Ex-NASA scientist imprisoned for ‘long-running deception’ working in China

U.S. District Judge P. Kevin Castel sentenced a former NASA nanotechnologist, suspected of giving Chinese nationals access to its facilities, to 30 days in prison Wednesday for lying to federal agents about working at a Chinese research university.

Meyya Meyyappan, 66, served as chief scientist for exploration technology at the Center for Nanotechnology at NASA‘s Ames Research Center, until he was caught lying to the FBI and NASA Office of Inspector General about being a visiting professor at Soochow University for an estimated $1.4 million over five years.

The case raises questions about NASA’s insider threat protections given Meyyappan’s “long-running deception,” in which he applied in 2016 to China‘s Thousand Talents Program — known for incentivizing foreign researchers to transfer technology and intellectual property licitly or illicitly, according to court documents.

“The privilege of access to cutting-edge U.S. technologies and intellectual property comes with the critical responsibility of protecting their secrecy,” said Audrey Strauss, U.S. attorney, in a statement on the ruling. “Meyyappan betrayed that trust by failing to disclose his foreign activities and then compounding his mistakes by lying to the FBI and NASA.”

Prosecutors said the government’s investigation found Meyyappan had provided Chinese researchers with data, documents and guidance on biosensors; assisted them with nanodevice fabrication; helped a Chinese company manufacture a smartphone sensor NASA is also working on; and given Chinese nationals access to NASA facilities.

“NASA is committed to conducting its work and fulfilling its missions securely and in full compliance with all applicable laws and regulations,” a NASA spokesperson told FedScoop, when asked if the agency will make any changes concerning insider threats based on the case.

Meyyappan was only charged with making a false statement to a federal agent, to which he pled guilty on January 13. The judge also ordered him to pay a $100,000 fine.

Chinese universities, including Soochow University, are considered to be incorporated under the laws of the People’s Republic of China (PRC). As such, laws that prevent high-ranking U.S. federal employees from working for Chinese companies, can also prevent them from working at Chinese universities.

According to court documents, for about eight years Meyyappan lied on U.S. Office of Government Ethics public financial disclosure reports, as well as his tax returns, about working there and universities in South Korea and Japan, according to court documents.

China’s Thousand Talents Program afforded Meyyappan an office and apartment, and he recommended other researchers for consideration. However, when interviewed by the FBI and NASA OIG on Oct. 27, 2020, he denied his ties.

“The PRC was not paying the defendant simply to publish papers on unsensitive matters, as he suggests in his brief. Meyyappan was being paid to pass sensitive and confidential NASA research to China, a foreign adversary,” wrote the prosecution ahead of sentencing. “That was why he concealed these associations for years and, when confronted about it during his proffer session, he lied.”

Meanwhile the defense said all of Meyyappan’s work abroad was published and not tied to sensitive or classified operations.

The defense said he was a hard-working immigrant from India, who’d created the NASA Ames Center for Nanotechnology from nothing and worked 25 years at the agency.

During that time Meyyappan’s 27 patents earned him a spot in the NASA Inventor Hall of Fame. His inventions include a gas sensor used to monitor crew cabin air quality on the International Space Station — the first nanotechnology in space — as well as biosensors for early heart disease detection and treating Parkinson’s disease.

The defense said NASA forcing Meyyappan to resign was punishment enough.

“The job he loved, the profession he was dedicated to, and the reputation for innovation and excellence that he built all cease to exist,” read their memo to the judge ahead of sentencing. “This, more than anything, is a much more severe sentence than any period of incarceration.”

For that reason Meyyappan should receive time served or one year of probation maximum, the defense added. Meyyappan’s attorney did not respond to a request for comment.

While the prosecution agreed Meyyappan was not likely to reoffend, they sought up to six months imprisonment to deter other U.S. researchers from doing the same thing.

“[A] term of imprisonment is appropriate for reasons of general deterrence,” read their letter to the judge. “When a high-level U.S. government employee breaches the duties that he owes to his country by passing sensitive and confidential scientific research to the Chinese, and then lies about it, a message must be sent that this serious conduct that will be punished.”

GSA makes 426 awards on $50B STARS III contract with more to come

The General Services Administration made awards to 426 small businesses in an effort to provide agencies with more emerging technology options, completing the first phase of its $50 billion 8(a) STARS III contract Thursday.

No task orders can be made until GSA issues the notice to proceed, expected in July, when agencies can begin taking advantage of the fourth-generation governmentwide acquisition contract (GWAC).

