Page 43 | FedScoop

Defects in Education Department’s FAFSA processing system release called out by GAO

Delays and errors were among the “troubling” issues identified with the Department of Education’s new system for its Free Application for Federal Student Aid (FAFSA) form, the Government Accountability Office said this week.

In a report and congressional testimony released Tuesday, the GAO said the education agency’s Office of Federal Student Aid (FSA) pinpointed and addressed defects in the FAFSA Processing System (FPS) before deployment, but continued to find “numerous defects” after its launch. FSA currently has 20 unresolved issues with FPS, including those of critical, high and medium severity.

During a House Education and the Workforce subcommittee hearing Tuesday, Marisol Cruz Cain, the GAO’s director of IT and cybersecurity, highlighted a recommendation in the report to assist with the agency’s current incremental deployment approach. “Our recommendation is to … make sure all the functionality is tested thoroughly to make sure it’s functioning as it’s intended and to actually implement that end-user testing,” she said.

An example of bad functionality noted in the GAO report were instances of the FSA overestimating some students’ aid eligibility “by erroneously excluding their families’ assets from the calculation.” FSA reported that the error affected a small number of applicants and that the agency addressed errors when forms were processed.

FSA officials, however, did not identify defects before deployment, per the GAO, which the agency attributed to reduced planned testing activity to “focus on deploying input and development and primary eligibility determination functionality.”

Officials told GAO that the decision was made in order to focus on deploying functionality to allow users to start submitting applications. FSA additionally told GAO that “they accepted the risk of reducing testing activities because the application cycle was already late and the department was required to launch by the statutory deadline of Jan. 1, 2024.”

The report recommended that the agency take action to assess the role of both the overall agency and the FSA’s chief information officers in the development of the FPS, and then implement a plan for providing the department CIO with “a significant role in the governance and oversight of the system while clarifying the responsibilities between the department and agency CIO.”

GAO said it will continue to examine FPS defects and how the agency has moved to resolve them.

U.S. agencies publish plans to comply with White House AI memo

Federal agencies across the government have posted their plans to comply with an Office of Management and Budget memo on artificial intelligence governance, providing a window into what risk management and reporting practices will look like in the executive branch.

The compliance plans, which were due 180 days following the finalization of OMB’s M-24-10 memo, outline steps each covered agency plans to take when it comes to updating their internal policies, collecting information for their AI use case inventories, removing barriers to responsible use of AI tools, and determining whether a use is rights- or safety-impacting, among other things.

Each agency was required by Tuesday to post their initial compliance plan publicly on their website or publish a determination that the agency doesn’t use or anticipate using any AI covered by the memo. Those plans will be updated every two years until 2036.

When asked for comment on the plans and how many agencies met the deadline, a spokesperson for OMB referred FedScoop to the postings on agency websites and didn’t comment further.

An initial FedScoop search identified 22 compliance plans on agency websites.

While agency use case inventories for AI are required to be available at a specific URL, the instructions aren’t specific for compliance plans. Depending on the agency, some plans are located on the inventory page while others are located on landing pages for policies or the offices of the chief information or AI officer.

FedScoop reached out to all Chief Financial Officer Act agencies for which it couldn’t immediately find a published plan. Of those agencies, the Department of Justice, the Department of Education and the Social Security Administration said Wednesday that their plans would be posted soon. The Small Business Administration told FedScoop on Thursday that it has an implementation plan that will be posted imminently.

The agencies for which plans were readily available were:

The plans come as several other deadlines are approaching under the AI memo.

By Oct. 15, agencies have to submit extension requests for rights- and safety-impacting uses, as defined under the memo, if they can’t feasibly meet the minimum risk management practices by the Dec. 1 deadline. Agencies must also publish their updated annual AI use case inventories by Dec. 16, per finalized guidance released by the White House.

Editor’s note: This story was updated Sept. 26, 2024, to include a response from the SBA and a link to the SSA’s inventory, which was posted online after publication.

Tax watchdog says IRS hasn’t completed key IPv6 modernization requirements

The IRS has fallen short in meeting a critical governmentwide modernization priority, a new watchdog report found, potentially undercutting the agency’s ability to “meet evolving business needs” and bolster “the taxpayer experience.”

