Josh Moses leaves OMB cybersecurity role

Josh Moses, the chief of cybersecurity in the office of the federal CIO at the Office of Management and Budget, is ending a long run in government that included White House service spanning two presidencies. His last day is Friday.

Moses departs with kind words from his colleagues: “Josh’s contributions and service to the Federal government’s cybersecurity mission are extremely valued,” federal CIO Suzette Kent said in a statement. “I want to thank him for his hard work and effort in advancing the President’s cybersecurity agenda.” It’s unclear what his next move will be.

Moses is among those at OMB who stuck around during the transition in administrations — he’s been there since 2015. More recently Moses has been leading government-wide efforts around Executive Order 13800, which President Donald Trump issued May 2017 to set cybersecurity policy for the administration. The order holds agency heads accountable for the security of their networks, and pushes IT modernization as a way to upgrade security.

Moses’ career in government isn’t limited to this time spent at the White House. Prior to joining OMB, Moses worked at the Department of the Treasury, the Department of Defense, Amtrak and the Department of Justice.

How to work with DARPA, according to DARPA

Entrepreneurs and startup companies wishing to work with the Defense Advanced Research Projects Agency (DARPA) would be well-advised to do a little homework prior.

In a presentation at a pitch day for the most recent cohort of federal technology accelerator Fed Tech on Tuesday, DARPA’s senior adviser for commercial strategy, David Henshall, offered this and other tips.

“The key is — be familiar with the opportunities of national security,” Henshall said. “The first thing is what are the problems we’re trying to solve, and become familiar with that.” He suggested that a bit of good old-fashioned internet sleuthing can go a long way. “Read our website and find out what we’re working on. Find out who’s there. And then find out the program manager that’s interested in the technology space you’re dealing with.”

Once you’ve identified a program manager in your area of expertise, Henshall said, contact that person. Most will be very willing to take a short meeting with an entrepreneur or company working in their subject matter area. But don’t waste that time.

“Make sure you’re not asking him questions that you could have read on the website because your 30 minutes is being used up,” he said. “Do your homework beforehand.”

And lastly, be patient. “People say it’s like dating,” Henshall joked. You won’t walk out of a first meeting with research grant money in hand, so that shouldn’t be the goal. Use the first meeting to get to the second meeting, and so on.

Follow these tips, and partnership with DARPA presents the opportunity to work on some big and interesting research challenges. For example, in September the agency announced that it plans to spend $2 billion on research into so-called “third wave” artificial intelligence capacities over the next few years.

The initiative, called “AI Next,” is concerned with moving AI beyond the mode where it needs lots of high-quality training data in myriad situations to develop an algorithm. The goal is to get the technology to a place where machines adapt to changing situations the way human intelligence does.

DOD technology decisions reflect need to keep pace globally, cyber official says

Recent developments at the highest levels of geopolitics will have a direct impact on how the Department of Defense modernizes its technology, a top Pentagon cybersecurity official said Wednesday.

With the rise of China and Russia, the DOD has turned its focus toward great power competition, both on the battlefield and in cyberspace, as outlined the department’s National Defense Strategy and its National Cyber Strategy released earlier this fall. Thomas Michelli, the DOD’s acting deputy CIO for cybersecurity, said Thursday that the shift means the department will have to change the way it buys and sustains its IT arsenal to meet the demands of that strategy.

“We are no longer far ahead in competition, technology and other things with the other great powers,” he said, speaking at an ACT-IAC event Wednesday. “We need to find a way to pay for that. The president and the nation have given us a lot of money, but we still need to find more money to do better things, so reform is a big part of this.”

On the technology side, that includes a large focus on cloud capabilities, cybersecurity, network development and artificial intelligence.

Artificial intelligence, for example, can have a direct effect on logistical operations, allowing the DOD could produce cost savings and readiness, he said. To that point, the DOD is presently working to stand up its Joint Artificial Intelligence Center (JAIC), which will determine what areas AI could be used to optimize defense operations. Michelli said the military is already exploring how to use AI to find cost efficiencies in the supply chain operations for the F-35 fighter.