GWACs are best-in-class, easy-to-use contracts that allow agencies to procure IT from prime contractors. The 8(a) STARS III contract is expected to focus on emerging technologies and technologies outside of the continental United States.

“GSA is rolling out this new contract vehicle in cohorts, balancing the need to provide innovative products and services that agencies require quickly with the intent to onboard the broadest number of small businesses over time,” said Sonny Hashmi, commissioner of the Federal Acquisition Service within GSA. “Through this strategy GSA can start to create an immediate positive impact to our partner agencies’ missions, while increasing opportunities for our small business partners.”

Phase 1 awards come almost a year after GSA issued its request for proposals, and the agency will hold discussions with the remaining offerers later this summer before making a second phase of awards.

The Small Business Administration partnered with GSA to support the small, disadvantaged businesses that received awards in keeping with President Biden’s January executive order to improve racial equity.

“The 8(a) STARS GWAC program represents an inclusive opportunity for small, disadvantaged firms to compete within the federal marketplace and gain valuable experience in navigating agency requirements,” said Exodie C. Roe III, associate administrator of the Office of Small and Disadvantaged Business Utilization within GSA. “More than $18 billion have been awarded through GSA’s 8(a) GWACs, and many successful firms have graduated from the SBA’s 8(a) Program to compete on a larger scale.”

VA will use $670M from transformational fund to supplement 2022 IT budget request 

The Department of Veterans Affairs will supplement its $4.8 billion request for the Office of Information Technology’s fiscal 2022 budgett with $670 million from expired funds already appropriated by Congress.

The additional funds, called the VA’s Transformational Fund (TF), boosts the $269.9 billion all-in base funding request for the fiscal 2022 with a total of $820 million. The other $150 million from the transformational fund account will go to physical infrastructure upgrades.

The TF was created by legislation passed in 2016, and allows the VA to transfer unobligated balances of expiring discretionary funds to be used for facilities infrastructure improvements at existing VHA hospitals and clinics and IT improvements.

At a hearing on Wednesday, VA Chief Financial Officer Jon Rychalski told the Senate Committee on Veterans’ Affairs outlined the extra funds, which will take total funding for the agency’s Office of Information Technology (OIT) to $5.5 billion, up from $4.9 billion in 2021.

“We also have access to the transformational funds starting in [fiscal 2022], which is access to our expiring appropriations that we can use for two purposes, one is for IT and one is for physical infrastructure,” said Rychalski.

From the transferred funds $477.5 million is being request to for the IT infrastructure, $122.9 million for enhancement of the financial management systems and $69.6 million for modernization and sustainment of human resources IT systems, according to budget documents.

The OIT budget is separate from the the VA’s electronic health records modernization program, a  $16 billion, 10 year drive to migrate medical records to a Cerner cloud system and modernize the entire IT system medical staff use when working with patients. The program has hit several road blocks, including a pause in roll out while VA Secretary Denis McDonough completes a strategic review of the program. The VA asked for $2.7 billion for the EHR program in fiscal 2022.

“I’ll be in a position before the end of this month to submit a series of reports” on the EHR program, McDonough told senators.

Senate legislation proposed to create tax credit for US semiconductor manufacturing

Senate lawmakers have introduced bipartisan legislation that would establish an investment tax credit for domestic semiconductor manufacturing.

The bill was introduced Thursday by Sens. Ron Wyden, D-Ore., and Mike Crapo, R-Idaho, and follows the passing vote earlier this month by Senate lawmakers to pass the U.S. Innovation and Competition Act (USICA), which includes $52 billion in funding provision for semiconductor manufacturing, design and research.

Called the Facilitating American-Built Semiconductors (FABS) Act, the legislation is the latest measure proposed in response to rising concerns about the technological dominance of China and supply chain weakness.

In January, Congress enacted the CHIPS for America Act as part of the fiscal 2021 National Defense Authorization Act (NDAA), which authorizes incentives for domestic semiconductor manufacturing and investments in chip research. Since then, industry groups, including the Semiconductor Industry Association, have called on leaders in Congress to enact an investment tax credit, such as the measures included in the legislation introduced on Thursday.

According to research by the SIA and Boston Consulting Group, the share of global semiconductor manufacturing in the U.S. decreased from 39% in 1990 to 12% today. Among factors cited as driving the decline in market share are tax incentives issued by governments of other countries.

Commenting on the move, SIA president and CEO John Neuffer said: “Boosting domestic chip manufacturing and research will keep America on top in semiconductors, which underpin the game-changing technologies of today and tomorrow.”

Neuffer called chip production and research “critical to U.S. job creation, national defense, infrastructure, and semiconductor supply chains.”