According to the Treasury Inspector General for Tax Administration, the IRS has yet to complete a number of actions tied to the deployment of Internet Protocol version 6.

Office of Management and Budget guidance released in 2020 called on federal agencies to migrate to IPv6 across all information systems and services. Compared to its predecessor, IPv6 expands the range of network and system IP address possibilities as more internet-connected devices come online and adds enhanced security and operational efficiency. Per the 2020 OMB memo, “full transition to IPv6 is the only viable option to ensure future growth and innovation in Internet technology and services.”

The IRS, however, has run into various IPv6 issues, starting with its inability to develop a timely implementation policy and the creation of an agencywide project team that was missing key representatives from acquisition and policy divisions, the IG’s investigation discovered.

TIGTA additionally dinged the agency for an incomplete transition plan that was updated in March 2023 but “did not include a key action to identify and provide a schedule for replacing and retiring systems that cannot be converted to use IPv6.” The next month, the IRS added a document to track asset transitions to IPv6, though that plan “was not approved by the Chief Technology Officer as required.”

The IRS also failed to develop an information resource management strategic plan, per OMB guidance, which TIGTA said could result in an inability “to ensure that information resource management decisions are integrated with organizational planning, procurement, and program decisions.”

The watchdog also discovered that the IRS has been using some external-facing servers for communications that are not IPv6-only, identifying one that’s on IPv4-only protocol and 13 that are dual-stacked.

“Dual stacked networks may lead to increased complexity as both IPv6 and IPv4 infrastructure must be maintained to continue communication throughout the network,” TIGTA wrote. “Increased complexity can lead to misconfigured devices, which could introduce vulnerabilities, making the network more prone to compromise.”

Additionally, the tax agency hadn’t transitioned 20% of its assets that required an internet protocol address to an IPv6-only environment within the OMB-provided time window. The IRS pushed back on a TIGTA recommendation to get at least 50% of those assets operating in IPv6-only environments by the end of this fiscal year.

Other findings in the report covered shortcomings in the IRS’s oversight of asset acquisitions and waivers. The agency disagreed with a recommendation on how contracting officers should document acquisitions that use internet protocol.

Separately, TIGTA released an IRS-focused report this week on the agency’s rollout of Direct File, the free electronic filing service it piloted in 12 states this year. The watchdog determined that the deployment of the program was successful, but improvements to security and testing of the system are needed going forward.

“If the Direct File Pilot is not properly developed, tested, and secured, the IRS risks delays to taxpayers and submission errors,” TIGTA stated. “In addition, taxpayer data could be vulnerable to loss or theft.”

The IRS agreed with all six of TIGTA’s Direct File recommendations.

GSA sees uptick in registrants for AI training series

A General Services Administration partnership with the Office of Management and Budget has seen over 12,000 registrants for an AI training series for government employees that starts this month.

The series, which runs through the end of October, is meant to help ensure that government employees are using AI safely and responsibly, according to a Monday release. Ann Lewis, director of the GSA’s Technology Transformation Services, said in an interview with FedScoop that thousands of government workers are teaching one another about AI use cases and best practices, joining communities of practice and trying to figure out what’s going to work best for their own agencies.

In the release, GSA reported that the agency saw registration rise by 41%, and that the training program has a 94% satisfaction rate to date.

“It’s bringing in government workers at all levels and providing space for collaboration,” Lewis said. “The AI Community of Practice at TTS has also expanded its annual artificial intelligence training program. …. This year we have three tracks on technology, leadership and procurement.”

The TTS director called AI “the great enabler,” and said “you don’t have to be an expert to be able to do tech work.”

Lewis pointed out that there are barriers in the tech world based on tech culture that have “in the past, prevented people from feeling like they could ask questions or could get their hands dirty or get into the details.” She said that with AI-assisted tools, individuals are able to ask their favorite AI system to explain how things work or help build something.

“I think AI is going to be able to — generative AI in particular — enable people to get more into problem spaces and work that they might have previously been intimated about,” Lewis said. “I’m hoping that’s something that everyone can harness and explore and figure out how to make work for them.”

