Lawmakers reintroduce bill to finance 5G projects in 22 European countries
House lawmakers have reintroduced legislation that would let the federal agency responsible for financing private development projects abroad fund 5G infrastructure development in 22 countries in Central and Eastern Europe.
Under the Transatlantic Telecommunications Security Act, the U.S. Development Finance Corporation would work with relevant agencies improve the resilience of vulnerable telecommunications networks by providing early- and late-stage project support and replacing potentially compromised equipment.
The bill was first proposed towards the end of the last legislation session in December 2020, when it was referred to the House Foreign Affairs Committee but never taken up. It is co-sponsored by Rep. Marcy Kaptur, D-Ohio, and Rep. Adam Kinzinger, R-Ill.
The proposed legislation responds to China‘s Belt and Road and 17+1 initiatives, which have seen state-linked telecom companies Huawei and ZTE sell potentially compromised infrastructure in a region historically lacking it since the Soviet era.
“The United States and our allies are facing increasing threats from state-linked companies in China as they seek to infiltrate and undermine democratic institutions,” said Rep. Marcy Kaptur, D-Ohio, in a statement. “These companies pose an especially dire risk as our European allies and partners work to build out their 5G infrastructure.”
5G networks will further development of emerging technologies like artificial intelligence, making it “critical” to European nations’ security and economies they be protected from “malign” actors like China and Russia, Kaptur added.
The legislation supports the Three Seas Initiative organized by 12 Central and Eastern European countries in the European Union to secure the telecom space, as well as Ukraine, Moldava, Georgia and Western Balkan countries interested in joining the EU.
If made law, the act would require the State Department to work with DFC and the U.S. Trade and Development Agency to identify 5G projects worth financing. Eligible projects would improve 5G networks with new hardware or software, provide market transparency, avoid or replace potentially compromised equipment, and increase telecom integration in the target region.
Preference would be given to projects that attract private sector, international financial institution, home government or European Commission investment; are available for funding through the Three Seas Initiative Investment Fund; are in countries belonging to that initiative, NATO or are democratic-leaning; and advance U.S. economic interests.
The U.S. president would have a year from enactment to report the progress made assisting projects, including financing and contractual terms and success eliminating potentially compromised equipment.
All told, the countries included in the act are: Albania, Austria, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, the Czech Republic, Estonia, Greece, Hungary, Kosovo, Latvia, Lithuania, Moldova, Montenegro, North Macedonia, Poland, Romania, Serbia, Slovakia, Slovenia, and Ukraine.
Sen. Mark Warner, D-Va., in November called for an “alliance of the willing” between the U.S. and its allies in Europe, Japan, South Korea, India, and Israel to pool resources and possibly financing for 5G, AI, quantum computing, and facial recognition research and development. The current chair of the Senate Intelligence Committee said that way Western companies can compete with Chinese ones.
“Many of them are quite good, but at the end of the day they are not loyal to their shareholders,” Warner said back then. “They are loyal to the Communist Party of China, which in my mind makes them a national security threat.”
VA found ‘no evidence’ of compromise in SolarWinds hack: CISO Cunningham
The Department of Veterans Affairs (VA) was not a victim of the sweeping SolarWinds hacking campaign, the department’s top cyber official told lawmakers Thursday.
Paul Cunningham, chief information security officer of VA, said there was no evidence of compromise across its wide-ranging and complex networks. He told lawmakers this finding was reaffirmed in separate investigations by the Cybersecurity and Infrastructure Security Agency and the intelligence community.
Within 12 hours of CISA’s emergency directive to agencies to suspend the use of SolarWinds’ Orion platform, the VA was able to remove the software from its environment, according to Cunningham. It then searched for indicators of compromise across its networks but found none.
“We installed all the indicators of compromise, we replayed our NetFlow data looking for any other indicators that show this might have happened in the past, to identify that maybe an attacker used those indicators before who received them,” he said during a House Veterans Affairs Subcommittee on Technology Modernization hearing. “There was no evidence of that.”
CISA, the federal government’s lead cybersecurity agency housed within the Department of Homeland Security, then took a look at the VA’s systems “and found nothing,” Cunningham said. The VA also invited the intelligence community to assess the situation.
“[T]hey would come back to us if they saw anything — that’s how they put it. And they didn’t come back.”
On top of this, the VA contracted with Microsoft to once again look for any indicators of compromise. Cunningham said the company also found nothing.
“They agreed that there was no indicators that would show…first of all, that the malware was activated, or that it was used in a way to move data and nefarious way,” Cunningham added.
The biggest impact to VA, according to the official, was that in taking the SolarWinds software offline, there was a loss in the “operational monitoring” the Orion platform provides.
