CenturyLink wins Census contract to help move the 2020 count online
Network services provider CenturyLink announced Thursday that it has been selected by the Census Bureau to deliver secure cloud connectivity for the upcoming decennial census.
The company’s $24 million task order will see it providing the bureau with Managed Trusted Internet Protocol Services (MTIPS) through the end of December 2020 — thereby enabling the 2020 count’s key public internet response system feature.
“Our high-speed MTIPS service will provide the Census Bureau with secure connectivity that enables it to move its 2020 Census to an online digital platform and carry out its important data-gathering mission in the most secure, reliable and cost-effective way,” David Young, senior vice president of strategic government at CenturyLink, said in a statement.
The 2020 census is being hailed for its use of modern technology, most notably large-scale internet self-response. The bureau hopes that Americans will avail themselves of this option for responding to the count, as this could drive down the number of costly and time-consuming non-response follow-up visits from Census personnel.
But internet responses need to be kept secure and be securely accessed by the Census Bureau. This is where CenturyLink comes in. MTIPS is a federal protocol that allows agencies to connect to the public internet and still comply with the Office of Management and Budget’s Trusted Internet Connection initiative.
CenturyLink is one of the companies approved to provide MTIPS under the General Services Administration’s Networx program — a precursor to the new Enterprise Infrastructure Solutions (EIS) contract.
The 2020 census project has faced some concern from watchdogs like the Government Accountability Office about the timeliness of the “significant work” it has had to undertake to get the 52 new or legacy IT systems the count will rely on fully operational. In July, GAO’s Nicolas Marinos testified that GAO considers Census “at risk” of missing five upcoming deadlines, including one for the key internet self-response portal.
A Census Inspector General’s report from June found various “security deficiencies” in the agency’s cloud-based IT systems. The bureau has since addressed these issues.
Bug bounty finds 54 flaws in Air Force’s new cloud system
“White hat” hackers found 54 vulnerabilities in the Air Force’s enterprisewide cloud environment during a recent bug bounty.
The bug bounty took place in spring, but notice of its results was announced Tuesday by Bugcrowd, the third-party firm that ran the bounty. The event, with around 50 private, pre-screened hackers looking for bugs, was a way for the Air Force to test the resilience of its relatively new Common Computing Environment cloud architecture as it continues to migrate data to the platform.
The Common Computing Environment started to go live in March 2018. By April of this year, the cloud had 21 applications running on the system and room for “countless more,” according to an Air Force news release.
The CCE was developed to replace the Global Combat Support System, a legacy logistics system running on-site at bases across the country. The new cloud is run on Amazon Web Service’s and Microsoft’s Azure’s commercial cloud infrastructures.
“Some apps are built with characteristics that make them a better fit for one cloud service or another,” 2nd Lt. Stephen Cunningham, a systems engineer on the CCE project, said in the April release.
It was the first hackathon the Air Force has contracted to Bugcrowd, which describes itself as a crowdsource cybersecurity platform. The service has hosted previous events to find holes in its networks and computer systems, but this is the first specific to CCE. The Air Force has worked with HackerOne and Synack on its past bug bounties.
The largest payout from the bug bounty totaled $20,000.
Talent exchange programs expanding in the secretive intelligence world
Long-championed talent exchange programs are catching on as a way to sharpen a thin cyber workforce and connect agencies across the intelligence community.
Multiple bills and executive orders have recently codified an idea that has been piloted since the mid-2000s in the IC to improve cross-agency collaboration. The latest iterations of the idea have sprung up in the latest Intelligence Authorization Act, as well as another bill currently moving through the House and a recent executive order that broadly push for rotating cybersecurity experts governmentwide
The idea is to let intelligence community officials dabble across agencies and sectors and sharpen their skills through new experiences.
“Rotational programs have benefits for the agency and the individual employees,” Kristine Simmons, vice president for government affairs at the Partnership for Public Service, told FedScoop. Simmons rattled off a long list of perks: promoting learning, developing new skill sets, expanding networks and diversifying viewpoints.
This year’s Intelligence Authorization Act — the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act — goes a step further than most other programs. If enacted, the talent exchange program would allow intelligence workers to be detailed to the private sector in exchange for private-sector workers who would join an intelligence agency. The bill has been passed by the House and the Senate Select Committee on Intelligence but awaits passage out of the full chamber.
Simmons sees it as a “different flavor of a similar approach.” For instance, the Department of Defense has its own public-private rotational program that places high-performing workers in similar private positions to expand their network and sharpen their skills.