Headquarters of government IT contractor Carahsoft raided by FBI

Government IT contractor Carahsoft had its Reston, Va., headquarters searched by the FBI Tuesday morning, three sources familiar with the matter told FedScoop.

In an emailed statement, Mary Lange, vice president of digital media and public relations at Carahsoft, said that “representatives from the Department of Justice came to the Carahsoft office today as they are conducting an investigation into a company with which Carahsoft has done business in the past.”

Lange also said the company is “fully cooperating” and is “operating business as usual.”

In response to an inquiry about the raid, the FBI confirmed via email that it had “conducted court-authorized law enforcement activity on Sunset Hills Road this morning” but declined to comment further. Carahsoft’s headquarters are located on Sunset Hills Road. NextGov first reported the news.

The privately held company, which was founded in 2004, bills itself as “the trusted public sector IT solutions provider” and works with governments at the federal, state and local levels, often as a reseller of other vendors’ software. According to its website, it employs more than 2,000 individuals.

Carahsoft has received roughly $1.2 billion in federal contracting awards from 3,135 transactions since its founding, according to data from USASpending.gov. The company’s top federal customer is the Department of Defense, followed by the Department of Health and Human Services and the Social Security Administration.

This story is developing and will be updated when new information is available.

Watchdog flags major incidents for VA’s electronic health record system

The Department of Veterans Affairs has neglected to put in the proper controls for its Oracle Cerner electronic health record system to adequately prevent and respond to major incidents, according to a new audit from the agency’s Office of Inspector General.

In another report scrutinizing the VA’s management of IT systems, VA OIG found a weakness in controls including configuration management, assessment, authorization and monitoring, which collectively accounted for 23 incidents and a total of 80 hours and 20 minutes of disruption for the system.

VA OIG offered four recommendations to the Veterans Health Administration and five to the Electronic Health Record Modernization Integration Office (EHRM IO), which include assessing EHR major performance incident data needs and “contractually” committing to data sharing in real time; developing effective notification and resolution metrics that capture results for all major performance incidents; identifying the appropriate backup system; and developing a training strategy to ensure clinicians can use the system when it’s down.

“As the agency responsible for modernizing the EHR, VA should implement policies and procedures to prevent or minimize damage and interruption to critical systems,” the report states. “Although the contract specifies that Oracle Health takes responsibility for the technical system, including monitoring, VA is ultimately responsible for maintaining situational awareness of the system to make effective, timely and informed risk management decisions.”

In an example of how the lack of controls within configuration management caused “major performance incidents,” OIG said that in May 2022, “all three sites where the EHR system had been deployed experienced incomplete functionality for five hours and four minutes.” That failure occurred because an expired certificate disrupted some applications. Oracle had not listed the certificate in its monitoring tool and “therefore was not identified automatically and flagged for renewal before it expired,” the OIG said.

In August 2022, an incomplete functionality incident occurred that affected five sites for one hour and 38 minutes, per the report. Oracle pointed to software errors happening as a result of “data failing to populate in a separate application used by VA,” and company representatives said that the company did not have the monitoring in place at the time. Oracle later added monitoring that would “alert it to the software errors more quickly.”

Meanwhile, in a separate memorandum from August published Monday, the IG directed the VHA undersecretary for health to address concerns that facility leaders and staff have expressed during health care facility inspections.

The memo said that during interviews at medical facilities, staff described the new EHR as a “system shock.”

OIG reported that leaders at the VA Southern Oregon Healthcare System described the implementation of the new EHR as “the single largest challenge that we have here” and said it has impacted “every system,” thereby “rewriting the way VA does business.” Staff at this center, as well as at the Jonathan M. Wainwright Memorial VA Medical Center, raised concerns about the efficiency and loss of productivity, staffing, financial impacts and patient safety.

Bill ordering DHS to explore AI for border security passes House

A bipartisan bill requiring the Department of Homeland Security to explore how artificial intelligence and other emerging technologies could be used to secure the border passed the House on Monday, teeing it up for a potential Senate partner in the weeks ahead.

The Emerging Innovative Border Technologies Act from Reps. Lou Correa, D-Calif., and Morgan Luttrell, R-Texas, passed the chamber by unanimous consent, a little more than five months after it was introduced and quickly advanced out of the House Homeland Security Committee.