As the VA chose to be “slow and methodical” about investigating the possibility of compromise, it was without that capability for some time before bringing it back online in coordination with CISA guidance.
The story wasn’t the same for at least nine U.S. government agencies and 100 companies who fell victim to the Russian hackers who exploited SolarWinds’ software to access their systems and data.
Government Accountability Office highlights rising cost of cyber insurance
The U.S. Government Accountability Office (GAO) highlighted the rising cost of cyber insurance in a new report assessing challenges faced by the private market in mitigating cyberattacks.
In its study published Thursday, the agency said that according to industry sources, rates have surged. It also cited a recent insurance broker survey, which found that premiums for more than half of clients rose by 20% to 30% in late 2020.
“After holding relatively steady in 2017 and 2018, cyber insurance premiums increased markedly in 2020,” the agency said in its report. “Higher prices for cyber insurance have coincided with increased demand for the product and higher insurer losses from increasingly frequent and severe cyberattacks (particularly ransomware attacks that block users from accessing systems or data until a ransom is paid).”
GAO has studied the private cyber insurance market in response to new requirements included in the National Defense Authorization Act for the fiscal year 2021.
Most publicly listed companies purchase standalone cyber coverage as part of their risk management operations, as do some public sector entities such as state governments and agencies.
The report found also that insurers are offering lower coverage limits, and noted that insurance companies have limited historical data on most losses.
Insurance companies are offering lower coverage limits and increasingly encouraging clients to purchase specific, standalone cyber policies. Previously, many insurers have offered cyber coverage as an optional add-on to other types of policies, such as property insurance.
This has created aggregation risk for the insurance market, which is known as “silent cyber.”
According to GAO, the language used in cyber policies also often lacks common definitions.
Cyber insurance companies’ appetite for writing policies for public sector entities has declined substantially in recent months, following a slew of high-profile attacks, including attacks against Texas’ Department of Transportation and state court system.
Oak Ridge lab leader says further investment key to U.S. leadership in supercomputing
A supercomputing expert at the Oak Ridge National Laboratory has warned that investment is key to U.S. leadership in exascale computing and that scientific innovation could “stagnate” if it is not forthcoming.
“Without investment, essentially we are going to stagnate scientific innovation,” said Georgia Tourassi, responding to lawmakers’ questions on Wednesday. “We will stop innovating not only across basic sciences but across applied sciences.”
Tourassi is director of the National Center for Computational Sciences at Oak Ridge National Laboratory, which is a multiprogram science and technology laboratory sponsored by the U.S. Department of Energy. The research leader testified at a subcommittee hearing of the House Committee on Science, Space and Technology.
Oak Ridge is developing a new exascale computing system called Frontier, which is expected to be completed in October. It will compute eight times faster than the nation’s current most powerful supercomputer, Summit, which is also housed at the laboratory.
Congress has so far sought to fast-track development of exascale computing by appropriating $1 billion during fiscal 2021 to the Department of Energy’s Advanced Scientific Computing Research program, which is leading development of the Frontier exascale computing system. Exascale refers to a computing system that can perform at least one exaflop – or one quintillion (a billion-billion) calculations per second.
All told, the Department of Energy and the National Nuclear Security Administration within DOE have spent $460 million on their joint Exascale Computing Project to date. The hearing on Wednesday comes as the U.S. races to catch up with China in a supercomputing arms race.
“It is imperative for the United States to expand and enhance the national research computing ecosystem,” added Tourassi, giving evidence at the hearing. “The DOE has asked us to deliver Frontier one year earlier than planned, and we’re focusing our efforts on meeting that effort.”
Another exascale computing system will go to Argonne National Lab in 2022 and a third to Lawrence Livermore National Lab in 2023. But high-performance computing is also an investment priority for U.S. competitors China, Japan and the European Union.
Commenting on the U.S.’s development of supercomputing capabilities, Rep. Frank Lucas, R-Okla., the ranking member of the House Science Committee, said: “We know that our international competitors, like China, are outpacing us in basic research investment and are closing the gap in key computing focus areas like artificial intelligence and quantum sciences.
“Expanding our capacities in these fields requires a strategic effort with strong federal investment and active public-private partnerships,” he added.
Lucas is involved in crafting the Securing American Leadership in Science and Technology (SALSTA) Act that would roughly double ASCR’s funding over the next 10 years.
Lawmakers are also considering the Quantum User Expansion for Science and Technology (QUEST) Act, which would establish a DOE program for forming public-private partnerships around resource use and encourage increased participation in quantum information science.
Republican lawmakers call for DOD to release full findings of JEDI investigation
Despite Amazon Web Services losing out in the bid for the Pentagon’s potential $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud contract, a pair of Republican lawmakers continue to press the Department of Defense for more information on an investigation into allegations of impropriety between department officials and the cloud computing company.
