VA consolidating home loan applications to improve analytics, transparency for veterans

The Department of Veterans Affairs is consolidating the applications for its home loan program into a single product line that will allow for improved data insights and transparency.

VA awarded Accenture Federal Services a one-year contract, worth up to $328 million with three one-year options, to build tailored applications that will modernize the Loan Guaranty (LGY) service.

The Office of Information Technology and LGY expect the program to become more responsive to veterans, other users and lenders while capitalizing on changes in mortgage industry data collection.

“We are collaborating with the VA and helping them to discover bold new solutions that serve veterans better than the commercial market by innovating and building an ecosystem that improves the veteran’s experience,” said Shawn Roman, VA client account lead for AFS, in the announcement. “By providing LGY with actionable visibility of the entire mortgage lifecycle, we are helping VA transform its veteran home loan experience.”

Veterans will be able to make better informed decisions concerning their home loans thanks to human-centered design and the incorporation of Mortgage Industry Standards Maintenance Organization datasets. Benefit deliveries to veterans will be automated.

The contract builds on AFS’s work since 2017 modernizing the VA Loan Electronic Reporting Interface-Redesign (VALERI-R) system for monitoring and managing millions of home loans. VALERI-R tells veterans when they may default or foreclose on their loan to mitigate home losses.

AFS will continue to improve the VALERI-R platform.

How to address security visibility across multicloud environments

Federal cybersecurity leaders are under growing pressure to protect government resources amid sweeping changes within their organizations’ IT operations. Though agencies typically maintain defined perimeter controls, the trajectory towards distributed environments means that modern security practices require a different approach.

The answer to better security starts with closing the visibility gap — and security tools that can respond to the rapid evolution of cyberattacks without being further drain on resources, says a new report.

The report, produced by FedScoop and underwritten by FireEye, highlights how a new suite of automated tools is helping agencies narrow security gaps as federal agencies continue to build out multi-cloud environments.

Those tools are part of a platform developed by FireEye — a global leader in cybersecurity intelligence — following a series of acquisitions in the last seven years. FireEye’s acquisition of Mandiant, in 2013, provides widely regarded expertise in breach response and consultancy; and Verodin, acquired most recently (now known as Mandiant Security Validation), provides a comprehensive set of cybersecurity risk assessment tools.

“FireEye can now come in and deploy what we know about every variant of ransomware we’re seeing around the world, and start to look for it within minutes, regardless of which technology an agency is using,” says Ron Bushar, government CTO for FireEye.

FireEye is strengthening its reputation as an industry leader on global hacking exploit awareness and can provide the automated tools to detect and deal with them quickly. The company’s response and intelligence experts have responded to tens of thousands of breaches around the world, the report says.

That is why tools that boost visibility in a distributed environment offer “the essential foundation of any cloud security strategy, whether that strategy revolves around compliance assurance, threat hunting, policy governance or risk remediation,” adds Martin Holste, cloud CTO for FireEye.

Achieving that visibility remains an urgent need for most enterprises. The report cites a 2020 Cloud Security Report from Cyber Security Insiders which found that 43% of cybersecurity professionals across multiple industries, including government, listed “visibility into infrastructure security” as a key challenge.

According to Holste, comprehensive visibility into infrastructure security will require simultaneous controls, including:

• A complete inventory of all relevant assets at all times.
• Contextual details on the current state of every asset.
• The complete historical record of security events for each asset.

Agencies are not alone in managing capacity problems to maintain talented cyber skillsets. The spike in employees working from home has meant adapting security monitoring and detection capabilities across most sectors. Having to perform those security functions remotely is putting a strain on security teams and made the need for scalable tools even greater.

Having a robust suite of analytics and detection tools — that can monitor and enforce security policies, detect new types of vulnerabilities, and that can distinguish between shifts in behavior versus unusual behavior — is more important than ever.

Learn more about the suite of FireEye detection, protection and response capabilities to attain cybersecurity awareness at machine speed

This article was produced by FedScoop and sponsored by FireEye.

Navy expands ‘digital twin’ use to track ship parts

The Navy is moving from tracking ship parts on paper to a platform built around “digital twins”— essentially creating virtual replicas of those physical pieces — the company providing the software announced Wednesday.

In developing a digital twin system, software company PTC will enable the Navy to use augmented reality to see images of the parts and ships in 3-D with corresponding data to track them, instead of storing information about repairs and parts in filing cabinets or PDFs on hard drives.