Moving legacy IT systems to the cloud, meanwhile, can have a direct effect on readiness, Michelli said, but reducing the DOD’s overall technical debt — the time and monetary costs of running operations — associated with its legacy IT systems.

“As we are looking at readiness, what are we going to kill or what are we going to reform to pay for the technology we need to get to have competitive overmatch,” he said. “All I can tell you is, since I have been in the department, we’ve never been so laser-focused on technical debt, legacy systems and getting off of them to be able to invest in something that’s either going to be more capable than lethality or cheaper so we can add lethality to something that’s not IT.”

Speed is also important when it comes to acquiring new technology, Michelli said. One of the more popular acquisition devices utilized this year has been Other Transaction Agreements, or OTAs, which effectively allow DOD components to prototype and scale technology solutions outside the perimeters of current acquisition regulations and with greater speed, but most importantly, with less cost.

Michelli said it will continue to aggressively use OTAs for their ability to explore new innovations that can provide big returns on investment or, if they fail, fail with less relative cost than a large-scale acquisition.

“Prototyping can actually, legitimately transition to a program of record,” he said. “We are encouraging, both through agile development and just getting ahead of the competition, going out there, trying and hopefully succeeding. Prototyping is heavily encouraged, and we’re doing more of it.”

 

The FBI is looking to the cloud to stop the next terrorist attack

The FBI is in the midst of a data crisis.

Of course, there’s no shortage of data for the bureau to process. The problem, as Christine Halvorsen explained Tuesday, is that criminal investigations generate more data than the bureau can handle manually.

“The solution is the adoption of cloud technology,” said Halvorsen, deputy assistant director for the FBI’s Counterterrorism Division.

Speaking at Amazon Web Services’ re:Invent conference in Las Vegas, Halvorsen gave a benchmark for the proliferation data in terrorism investigations. After the Boston Marathon bombings in 2013, the FBI collected more than 50 terabytes of information on Tsarnaev brothers who conducted the attacks. Just four years later, investigating the mass shooting in Las Vegas generated more than a petabyte of data, or 20 times as much. That’s the new norm, Halvorsen said.

“To get through that data is a challenge for us,” she said. “We threw resources at it. The answer for the FBI was to throw bodies at it. But the investigators and analysts were completely overwhelmed by the volume of data collected in that short amount of time for us to get through it quickly. They were using boards to photos up, cardboard boxes.”

Had the FBI been in the cloud at that point, though, it would’ve been a different story, Halvorsen believes, especially with developments in artificial intelligence and machine learning.

After the 2017 Las Vegas massacre,  she said, “we had agents and analysts, eight per shift, working 24/7 for three weeks going through the video footage of everywhere Stephen Paddock was the month leading up to him coming and doing the shooting.”

Artificial intelligence and machine learning would’ve totally changed that dynamic. “If we had loaded that up into the cloud, the estimate is it would’ve taken us a day using Amazon Rekognition to recognize where he was in the videos. That’s all we were trying to do: narrow down where in the videos he was and who he was meeting with to make sure there wasn’t anybody else part of the conspiracy.”

And that frees agents and analysts to focus on the next threat. “And think about it too, you take that manpower and you put it on something like that — the other cases we have, they don’t stop going,” Halvorsen said. “The subjects don’t just sit back and say ‘The FBI is busy over there, we’re going to stop doing bad things while they’re busy.’ The threat keeps going.”

The cloud culture shift

The FBI since then has made progress in moving to the cloud. Halvorsen said the Counterterrorism Division, in particular, has shut down its data center and moved its data and services to AWS. That’s resulted in a 98 percent reduction in manual work for analysts and 70 percent cost reductions.

But it hasn’t come without growing pains culturally. “You can’t continue to use the same processes you used before,” Halvorsen explained. “You can’t lift and shift.”

So her division had to restructure its teams to reflect the new cloud paradigm. “This was key to our success,” she said. “We’ve embedded data scientists with engineers, with agents, with analysts, sitting together now in the Counterterrorism Division to go after the threat.” And it took some time to get it right — the division failed miserably at its first attempt to shift its makeup. “The good news is we failed fast. And by failing fast and correcting that, we’re actually stronger for it today.”

