Vote today for the 2025 FedScoop 50 awards.

Cast your vote!

Rep. Will Hurd survives close midterm race

Texas Republican Rep. Will Hurd, one of the preeminent tech-minded lawmakers on Capitol Hill in recent years, will see another two years in the House — though this term will certainly look a little different than his first two.

Gina Ortiz Jones, Hurd’s competitor for his seat serving the 23rd District of Texas, issued a concession statement Monday almost two weeks since the midterm congressional election.

“I want to thank my opponent and her supporters for engaging in the democratic process. To thrive, our democracy needs a vigorous competition of ideas, and whether you voted for me or not, I will need your help,” Hurd said in a statement. “To the residents of TX-23, thank you for giving me something that hasn’t happened in over a decade, the privilege of representing you for a third term. I will continue fighting for you every day in Congress.”

Hurd won the race by the slim margin of fewer than 1,200 votes, about 0.5 percent of all those cast. It seemed that Ortiz Jones would call for a recount, which she would have had to fund if she lost. However, after canvassing the district in recent days, she concluded: “we came up short this time.”

“I wish Will Hurd the courage to fight for TX-23 in the way in which our district deserves,” she said in a statement Monday.

Hurd originally claimed victory on Twitter and at his watch party on election night Nov. 6, despite having just a 689 vote lead at the time.

While he holds on to his seat, Hurd’s third term in the House will have a different dynamic from the first two, during which he has served as chairman of the House Oversight and Government Reform Subcommittee on IT. With Democrats taking the House majority in 2019, Hurd will not retain that gavel, and it’s unclear who the Democrats might install as chairman and whether Hurd will serve as the ranking Republican.

Hurd’s tenure on the subcommittee has been productive. He sponsored legislation like the Modernizing Government Technology Act and oversaw agencies’ implementation of the Federal IT Acquisition Reform Act. Those general trends shouldn’t change regardless of what role he takes in January when the 116th Congress kicks off.

“I’m proud that my constituents are sending me back to Congress for a historic third term so I can continue my bipartisan work on developing a National AI strategy, strengthening our nation’s cyber defenses, improving IT procurement throughout the government and implementing a cyber reserve program to bulk up our talent pipeline of cyber warriors,” Hurd told FedScoop.

GSA proposes new cybersecurity reporting rules for contractors

The General Services Administration is proposing new rules shaping how contractors protect government information on the IT systems they manage.

Tucked in a Friday Federal Register post detailing the Unified Agenda of Federal Regulatory and Deregulatory Actions, two proposed rules — GSAR Case 2016-G511 and 2016-G515 — call for amending the General Services Administration Acquisition Regulation to include requirements for contractors to safeguard GSA information in a solicitation’s statement of work, as well as the procedures for they inform the agency of a potential breach.

GSAR Case 2016-G511 allows contracting officers to implement agency cyber requirements and standards into each solicitation, providing a centralized cybersecurity guidance across the enterprise for contractors to adhere to.

“This rule will require contracting officers to incorporate applicable GSA cybersecurity requirements within the statement of work to ensure compliance with federal cybersecurity requirements and implement best practices for preventing cyber incidents,” the Federal Register post said.

GSAR Case 2016-G515 seeks to update the nearly two-year-old GSA policy, 9297.2C, on how the agency, and the contractors overseeing its and its customer agencies’ IT systems, safeguard Personally Identifiable Information and other confidential information, in addition to the procedures taken when a breach is discovered.

Because 9297.2C didn’t go through the rulemaking process when it was established in 2017, it wasn’t open for public comment. By moving it to the GSAR, GSA can seek public and industry input on how the rule can be improved.

“Further, it establishes the requirement for contractors to preserve images of affected systems and ensure contractor employees receive appropriate training for reporting cyber incidents,” the post said. “The rule also outlines how contractor attributional/proprietary information provided as part of the cyber incident reporting process will be protected and used.”

GSA officials detailed in the post their plans to release notices of proposed rulemaking in February 2019 for GSAR Case 2016-G511 and in April for GSAR Case 2016-G515, with comment periods running for two months for each respective rule.

Senate Budget Committee also has some questions about those VA software issues

The Department of Veterans Affairs is now facing tough questions from the Senate Budget Committee about a software glitch that’s causing delays in GI Bill benefits payments.

Chairman Mike Enzi, R-Wyo., sent a letter to VA Secretary Robert Wilkie on Friday in which he demands answers to questions on how much money the VA has spent to fix the IT issue and when the problem will, finally, be solved.