Verizon gets $495M to build network for DOD’s supercomputers

The Department of Defense has selected Verizon to create a network for its high-performance computing centers and other research and engineering labs.

The $495 million contract will be for a full range of network tech and services, aiming to boost the connectivity between 200 of DOD’s research, developing and testing labs. In a press release, Verizon described the network, known as the Defense Research and Engineering Network (DREN), as a “high-bandwidth, low-latency, Layer 2 wide area network.” It will also provide services to a separate initiative called the High Performance Computing Modernization Program (HPCMP), which is DOD’s main program to test supercomputers.

The contract comes as DOD is trying to boost its research and development funding to record highs, especially in areas of emerging technology like artificial intelligence. AI is powered by the type of high-performance computing resources this contract will create a network for.

“Investments across Verizon’s enterprise business enable the kind of tailored solutions our team will deliver to the U.S. Department of Defense and the Defense Research and Engineering Network,” Jennifer Chronis, senior vice president for public sector at Verizon, said in a statement.

The work will include providing everything from switches, routers, firewall protection and edge compute capabilities, according to Verizon.

Air Force, Navy developing agreement to share coding platforms

The Air Force and Navy are working on an agreement that will allow each of their software factories to share more code and products.

The agreement is close to being finalized Navy CTO Jane Rathbun said Tuesday. There are still technical “nuances” being worked out between the departments on how best to create a collaborative environment between the Air Force’s Platform One and the Navy’s Black Pearl, each service’s DevSecOps software development platforms, but the gist of the agreement will allow each to work off the other’s platforms and code more easily, Rathbun added.

Air Force Chief Software Officer Nicolas Chaillan confirmed this in a statement to FedScoop, saying: “The Department of the Air Force [is] working with the Navy leadership to define what a collaborative environment between Black Pearl and Platform One looks like.”

Platform One has a continuous authority to operate (c-ATO), meaning that its coding environment and processes have been certified to be so secure that the products it makes and any updates to the platform do not need additional approvals before going live. That cuts down the time it takes to start using the software, as the typical ATO process can take weeks or months.

While the two services already share some products, like the code repository Iron Bank, they want to deepen what each can do with each other. The Navy’s Black Pearl platform is newer than Platform One, and the service hopes to build off the Air Force’s work to give sailors and Marines an established DevSecOps environment to code in. Black Pearl had a soft launch in September with an initial cohort of users gaining access to the coding environment.

“We are leveraging as much of what the Air Force has done that we can,” Rathbun said.

Platform One is also trying to share its work by transitioning some of its products to the private sector through a Cooperative Research and Development Agreement (CRADA). The agreement between the government and non-government entities allows for the private sector to commercialize government-created technology, in this case, the Air Force’s coding environment.

One detail being worked out between the Navy and Air Force is how each service will develop on top of shared source code.

“[I]t is critical that we ensure there is no forking of code or any drift between implementations,” Chaillan said, referring to the practice of developing new applications and pieces of software on top of the same source code.

The idea is to be as interoperable as possible, Rathbun said. The agreement would commit more resources to how the two work together, evolving their relationship to include more recognition and the ability to share products.

“What we have discovered in our partnership is there is some nuance in how the Navy needs to deploy” software, she said.

Officials urge agencies to coordinate their IPv6 and zero-trust plans

Agencies should develop their IPv6 and zero-trust architecture implementation plans simultaneously because the two work in tandem to improve network cybersecurity, say federal officials.

IPv6‘s 340 undecillion Internet Protocol addresses not only solve the scalability issue of IPv4, which ran out of readily available addresses in 2015, but they support end-to-end visibility and microsegmentation required for zero-trust security.

Agencies’ IPv6 implementation plans, due before the end of fiscal 2021, align with the cybersecurity executive order President Biden issued in May requiring agencies to develop zero-trust architecture implementation plans.

“By providing end-to-end network paths and better support of microsegmentation, the transition to IPv6-only is going to be a key component of zero-trust architecture — which is one of the key pillars of the executive order,” said Maria Roat, deputy federal chief information officer, during the IPv6 Summit hosted by the General Services Administration on Wednesday.

GSA officials at the event would not immediately comment on whether all agencies had met the Office of Management and Budget‘s 180-day deadline to publicize their IPv6 policies, set in a November memo, or if they’re on pace to complete one IPv6-only system pilot before the end of fiscal 2021.

Agencies have opened a “great dialogue” around IPv6 in recent recent months, with the Cloud and Infrastructure Community of Practice hosting meetings in January and May attended by hundreds of federal employees, said Tom Santucci, director of governmentwide policy for the Data Center Optimization Initiative and CloudSmart at GSA.