The new deal between the Navy and PTC is a “seismic shift” in both modernizing an IT system and breaking down cultural “silos” in the service, Ashley Holloway, the Navy’s chief architect for model-based product support, said in an interview. The Navy hopes that the centralization of data with digital twins — which it prefers to call a “digital thread” — will reduce redundancies and provide easier access to more users.

“Now having that digital representation and being able to share that info … that’s the key to managing the model representation of that ship or that system,” Holloway said.

The Navy has already piloted PTC’s software and will expand its use to support more than 15,000 sailors, civilians and contractors. The company estimates the Navy could invest nearly $100 million over the next five years in the project.

According to a news release, the selection of PTC’s software was in part due to its certified software-as-a-service cloud infrastructure which has both Federal Risk and Authorization Management (FedRAMP) Moderate and Department of Defense Impact Level 5 security compliance.

The task now for the Navy and PTC is to work with users to configure and apply the commercial software in a way that will work for the service. Expansion is scheduled to take place in fiscal 2021.

“This is a digital transformation of the way the Navy operates and maintains its ships,” PTC CEO Jim Heppelmann said in an interview.

Holloway said that the transformation won’t stop just at physical product management. The methods of maintaining central digital repositories for managing physical systems could extend to tracking and modernizing other IT systems.

In February, Thomas Modly, the former acting secretary of the Navy, announced a “stem-to-stern review” of redundancies in the Navy. The goal has been to find at least $40 billion in the Navy’s budget to take from things like redundant or outdated IT systems and reinvest into new programs. The review is similar to the Army’s so-called “night courts.”

Holloway said that a system like PTC’s Windchill would be instrumental in identifying the type of IT systems that the Navy wants to eliminate and reinvest in.

“All of these pieces are coming together and definitely are a trend,” she said of the move to digitally tracking products and system management.

Interior will implement CDM components under $54M contract

The Department of the Interior plans to implement several Continuous Diagnostics and Mitigation (CDM) program components over four years after awarding CVP a $54 million contract announced Wednesday.

The Information Management and Assurance Program Support (IMAPS) contract covers cybersecurity services for DOI‘s chief information officer and chief information security officer.

Specifically, technology consulting company CVP will optimize DOI’s risk management framework, as well as its information security and continuous monitoring.

“Aligning department-wide initiatives with agency-specific priorities requires change management expertise — not just next-generation technology expertise,” said CEO Anirudh Kulkarni in the announcement. “We look forward to partnering with the department as it looks to set the standard for cybersecurity in government.”

CVP will also streamline DOI’s system authorization lifecycle by integrating assessment and authorization into technologies.

The CDM program, housed within the Cybersecurity and Infrastructure Security Agency, deploys network monitoring tools to give agencies a better idea of who’s inside their network and why. Meanwhile, increased telework during the pandemic has agencies addressing new gaps in their cybersecurity.

CMMC board faces ‘passionate’ internal turmoil over new contract with DOD

The third-party board that the Department of Defense tapped to implement a new cybersecurity standards program is facing its most intense internal turmoil yet, with members questioning its leadership and the future of its relationship with the Pentagon.

Recent events have caused some board members to begin to lose confidence in their chairman and see the tensions with the DOD as reaching a potential breaking point, according to multiple sources familiar with the matter and communications reviewed by FedScoop, as the board expands its crucial work in developing and implementing the Cybersecurity Maturity Model Certification (CMMC) program.

The conflict boiled over, for some, in a “reset” meeting last Friday with DOD officials and board members. The cause of the tension centers on a new contractual relationship DOD wants the board to approve. The document would redefine the way the two work together only seven months into the board’s existence.

Some board members see the new contract, which has a new statement of work (SOW) outlining the board’s responsibilities, as a diminution of authority and an increase in liability for the all-volunteer group, according to external private communications reviewed by FedScoop and sources familiar with the matter. Multiple members have threatened to resign as others begin to privately express a loss of confidence in chairman Ty Schieber, according to communications reviewed by FedScoop and sources familiar with the matter.

The board is still “collaborating” and in a “joint education process” over how best to define the SOW, Mark Berman, the chair of the board’s communications committee, told FedScoop.

“It is not tension, it is passion,” he added of the internal dissent. “I passionately disagree with some of my peers and passionately agree with my peers on certain issues.” He said that talk of a loss of confidence in Schieber was a surprise, and he has not heard it discussed by board members.

CMMC — the program the board has been tapped to implement — is the largest change to defense contracting in years. If the program is successful, DOD will require all of its 300,000 contractors (with a small exception) to conduct a third-party cybersecurity assessment certifying that they meet a certain level of network maturity on a new five-level scale.