“What is the current status of the IT upgrades?” Enzi demands, in question number three of seven. “Will these systems be upgraded in time for the spring semester? If not, when does the VA expect to fully implement these changes? How much does the VA estimate it will need to spend to complete its IT upgrade?”

Members of the House Veterans’ Affairs Committee tried to get answers to similar questions in a hearing on Thursday and were met with reticence from VA leadership.

“What I would challenge all of us to do … is to come up with specific deliverables so that every person in attendance and watching and the press who are writing about this leave with a very crystal clear understanding of when this will be fixed, how it will be fixed and the mechanisms by which we can hold one another accountable,” ranking member Rep. Beto O’Rourke, D-Texas, said in his opening remarks.

“You will not leave this meeting with a date [for completion of the system],” Paul R. Lawrence, undersecretary for benefits at the Veterans Benefit Administration, said in reply.

Reported IT “issues” arose from the Harry W. Colmery Veterans Educational Assistance Act, or Forever GI Bill, which was signed into law by President Donald Trump in August 2017. Two sections of the law, which extends or expands many benefits, change the way the VA pays a monthly housing stipend. Previously the stipend was based on the ZIP code where the veteran lived — now it’s based on the ZIP code where he or she goes to school.

This change required that the VA build a new piece of software, but development and deployment hasn’t exactly gone smoothly.

Enzi also requests a detailed breakdown of all the money that’s been spent to address the issue, specifics on the contract that VA has with Booz Allen Hamilton for development of the new software system, a description of the agency’s strategy for communicating with affected veterans and more. The letter sets a Nov. 30 due date for any agency response.

“Our veterans deserve better,” Enzi writes.

Senate bill would offer government-matched funds to reskill for AI, automation

With more attention placed on the role of artificial intelligence and automation play in the workforce, a new Senate bill is calling for the creation of employer-funded savings accounts to help reskill the workforce.

The Lifelong Learning and Training Account Actsponsored by Sens. Mark Warner, D-Va., and Chris Coons, D-Del. — proposes creating tax-preferred savings accounts to which businesses or employees can contribute to fund new training efforts and improve their occupational skills.

The legislation would let employers provide continuing education opportunities for their workforce at a time when emerging technologies like AI, robotic process automation and machine learning are becoming more prominent and IT and cybersecurity-based talent is in higher demand.

“We need to make sure Americans are able to retrain and upskill throughout their career, so they can thrive in the modern economy,” Warner said in a statement. “This will not happen on its own. It requires a serious investment to help workers pay for the education and training necessary to modernize their skills — by employees, by employers, and by the government. The Lifelong Learning and Training AccountAct represents that serious investment.”

Those accounts would also receive a government-funded match of up to $1,000, allowing low- and moderate-income workers to select training programs and obtain an industry-recognized certification, government-recognized license or “an associate or baccalaureate degree.”

Workers must be 25 to 60 years old with an income less than $82,000 to be eligible for the accounts. They are encouraged to regularly apply the funds towards skills training programs. The bill also provides workers the opportunity to transfer the savings account with them when they go to a new job.

Automation technologies’ impact on work has been a hot topic in 2018, with the Trump administration, the intelligence community and Congress turning their attention toward the possibilities the solutions will hold for human capital management.

The senators pointed to a 2017 report by McKinsey & Company that said that 60 percent of occupations could soon see at least a third of their tasks be automated, prompting the need for workers with new skills to interact with new technologies.

“The digital, fast-changing nature of today’s economy has significant consequences for workers. More than ever before, individuals will need to acquire new skills over the course of their careers,” Coons said in a statement. “The Lifelong Learning and Training Account Act empowers workers, with help from government and employers, to take charge of their future by actively planning, saving for, and completing the training programs they need to thrive in this economy.”

Warner and Coons said they will introduce the bill in the Senate following the Thanksgiving holiday.

Air Force’s Kessel Run has admirers elsewhere in the military

After the Air Force scored early successes with its agile software development and acquisition program Kessel Run, other parts of the Department of Defense are looking to adopt and scale those early wins.

Kessel Run, taking after its “Star Wars” namesake, wants to kick Air Force software development and acquisitions into hyperdrive, reducing the yearslong timeline down to a few months with agile principles and saving millions of dollars along the way. The service began piloting the program in 2017 — bringing together airmen, Air Force civilians and contractors — and launched an Experimentation Lab in Boston this May.