OMB’s memo further requires 80% of all IP-enabled assets on federal networks to operate in IPv6-only environments by fiscal 2025.

“Support from agency leadership and our industry partners is essential to meet this goal,” Roat said. “And when I say agency leadership, this is not just the CIOs; this is the [chief financial officers], this is the mission owners and everyone that has a stake in the modernization across the board.”

While IPv6 promotes zero-trust security, it also paves the way for 30 billion network devices to connect to the internet by 2023 — expanding the cyber threat landscape even as it improves 5G connectivity. That has agencies like the National Institute of Standards and Technology updating security guidance and developing related testbeds and practice guides.

NIST’s Guidelines for the Secure Deployment of IPv6 haven’t been updated since they were published in 2009.

“A lot has changed about the IPv6 technical landscape, how people handle transition mechanisms to bridge legacy systems, mp6 systems,” said Doug Montgomery, manager of internet and scalable systems research at NIST. “That security guidance needs updates.”

The goal is to turn the guidance into an IPv6 deployment scenario playbook for agencies’ decision makers, Montgomery added.

Meanwhile the National Cybersecurity Center of Excellence within NIST is launching a public-private partnership to demonstrate IPv6-only deployments with plans to produce a practice guide full of use cases.

NIST is also working to ensure IPv6 transitions are included in risk assessments under its Risk Management Framework.

The Cybersecurity and Infrastructure Security Agency is addressing the expanded cyber threat landscape IPv6 presents by issuing guidance for agencies and industry, starting with its Trusted Internet Connections 3.0 program. CISA also wants to ensure its tools can measure IPv6 implementation.

“We are making sure that all programs and services that CISA provides to federal agencies and other state, local, tribal and territorial governments also support IPv6,” said Branko Bokan, cybersecurity specialist at CISA.

While OMB has pushed a transition to IPv6 since 2005, for the first time every common operating system and platform on the market has a mature IPv6 implementation, and much more is known about how to transition away from IPv4, Montgomery said.

Now the majority of traffic to agencies’ public-facing services is IPv6 because industry surpassed the government in IPv6 adoption.

“Amazon Web Services supports the U.S. federal government’s move to IPv6,” wrote Dominic Delmolino, vice president of worldwide public sector technology and innovation at AWS, in a blog Tuesday. “Transitioning to IPv6 will make sure that growing government networks and Internet of Things devices benefit from the increased scale of IPv6.”

Space Force adviser says service may need tailored tech

The Space Force wants to build its own tailored tech on top of the enterprise IT provided by the Air Force, a strategic adviser in the new service’s Technology and Innovation Office said Wednesday.

Requirements that are unique to the Space Force include the creation of a digital engineering environment, where satellites can be designed and tested virtually before being launched into space.

“There will be space force needs that we will either build upon that foundation or we will have to go get ourselves,” said strategic adviser Reb Butler, speaking at an event hosted by the Armed Forces Communications and Electronics Association.

The Space Force, a part of the Department of the Air Force, wants to be the first “digital service” since its operations all involve tech, be they satellites or global communications networks. Butler stressed that a key part of being a digital force is not only building out digital tools but having a digitally savvy workforce.

So far, only 30 percent of new Space Force staff have completed their required initial digital training in things like software and IT. The course work is through the Air Force’s Digital University, a library of classes on tech-related topics.

“We are pleased with the progress and look to onboard more courses to Digital University soon,” A Space Force spokesperson told FedScoop. The requirement to complete the training is self-paced, the spokesperson added.

The majority of the more than 5,500 staff that transferred from the Air Force have previously worked on space-related missions.

As the force brings on more members and expands its mission areas, it plans to run a pilot on communicating with industry, Mike Dickey, director of the Space Force’s Force Design Integration Office, said.

That would be a wholly new way to communicate requirements and one that would rely heavily on tech.

“That’s something that’s very early, we might try to do a pilot later this year,” Dickey said.

‘We need continued support from Congress,’ says CISA chief Wales

The Cyber and Infrastructure Security Agency (CISA) needs continued support from Congress, including backing from lawmakers for the creation of a cybersecurity recovery fund, Brandon Wales said Wednesday.

Wales, the acting director of CISA, said at CyberScoop’s CyberTalks conference that the agency is working hard to promote best cybersecurity practices but that it will need further support from lawmakers to ensure success.

