The National Archives is looking for some more cloud
The National Archives and Records Administration (NARA) needs more “flexibility and efficiency” from its cloud services.
The independent agency posted a request for information recently, soliciting feedback from companies on a potential plan to replace its enterprise cloud contract. The contract listing is called “Platform & Infrastructure for Cloud Archives & Records Depositories” or, in acronym form, PICARD.
The requirements of a new cloud contract spring from the directive that NARA transition to fully electronic record keeping, and stop collecting paper records, by the end of 2022.
“Beginning January 1, 2023, all other legal transfers of permanent records must be in electronic format, to the fullest extent possible, regardless of whether the records were originally created in electronic formats,” an Office of Management and Budget memo from July states. “After that date, agencies will be required to digitize permanent records in analog formats before transfer to NARA.”
NARA currently uses Amazon Web Services, but is considering moving to multi-cloud. The agency recognizes that “other agencies transferring records to NARA could be transferring them from any cloud hosting environment and NARA needs to be prepared for ensuring efficient transfer of records into its legal and logical custody.”
The agency also has new functionalities in mind, and as such “requires the flexibility to expand its cloud presence.”
Responses to the RFI are due Feb. 20.
GSA to use more bots in 2020 and emphasize AI expertise in PIF program
The General Services Administration has two distinct sets of plans for expanding the impact of automation on the federal government this year.
The agency wants to expand its use of robotic process automation (RPA), while also increasing the Presidential Innovation Fellows (PIF) program’s emphasis on artificial intelligence (AI).
The GSA already has 33 RPA bots in operation, and that number will grow this year, officials said.
“The program has a robust pipeline of new use cases that are under evaluation and in development,” a GSA spokesperson told FedScoop. “Agencies, including GSA, are looking across all functional areas for automation candidates.”
Agencies including GSA already use RPA for data entry, email management and information retrieval from documents and call centers. Code for many of the bots is in a public repository on GitHub or is available through the agency’s RPA Community of Practice (CoP).
One “ideal candidate,” the spokesperson said, is the transfer of basic job application information — name, address and Social Security number — to the Office of Mission Assurance’s credentialing system to begin background investigations. Like many tasks that are ripe for takeover by RPA, it’s a repetitive, rules-based process.
Bots GSA shared on GitHub include one that automates accounts payable email notifications for outstanding invoices and another that retrieves information on micro-purchases to create a purchase card log.
GSA’s Technology Transformation Services continues to advance its AI strategy at the same time, assisting agencies through consulting and advisory services and cross-agency accelerators; cosponsoring an AI CoP; acquisition of innovative technologies.
AI emphasis for PIFs
The PIF program, run by TTS, has placed about 160 fellows across 35 agencies in the last six years. It looks for people with digital strategy, product design and engineering backgrounds.
“In this program this year, there will be an emphasis on AI as TTS works to accelerate the adoption of AI across the federal government,” said Harry Lee, assistant commissioner of TTS, at the ACT-IAC AI/IA Forum on Jan. 22.
“Given the recent federal efforts around AI — as well as TTS’s leadership role in accelerating the adoption of AI across government — there is increased interest from agencies in bringing on PIFs to help drive their AI efforts through automation, RPA or more advanced machine learning,” the spokesperson said.
The application process for the 2020 PIF cohort began in late January, and the AI CoP meets on Feb. 12 to explore use cases.
“Buying AI on an enterprise-wide scale is not only new to government but also relatively new to the private sector,” Lee said. “Industry participation and feedback is very important to the success of agency programs and support.”
Transparency advocates push Congress on public access to CRS reports
A group of transparency advocates is pushing Congress to make more Congressional Research Service (CRS) reports more accessible to the public.
The group sent a letter to the House and Senate on Tuesday detailing what they see as weaknesses in the Library of Congress’s implementation of crsreports.congress.gov, a relatively new public-facing website for CRS reports. Among the issues identified in the letter: Public-facing reports are only published as PDFs, which “significantly undermines their utility,” the site’s “bulk download” function only allows for the download of 5,000 reports at a time and non-confidential historical reports aren’t published.
A little background: The CRS’s nonpartisan public policy reports, which are produced by the thousands each year on issues as varied as U.S. policy in Kuwait, next-generation 911 technologies, violent crime in American cities and more, have mostly been kept out of the hands of regular citizens unless shared by someone in a congressional office. The initial reasoning? The cost of reproducing copies would be too high.