Now, everybody is a builder, Halvorsen explained. “Now we have teams working in an integrated fusion center-type concept.” The bureau has embedded data scientists at command centers to assist operators as they respond in real-time to attacks. It also is offering its personnel the opportunity to training in data science through an education training program. Halvorsen said 64 members of her division have jumped at the opportunity.

This focus on pairing data science to the mission is” working very well,” she said, pointing to the recent threats of pipe bombs mailed to prominent political officials. “Which, if you noticed, we solved that pretty quickly.”

But despite the shift to the cloud, major challenges persist for the FBI. While it has improved its ability to grasp its own data because of cloud, sharing with others remains something that lets terrorists slip through the cracks, Halvorsen said.

The Tsarnaev brothers and Paddock “were the unknowns of the knowns … someone had them in their holdings. They were in the data,” she said. “But we didn’t put the puzzle together quick enough to stop these tragic events from happening. When we talk about the puzzle pieces, the pieces of data…its not just in the FBI’s holdings. Think bigger than that, Halvorsen said, referencing the intelligence community, state and local authorities and the private sector. “It’s all there, but we don’t have the ability to put the pieces of the puzzle together right now because it’s all being held separately.”

Her hope is that the cloud and emerging technologies like AI will help destroy those silos — though, like the FBI’s own modernization, the transformation is as much about culture as it is adopting new tech.

Until then — until the FBI can end the constant threat of terrorism in the U.S. — Halvorsen said she is “failing.”

“Please help me not fail.”

VA to ‘reset’ efforts around new GI Bill housing stipend software

The Department of Veterans Affairs announced on Wednesday that its going to need a whole year to properly implement a piece of software that will make sure student veterans get appropriate GI Bill housing benefits.

The Veterans Benefits Administration will “reset” its efforts to develop and deploy the software that was originally expected on July 16 of this year, the agency said in a press release. The new estimated date of deployment is Dec. 1, 2019.

This extra time will “give the department the time, contracting support and resources necessary to develop the capability to process Spring 2020 enrollments in accordance with the law,” the press release states. It also mentions that the VA will be issuing new solicitations for contractors to support “program integration, systems implementation, and software development.”

The current challenges arose after the Harry W. Colmery Veterans Educational Assistance Act, or Forever GI Bill, was signed into law by President Donald Trump in August 2017. Two sections of the law, which extends or expands many benefits, change the way the VA pays a monthly housing stipend. Previously the stipend was based on the ZIP code of the school where the veteran was enrolled — now it should be based on the ZIP code of the campus of that school where he or she attends the majority of his or her classes. This can be a big deal for student veterans who attend schools with campuses in, for example, both rural and urban areas.

This change required the VA to build a new piece of software, a task that hasn’t gone smoothly.

Prime contractor Booz Allen Hamilton, called to testify at a hearing in the House Committee on Veterans’ Affairs Subcommittee on Economic Opportunity earlier this month, blamed the issues on the VA’s legacy IT environment. The challenges Booz Allen faced in building a new piece of software to fulfill the requirements of the new law are the result of “attempting to build something new on something very old,” senior Vice President Richard Crowe said in his opening statement.

The VBA initially hoped to have the software deployed in time to process fall 2018 enrollments according to the requirements of the Forever GI Bill. But as the semester approached, leaders realized the solution wouldn’t be done in time and directed schools and veterans to use the old system instead. All the confusion led to a large backlog of claims, which in turn led to payment delays and, in some cases, no payment at all.

By early November, as thoughts turned to enrollments for the spring 2019 semester, a working software solution still remained elusive. “Further system changes and modifications are being made and testing is ongoing on the IT solution for Sections 107 and 501,” a VA spokesperson told FedScoop in an email at the time, referring to the two pertinent sections of the Forever GI Bill.

In the House hearing, VBA officials refused to give lawmakers an answer on when the system would be finished and operational. “You will not leave this meeting with a date [for completion of the system],” Paul R. Lawrence, undersecretary for benefits at the Veterans Benefit Administration, said during the hearing, making it clear that he thought promising a specific date was where the agency went wrong.