Word has gotten out, and the rest of the DOD wants a piece of Kessel Run’s success, Air Force IT leaders said Friday at an AFCEA luncheon.

“DOD is stepping up to the table now to guide the services on how to [scale and adopt it],” said Air Force CISO Wanda Jones-Heath.

“They’ve already taken a lot of the Kessel Run artifacts, the approach, the playbook, and they’re starting to use that,” she said of the DOD. “There are other services also doing the same thing. So now they’re looking at the best of breed. How can we scale across the entire DOD enterprise to bring that capability securely into what we do?”

Brig. Gen. Kevin Kennedy, director of cyberspace strategy and policy in the service’s Office of Information Dominance and CIO, spoke about the importance of the Kessel Run program and how its reliance on the DevOps model is making the Air Force more software-based — “things are more software-defined, more agile and I can change capabilities,” he said.

“If I have an aircraft out there, it can be a sensor, it can be shooter, it can be a [command and control] node, it can be a node on the network,” Kennedy said at the event.

So now, when building out anything software-based, Kennedy said he needs three basic types of people in the room: “I need an operator, whether that’s a space operator, cyber operator, an air operator — I need an operator in that conversation who understands how to do software development, understands that it has some level of efficiency. I need an acquirer, someone from the acquisition community who understands how do we field these types of capabilities but also has some proficiency in it. And then I need a coder. That’s the ninja person who really knows how to do it quickly and can leverage those talents.”

Helping this process along, he said, is a developing program in the Air Force that classifies airmen with coding experience, much like the service does for someone who speaks a foreign language, so they’re easier to find.

“It’s not as static as foreign languages,” Kennedy said, because the popular coding language of the moment changes pretty rapidly over time. But the service is looking to expand it and tailor to evolving programming languages.

Ultimately, military services are culture-driven organizations, and therefore, scaling something like Kessel Run across the branches will take an understanding of their distinct cultures and behaviors because each service comprehends an ask differently based on culture.

“It’s a lot about cultural movement in the services,” he said. “You ask folks to do stuff in some services, and it’s not an ask, [to them] it’s a task or a ‘go do.’ In some services, it’s an ask. In some services, it’s a recommendation. There’s different cultures in a group that change behavior,” he said, and you must learn to modify it for each culture “to get the same effect.”

GAO will expand its cybersecurity auditing operations, adds new tech team

With cybersecurity’s role in the federal government continuing to grow, the Government Accountability Office is looking to reshuffle resources to expand its auditing reach.

Gregory Wilshusen, GAO’s director of information security issues, said Friday that the office will increase its cybersecurity oversight capabilities in the coming year to meet its enlarging impact on federal management.

The shift includes rebranding the IT team to the IT & Cybersecurity team, pooling leadership resources and adding personnel with the standup of a separate science and technology team to examine the potential impacts of emerging technologies.

“It’s just, I think, a recognition and part of the comptroller general’s vision of expanding our work and providing these services to the Congress going forward,” Wilshusen told FedScoop at an ACT-IAC meeting Friday. “Because they are going to need to know more about the implications of these different technologies.”

Wilshusen, who has overseen much of the GAO’s auditing work on cybersecurity, said the shift will include detailing more directors within the agency’s IT team to conduct audit work on multiple cybersecurity issues. He said Nick Marinos, GAO’s director of cybersecurity and information management, will oversee audits into critical infrastructure, privacy and data security protection.

Vijay D’Souza, director of GAO’s Center for Enhanced Analytics, will help lead audit teams examining federal information security and cybersecurity, while Carol Harris, director for information technology acquisition management issues, will explore how agencies are incorporating cyber in the early stages of the procurement lifecycle.

“We will also be supporting other teams within GAO that will be looking at different programs where they might have a cybersecurity aspect to the review of that program,” Wilshusen said, noting that because of cyber’s increasing role in federal operations, its reach could extend beyond the IT team, requiring more collaboration.

The move doesn’t necessarily change GAO’s role in reviewing federal technology efforts as much as it provides more resources to it. Harris and Marinos recently assumed leadership roles over IT acquisition and census oversight, respectively, following the departure of Dave Powner, former director of information technology issues, in August.

The S&T team will assume GAO’s role in assessing new technologies and informing Congress of their potential impacts, as well as exploring more innovative audit methods using analytics.

The IT and cybersecurity team will still examine the cyber impacts of emerging technologies, he said, with S&T looking at their overall impacts.