Of course, in the internet era, this concern no longer applies, and so the Consolidated Appropriations Act of 2018 directed the Library of Congress to build and maintain a public-facing site for non-confidential “R” series reports.
In September 2018 the Library launched crsreports.congress.gov and started publishing non-confidential CRS reports there.
But while transparency advocates welcomed the new site, they also wanted more from it. Quickly, it was criticized for being incomplete and “unreasonably expensive” and possibly even redundant to existing efforts.
One central sticking point was about which reports will be made public. The library is publishing current and recently archived reports, but some transparency advocates argue that there are older historical reports and other CRS products that are also in the public interest.
Now, organizations including Demand Progress, the R Street Institute, Lincoln Network, Government Accountability Project and more want to make sure lawmakers don’t forget about this.
“We hope that you will encourage the Library to improve how it is currently publishing CRS reports and to expand the scope of the reports it publishes online,” Tuesday’s letter reads.
GSA keeping ‘on track’ with schedule consolidation
The General Services Administration has begun the process of updating pre-existing contracts to meet the terms and conditions of its recently consolidated acquisition schedule.
GSA consolidated 24 schedules for finding and purchasing solutions into one Multiple Award Schedule (MAS) on Oct. 1 to modernize acquisition for federal, state and local agencies.
New contracts are placed on the consolidated schedule, while pre-existing contracts must be aligned by MAS schedule contractors — the second phase of the process known as Mass Modification. Schedule holders have until July 31 to accept the Mass Mod that GSA started issuing Friday, or else their offerings will no longer be accessible on GSA’s eTools platform.
“We are planning for a smooth transition and federal agencies should experience no disruption to their purchasing practices during the Mass Mod,” Julie Dunne, commissioner of the Federal Acquisition Service, said in a statement. “There will be no change to contract numbers which makes the transition less burdensome overall. And, we’ve been steadily training our contracting workforce to ensure a seamless transition.”
The MAS solicitation is organized into 12 large categories: office management, facilities, furniture and furnishings, human capital, industrial products and services, information technology, miscellaneous, professional services, scientific management and solutions, security and protection, transportation and logistics services, and travel. Those categories are divided into subcategories and Special Item Numbers (SINs), which have been reduced from about 800 to 300 for clarity.
GSA developed the solicitation based on more than 1,000 comments from agencies, employees and industry in response to two requests for information.
MAS Consolidation is one of four cornerstones of GSA’s Federal Marketplace Strategy. The third and final phase of MAS Consolidation is slated for the second half of fiscal 2020.
“We’re right on track with MAS Consolidation,” said Emily Murphy, administrator of GSA. “Moving to a single schedule is good for federal agencies, our industry partners and our acquisition workforce. It’s a key piece of the picture for making it easier to deliver solutions.“
James Byrne out as No. 2 at VA
Department of Veterans Affairs Secretary Robert Wilkie fired his deputy James Byrne on Monday out of a reported “loss of confidence.”
“Today, I dismissed VA Deputy Secretary James Byrne due to loss of confidence in Mr. Byrne’s ability to carry out his duties. This decision is effective immediately,” Wilke said in a statement.
Byrne, a former Marine infantry officer, was Senate-confirmed to the deputy secretary role in September. Prior to that, he served in an acting capacity since August 2018. He originally joined the VA as general counsel in 2017.
James Byrne was the accountable official on the VA’s Electronic Health Record Modernization plan and worked hand-in-hand with the department’s CIO on other digital transformation efforts. The VA has been trying to move its vast amount of veteran health records to a modernized system managed by Cerner. In November Byrne said he was “very confident” the program will successfully launch in March, despite encountering several roadblocks, according to reports from congressional watchdogs.
He said then it would be either he or Wilkie making the final decision on if the system will be ready to go live by March 28. “And we’re both accountable for it, regardless of who makes it.” With Byrne now gone, its unclear how that decision will be made.
Before joining the VA, Byrne worked for Lockheed Martin Corp. as chief privacy officer and a cyber and counterintelligence attorney.
The Army working on a battlefield AI ‘teammate’ for soldiers
The Army is working to deploy artificial intelligence on the battlefield to detect and classify real-time threats for soldiers in the years to come.
The new systems, called the Aided Threat Recognition from Mobile Cooperative and Autonomous Sensors (ATR-MCAS), will scan and classify imagery from sensors that can be mounted on vehicles, aerial coverage and autonomous vehicles that will help soldiers recognize incoming threats.
