JADC2, but for medics: Military looks to link medical networks, data

The military’s talk of wanting to connect its networks is not limited to just battle. New requests to emerging technology developers show that it is also taking that same approach for improving medical data and networks.

A consortium of medical enterprise technology developers has been asked to develop prototypes to link medical data, software and situational awareness across different parts of the military, from research labs to tactical responders. The solicitation adds another health data interoperability project to the ongoing major electronic health records overhaul programs the DOD is working on.

The request “aims to establish prototypes with the ability to provide commanders at all levels with visual understanding of how medical capabilities are arrayed throughout the operational environment,” the Medical Technology Enterprise Consortium wrote in a pre-announcement. That visibility will come from linking the disparate networks and software medical personnel in the military use.

The language and overall approach appear to mirror other major network modernization initiatives, such as Joint All-Domain Command and Control — the new operating concept the military will rely on to be able to link networks together and create a common data architecture for commanders to control troops and weapons in air, land, sea, space and cyber conflicts, all at once. The similarity here is creating networks that work together, not just within their own domain or digital stovepipe.

The DOD currently anticipates spending $5.8 million on a prototype, with more money potentially available for follow-on work.

GSA wants to be an ‘end-to-end digital entity’

The General Services Administration isn’t a “true, end-to-end digital entity” yet, but it plans to be, Chief Information Officer David Shive said Wednesday.

GSA intends to take the digital assets and tools it has created and ensure they’re always operating as efficiently as possible by reengineering agency business processes, Shive said.

That way GSA can continually improve systems and services throughout the acquisition life cycle, rather than simply patting itself on the back for going paperless.

“We’ve digitized the vast majority of the intellectual assets of GSA, but a lot of those are first gen,” Shive said during an ATARC virtual event. “They’re basically digital copies of existing paper processes.”

GSA recently established shared service product lines for cloud and identity and credentialing services, and has more on the way. The product lines allow for better system integration, which in turn improves security and data exchange, said Beth Killoran, deputy CIO at GSA.

The agency also wants to improve its cybersecurity tools by augmenting them with artificial intelligence for predictive analytics, Killoran said.

GSA aims to procure such AI using its new fourth-generation, enterprisewide Infrastructure Capabilities and IT Operations contract. Structured differently than its predecessors, the contract is designed to reduce operational costs for reinvestment and enable GSA to partner with new, innovative contractors to aid the agency’s digital push.

The agency is a “heavy” user of AI in “predictable” places like cybersecurity, where threat detection is easily automated, with around 25 projects being piloted or in the minimum viable product or production stage, Shive said. Another 15 AI projects are in the pipeline.

Currently 51% of GSA workloads are in its cloud and 22% in off-premises managed services, with the remaining 27% on premises.

“We will continue to look for targets to move to the cloud,” Shive said. “But we will also be smart about it.”

The highest-value IT spend isn’t always the cloud, he added, and GSA will remain a hybrid environment for the foreseeable future.

The public sector’s path to modern customer identity and access management

The COVID-19 pandemic has created both motivation and opportunity for federal agencies to interact with citizens in new ways. The growing demand for digital experiences means that identity and access management has become critical to the government’s success in delivering services.

To meet the high expectations of today’s users, reduce development time of digital experiences and eliminate potential security gaps, government agencies need to put user identities front and center.

In order to accomplish this, public sector enterprises are employing modern customer identity and access management (CIAM) solutions, according to a recent Okta report.

The report describes the ability of CIAM tools to “securely capture and manage a user’s identity and profile data and control their access to applications and services.” This allows agencies to centralize access management across multiple applications and offer a frictionless user experiences that is more secure and highly scalable.

The report outlines examples of how divisions under the U.S. Air Force, State Department and Centers for Medicare and Medicaid all have implemented modern identity and access solutions to streamline user experience and reduce overall IT operations costs.

In each use case, the Okta platform helped the organization simplify and secure access to systems and set up APIs to streamline access to databases. Additionally, agencies benefited from a broader view of user activity across applications to understand exactly who saw what information.