Under the bill, the DHS secretary would be charged with submitting a plan to Congress for how the agency would utilize AI, machine learning and nanotechnology in border security efforts. Customs and Border Protection’s innovation team would pilot technologies across key border regions, with the goal of helping agents more effectively and safely do their jobs.

“Border security means keeping drugs and other negative elements away from our communities — and cutting-edge technology that is already available for commercial use gives our hard-working officers the tools they need to keep us safe,” Correa said in a press release. “Through this bipartisan effort, Congress will better-understand how our officers can use new technology to stop smugglers crossing in remote and deadly conditions, and hopefully deliver our officers the resources they so desperately need.”

Some of the technologies mentioned in a fact sheet announcing the bill’s passage include infrared cameras and ground-based sensors to help officers identify smuggling and human trafficking operations. Advanced AI-powered image recognition systems could also be used to “help detect and classify illicit substances at ports of entry,” the fact sheet said.

Correa, ranking member on the House Homeland Security Subcommittee on Border Security & Enforcement, “is cautiously optimistic that following its swift and bipartisan consideration and passage in the House that his colleagues in the Senate will follow suit to get this common-sense legislation signed into law,” a spokesperson for the congressman told FedScoop.

Optimism for a Senate companion, most likely coming out of the chamber’s Homeland Security and Governmental Affairs Committee, is due in part to the “non-controversial” nature of the legislation, the spokesperson added.

Luttrell, who serves with Correa on the border security subcommittee, said in a statement that the country “must deploy the latest and most advanced technologies” to combat increasingly sophisticated threats to the border.

“I’ll continue to push for effective measures to safeguard our country and enforce our laws,” he said.

IBM, NASA, Oak Ridge National Lab announce open-source AI model for weather, climate

A new open-source artificial intelligence model developed by IBM, NASA, and the Department of Energy’s Oak Ridge National Laboratory could address weather and climate prediction challenges for scientists, developers and businesses.

The new model, Prithvi-WxC, was announced Monday and made available for download on Hugging Face. According to an IBM release, it was trained on 40 years worth of NASA’s earth observation data and can be scaled from local to global uses, which “makes it suited for a range of weather studies.”

“The NASA foundation model will help us produce a tool that people can use: weather, seasonal, and climate projections to help inform decisions on how to prepare, respond, and mitigate,” Karen St. Germain, director of the Earth Science Division of NASA’s Science Mission Directorate, said in a statement included in the release.

Prithvi-WxC builds upon an existing collaboration between IBM and NASA, adding to other geospatial foundation models in what’s known as the “Prithvi” family. Last year, NASA and IBM released the Prithvi geospatial AI foundation model, which was also made available for download on Hugging Face. Prithvi is the Sanskrit word for Earth, per a NASA blog about the work.

That model, according to the IBM release, has since been used by the public and private sector to “examine changes in disaster patterns, biodiversity, land use, and other geophysical processes.”

The new model was released in two versions Monday: one aimed at climate and weather data “downscaling” and the other aimed at gravity wave parameterization.

The downscaling model is designed to help infer “high-resolution outputs from low-resolution variables,” which is a common practice in meteorology. According to the release, the model can depict that data at up to 12 times the resolution, aiding forecasts and climate projections.

Meanwhile the gravity wave model is designed to help scientists better estimate gravity wave generation, which can impact climate and weather patterns but haven’t been “sufficiently captured” in existing numerical models.

“This space has seen the emergence of large AI models that focus on a fixed dataset and single use case — primarily forecasting. We have designed our weather and climate foundation model to go beyond such limitations so that it can be tuned to a variety of inputs and uses,” Juan Bernabe-Moreno, director of IBM Research Europe for Ireland and the United Kingdom and IBM’s accelerated discovery lead for climate and sustainability, said in a statement in the release.

Already, the Canadian government’s environmental policy department, Environment and Climate Change Canada, has tested the model’s flexibility with weather forecasting use cases, according to the release.

“With the model, ECCC is exploring very short-term precipitation forecasts using a technique called precipitation nowcasting that ingests real-time radar data as input. The team is also testing the downscaling approach from global model forecasts at 15 km to km-scale resolution,” the release said.