It is a tool that Lt. Col. Chris Lowrance, head of autonomous systems with the Army’s AI Task Force, said will act as a “teammate” and reduce “cognitive load” by alerting soldiers of incoming threats.
Soldiers in vehicles or holding mobile devices will be able to customize the feed of data that the ATR-MCAS will show and alert them to, Lowrance said. For example, a soldier driving a tank could set a laptop to only display images of enemy tanks when the computer-vision system detects them. Alternatively, a solider could watch a livestream of the raw video data the AI system is analyzing with highlighted sections classifying what the cameras and other sensors are picking up.
“You are reducing the risk of soldiers having to get out in front of danger,” Lowrance told FedScoop.
Currently, the algorithms primarily operate on image classification and computer vision, but in the future, the Army hopes to add pattern recognition of images. Lowrance said the capabilities will “always be expanded over time.”
While pattern recognition is a goal, humans will retain full control over how they react to the information ATR-MCAS alerts them to. The aim is to provide a more detailed picture of the battlefield for a solider and get them the most critical information, Lowrance said.
“In essence, the systems are all about being able to provide situational awareness in the form of these systems that are unmanned,” Lowrance said.
Noisy environments
The Army inherently operates in noisy data environments; and with fast-moving objects, the AI system will need to work fast to classify them. To meet the need, the system will operate on edge-computing, according to the Army.
ATR-MCAS is also designed with customizability in mind. If the Army needs to conduct a reconnaissance mission with fly-over camera feeds or radar data, Lowrance said the system can account for a change in sensor input data.
“It can always be expanded over time,” Lowrance said of the type of input data the algorithms analyze.
The system is far from deployment in battlefield environments, however. Currently, the algorithms are being trained on test data being collected with help from academic partners. Researchers at Carnegie Mellon worked with the Army in mid-January to collect data to feed to machine-learning algorithms. Eventually, the Army will run the algorithms on data collected from the battlefield, Lowrance said.
The Army’s AI Task Force led the charge on this product but worked in collaboration with the Pentagon’s Joint Artificial Intelligence Center on “similar problem sets,” Lowrance said.
“We commend the Army AI Task Force for their groundbreaking work in advancing AI-enabled capabilities with ATR-MCAS,” said Lt. Cmdr. Arlo Abrahamson, a JAIC spokesperson.
The military’s contractor cyber standards are officially here
The Pentagon issued the final standards under the Cybersecurity Maturity Model Certification (CMMC) on Friday.
Version 1.0 marks the first step towards implementing the new cybersecurity standards into all Department of Defense contracts.
The model, consisting of five levels of security standards, will be phased into requests for information starting this summer. The vast majority of contractors that work with unclassified information will need to meet only level one of the framework — the least secure but least costly level on the scale. From there, the more sensitive the information contractors handle, the higher the level of certification they will need to receive under CMMC, up to level five. All levels will be certified by independent assessors who will conduct in-person checks.
“Today represents an import milestone but we still have a lot of work to do,” Undersecretary for Acquisition and Sustainment Ellen Lord said at a press conference.
The model was born out of a realization that “checklist” security and self-assessment, the current standard set out by National Institute of Standards and Technology rule 800, was failing. Hacks of defense contractors have leaked national security secrets up and down the supply chain. Contractor cybersecurity was seen as a weak link by adversaries and routinely exploited.
“CMMC is a really admirable and progressive attempt,” said Simone Petrella, CEO of CyberVista, a cybersecurity workforce development company. “It is something that really could be transformative and powerful.”
The official release of the standard means contractors will now need to pay a CMMC-certified assessor to physically inspect their operations to ensure they comply with one of the five levels. In the future, once CMMC begins appearing in RFIs and actual solicitations, if a contractor doesn’t meet the contract’s requisite level under the framework, they won’t be able to bid for the work.
While Petrella praised the general model for moving away from self-attested security, she flagged potential problems in how accessors get trained and actually certify contractors.
One hurdle is the size of the industrial base. Thousands of contractors in a complex supply chain will need to be physically assessed to meet security standards that may be new to companies that have not prioritized cyber hygiene in the past. Exacerbating that issue is the shortage of trained cybersecurity workers with the knowledge needed to asses advanced security standards.
At a press briefing Friday morning, Lord acknowledged the burden that could fall on small- and mid-sized businesses.
“We need small and medium businesses in our defense industrial base and we need to retain them,” Lord said.
The CMMC assessors that will physically inspect contractors will be trained and overseen by a nonprofit board comprised of industry and academic partners. The board incorporated in November and as of this week had few answers as to how it will get the assessment workforce ready.