“Citizen and government users expect the same frictionless experiences across all their devices that they receive as consumers,” says the report, and FedRAMP-approved CIAM solutions help agencies achieve that by creating a secure, scalable repository designed specifically to store and manage user information.

Learn more about the poser of cloud-based customer identity and access management (CIAM) solutions.

This article was produced by FedScoop for, and sponsored by, Okta.

GAO: Pentagon’s critical technology communication efforts need work

The Department of Defense already has a process to identify and protect the billions of dollars of critical technologies it acquires, but it needs to improve the way it communicates those findings internally and to other agencies, according to the Government Accountability Office.

The department began implementing a new four-step process in February 2020 that is more specific about what parts of acquisition programs, technologies, manufacturing capabilities, and research areas must be protected, and how the DOD will accomplish that. But it needs to do better at sharing what it learns in that process, the GAO found in a new audit.

“Critical technologies — such as elements of artificial intelligence and biotechnology — are those necessary to maintain U.S. technological superiority. As such, they are frequently the target of theft, espionage, and illegal export by adversaries,” the Jan. 12 report reads.

Officials haven’t finalized the steps in the new process on how the DOD will communicate the list internally and to other agencies, what the assessment metrics for protection measures are, and which organization will manage future protection efforts. The sooner they figure out those steps, the better, according to the GAO.

“By determining the approach for completing these tasks, DOD can better ensure its revised process will support the protection of critical acquisition programs and technologies consistently across the department,” the report reads.

Officials from the Protecting Critical Technology Task Force told the GAO they may plan to communicate the new list of critical technologies the same way they have in past years: by formal memorandum to the military secretaries. The GAO found that this approach, however, did not always loop in the people actually responsible for protecting critical technologies. Entities such as the Anti-Tamper Executive Agent and the Defense Security Cooperation Agency reported not receiving the 2019 critical acquisition programs and technologies list.

The GAO recommended that the Pentagon specify how it will communicate its critical programs and technologies list, develop metrics to measure protection efforts, and select a DOD organization that will manage protection efforts after 2020. The department concurred with the first recommendation and partially concurred with the second and third.

To get more use out of data, DOD needs to cut some old sources, Air Force CIO says

To get better use out of its data, the Department of Defense may need to actually reduce many of its data sources that are not useful in a modern context, says Lauren Knausenberger, the Air Force’s chief information officer.

The Air Force has been working to adjust to a cloud-based data storage model, and some of the old methods it used to collect will not be as useful with modern tech. Some of those old methods the department used to collect data were also just plain inaccurate, Knausenberger said Thursday during the Data Cloud Summit produced by FedScoop. The messy data practices should be left behind, she said, with many of the legacy systems and on-premises data centers the military needs to ditch.

“There are a lot of data sources that need to go away,” she said during her keynote address.

The seemingly contradictory recommendation is the result of a new direction the entire military is heading with its technology modernization schemes. The new ubiquitous phrase tech leaders repeat is their desire to use “data as a strategic asset.” The ability to make that a reality is largely dependent on the military’s ability to pull form quality data sources and have modern storage and analytical capabilities.

The use of data is not new, but its primacy and importance is. The DOD released its first ever data strategy in October. Knausenberger said she is now fast at work to build the technical architecture to better store and use data across the Air Force and with partner services.

Along with paring away some of the old sources, the Air Force has been able to use high-quality sources to improve the analytical impacts. For example, $1.5 million was saved in airplane exit door repair through predictive maintenance. By knowing to replace a door before it failed, the force saved on emergency repairs from doors that accidentally might open mid-flight.

“Using data to predict outcomes with relatively high level of confidence is another huge area here,” Knausenberger said of modernization efforts.

Open data: A critical tool for police reform and racial equity

Last week’s insurrection of far-right extremists storming the Capitol spurred lawmakers to consider important questions about the state of American democracy and the smooth transition of presidential power. The nature of the police response, and the contrast with police treatment of Black Lives Matter protesters, has also intensified concerns about racial bias in policing that have been building since the killing of George Floyd last May.