Implementing this transformation requires careful orchestration between the third-party board, the CMMC Accreditation Body (AB), and the small CMMC Program Management Office (PMO) in the Pentagon. In public statements, the AB and the DOD’s lead CMMC officials have consistently praised each other’s service and committed to close partnership. It’s a message reinforced by a DOD spokeswoman when asked to comment on this story: “We certainly have the utmost confidence in the AB’s ability and have a close partnership with them.”

Berman said the board’s relationship with the DOD remains close and strong and that during the recent meeting, the conversation was positive and DOD officials expressed their appreciation for the board’s volunteer work.

The Friday meeting was the first that Katie Arrington, the DOD’s lead CMMC official, had with the full board. Several sources familiar with the call described it as “rough” and said Arrington, officially DOD’s CISO for acquisition and sustainment, spent time accusing the board of “leaks” to news media. Berman said he wouldn’t comment on the specific conversations, but disclosures of information did come up.

The SOW would supersede the current memorandum of understanding that authorizes the AB to work on DOD’s behalf. A contract would be legally more enforceable and tighten the boundaries of the work each entity can legally do. For months there have been disagreements between members of the AB and DOD’s PMO office on which entity should work on what and how to answer basic questions on the program’s model and implementation, communications reviewed by FedScoop show and multiple sources familiar with the matter say.

The DOD spokeswoman said the SOW and contract would allow the DOD to sponsor security clearances for board members, if needed, and “provides a more binding relationship.”

The fissures and political infighting put the program at its highest risk yet and come at a critical time when contractors are waiting for regulatory guidance from the Office of Management and Budget, Eric Crusius, a partner with Holland and Knight, told FedScoop.

“It is concerning, I hope they can work it out,” he said, adding that he has confidence in Schieber’s ability to manage the difficult situation.

One DOD official in the PMO described disagreements on the SOW as potentially terminal for the AB, according to a private external message reviewed by FedScoop. Berman said that there has been no indication that a fracture between the DOD and AB is imminent. He added that the AB and DOD officials discussed “increasing the cadence of meetings” between the two entities, a move that does not indicate separation, he said.

The private feelings of officials involved in the process are reflected by some outside observers watching the development of the program.

“It’s a good idea, but the management of it seems ham-handed,” Mike Hamilton, founder of CI Security, told FedScoop.

SOW still in question

The meeting did not resolve the issues on the SOW — another SOW-related meeting was scheduled for Wednesday evening — but it did bring up months of tension over fundamental questions of the models’ implementation. The meeting crystalized some members’ belief that DOD’s strategy is to leave the AB to own the “mess” of any potential failings of the program, sources familiar said.

Berman said that so far, the initial rollout has yielded enormous interest from industry and “excitement” from the DOD and AB. He said so far hundreds of applications to be involved in the ecosystem of assessors, trainers and consultants have been received. He described it as evidence of the AB’s initial success.

One of the central disagreements that has dogged the relationship between AB members and the PMO is around the CMMC “standard,” which according to the MOU, the AB creates. Details remain unresolved around how the SOW will divide authorities over the creation and maintenance of standards.

More contracts, more money

With a contract replacing the MOU, complaints and allegations of conflicts of interest would be more impactful, Crusius said. A recent CMMC government contracts alert from law firm Akin Gump Strauss Hauer & Feld also highlighted the conflicts the AB’s structure creates. If the AB signs on to a typical contract with the DOD, it would include compliance with the Defense Federal Acquisition Regulations, bringing added regulatory and financial burden to the organization.

“The significant role played by the directors in the AB’s guidance, training, accreditation and certification functions create significant potential for conflicts of interest,” the Akin Gump alert states. The AB has a code of ethics posted to its website that ban board members from advancing their personal interest.

More costs to the AB could further inflame tensions. Previously, board members dissented over talks of contracting with a marketing firm to rename and rebrand the AB before they had started taking in money for the training and accreditation process it will own. A contract also opens the door for complaints to be full-on protests that would only serve to slow down the process.

The debate over the SOW falls in the zone of government contracting where legal formalities and managing difficult relationships can conflict.

“As much as government contracting is all about formalities … is still a people business,” Crusius said.

OMB needs an enterprise risk officer to help protect infrastructure and supply chain, report says

Former senior federal officials recommended the Office of Management and Budget appoint an enterprise risk officer to address growing cyberthreats to both government and industry, in a report issued Tuesday.