Lawmakers weren’t pleased with this evasion. “Give us a timeframe so we can continue to hold you accountable because that’s our job,” chairman of the subcommittee Rep. Jodey Arrington, R-Texas, said in his closing comments.

A few days later, chairman of the Senate Budget Committee Mike Enzi, R-Wyo., sent a letter to VA Secretary Robert Wilkie in which he demanded answers to questions on how much money the VA has spent to fix the IT issue and when the problem will, finally, be solved.

“What is the current status of the IT upgrades?” Enzi demanded, in question number three of seven. “Will these systems be upgraded in time for the spring semester? If not, when does the VA expect to fully implement these changes?”

Now, it seems, the agency has provided an answer — the system upgrades will indeed be ready in time for a spring semester… specifically the one in 2020.

HHS aims to untangle EHR reporting burdens for doctors

For all the promise that electronic health records hold for streamlining care and providing a more accurate picture of patient history, they can present fresh “paperwork” burdens for doctors. It’s one of the root challenges in increasing the use of EHRs nationwide, but an agency at the Department of Health and Human Services is testing out some ideas that might help.

The Office of the National Coordinator for Health Information Technology has released a new draft policy that aims to increase physician usage of EHRs by setting some goals for improving the experience and spreading those recommendations at the agency level. The document isn’t a set of proposed rules or regulations — instead, the intention is to get HHS to lead by example, given its considerable influence over the health care sector.

The department has been actively trying to incentivize the medical community to adopt EHRs for the past decade, and it’s now putting its attention squarely on the medical professionals who face fresh and sometimes onerous requirements for documenting their work.

“With the significant growth in EHRs comes frustration caused, in many cases, by regulatory and administrative requirements stacked on top of one another,” said Secretary for Health and Human Services Alex Azar, in a statement. “Addressing the challenge of health IT burden and making EHRs useful for patients and providers, as the solutions in this draft report aim to do, will help pave the way for value-based transformation.”

ONC’s “Strategy on Reducing Burden Relating to the Use of Health IT and EHRs” proposes to address the biggest obstacles to physicians’ usage of health IT by proposing strategies split into four parts:

• Clinical documentation
• Health IT usability and user experience
• EHR reporting
• Public health reporting

The policy outlines strategies for each section that ONC officials say should be achievable in the next three to five years, with the goal of implementing them through existing HHS authority and leveraging them to improve doctor and patient experience.

“We envision a time when clinicians will use the medical record not as an encounter-based document to support billing, but rather as a tool to fulfill its original intention: supporting the best possible care for the patient,” said Donald Rucker, National Coordinator for Health Information Technology, in the introduction to the draft policy. “Quality reporting should be seamless, accessible through the metadata in the EHR, and available through high-quality, clinically mature application programming interfaces (APIs), which will reduce the need to separately submit data.”

The policy points to recent API successes, such as the Centers for Medicare & Medicaid Services’ Blue Button 2.0 project, which takes four years of Medicare data covering 53 million beneficiaries and shares it through a standards-based interface to provide patients with easier access to their claims data.

For public health reporting, where a trove of federal data could be leveraged, the policy calls for the government to encourage wider adoption of electronic prescribing of controlled substances and the integration of state prescription drug monitoring program (PDMP) data to provide a better view of medication history.

ONC officials also say that by instituting inventory requirements for federal health care and public health programs using EHR data, they can reduce physician burden by developing common data standards and reporting requirements across federally-funded health programs.

HHS officials are calling for public input on the draft policy and will public comment period between now and 11:59 p.m. EST on Jan. 28.

GSA will rollout schedules reform plan through fiscal 2020

The General Services Administration’s sweeping plan to consolidate 24 acquisition schedules into a single vehicle will play out over the next two years and will offer contractors a standard set of terms and conditions, officials said in a conference call Tuesday.

GSA administrator Emily Murphy said the plan, which will condense the agency’s Multiple Award Schedules program into a single portal offering products and services contracts, represents a fortunate confluence of timing to potentially streamline the federal acquisition process.

“I’m excited we finally have the technology, timing and opportunity to enact meaningful reform,” she said.

GSA plans to roll out the reform plan in phases between now and fiscal 2020, starting with standing up a new schedule through which the agency plans to eventually on-board approximately 17,000 contracts.