As the incoming Biden administration tackles police reform, open and transparent data can be one of its most important tools for progress. President-elect Joe Biden and his advisers have announced racial equity as a central plank of their approach to “Build Back Better,” and a key part of that agenda is police and criminal justice reform. The administration’s transition website states it will establish “a nationwide ban on chokeholds; stopping the transfer of weapons of war to police forces; improving oversight and accountability, to create a model use of force standard; [and] creating a national police oversight commission.”

For these policies to be successful, the new administration will require access to quality open data on crime and other demographic data from states and local police departments. The Center for Open Data Enterprise (CODE) — a Washington-based nonprofit whose mission is to maximize the value of open and shared data for the public good  — has just published a Briefing Paper on Policing Data. The paper makes the urgent case that open policing data can inform criminal justice reform and provide insight on police involvement in marginalized communities.

Thanks to available data, we know that the U.S. criminal justice system is the largest in the world with incarceration rates of 698 per 100,000 residents that dwarf other developed nations. As of 2020, 2.3 million Americans were incarcerated in federal, state, or local prisons and jails. African Americans are more likely than white Americans to be arrested, convicted, and experience lengthy prison sentences. These structural problems start with increased police presence in Black communities and the prevalence of bias in the criminal justice system. Policing is the first interaction that many communities of color have with the justice system and can mark the entryway into the court and prison systems.

But what can the data now tell us about policing? Despite improved technology and reporting requirements, open policing data is sparse and inconsistent around the United States. CODE believes that improved policing data is needed to reform the criminal justice system and should be a major priority for the Biden administration.

Policing data can be used to improve accountability, build trust in the criminal justice system, and provide insights to drive better reform. Existing civil society databases and federal data sources demonstrate how open data is deployed for predictive policing, documenting bias in police departments, and measuring the impacts of use of force policies. However, the localized nature of police data and legacy data systems can make it very difficult to uniformly measure crime, access consistent police data, or comprehend what reforms are working and what reforms are not.

CODE’s Briefing Paper identifies key civil and state-level sources of policing data, outlines the policy landscape, and provides recommendations to improve and apply criminal justice data. The paper provides a deep dive into data use cases, cross-cutting issues and challenges, immediate opportunities to improve police data, and key questions to determine future progress. It recommends that policymakers select specific high-value datasets to open across the country, such as data on officer-involved shootings and complaints against officers.

Some jurisdictions are taking steps in the right direction by releasing up-to-date data about their local police forces. For example, the Citizen Complaint Authority in Cincinnati helps the public understand this data in graphs, charts, and maps, making it easier to devise better policies. Moreover, Wallkill, N.Y. publishes an annual spreadsheet of its police force’s demographics, including details like rank, years on the force, gender, and education levels of the 120 people in their department. This helps local citizens identify if the police forces that are policing their communities look like them.

But more discussion, best practices, and better data are needed. What kinds of federal oversight are needed to create better standards and data sharing for police departments? What kinds of nationally available criminal justice and policing data would improve police accountability and substantive criminal justice reform? How can data better help policymakers and researchers understand the disproportionate use of violence by police against Black and Brown communities?  CODE believes that addressing these questions could help chart a path forward for a better open data landscape that supports police accountability and addresses racial inequities.

While the Federal Data Strategy and Foundations for Evidence-based Policymaking Act have continued to enable better data sharing at the federal level, much of the remaining work will require close collaboration with states and local municipalities. As the Biden administration plans to implement sweeping changes that impact the criminal justice system and other areas of racial equity, accessing, analyzing, and applying open data will enable a better understanding of the policy options on the table. This information may also begin the long and important process of increasing transparency and trust between police departments and the public.

Paul Kuhne is Roundtables Program Manager, and Temilola Afolabi is Research Associate, at the Center for Open Data Enterprise. CODE welcomes inquiries and opportunities for collaboration. Please contact temilola@odenterprise.org.

GSA removing all non-DOD approved drones from multiple-award contracts

The General Services Administration will exclusively source drones for civilian agencies through a new program from the Defense Department that focuses on the security of the systems, given the concerns over some manufacturers’ supply chains.