Lord stressed the department will take a “crawl, walk, run” approach to implementing the rules.
Katie Arrington, DOD’s CISO for acquisition and sustainment, projected 1,500 companies will be certified by the end of 2021.
Arrington has been working publicize CMMC with a national listening tour. But a recent survey found only a quarter of surveyed defense contractors could identify what the acronym stood for. A potential lack of understanding in the industrial base could spell trouble for the process as it tries to get off the ground.
For Congress, tech assessment is best done on two tracks, new paper says
Here’s a suggestion for how to increase tech savvy in Congress: Build on the work the GAO is already doing, while creating a specific home for the “squishier” stuff, too.
A new paper published by the Harvard Ash Center for Democratic Governance and Innovation argues that GAO’s Science, Technology Assessment and Analytics (STAA) group should be supplemented with another office that would carve out a slightly different, but complementary, focus area.
Authors Daniel Schuman of Demand Progress and Zach Graves of the Lincoln Network envision this additional office as a new and “more narrowly focused” version of the erstwhile Office of Technology Assessment (OTA). It would also have a different name: the Technology Assessment Service (TAS).
The idea is that STAA would focus on assessing federal R&D spending and acquisitions of emerging technologies — an important task that Graves and Schuman argue is very much in line with GAO’s strengths. TAS, meanwhile, would work on the “squishier” stuff, they say, such as providing advice on regulating the private sector’s use of new technology.
The paper is the latest piece of work to enter the debate around how to make Congress smarter on tech. There is now widespread bipartisan agreement that something needs to change — thanks in part to high profile hearings like those with Mark Zuckerberg in 2018 — but exactly what that change should look like is still a question.
Some, like the Select Committee on the Modernization of Congress and Rep. Mark Takano, D-Calif., advocate for the revival of OTA. OTA provided members and committees with objective, forward-looking reports on the impacts of science and technology developments from when it was established in 1972 until it was defunded and shuttered by Republican leaders in 1995.
Others, concerned about the political baggage the idea carries, prefer another approach.
In January 2019, GAO announced that it would be stepping up its efforts in the tech assessment area with the launch of STAA, its new tech assessment group.
The Graves and Schuman paper takes this evolving debate into account. It’s clear, Graves told FedScoop, that “GAO is going to be a major player.” As such, the paper gives specific suggestions on how to boost STAA — such as giving it a separate appropriations line item and independent hiring authority, for example — as well as ideas for changes that could be made to the OTA statute so that the resulting new organization (the TAS) could work in concert with STAA and others.
While both admit that there are details that remain to be worked out, Graves and Schuman hope to see increased conversation about this issue as Congress heads into its next appropriations cycle.
“We’re seeing a convergence,” Schuman told FedScoop, citing various recent reports on this topic as well as mentions of it out on the Democratic primary campaign trail. This, and the growing political support in Congress, “bodes well,” he said.
“It’s amazing watching it happen.”
JAIC leader Lt. Gen. Shanahan retiring this summer
The Pentagon Joint Artificial Intelligence Center‘s first leader, Lt. Gen. Jack Shanahan, will step down from his post and retire from the Air Force this summer, a JAIC spokesperson confirmed to FedScoop.
Shanahan will leave military service with a long career in intelligence and developing technology. He led the creation of the JAIC from its establishment in 2018 and oversaw some of the artificial intelligence center’s more controversial and pivotal moments in its infancy.
Lt. Cmdr. Arlo Abrahamson, a spokesman for the JAIC, confirmed Shanahan’s retirement is coming “this summer.”
“The search for his replacement as the JAIC director is ongoing,” he said. “He will continue his duties until he transitions from military service later this year.”
Shanahan had previously said 2020 was going to be a big year for military AI.
“I am optimistic that 2020 will be a breakout year for the department when it comes to fielding AI-enabled capabilities,” Shanahan told reporters in September.
One of Shanahan’s most high-profile moments involves Google pulling out of Project Maven, the Department of Defense‘s artificial intelligence and machine learning initiative that aims to help Air Force analysts make better use of full-motion video surveillance. But internal pressure from Google employees surrounding the ethics of the project led to the company’s withdrawal from the project.
Shanahan spoke in November to the Pentagon’s handling of Maven, saying that the narrative spun out of control after the department wasn’t as transparent about the initiative as it could be. “This idea of transparency and a willingness to talk about what each side is trying to achieve may be the biggest lessons of all that I took from it,” he said of Maven at an event in conjunction with the National Security Commission on AI’s release of its interim report.
