus on multi-domain operations in the Pacific. The task forces also are building new all-domain operations centers that allow commanders to see more data and use technology to extract meaning from multiple operations at once.
One of the Army’s multi-domain priorities is extending the range and precision of long-range artillery, or “fires.” To achieve these goals, the Army wants to link data from all domains and create new software to fuse information into stronger targeting methods, leaders have said. The task force will take many of the lessons learned in previous Army test events and put them into practice.
“The future is all about range and speed,” Army Chief of Staff Gen. James McConville previously said about the work the multi-domain task forces are doing.
In Europe, where Russia remains the No. 1 security threat, focusing on long-range precision fires suits a land-based conflict.
The Pacific task force unit is focusing on area-denied communication resiliency, something that the Army anticipates will be a threat in the Pacific. Leaders have voiced concern about China’s technical abilities to create cyber-defenses and offensive weapons that could disable the U.S. military’s ability to communicate and use command and control systems.
“We face increased physical and virtual standoff through layered and integrated networks, where adversaries leverage all instruments of national power to blur the lines between competition and conflict, altering international norms to the detriment of the international community,” Brig. Gen. Jim Isenhower, commander of the task force in Washington, previously said.