GSA is currently making the switch several months after the Blue sUAS program from the Defense Innovation Unit was launched. Blue sUAS was created as a means for government agencies to find secure drones that do not have parts manufactured in China, in compliance with a Section 889 of the fiscal 2019 National Defense Authorization Act. The provision bans the government and its contractors from using certain technologies from China.

“GSA is removing all identified drones that are not approved through the Department of Defense’s Defense Innovation Unit (DIU) Blue sUAS program from [Multiple Award Schedule] contracts,” a GSA spokesperson told FedScoop.

The action will affect approximately 20 contracts, but not cancel them entirely. Contracting officers will be in touch with the drone suppliers that were associated with the contracts, GSA said. The agency anticipates it has enough supply of drones through the Blue sUAS program to meet the demands across government.

The agency’s website directly cites Section 889 of the 2019 NDAA and other trade agreements in its decision making process, stating the government has “an increased risk of non-compliance.”

Agencies such as the Department of Interior use drones to monitor emergency situations and other tasks. But while these agencies once used drones from market-dominating DJI, the devices’s potential cybersecurity vulnerabilities and other concerns became too much of a risk for their continued use. Many agencies have since banned the use of products from China-based DJI in government operations.

Nextgov first reported GSA’s decision.

The pandemic isn’t the only thing pushing CIOs to modernize IT

The coronavirus pandemic had conspicuous effects on federal agencies — including the shift to remote work and related improvements to cybersecurity — but it’s not the only thing driving IT modernization, chief information officers say.

Trade association the Professional Services Council and one of its members, Attain, surveyed 11 federal CIOs or their deputies and one chief information security officer — finding that workforce gaps and existing technology debt are also driving them to modernize.

Modernization priorities still vary, though, among agencies depending on their IT maturity. And in cases where legacy systems are still a problem, budget constraints aren’t the only thing stopping CIOs from modernizing.

“This report shows that an agency’s culture, its mission, and its needs, and how the federal government attracts and retains the right people with the right skills, including the appropriate use of contractors, is just as important as putting money down on a problem, and that these factors were present before the start of the pandemic,” read PSC’s findings.

CIOs frequently cited resistance to change as a nontechnical obstacle to modernization, as well as agency size, with larger agencies having less manageable IT footprints.

Some CIOs successfully used their Federal Information Technology Acquisition Reform Act (FITARA) and Modernizing Government Technology (MGT) Act authorities to transition to remote work ahead of the pandemic. Others had to use them on the fly in early 2020.

The cybersecurity outlook

The survey was taken before the public disclosure of the SolarWinds Orion breach, which is still under investigation. In general though, cybersecurity at agencies is no longer a secondary concern, said Simon Szykman, the report’s author and former Department of Commerce CIO.

“Cybersecurity has unquestionably improved in recent years,” Szykman said. “Of course everyone knows the adversaries are evolving; the threats are becoming more sophisticated.”

The average FITARA scorecard cyber grade has improved more than a full letter in two years as CIOs have shifted from simply compliance to situational awareness and zero-trust security architectures have become “practical,” he added.

But some parts of cyber spending also have become harder to track with the advent of DevSecOps, which bakes security into the software development process, Szykman said.

Workforce trends

CIOs seek more consistent federal hiring practices heading into 2021 to attract skilled workers familiar with emerging technologies for automation and decision-making support, according to the report.

The current ratio of government to contractor IT staff varies between agencies and boils down to CIO preference more than anything.

“Typically it didn’t seem to matter what that balance was,” Szykman said. “Generally, if you had an agency that was majority government, they thought things were working pretty well.” And the same was true of majority contractor operations, he added.

CIOs were “generally positive” about the Office of Management and Budget‘s increased emphasis on Best-in-Class vehicles for acquisition, although some think the contracts are “too commoditized,” fail to directly support their agency’s mission and have pacing issues, Szykman said.

Views on the President’s Management Agenda (PMA) were more mixed, with some CIOs saying the IT scope was too “generic” to all agencies and their investments and, thus, “limited” in its impact, he said. CIOs also felt PMA metrics needed improvement.