Republican Reps. Steve Womack of Arkansas and Chris Stewart of Utah sent a letter Thursday to DOD Secretary Lloyd Austin and acting department Inspector General Sean O’Donnell asking for “immediate access” to all records associated with the DOD IG’s investigation of the JEDI procurement.
“Since JEDI’s inception, multiple Members of Congress, including one of the undersigned, have repeatedly raised concerns to DOD regarding allegations of impropriety that now-former DOD officials engaged in unethical misconduct related to JEDI, in our opinion, these allegations remain unresolved,” says the letter. The lawmakers point specifically to allegations of conflicts of interest with former DOD officials who also had previous ties to Amazon.
The Pentagon issued a 300-page report on its investigation last spring in which it declared there were violations of ethics agreements, but that they weren’t substantial enough to affect the massive procurement.
The lawmakers want complete access to the investigation file, “including all collected e-mails, interview notes, and any interim investigative memorandum.”
Meanwhile, Amazon continues to wage its own battle to overturn the JEDI contract’s award to Microsoft roughly 18 months ago. Amazon has two main claims in its larger JEDI bid protest: That “DOD consistently and repeatedly made prejudicial errors, at every step along the way, that systematically favored Microsoft,” and that this happened because of overt influence from President Trump and other high-level government officials, who wanted to do harm to Amazon.
Since Amazon’s filing of the protest in December 2019, the $10 billion cloud acquisition has sat stalled, awaiting the court’s approval to start work.
Most recently, the Court of Federal Claims issued a sealed decision denying a motion by the Department of Justice and Microsoft to dismiss part of Amazon’s protest. Not only does that motion, issued in April, mean that the lawsuit will continue on even longer, but the DOD said before the decision that if things were to continue on much longer, it might consider alternatives to JEDI.
Lawmakers urge Department of Defense to help address backlog of veterans’ records
Lawmakers have signed a bipartisan letter calling on the Department of Defense to intervene after coronavirus delays caused a major backlog of requests from veterans seeking essential service records.
In the missive, which was sent on Thursday, 10 senior politicians called on Secretary of Defense Lloyd Austin to address the data pile-up. Signatories of the letter included Rep. Carolyn Maloney, chairwoman of the Committee on Oversight and Reform, D-N.Y., and Rep. Glenn Grothman, R-Wisc., who is a ranking member on the committee’s National Security Subcommittee.
Veterans across the U.S. require access to the records in order to receive service-related benefits such as medical treatment, unemployment assistance, home loans and emergency services for unhoused veterans.
Since implementing workplace restrictions at the start of the coronavirus crisis last year, the National Archives and Records Administration (NARA) has been unable to process thousands of requests for veterans’ records.
The call for assistance comes after NARA earlier this month requested help for pandemic recovery operations at its personnel records center. At the time, the agency’s Chief Operating Officer William Bosanko asked the DOD to support the off-site sorting and batching of military personnel folders to speed the retrieval of records.
“Veterans and their families depend on timely access to personnel records in order to receive life-saving medical care, emergency housing assistance, proper military burials, and other vital benefits earned through service to our country.
“We urge DOD to support the NPRC’s work and to ensure that we uphold our solemn pledge to care for our nation’s veterans,” the lawmakers said in the letter. “We respectfully ask DOD to prioritize and fulfill NARA’s request.”
According to NARA, as of May 10 the agency had a backlog of 500,000 delayed requests for veterans’ records.
Department of Veterans Affairs picks Booz Allen for $1.1B benefits processing contract
The Department of Veterans Affairs (VA) has awarded a $1.1 billion benefits management and processing contract to Booz Allen Hamilton.
Under terms of the task order, Booz Allen will provide support for the VA’s benefits integration initiative, which is focused on reusing and expanding technologies used with the veteran benefits management system.
The contract award is the latest stage in a long-running attempt by the VA to modernize its benefits system, after lawmakers in 2017 passed legislation codifying systems improvement. The legislation requires an update to the way veterans can receive tuition and other benefits for higher education.
In March this year, VA announced it would build a new “Digital GI Bill” platform to increase communication between veterans, schools and the government. It awarded the contract to start building it to Accenture Federal Services.
The latest initiative is intended to increase the efficiency of technology systems within the Veterans Benefits Administration and the National Cemetery Administration.
VA issued the task order as part of its transformation twenty-one total technology contract (T4NG), which is used to procure IT services.
The task order comes after Booz Allen earlier this month announced that it would acquire federal IT consultancy firm Liberty, for $725 million.