President Trump’s May executive order, largely framed on the ideas set out in the Federal Rotational Cyber Workforce Program Act, is aimed at upping cybersecurity education and rotating workers through the government. The U.S. faces a cybersecurity worker gap of 320,000 open positions, according to CompTIA.
“I am pleased that President Trump recognizes the need to address our federal government’s shortage of qualified cybersecurity professionals and safeguard our nation against serious cyber threats,” the bill’s author, Sen. Gary Peters, D-Mich., said in a statement following the president’s EO. “I have been proud to lead the bipartisan effort in Congress to create incentives to attract highly skilled cyber professionals to public service, and I am grateful for the President’s support of this vital effort to strengthen our nation’s cybersecurity.”
While the idea has received bipartisan support on the Hill and cheers from policy experts like Simmons, implementation of early rotational pilots has not always been smooth.
One such pilot, the Joint Duty Program, was born out of a 2004 intelligence reform act that required officials to serve in more than one agency before being promoted to the executive level. In a policy directive on the program, then-Director of National Intelligence James Clapper cited a need to “minimize embedded cultural perspectives” in agencies.
But a report from the Government Accountability Office criticized the program’s lack of strategic framework in its implementation, high turnover in the position overseeing the program and only about half of the senior-level officials supporting the program. Still, it remains in place with its foundation expending.
“A big hurdle for any rotational program is cultural,” Simmons said. There needs to be agency buy-in for these programs to find success as they are about more than just helping single employees find new experience but spreading experiences and culture across agencies. They are not just about shifting around a top performer, she said.
“[The programs] need to be viewed as a means of developing talent and helping people become better professionals and better at their job,” Simmons said.
Report: Mass data fragmentation limiting agencies’ cloud benefits
Many government IT leaders aren’t seeing the improved efficiency, reduced costs and insights they expected moving to public cloud due to mass data fragmentation, according to new Cohesity research.
Mass data fragmentation occurs when information is spread across multiple environments, including the cloud, in a siloed way that limits integration and analysis.
The San José-based data management company commissioned Vanson Bourne to survey about 900 global IT leaders, 115 of them in the public sector, to get a sense for the mass data fragmentation problem.
Among public sector respondents, 71% reported that only some cloud benefits had been realized by their organizations. Of those, 89% said that was because data was fragmented in and across public clouds with the potential to become unmanageable.
“Almost every person that we interviewed had very high ratings of cloud, and almost 100% said they intend to increase their utilization of cloud,” Davis Johnson, vice president of federal at Cohesity, told FedScoop.
But often agencies use different tools, software and targets for their virtualization backups of multiple cloud environments, resulting in numerous versions of the same file in addition to the one actually used, Johnson said. When it came to data management, 49% of public sector respondents said they used three to four products in the cloud to deal with backups, archives, files and test/dev copies.
Those products raised security concerns for 63% of respondents, cost concerns for 55% and compliance concerns for 45%.
The study further found that government IT workers spend 24 weeks a year on average trying to address data fragmentation in the cloud.
Cohesity recommends agencies use a single data platform.
“The biggest benefit probably is better customer experience,” Johnson said. “With the analytics that go into having all of your data globally indexed and available on a single data platform, you can start to gain better insights.”
Platforms have the added benefit of being able to scale infinitely for as much as a 90 percent efficiency improvement, he added.
Most times an agency wants to begin with a data protection use case before moving on to analytics, testing and development, Johnson said.
“Data protection had become kind of the forgotten IT use case, where there was not a lot of innovation and investment being made,” he said. “That’s the number one most important thing that we had to tackle, and that was how we typically approach a new client.”
DARPA wants to tackle ‘deepfakes’ with semantic forensics
When it comes to detecting whether an image or video is fake, it’s the little mistakes that matter, and to help with the sleuthing, the Defense Advanced Research Projects Agency wants to improve what it calls “semantic forensics.”
The agency announced this week that it plans to hold a proposers day on Aug. 28 to give more information on an anticipated Semantic Forensics (SemaFor) Broad Agency Announcement. It’s the latest expression of DARPA’s interest in countering the chaos-inducing potential of “deepfakes” — the practice of using artificial intelligence to manipulate audio, video, text or photo files.
The SemaFor program, DARPA says, will explore ways to get around some of the weaknesses of current deepfake detection tools. The statistical detection techniques used in the past have been successful to date, but those tools won’t always have the upper hand.
“Detection techniques that rely on statistical fingerprints can often be fooled with limited additional resources,” the proposers day announcement states. “However, existing automated media generation and manipulation algorithms are heavily reliant on purely data driven approaches and are prone to making semantic errors.”