Similarly CIOs had mixed feelings about technology business management (TBM), some implementing multiple dashboards while others hadn’t made it a priority yet, according to the report. CIOs’ primary criticism of TBM was that it’s good at documenting IT costs but not at balancing them by also capturing the value of IT for comparison.

DOD nudges innovative startups toward ‘trusted capital’ with new digital marketplace

The Department of Defense wants to give defense-curious startups a safe space to pursue capital without having to look into funding from foreign investors that might have adversarial ties.

On Wednesday, Pentagon officials announced the launch of the Trusted Capital Digital Marketplace to give growing companies more avenues to work with DOD while ensuring they do not take foreign investments that might preclude them from working as a defense contractor in the future. The marketplace finalizes pilot work started in 2019 at the behest of that year’s National Defense Authorization Act.

The DOD kicked off the full program in December, with acquisition leaders taking to the Pentagon Briefing Room this week to promote its launch after a break for the holidays.

“We are really hoping to diversify the defense industrial base,” said Ellen Lord, undersecretary for acquisition and sustainment. Lord said the DOD hopes that non-traditional and dual-use companies will sign up for the program, calling it a “speed dating app” to connect companies in the national security world with investors.

The way it works is that both growing companies (“capability providers”) and investors (“capital providers”) apply to join the marketplace and be screened by DOD. If accepted, they are listed in the digital marketplace as trusted receivers and sources of funds and have the ability to connect with each other. So far 128 companies have “logged into the system” along with 30 capital providers, Katie Arrington, DOD’s chief information security officer for acquisition and sustainment, said during the briefing.

The DOD credits new laws for helping put the marketplace together, including the Tax Cuts and Jobs Act of 2017, which created new designations for special national security-related companies in the tax code. The fiscal 2021 National Defense Authorization Act also references the program and further propelled the department to bring it to life, as it requires a report on efforts to expand the initial pilot program.

The move to support trusted capital comes after several warnings from Lord that the coronavirus pandemic has accelerated “adversarial investment,” where hostile countries look to invest in American companies to purposefully disqualify them from future security clearances and DOD contracts. Lord cited dozens of recent mergers and acquisitions of Chinese companies and billions of dollars in investments that came from the country as reasons to move forward with the marketplace.

“We recognize that this supply chain diversity comes with some risk,” Lord said. “COVID-19 magnified that risk.”

The launch of the program is likely one of the last initiatives Lord will oversee as undersecretary for acquisition and sustainment, as she will resign from the politically appointed role when the Biden administration takes office next week. Wednesday, she said the press briefing would “likely” be her last with the department.

Air Force pushing ‘mission-critical’ applications to zero trust

Realizing that telework will remain a reality for months and years to come, the Air Force is working to push some “mission-critical” applications to a zero-trust environment to improve their cybersecurity, a top Air Force technology official said Tuesday.

The push is centered around a task force set up to examine how the Air Force can move into a zero-trust environment where both known and unknown users are treated with the same amount of cyber skepticism to protect every layer of technology infrastructure. Frank Konieczny, chief technology officer of the Air Force, said during an SNG Live event on zero trust that the move is needed since airmen and Air Force civilians will be working remotely for the indefinite future.

It will be “several years before we all get back to the office, if we ever get back to the office,” Konieczny said during the session.

The task force Konieczny spoke of is examining how many applications can be pushed from a current defense-parameter environment — where security measures focus on keeping adversaries out of network entry points — to a zero-trust environment.

“Critical mission ones are going to be pushed that way pretty quickly,” he said. “There is no other way around this now.”

The entire DOD is moving toward zero trust, with some parts of the military going faster than others. The Defense Information Systems Agency (DISA) said it would release a zero-trust reference architecture early in 2021 as a way to encourage agencies across DOD to rebuild their network for the new model of security.

During the coronavirus pandemic, the Air Force launched pilots to study how to move to a zero-trust environment, officials have said at previous public appearances. The department now appears to now be building off that work.