An OMB enterprise risk officer could spearhead efforts to quantify threats to data, information technology and intellectual property, according to the American Council for Technology and Industry Advisory Council.

In its first report on critical issues ahead of the 2020 presidential election, ACT-IAC recommends the enterprise risk officer address threats nationwide, not just within federal agencies. In the private sector, the top risk-management official is sometimes called a chief risk officer or CRO.

“This strategy will provide risk management for a whole-of-nation perspective, looking at both physical and cyber risks to our government and critical infrastructure industries,” reads the report. “It will provide a mechanism for taking action to mitigate risks arising from overlap and duplication and uncoordinated silos, which create vulnerabilities and gaps, especially in the supply chain.”

Government has been too reliant on overseas suppliers for personal protection equipment (PPE) in responding to the pandemic, but an enterprise risk officer could coordinate the supply chain by inventorying supplies and medical devices, according to the report.

Outcome offices, acceleration strategy

Aside from making IT infrastructure more risk tolerant, ACT-IAC made three recommendations for making government more agile.

The report suggests that government make “outcome measure” data available by having agency deputy secretaries appoint temporary leaders to head up outcome offices that disband once their objectives are met. Outcome leaders would align resources, build partnerships, develop plans and reporting, and work together across agencies.

The government can make itself more agile by having the President’s Management Council create and oversee an acceleration strategy, according to ACT-IAC.

Such a strategy would outline the roles of chief information officers, chief technology officers, chief information security officers, chief experience officers, and business leaders. The strategy would also serve as an operational framework for U.S. Digital Service, the General Services Administration’s Technology Transformation Services, agency innovation centers, the Office of Personnel Management Lab, and Office of Federal Procurement Policy, according to the report.

ACT-IAC recommends the government establish a new workforce and leadership model that focuses on attracting and retaining employees capable of identifying emerging technologies, acquiring them faster and using them to drive agency change.

The four recommendations were not only for unelected officials but Congress and advisors. OMB did not respond to a request for comment on whether legislation would be needed before it could act on ACT-IAC’s recommendations.

HHS, VA, Energy form data partnership for coronavirus vaccines and therapies

Three federal agencies agreed to coordinate and share data on potential COVID-19 vaccines and therapies as part of a pandemic response initiative announced Tuesday.

The departments of Energy, Health and Human Services, and Veterans Affairs formed the COVID-19 Insights Partnership, which will use DOE’s high-performance computing resources for research and data analysis.

COVID-19 virology will also be studied, with HHS and VA expected to announce research projects as they launch.

“The volume and quality of the data HHS has on COVID-19 has advanced by leaps and bounds in recent months,” said HHS Secretary Alex Azar in the announcement. “The Department of Energy’s world-class resources will help us derive new insights from the data we gather to help patients and protect our country.”

The new partnership builds on the work of the COVID-19 High Performance Computing Consortium, which is offering resources to global researchers.

Oak Ridge National Laboratory‘s Summit is one of the world’s fastest supercomputers and already running complex analyses on massive, integrated coronavirus datasets. Now it will be put to work by the COVID-19 Insights Partnership as well.

“Our nation’s understanding of COVID-19 has already benefitted greatly from our world-leading high-performance computing and artificial intelligence resources,” Secretary of Energy Dan Brouillette said in a statement. “And we look forward to continuing our coordination across Federal departments and agencies in the fight against this virus.”

Air Force selects pool for $400M ‘Skyborg’ contract for autonomous drone systems

The Air Force’s Skyborg Vanguard Program for teaming autonomous drones with human-controlled planes has chosen the pool of contractors that will compete for task orders on a $400 million indefinite delivery, indefinite quantity (IDIQ) contract.

Boeing, General Atomics Aeronautical Systems, Kratos Defense and Northrop Grumman all will be able to vie for work on the highly networked technology.

The program’s focus is on “attributable” aircraft — meaning that the autonomous drones should be relatively low-cost in a way that makes them expendable in a high-risk operation. The program is one of the Air Force’s most “far reaching” technology programs that aims to leverage artificial intelligence to support the autonomous network of drones and link to other emerging technology programs like the Advanced Battle Management System.

“We are at the very early stages,” Brig. Gen. Heather Pringle, commander the Air Force Research Lab, said during a virtual press conference Tuesday. “Ultimately, we are progressively adding to the autonomy” of the systems.