More recently, the center has focused on maturing humanitarian tools and AI applications. This summer, the JAIC signaled progress on testing AI systems that could be used to track rapidly spreading wildfires.
The DOD and JAIC have faced criticism in recent months for lacking resources and organizational support to scale the technology across the department. A congressionally mandated report from RAND Corp. released in December posited that DOD “lacks baselines and metrics in conjunction with its AI vision” and that the JAIC needs better “visibility and authorities to carry out its present role.”
Shanahan will retire with more than 35 years of Air Force service. Before leading the DOD’s push to develop AI, he served in many other capacities, often dealing with technology. He also led teams of cryptographers, or code-breakers, for the 25th Air Force at Joint Base San Antonio-Lackland in Texas.
Before GSA can mitigate fake comments on rulemakings, it needs to know how prevalent they are
The General Services Administration wants to know what percentage of federal rulemakings receive fake public comments, which will require more data from partner agencies.
GSA kicked off its effort to fight fake comments in rulemakings Thursday, but its genesis really started back in 2017. That December, the Federal Communications Commission repealed net neutrality guidelines treating the internet as a public utility. But nearly half of the 22 million public comments on the proposed decision came from stolen identities.
GSA became the managing partner of the eRulemaking Program — a shared service allowing the public to electronically review dockets and submit comments on proposed rulemakings across multiple agencies — in October.
GSA is in the process of modernizing the program with more secure, innovative technical solutions that can mitigate fake comments and sift through mass-comment campaigns.
“We’re going to take the integrity of the rulemaking process very seriously and go through an intentional, rigorous, phased process, and the initial step of that is discovery,” Tobias Schroeder, director of the eRulemaking Program, said during a public meeting Thursday. “So we want to make sure that we’re gathering all the available information we can — and I emphasize available — from the partner agencies that we interact with to get the statistics so that we can independently validate what those numbers are and identify what the risks are and respond in a prioritized way to those risks.”
Fake comments falsely attribute the identity of the commenter, according to the Office of Governmentwide Policy’s working definition. In the net neutrality case, the identities of high-profile citizens, senators and even celebrities like Elvis Presley were stolen to post comments.
The eRulemaking Program will work with partner agencies on how they wish to respond to fake comments, Schroeder said.
Agencies can negate fake comments downstream, but that ignores their social and economic costs, said Sanith Wijesinghe, information systems engineer at federally funded research and development center MITRE.
“You now have on the public record a statement attributed to someone without their consent, and it takes quite a lot of effort to correct that,” Wijesinghe said. “Not everyone has the resources to do it.”
Fake comments likely originate in foreign countries, and an “arms race” results as the technology matures, he added.
Wijesinghe said agencies should explore alternative ways of structuring rules, so comments are less of a free-for-all and more directed at specific groups they desire feedback from.
The National Association of Manufacturers is a “power user” of the rulemaking process — weighing in frequently and encouraging its members to do the same — and wants to ensure any improvements to agency tools aren’t a barrier to public engagement, said Patrick Hedren, a vice president of the advocacy group.
“We want to be very careful to not amend the tool in a way that cracks down on something that’s completely normal, permissible, constitutionally valid and a positive way to engage with government,” Hedren said.
When faced with a mass-comment campaign, agencies should “look to the normative point being made,” he added.
But comment campaigns organized by advocacy groups can drown out the voice of other interests like small businesses, which have less of a presence in other parts of the regulatory process because of the costs.
Small businesses also run the risk of signing on to a poorer-quality comment during mass commenting than they might otherwise, said Oliver Sherouse, regulatory economist at the Small Business Administration.
“Writing a detailed comment letter is hard work,” Sherouse said.
Agencies and trade associations should help small businesses identify relevant rules and supporting documents early in the rulemaking process, using machine learning to identify effective entities for a given regulation, product or program, he added. If rules are made machine-readable, even better.
A guide on writing effective comments would also help small businesses, Sherouse said.
Rulemaking agencies ultimately decide whether commenters must authenticate their identity in some way before submitting, which could crackdown on fake comments but also limit responses. Thus why agencies sometimes forgo authentication.
An empirical analysis comparing the volume of anonymous comments to the validity of the points they make would be useful before backing authentication, Sherouse said.
“It’s not difficult to figure out why a business would be reluctant to criticize its regulator on the record,” he said.