The expansion, which is expected to mostly take shape in early 2019, comes as GAO is also finalizing a number of reports touching on cloud and cyber-operations.

Wilshusen specifically pointed to the release of a report examining the challenges and benefits of the Federal Risk and Authorization Management Program (FedRAMP) from the perspective of cloud service providers and federal agencies. That report will also look at how well agencies are securing their information in cloud environments, he said.

“We selected a sample of cloud security packages, looked at security control assessments, the delineation of security responsibilities between agencies and the cloud services providers and are going to be reporting that too,” he said.

GAO is also expected to release a report detailing agency implementation of the Continuous Diagnostics and Mitigation program sometime in 2019.

VA refuses to give House lawmakers an answer on when software issue will be fixed

In a tense hearing Thursday, lawmakers demanded that leaders from the Department of Veterans Affairs tell them when a software glitch that’s causing veteran GI Bill benefit payments to be delayed is expected to be fixed. The VA didn’t exactly comply.

“What I would challenge all of us to do… is to come up with specific deliverables so that every person in attendance and watching and the press who are writing about this leave with a very crystal clear understanding of when this will be fixed, how it will be fixed and the mechanisms by which we can hold one another accountable,” ranking member Rep. Beto O’Rourke, D-Texas, said opening a hearing in the House Committee on Veterans’ Affairs Subcommittee on Economic Opportunity.

“You will not leave this meeting with a date [for completion of the system],” Paul R. Lawrence, undersecretary for benefits at the Veterans Benefit Administration, said in reply.

This kind of standoff defined much of the hearing, during which the VA was taken to task for reported IT “issues” that have left the agency struggling to deliver timely education and housing stipends to student veterans.

The challenges arose after the Harry W. Colmery Veterans Educational Assistance Act, or Forever GI Bill, was signed into law by President Donald Trump in August 2017. Two sections of the law, which extends or expands many benefits, change the way the VA pays a monthly housing stipend. Previously the stipend was based on the ZIP code where the veteran lived — now it’s based on the ZIP code where he or she goes to school.

This change, Lawrence said in his testimony, required that the VA build a new piece of software. The agency contracted this task to Booz Allen Hamilton, but deployment “has not gone as planned,” Lawrence said.

The VA initially targeted release of the new software for July 16, then revised this to Aug. 13, Lawrence said. Come Aug. 9, however, the agency knew it wouldn’t meet the deadline and decided to tell schools and student veterans to submit claims the old way. The delay meant, according to Lawrence, that the agency faced processing these claims in a much shorter time frame than normal. And this, in turn, led to the backlog and the delays.

According to Richard Crowe, a senior vice president at Booz Allen who was also asked to appear before the committee to testify, the issue here is legacy IT. The challenges Booz Allen faced in building a new piece of software to fulfill the requirements of the new law are the result of “attempting to build something new on something very old,” he said in his opening statement.

Even in mid-November, the software still isn’t yet complete. The VA is in a testing phase, Lawrence said, and the agency is preparing for the eventuality that it may not be ready in time for spring semester enrollments. In this eventuality, the agency will continue processing claims the old way.

Several lawmakers mentioned the VA’s transient IT leadership as a part of the issue. Subcommittee Chairman Jodey Arrington, R-Texas, said the committee feels “powerless” to solve the issue because they don’t know who to hold accountable. “I don’t think you have [a CIO],” he said.

Rep. Mark Takano, D-Calif., echoed the sentiment. “I think what’s missing is a competent person who can be held accountable,” he said. The VA currently has an acting CIO in Camilo Sandoval, the controversial former director of data operations for the Trump campaign. President Trump has nominated James Paul Gfrerer to the role, but he awaits Senate confirmation. The agency hasn’t had a permanent CIO since the end of the Obama administration.

This reality notwithstanding, lawmakers weren’t willing to let the witnesses off so easy. Chairman Arrington requested that the agency come up with a timeframe for completion of the system and get back to the committee with that information.

“Give us a timeframe so we can continue to hold you accountable because that’s our job,” he said, by way of conclusion.

GSA seeks support for cloud.gov

The General Services Administration’s Technology Transformation Service (TTS) is seeking manpower to help maintain its cloud.gov platform.

The agency recently posted a request for information and is accepting responses from professional services firms that could help maintain and improve this offering.

Built by GSA’s 18F digital services team in 2015, cloud.gov is a platform-as-a-service offering that allows agencies to build applications in the cloud without standing up their own cloud environments. In early 2017, cloud.gov became the first open source solution to be authorized by the Federal Risk and Authorization Management Program. It runs on Amazon Web Services’ GovCloud.