Defense IT agency awards $217M cyber contract to ASRC Federal
The Defense Information Systems Agency (DISA) has awarded a $217 million cyber support contract to ASRC Federal.
Under details of the contract, ASRC’s communications division will provide cyber, cloud and other IT services to the agency over the next five years.
ASRC is tasked with developing a more efficient and secure cloud defense environment. It will build a centralized platform to serve as a cyber operations hub across the Department of Defense Information Network.
Commenting on the contract, ASRC Federal President and CEO Jennifer Felix said: “Implementing Cloud technology and Agile methodologies will allow the unified cyber situational awareness program to rapidly provide defensive cyber operations analysts the information they need to help protect and defend the Department of Defense from cyber-attacks.”
ASRC Federal is the government services arm of Arctic Slope Regional Corp., which is an Alaska-Native corporation owned by 13,000 Iñupiat shareholders. The group provides contract services to federal government agencies and has about 8,000 employees.
Earlier this year in February, ASRC was awarded a $457.5 million contract by the U.S. Air Force for base operation support.
Last week President Biden announced a cybersecurity executive order that pushes government agencies to adopt secure cloud services by making them develop zero trust security plans.
TMF Board braced for priority reviews of ‘pretty robust’ project proposals
The Technology Modernization Fund Board expects to receive fewer than 100 “pretty robust” project proposals from agencies by June 2, when it will begin priority reviews, said Federal CIO Clare Martorana.
Cybersecurity proposals are the board‘s focus — given the recent string of high-profile hacks compromising some agencies — followed by projects modernizing critical systems, providing public-facing digital services and encouraging cross-governmental collaboration with scalable services.
Project proposals submitted after June 2 will continue to be reviewed on a rolling basis, but the board is conducting priority reviews due to the “urgency” with which Congress appropriated $1 billion to the TMF fund in March, Martorana said.
“We are going to be working very collaboratively with agencies to see where their projects fit in these different priority areas and hope to be able to roll out some really high-impact projects that are helping us with our cybersecurity maturity across our entire federal enterprise,” she said during an AFFIRM event Wednesday. “As well as getting to the work that many agencies have been undergoing for multiple years, which is modernizing those high-priority systems and trying to roll out these high-impact, public-facing digital services.”
Agencies shouldn’t “self-edit” themselves out of the TMF process over repayment concerns because the Office of Management and Budget will work with the General Services Administration to develop partial and minimal repayment plans for agencies on a project-by-project basis, Martorana added.
The Office of the Federal CIO is also looking to increase implementation of the 21st Century Integrated Digital Experience Act (IDEA) — which is a “great blueprint” for turning paper-based processes into digital services — across government, she said.
“I know that there hadn’t been an enormous amount of guidance provided,” Martorana said. “So that is something we’re working internally on at OMB, to make sure that we can cascade the right guidance out to the federal community.”
The Federal CIO Council last week launched efforts to convene a working group around creating a governmentwide IT modernization plan.
On top of all of this, some agencies have struggled to mitigate cyber threats, use data strategically and acquire IT services during the pandemic, Martorana said.
“One of the challenges that I think we are going to continue to focus on is procurement and how procurement impacts our ability to deploy our dollars effectively, meeting the needs of our customers,” she said. “Also the scale of delivering these digital services across this enterprise.”
Those who are ‘data fluent’ will be future leaders of DOD, deputy CDO says
The Department of Defense is in the midst of a transformation rooted in becoming a more data-driven, digital organization. And to get there, the department is going to need to not only develop a culture centered on data but build a workforce of data-savvy leaders, said one of its top data officials.
The DOD is working this year to implement a “broad program of data training, education and outreach that will have a positive and lasting effect on DOD’s culture,” Clark Cully, deputy chief data officer, said at Informatica’s Data in Action Summit, produced by FedScoop.
As data management and utility becomes more engrained in the department’s DNA, the ability to understand and use data will become an essential skill across the ranks of the military — especially for those at the top, Cully said.
“Those who are fluent in using data will be the future leaders in our organization,” he said.
Cully’s remarks came shortly after Deputy Secretary of Defense Kathleen Hicks introduced “data decrees” to the department. The decrees give instructions, in concert with the department’s data strategy, on how to better use the military’s data for everything from back-office operations to battlefield decision-making.
This new model was developed to “enable our warfighters in the field to have strategic impact,” Cully said. “We need to equip and entrust our service members to operate as edge nodes able to sense, understand and act with both speed and precision.”
But the model is nothing without service members who understand how to operate in it.
“This approach is fundamentally rooted in the quality of our people,” Cully said. “While the latest technology is important, success ultimately depends on our investments in human capital. We urgently need empowered and data-savvy leaders. Recruiting, growing, retaining and reskilling the right talent is going to take us a lot of time.”