In practice, it means that artificially generated faces, for example, exhibit “semantic inconsistencies” like “mismatched earrings,” DARPA says. The most troublesome deepfakes are those that make real people look like they’re saying or doing things they’ve never actually done.
“These semantic failures provide an opportunity for defenders to gain an asymmetric advantage,” the agency says.
The draft schedule for the proposers day includes briefings by a number of DARPA officials and time for participant Q&A. Would be attendees must register in advance.
This announcement isn’t DARPA’s first stab at the deepfake challenge. The agency has had a Media Forensics (MediFor) team doing this kind of work since 2016. Its goal, the team’s webpage states, is “to level the digital imagery playing field, which currently favors the manipulator, by developing technologies for the automated assessment of the integrity of an image or video and integrating these in an end-to-end media forensics platform.”
Spending transparency tools are now available to agencies under IT Schedule 70
The government will use a streamlined acquisition process to improve transparency into agencies’ information technology spending.
The General Services Administration’s Office of Government-wide Policy and the Office of Management and Budget recently announced agencies will use IT Schedule 70 to acquire Technology Business Management tools and services for analyzing publicly available cost data.
“This will help to ensure that the TBM tools and services procured are designed to meet each agency’s needs,” reads the announcement.
In 2017, OMB directed agencies to fully adopt the TBM framework — an open-source standard for IT costs used in the private sector — by 2022. Improving IT spending transparency was further made a cross-agency priority goal in the President’s Management Agenda.
Special Item Number (SIN) 132-40 will be used for TBM tools and SIN 132-51 for services, according to the solution announcement.
Tools and services may include IT financial management solutions, robotic process automation, artificial intelligence, natural language processing and machine learning that can identify areas for savings and investment.
GSA and OMB further established a TBM Task Order Review Board (TORB) that will review agency procurement packages and recommend that they proceed or else revisions. The TORB will further issue guidance and templates for acquisition preparation, solicitation and evaluation.
Vendors and partnerships have until Aug. 23 to respond to the solution’s request for information with details on the TBM tool they offer and government contract vehicles it’s on, their Federal Risk and Authorization Management Program status, and the size of their company.
NASA wants government to stay on top of mobile policies
NASA’s chief information officer urged agencies to get ahead of policies like Trusted Internet Connections 3.0 so their upgrades of mobile communications systems don’t run afoul of the Office of Management and Budget.
Renee Wynn, speaking Tuesday at an Advanced Technology Academic Research Center event, said her agency is excited that TIC 3.0 guidance is in final review and will accelerate government cloud uses.
Wynn briefs the Federal CIO Council on NASA’s efforts to use mobility to deliver government services, including emergency management. Agencies should work more closely with OMB to craft mobile-friendly policies, she said.
“OMB is already beginning to think about what policies need to change in order to enable this because otherwise CIOs like myself are going to have to make risk-based decisions that are outside some of the policy frameworks because they don’t match up,” Wynn said.
Those decisions “could result in a government hearing” if an agency oversteps federal regulations that haven’t been updated, she added.
NASA is working to better secure communication links with its flying assets in space for constant connections. The agency plans to send a crew to the moon by 2024, including the first woman, with the intent of using the mission as a stepping stone for travel back and forth from Mars.
No human has landed on the moon since Apollo 17 in 1972, and mobile data sharing will be critical to the new mission and communication between space suits. So NASA has established four mobile priorities: mobile security, acquisition, fifth-generation wireless network infrastructure, and mission enablement.
“Security has to be from the beginning; we didn’t do it when we invented the internet … and we’re all paying that price,” Wynn said. “I’ve paid it many times. I think I can show up to China, and I’ll be greeted there as happily as I’ll be greeted here.”
On the acquisition front, NASA’s focus is supply chain risk management and ensuring data goes where it’s intended, she said.
Zero-trust networking remains in the experimental stage, but NASA is thinking about cybersecurity for the command center and mobile simultaneously.
“We are working rapidly to modernize our infrastructure,” Wynn said.
Architect of the Capitol could do a better job monitoring IT contracts, says IG
The Architect of the Capitol needs to implement better oversight of task orders awarded under a blanket purchase agreement (BPA) for engineering, app development and IT services, says its inspector general.
A newly released report by the AOC IG looks into a task order to provide the agency’s Information Technology Division (ITD) with IT support services. It concludes that while the contract itself was awarded in accordance with the law, “contracting officials did not properly monitor the BPA.”