Stephanie Shutt, MAS Program Management Office Director, said GSA will spend the bulk of the fiscal year establishing the new schedule, working to onboard new contractors and incorporating feedback. In fiscal 2020, the agency will onboard existing contractors to the new vehicle and consolidating existing contracts.

Those contracts will also receive new terms and conditions based on GSA’s work to identify and apply common standards across acquisition enterprise, a massive reform effort in itself.

“What we found is the majority of the schedules contracts — pretty much more than 80 percent of the contract terms and conditions are the same for each of the different schedules,” Shutt said. “What this [move] provided is the opportunity to review each of these terms and conditions and answer the question, ‘Is this a term and condition we should be keeping, is it something that we maybe don’t need in the future, is it something specific to a unique category within the schedules contract,’ so that we can create a vehicle that is current to what our atmosphere is right now.”

The move is designed to topple multiple hurdles to the acquisition process, namely how to address agency demand for solutions that are increasingly straddling GSA’s current schedules structure.

It’s also an attempt to make it more easy for innovative companies to do business with the government for the first time. Shutt said acquisition officials were working to provide “more of a plain language view of categories and definitions within those” to give federal customers and vendors more of a clear picture of the solutions offered on the schedule.

And it’s not the first time GSA has attempted to corral the $31 billion MAS program, but Murphy said the difference this time is not only that the technological capacity exists to make it happen, but also a marketplace hungry for more efficient services.

“This is something that both our vendors and our customers are demanding,” Murphy said. “We are looking at the feedback we have gotten from customers, and also frankly the feedback from our vendors on the frustration they have when they have three different contracting officers applying terms inconsistently or they have to have different systems to deal with contract administration.

“If we don’t have the workforce duplicating the same efforts, reflecting the same data multiple times from the same vendor, it actually allows them to work on driving the right solution, ultimately for that customer.”

New online tool lets Medicare recipients compare surgical procedure prices

The Centers for Medicare and Medicaid Services (CMS) announced the release of a new online tool Tuesday that allows Medicare recipients to compare prices for certain outpatient surgical procedures.

Specifically, by entering a procedure name or code into a search bar, the “Procedure Price Lookup” tool reveals the national average cost of a procedure at a hospital outpatient facility to the cost of the same procedure at an ambulatory surgical center. The tool provides the average total cost (the “Medicare approved amount”) as well as the average amount Medicare will pay and the average patient copay for both types of facilities. The data provided are for a patient with Original Medicare and no supplemental policy.

The tool has been on its way for a while — its creation was mandated by the 21st Century Cures Act, which was signed into law in December 2016.

“Price transparency in health care is a priority for the Trump Administration,” CMS Administrator Seema Verma said in a statement. “Working with their clinicians, the Procedure Price Lookup will help patients with Medicare consider potential cost differences when choosing where to have a medical procedure that best meets their needs.”

Play around on the tool for a few moments and you’ll notice that prices are lower at ambulatory surgical centers. This, Verma explains in a blog post, is because Medicare is required by law to maintain separate payment systems for different types of facilities. Verma isn’t happy about this, calling it “a prime example of Medicare’s misaligned financial incentives.”

“Unfortunately, it would take an act of Congress to change the payment systems within Medicare that charge patients different prices for the same services based on the care setting, but in the meantime patients have the right to at least know what they will be charged,” she writes.

The Procedure Price Lookup tool fills this role.

Of course, price isn’t the only consideration patients need to make when thinking about where to have a procedure done. Ambulatory surgical centers are popular because they tend to be smaller with more personalized care. Hospitals, however, are generally thought to be safer for high-risk surgeries because of the infrastructure and emergency care options they have.

The portal is part of CMS’s recently launched “eMedicare” initiative, which aims to update the online experience the agency gives Medicare beneficiaries.

AWS wants to help software providers speed through FedRAMP

Amazon Web Services is working to help smaller software providers reach government agency customers more quickly.

Tuesday, the cloud giant announced its ATO on AWS program to assist software-as-a-service providers in achieving public sector compliance authorizations — namely the federal cloud authority to operate (ATO) through the Federal Risk and Authorization Management Program.