Agencies that use cloud.gov are responsible for their own code, but the platform itself handles the security and maintenance of everything underneath. That’s what GSA is looking for help with.

Any contracted professional services firm would provide the personnel to run any necessary operations and maintenance on the cloud.gov platform. This includes writing and testing code, fixing issues via GitHub pull requests, improving the platform’s automated security monitoring and more. The theoretical period of performance runs through the end of fiscal year 2019, with an option to continue for fiscal year 2020.

Interested firms should outline their capabilities in this Google Doc by Nov. 20.

GSA is hosting a virtual industry day Friday, Nov. 16.

GSA consolidates cybersecurity vehicles into a single, expansive contract

Citing the expanding role of cybersecurity in safeguarding federal networks, the General Services Administration said late Wednesday that it is consolidating its cybersecurity services contract vehicles and providing more features.

GSA currently provides cybersecurity tools across four Highly Adaptive Cybersecurity Services (HACS) Special Item Numbers, or SINs. These SINs allow agencies to buy services like penetration testing, incidence response, cyber hunting, and risk and vulnerability assessment.

But with more emphasis placed on data and infrastructure protection, GSA wants to condense the four HACS SINs into a single offering to broadly provide more services.

“Federal agencies use large complex network and data systems to maintain and manage varying types of data and information, including [high-value assets] that hold sensitive information critical to national and economic security,” officials from GSA’s Office of Information Technology Category said in a Wednesday post on the agency’s Interact page. “As a result, GSA ITC is proposing to restructure the HACS SINs, 132-45 (A-D), into a single HACS SIN, 132-45, with sub-categories of cybersecurity services.”

The combined contract will continue to provide the original HACS services, plus high value asset (HVA) assessment services. Those HVA assessment services will include offerings like network mapping, vulnerability scanning, phishing assessment, wireless assessment, web application assessment, operating system security assessment (OSSA), database assessment, penetration testing, security architecture review and systems security engineering.

The HACS SINs debuted in 2016 as part of the then-Obama administration’s Cybersecurity National Action Plan to make it easier for agencies to procure those services through vehicles on GSA’s IT Schedule 70.

GSA officials noted that the cybersecurity needs of the federal government have shifted in the past two years and that the HACS consolidation falls in line with several White House initiatives centered on increasing the government’s cyber posture, like last year’s IT Modernization Report and the recent White House cybersecurity strategy.

GSA had been looking for a way to freshen up the HACS SINs as far back as spring, when it asked for industry input in a May request for information on how to make the service vehicles more modern.

The current HACS SINs will be deleted from any solicitation and incorporated into SIN 132-45 as subcategories. GSA will hold an informational webinar on the consolidation Nov. 19.

Mobile apps and RFID tags and ‘detection kites’: Phase one of the Coast Guard rescue challenge is complete

The U.S. Coast Guard on Thursday announced the five solutions that will win monetary prizes, and move on to stage two, in its ongoing “Ready for Rescue” prize competition.

The challenge, which is being run in collaboration with the Department of Homeland Security’s Science and Technology Directorate and is posted to central government prize competition repository Challenge.gov, calls on respondents to deliver “boater safety solutions that will help make it easier to find people in the water.”

Months after launching phase one of the competition, here’s what the Coast Guard has found so far: an aluminum-coated “detection kite” that reflects radar and can be seen from miles away; a mobile app that allows a boater in distress to share precise GPS coordinates; a self-inflating helium balloon with LED light that can be kept in a lifejacket and deployed when necessary; a patch with a long-range radio frequency ID tag that can be attached to a lifejacket; and a radio system with base and attendant trackable watches.

“The concepts bring innovative designs to a critical issue,” William Bryan, DHS senior official performing the duties as undersecretary for Science and Technology, said of the five winners. “We are excited to support the winning teams as they develop working prototypes together with our nation’s maritime first responder.”

For the time being, each of these solutions will receive $5,000.

A total of 16 other solutions merited honorable mentions and will also be invited to participate in a pitch competition that will serve as phase two. The so-called “Piranha Pool” promises a total prize pot of $120,000. Phase three, finally, will see winning concepts undergo actual field testing.

“I am excited to work with innovators and research ideas that apply a wide range of technologies that have potential to enhance the detectability of persons in the water in need of rescue,” said Capt. Greg Rothrock, commanding officer of the Coast Guard Research and Development Center.