“We are using our voice at CISA to raise awareness, provide best practices, advocate for more funding, but we can’t do it alone,” Wales said. “We need continued support from Congress, including in critical new areas such as dedicated cybersecurity preparedness grants for our state and local governments, and establishing a new cybersecurity recovery fund to ensure our nation can respond to catastrophic cyber incidents.”

His comments come as federal agencies ramp up their response to the epidemic of recent ransomware attacks on entities core to U.S. digital and physical infrastructure, including the Colonial Pipeline hack last month and the SolarWinds attack, which was revealed in December last year.

The creation of a cybersecurity recovery fund was proposed in a report issued at the end of March by the Ransomware Task Force (RTF) — a public-private coalition launched to tackle the ransomware threat that has received White House backing.

In an interview with FedScoop earlier this month, RTF co-chair Chris Painter said that any prospective ban on the payment of ransom demands made by hackers would likely need to be phased, and also accompanied by support measures such as a victims recovery fund. The creation of such a fund would likely require approval from lawmakers.

Speaking at CyberTalks, Wales also highlighted the cybersecurity skills gaps that remain across government and in the private sector, and noted that the U.S. faces an expected cybersecurity workforce shortage of 1.8 million by 2022. The NSA and Department of Homeland Security are among the agencies making major investments in university and community college programs designed to support technology talent considering a career in the federal government.

The CISA chief issued a wider call to arms to the private sector, stressing the importance of improving cybersecurity measures and reporting cyberattacks immediately to the federal government.

“I believe we are at a tipping point, and the time is now to take action for the long-term health of our national security.”

ACLU wants Secret Service and Coast Guard records included in its phone tracking suit

The American Civil Liberties Union seeks a court order requiring the Department of Homeland Security to refer its request for records on the warrantless purchase of cellphone location data to the Secret Service and Coast Guard.

DHS waited more than 14 months to reject the ACLU’s request, and the organization is arguing that resubmission to the individual agencies would cause a “pointless delay” in its lawsuit.

The ACLU sued DHS, Immigration and Customs Enforcement, and Customs and Border Protection in December over their secret use of a Venntel database for immigration enforcement and potentially more, and now it seems other agencies within the department may be involved.

Since the start of the lawsuit, ICE has proposed a records processing schedule of 500 pages a month — an “unreasonable” pace given the “significant” public interest in the case, according to the ACLU’s response filed April 23.

The DHS Office of Inspector General is now investigating use of the database, and legislation has been introduced that would prohibit warrantless access of such data — necessitating a records processing schedule of at least 1,000 pages a month, the ACLU continued.

“CBP and ICE are producing records on an ongoing basis, but the court has not yet ruled on the disputes the parties presented to it in April,” Nathan Freed Wessler, deputy director of the ACLU’s Speech, Privacy, and Technology Project told FedScoop. “The public interest in the information we are seeking is as strong as ever, with Congress now considering the Fourth Amendment is Not For Sale Act and federal agencies continuing to aggressively purchase access to this highly sensitive information about people’s movements and activities.”

ICE’s current pace would take a year and a half to complete, and that doesn’t include the time the ACLU will have to spend challenging the adequacy of the records returned and agency withholdings and redactions.

The ACLU said the end of May was a reasonable timeframe for the DHS Office of Procurement Operations to provide 22 pages of relevant records and May 20 a fair deadline for the Office of Civil Rights and Civil Liberties, Science and Technology Directorate, Privacy Office, and Office of the General Counsel to complete their searches and assess the volume of relevant records. The organization proposed they submit a joint letter to the U.S. District Court setting a deadline of May 27 to process the records.

DHS did not respond to a request for comment by time of publication.

Democratic Senate aides initially uncovered DHS agencies’ warrantless use of the cell-phone location database during a series of summer oversight calls, but their follow-up requests for more information were ignored — prompting the ACLU’s lawsuit.

Washington, D.C.-based mobile analytics company Venntel collects the data from apps and sells it to government customers, though its full client list hasn’t been disclosed.

The IRS revealed on a June oversight call that its Criminal Investigation unit subscribed to Venntel’s database between 2017 and 2018. Senators subsequently pressured the agency’s inspector general to investigate, though J. Russell George only promised to report back “to the extent allowable under the law.”

CBP’s Venntel database subscription cost half-a-million dollars.

At issue is the Supreme Court’s 2018 Carpenter v. United States decision, which found collection of significant quantities of historical phone location data constitutes a search requiring a warrant under the Fourth Amendment. The ACLU wants to know if immigration authorities are paying for access to databases to circumvent that ruling.

The lawsuit requests copies of contracts, policies and procedures for data use, communications with companies and the related legal analyses.