Teresa Carlson, vice president of worldwide public sector for AWS, said at the company’s annual re:Invent conference in Las Vegas that the new initiative came about in response to “how slow the FedRAMP authorization process was moving” for the company’s partners.

“It requires a comprehensive set of skills to be able to navigate this super-complex process,” Carlson said. “And it’s certainly unpredictable at times. And it’s a high cost. A lot of times these barriers really prevent the customer from moving fast in the government space.”

Software vendors that participate in ATO on AWS will receive training, tools, prebuilt artifacts, guidance from AWS and support from AWS partners.

One such company, Smartsheet, has already successfully leveraged the program, receiving a FedRAMP ATO as an AWS partner in less than 90 days, according to Carlson.

“After hearing the nightmares of FedRAMP taking two years or more, we were able to work with our partner Smartsheet and get them through the journey of FedRAMP in less than 90 days,” she said.  “That is our goal: To get our partners and our customers moving faster.”

Carlson’s tough words about FedRAMP aren’t unique. Many industry cloud service providers have criticized how long it can take and costly it is to become FedRAMP authorized. In recent years, FedRAMP has acknowledged that criticism and worked earnestly to speed up the federal cloud authorization process. 

Tuesday, Carlson also touted AWS as a leading platform for commercial software providers to use to work federal agencies, saying that there are 56 third-party solutions with a FedRAMP ATO hosted on AWS. On top of that, there are 209 agency FedRAMP authorizations for solutions hosted on AWS.

Library of Congress Chrome extension offers easy access to Congress.gov

Ever found yourself reading a news article and wishing you could easily open up the actual text of, say, HR 6901, the Federal CIO Authorization Act of 2018? You could click a link (if offered), search for the legislation on Congress.gov yourself or, now, download this handy Chrome extension.

A summer intern at the Library of Congress built the Congress.gov Browser Extension, which allows users to highlight text on a third-party webpage, click the extension and automatically search for that text phrase (or name, or bill number, etc) on Congress.gov in a new tab. The extension allows access to all of the kinds of information on Congress.gov — member information, legislation, committee reports and more. Highlight the name of Rep. Will Hurd, R-Texas, for example, then choose “members” from the extension’s drop down menu to see his member information. Or choose “current legislation” to see the bills he’s currently sponsoring or cosponsoring. It’s pretty snazzy.

The tool was built by Syed Tanveer, an undergraduate studying computer science at Dartmouth College. According to the Library, this is the first Chrome extension he’s ever built. Robert Brammer, a legal information specialist at the Library of Congress who was involved in the development of the tool, said public response to it has been positive so far.

The Congress.gov Browser Extension isn’t the only Chrome extension built by interns at the Library this summer. Junior fellow Flynn Shannon built Free to Use, an extension that easily allows users to download or share LOC images that aren’t under copyright.

Kate Zwaard, director of digital strategy at LOC, says these kinds of experiments align with the library’s recently released digital strategy. “These browser extensions, hosted on the Library’s Labs site, labs.loc.gov, are part of a portfolio of efforts in lightweight experimentation,” she said in a statement emailed to FedScoop. “Our digital strategy outlines a bold vision for the future technical direction of the Library of Congress, which includes cultivating an innovation culture. This allows us to try things inexpensively and evaluate demand, effectiveness and supportability.”

Unfortunately for wide utilization, both of the extensions are still in beta. The Library’s digital Labs team provides details on how to install in developer mode, and the Library is soliciting feedback on any bugs early adopters may encounter.

It’s unclear whether the group plans to continue development of the extensions now that Tanveer and Shannon’s internships are over, though. For now, the library is labeling each as an “experiment.” Zwaard said that the library uses demand and effectiveness metrics to decide whether to move an experiment from the Lab into production. The transition does happen —  “last month, we were pleased to see this approach bear fruit with the launch of crowd.loc.gov, an online transcription tool,” she said. “Crowdsourcing began as an experiment on the Labs page, which allowed us to transition to a production application that helps us share America’s treasures more broadly.”

Anyway, in the meantime, here’s a link to the text of H.R. 6901.