According to a NASA blog post, efforts began on Prithvi-WxC in September 2023 at a workshop held at NASA’s Marshall Space Flight Center in Alabama. There, researchers from NASA, IBM, Oak Ridge, Nvidia and several universities plotted the next six-to-eight months of development work. As part of that work, the team decided the focus should enable various scientific applications rather than forecasting alone, the blog said.

Bipartisan Senate bill would renew CDO Council, require ‘AI readiness’ work

A bipartisan bill would extend the life of a council of the government’s top data officials and require that body to look at improving data management practices for artificial intelligence and emerging technologies.

The Modernizing Data Practices to Improve Government Act (S.5109) was introduced last week by Sens. Gary Peters, D-Mich., and Todd Young, R-Ind., and announced on Monday. That legislation would specifically renew the Chief Data Officers Council — which is set to expire in 2025 — for seven years, and add new requirements for several AI-related actions.

Under the bill, new actions would include reporting to Congress on recommendations and best practices for data management when it comes to adopting emerging technologies and AI, reporting to Congress on recommendations to “clarify and enhance the roles” of federal CDOs on data and AI, and appointing a representative chief AI officer to the panel.

“Extending the Chief Data Officers Council will ensure that the federal government is able to pursue best practices to manage and protect data, especially as agencies increasingly adopt AI and other technologies to improve government operations,” Peters, chair of the Senate Homeland Security and Governmental Affairs Committee, said in a statement included in a release.

The CDO Council — and the requirement for agencies to have CDOs in the first place — was established in 2018 as part of the Foundations for Evidence-Based Policymaking Act before the current boom in popularity of AI. The proposed legislation comes amid an increased focus on data as the foundational building blocks for new and innovative AI solutions.

While the bill would create requirements for the council, some work on AI-ready data is already ongoing. A working group within the Department of Commerce, for example, is focused on developing guidelines for how the agency’s own data could be consumed by AI technologies like generative AI.

The new legislation would also require the CDO Council to make recommendations to Congress about data ownership and retention policy language the federal government should include in contracts to procure AI, as well as recommendations for defining and using synthetic data.

“Our bill builds on the Council’s existing efforts and makes AI readiness part of the Council’s purpose, while requiring the CDO Council and the OMB Director to report detailed recommendations on data policy changes,” Young said in a statement in the release.

Young is one of four members on the Bipartisan Senate AI Working Group and was a co-sponsor of the Senate legislation that established the CDO roles and council.

“This bill will help the federal government operate more effectively and provide taxpayers with better service,” he said.

OPM extends direct hire authorities for STEM, cyber, acquisition roles

Federal agency direct hire authorities for STEM, cybersecurity and acquisition positions have been extended through the end of 2028, the Office of Personnel Management said in a memo released Monday.

OPM had previously signed off on direct hire authorities for those positions on Oct. 11, 2018, and again on Sept. 29, 2023. In the Monday memo, OPM acting Director Rob Shriver said the new DHA window will be open through Dec. 31, 2028 or until the personnel agency “terminates this authority, whichever occurs first.”

Government roles in STEM, cybersecurity and acquisition are eligible for direct hiring authorities because they are deemed by agencies to be critical hiring needs, or it has been determined that there is a severe shortage of candidates for those jobs.

OPM also added positions “in the criminal investigation General Schedule (GS) 1811 occupational series at the 12-15 grade levels,” per the memo. New STEM jobs covered under the authority include economist, fishery biologist, general engineer, civil engineer, actuary and mathematical statistician, among others. Newly covered cyber positions include computer engineers, computer scientists, electronics engineers, criminal investigators and IT specialists.

The OPM memo notes that under direct hire authorities, agencies are allowed to appoint individuals to positions that fall under those categories “without regard” to various government provisions on competitive service. “OPM will periodically assess agency use of these authorities as well as the continued need for them and may modify or terminate them as appropriate,” the memo stated.

Last December, OPM said it would permit federal agencies to use direct hire authorities and temporary excepted service appointments to fulfill requirements laid out in President Joe Biden’s executive order on artificial intelligence. The AI positions covered by that OPM memo were for IT specialists, AI computer engineers, AI computer scientists, and management and program analysts.