The IG found that the contracting officials at the AOC “did not properly monitor the task order to ensure adequate oversight of the contractor performance.” Specifically, they didn’t “adequately” perform post-award administration duties, nor did they monitor the contractor’s quality control plan.
“It is important for the AOC to establish effective internal controls for monitoring contractor performance,” the IG notes. “Proper contractor oversight also ensures that the AOC receives services that are timely, complete, and meet the scope of the contract requirements.”
The AOC, however, did not agree with the IG’s assessment.
“The AOC employed a variety of contract management tools suitable for a contract of this nature to carry out post-award administrative duties and ITD staff (to include the [contracting officer’s technical representatives] and ITD program officials) worked alongside, or near to, the contractor daily and had firsthand knowledge of the contract’s performance,” the office states in its comments on the IG’s findings.
The AOC continues to argue IG’s findings, but the IG isn’t swayed. In all, the report makes eight recommendations, many around improving post-award oversight of contracts.
Democratic senators question Pentagon’s review of JEDI
Democrats on the Senate Armed Services Committee are pushing back against the Pentagon’s decision to review the $10 billion Joint Enterprise Defense Infrastructure contract, adding yet another twist in the growingly political saga of the military’s attempt to move to the cloud.
Sens. Jack Reed, D-R.I., ranking member of the Senate Armed Services Committee, and Mark Warner, D-Va, signed a letter urging Department of Defense Sectary Mark Esper to “resist political pressures” to derail the JEDI acquisition, asking if he has been influenced from outside the Pentagon to delay the contract.
Esper last week announced that he would review the contract after a number of complaints about the contract from lawmakers, but didn’t detail the extent of the review, just that he is “looking at the Joint Enterprise Defense Infrastructure (JEDI) program,” according to a spokeswoman.
Republicans across Washington, notably including President Trump and Sen. Marco Rubio of Florida, have voiced their concerns over allegations of an unfair acquisition process, some calling for the Pentagon to bring the contract to a halt.
The letter from the two Democrats states that DOD’s CIO is moving closer to the conclusion of the contracting process and that the contract has appropriate independent reviews built-in for a fair competition.
Warner and Reed ask Esper in the letter what prompted his review and if he has been influenced politically from outside the Pentagon to delay or cancel the contract, which DOD CIO Dana Deasy said previously he expects to award later in August.
“The integrity of our federal procurement process rests in large part on its insulation from undue political influence, that sound technical and business judgment can be used to make data- and evidence-based decisions,” wrote the senators.
In a prior news availability with reporters, Esper denied that the White House directed him to make any statement.
“I’m looking at all the concerns I’ve heard from members of Congress,” Esper said.
Last month, a federal judge ruled that the contract was cleared to be awarded, denying a protest from the IT firm Oracle. However, in his legal opinion released after the decision, the judge described the process as “flawed.” The contract has been dogged with claims of unfairness and shady dealing for months, but so far no investigation has turned up enough wrongdoing to halt its award, which will go to one of the finalists, Microsoft or Amazon Web Services.
Some reports have pinned Oracle at the center of a lobbying campaign to derail JEDI, passing a document around Washington with a flowchart titled “A Conspiracy to Create a Ten Year DoD Cloud Monopoly,” alleging conflicts of interest between former DOD employees and AWS.
DISA awards $21.9M contract supporting background check IT system transfer
The Defense Information Systems Agency awarded a $21.9 million contract for IT support as the Department of Defense takes over the National Background Investigation System.
The contract, awarded to HGSNet, covers a range of software, network and data analysis needs for DISA. The firm-fixed-price contract has a one year base period with a potential six-month add-on.
Background investigations were recently transferred from the Office of Personnel Management to DOD as it tries to dig the nation’s background checks and security clearance process out of a considerable backlog. DISA has been responsible for the contracting and development of the IT backbone of the system as it moves under DOD’s purview.
The contract will include “transitioning systems” as the DOD takes over the security clearance process. Other services required in the contract are analysis; software engineering; systems integration and interoperability; data engineering and management; testing; deployment; development, security and operations (DevSecOps); and cloud and infrastructure engineering, according to a DOD posting about the contract.
In late January, the then-chief management officer of the DOD, David Norquist, ordered the transition team in DISA handling the background check system to move to the Defense Security Services. Since then, DSS changed its name to the Defense Counterintelligence and Security Agency.
This latest contract follows a pair of other transaction agreements DISA awarded over the past year — a $49 million agreement last July to Perspecta subsidiary Enterprise, LLC, and another $75 million agreement awarded directly to Perspecta.