The Air Force has partnered Pringle’s research lab with other Program Executive Offices in the development of the program. The goal is to have an “open architecture” partnership across the department to link the Skyborg program with other emerging technologies that use autonomy and networks in battle.

Cybersecurity at the core

The program will have cybersecurity at the core of its development, Pringle and Brig. Gen. Dale White, who leads the Air Force’s program office for fighters and advanced aircraft both said. The generals said that “red teaming” and aggressive testing will be a critical part of experimentation on prototypes and eventual products that come from the IDIQ contract.

“You have to red team it, you have to challenge it, you have to try to break it and that is part of testing and that is a part of experimentation,” Pringle said.

The Air Force will be using offices across the DOD to work on hacking the system, White added. The Air Force also plans to start the authority to operate (ATO) process for the software early in experimentation in order to meet development timelines, White said.

“The process by which we do the ATO’s has not changed, the but the process in this program will be to bring early input,” he said.

The at times months-long process for earning an ATO has foiled software acquisition and updates in past programs. The companies selected will be expected to follow industry best practices for cybersecurity in their work with the military, the generals added.

CBP scores $15M TMF award to modernize import tracking system

Customs and Border Protection has received a $15 million Technology Modernization Fund award to help with the continued modernization of a COBOL-based platform it uses to track imported goods.

CBP will use the funding to breathe new life into its 30-year-old Automated Commercial System, a mainframe platform that runs on  3.9 million lines of COBOL code to track, control, and process everything imported into the U.S.

“I am thrilled to congratulate CBP on their award as one more example of the ability of the TMF to enable long-term modernization projects across the federal government,” said Deputy Federal CIO Maria Roat, who sits on the TMF Board.

The agency refers to the modernized platform as the Automated Commercial Environment. According to a release, “by the end of this project, CBP will have a cloud-based core collection system that will modernize both the underlying technology and the code base. CBP will also achieve operational efficiencies that will decrease its current software expenses and reduce other existing development and maintenance expenditures.”

The Automated Commercial Environment isn’t exactly a new project for CBP, however. The customs agency has been working to modernize the system through a $5 billion acquisition for the better part of the last two decades — a struggle well-chronicled by critical Government Accountability Office audits that refer to the project as high-risk.

This award is the 10th under the TMF program since 2018. In total, the board has doled out more than $116 million to seven agencies, which are expected to pay back the money within five years. In total, the fund has received $150 million in appropriations, despite the White House requesting significantly more.

House Democrats hope to give the TMF a significant boost of at least $1 billion in the upcoming coronavirus relief package. However, they must convince Republicans in the Senate, who have been wary of the TMF, that the fund is deserving of such a robust payday.

Marine Corps base gets military’s first look at ‘ultra wideband’ 5G

Another military base has been added to the growing list of fifth-generation wireless technology test beds, this time testing “ultra wideband” 5G, which can use lower energy levels over a wider portion of the radio spectrum to rapidly send data.

The testing, conducted in partnership with Verizon, will happen at Marine Corps Air Station (MCAS) Miramar near San Diego, which is home to 15,000 service members as well as the 3rd Marine Air Wing. The Marine Corps plans to test how 5G can enable future smart bases that are more protected, resilient, and supported by autonomous transportation vehicles. It is the first ultra wideband test on a military installation, according to the news release.

“We are excited to explore the art of the possible with 5G Ultra Wideband’s high bandwidth, fast speeds and low latency,” said Lt. Col. Brandon Newell, Director of Technology and Partnerships for the Marine Corps Installation Next program. “This is a critical step to accelerate the nation’s 5G aspirations. At Miramar, we are focused on collaboratively exploring 5G-enabled technology in the areas of energy management, connected vehicles, drones, and base security.”

The partnership with Verizon is similar to many others set up at bases across the country. This partnership was brought together through the NavalX SoCal Tech Bridge, a technology partnership program that recently expanded its locations on Navy and Marine Corps bases.

Linking private sector companies like Verizon with the military is a part of the Pentagon’s 5G strategy to counter the growth Chinese companies have had with developing the emerging technology.

“We’re thrilled to partner with MCAS Miramar to create a 5G test bed where we can work together to develop new uses cases that improve cybersecurity, enhance the use of unmanned ground systems and drone delivery, and more,” Andrés Irlando, senior vice president and president, Public Sector and Verizon Connect at Verizon, said.

The partnership will act as a “living lab” for 5G testing, Verizon said. A benefit to ultra wideband is its lower power use and high bandwidth data transmission, giving the Marine Corps opportunities to experiment with “energy management” of the technology.