Small Business Administration picks another new CIO
The Small Business Administration has tapped Hartley Caldwell, who appears to be a longtime private-sector fintech and IT executive, as its new chief information officer, according to the agency’s website.
Douglas Robertson, the SBA’s deputy CIO and chief technology officer, had been serving as the acting CIO. Caldwell, who is also listed on the CIO.gov membership page, did not respond to a request for comment by publication time.
Caldwell’s most recent role, per his LinkedIn page, was as the CIO of global banking for Fiserv, a fintech and payments company formerly led by Frank Bisignano, the newly confirmed commissioner of the Social Security Administration. Caldwell also held positions with Citi, E*Trade and IBM.
Caldwell is at least the third CIO to serve in the SBA’s top IT position since the start of the Trump administration. Marcus Alzona, a technology company leader actively involved in Maryland Republican politics, held the role for a few weeks before references to him were somewhat sporadically removed from the SBA website.
Sen. Joni Ernst, R-Iowa, who chairs the Senate Small Business Committee, wrote to the White House in January about IT issues and the importance of having a strong chief information officer at the agency. When asked about Alzona’s exit, Ernst told FedScoop that she is “glad [SBA] Administrator [Kelly] Loeffler is getting the best people in place to make SBA work more efficiently and effectively for small business owners.”
There has been significant turnover in the CIO role throughout the federal government. The Social Security Administration, the Treasury Department, and the Energy Department have all appointed new — and in some cases, several — new CIOs in recent weeks.
OPM sets June 2 deadline for new retirement applications to be electronic
The Office of Personnel Management is giving agencies less than a month to start submitting all new retirement applications for federal employees electronically, moving away from a largely paper-based system.
In a Wednesday memo, OPM acting Director Charles Ezell gave agencies that are served by the National Finance Center and Interior Business Center — two federal shared services providers offering HR support — a deadline of June 2 to start processing retirements electronically. According to the memo, OPM will facilitate applications via the Online Retirement Application effective July 15 and won’t accept paper filings.
The federal retirement system managed by OPM has in the past faced criticism for its delays. In 2019, the Government Accountability Office identified reliance on paper-based and manual processing as among the reasons for the lack of speed. While there have long been efforts to modernize that system, it has yet to go fully electronic.
Now, President Donald Trump’s Department of Government Efficiency has taken an interest in the system. Elon Musk called it out specifically in an Oval Office press conference in February, describing the “mine” where the paper records are kept and manual processing. “The elevator breaks down sometimes and then … nobody can retire,” Musk said.
Later that month, OPM touted in a video posted to X that it had processed the first digital retirement. The Wednesday guidance suggests it’s scaling that process quickly.
According to the memo, training and onboarding will be available to all agencies participating and must be completed by June 2. If agencies don’t use either of the two shared services providers, OPM is providing a “complementary method for electronic submissions.”
“OPM will coordinate directly with payroll providers to ensure all agencies they service will have access to ORA in the near future,” Ezell wrote.
The memo follows OPM’s decision last week to award Workday a sole-source contract for end-to-end HR services worth $342,200.
In a justification document published to SAM.gov May 2, the same day that the contract was awarded, OPM said a sole-source award was needed “due to an urgent confluence of operational failures and binding federal mandates that require immediate action.” Sole source awards are made to a single company without a bidding process.
The justification cited the agency’s “fragmented and outdated HR systems” and said they’ve “reached a critical failure point, resulting in payroll errors, benefits disruptions, and a manual workload that is no longer sustainable.” Moreover, it said Trump’s efforts to restructure the federal workforce require “real-time workforce data and integrated HR capabilities that OPM’s current systems cannot deliver.”
It also specifically cited the paper-based retirement system as something the new system could address, noting that “increased retirements due to federal workforce reductions place a strain on OPM’s paper-based retirement system, a process which normally takes 3-5 months, a problem an integrated system will help solve.”
OPM estimated that holding a competition for the award would result in a six- to nine-month delay in the award and would risk compliance and cost issues. The system needs to be implemented “as close as possible to July 15, 2025,” which is when the federal hiring freeze lifts, OPM said.
If the system were delayed beyond that deadline, the workforce agency said it would risk failing to comply with deadlines set by the White House Office of Management and Budget, disrupting retirement services, and over $600,000 “in labor-intensive workaround costs.”
OPM said Workday is the only company with a solution able to meet its needs and cited its deployment at Walmart and the Department of Energy as examples of its scalability and readiness for federal use, respectively. The agency also noted that Dayforce, another HR solutions company, expressed interest during its research but that it determined Workday was the only option for its needs.
Following the one-year contract for Workday, OPM said it plans to have “a full and open competition.”
This story was updated May 8 with additional details about the contract award to Workday.
Bipartisan Senate bill calls for Energy, NIST team-up on AI evaluations
A bipartisan group of senators is making another run at a bill aimed at improving the federal government’s ability to test and evaluate artificial intelligence systems.
The Testing and Evaluation Systems for Trusted Artificial Intelligence Act — which advanced out of the Senate Commerce Committee last year but didn’t receive a floor vote — calls on the National Institute of Standards and Technology and the Department of Energy to create a testbed pilot program for the development and refinement of measurement standards used to assess AI systems.
The five lawmakers behind the legislation — Sens. Ben Ray Luján, D-N.M., Marsha Blackburn, R-Tenn., Dick Durbin, D-Ill., Jim Risch, R-Idaho, and Peter Welch, D-Vt. — see the DOE’s national laboratories playing a crucial role if the TEST AI Act is enacted. Luján, Blackburn, Durbin, Blackburn and Risch are co-leads of the Senate National Labs Caucus.
“AI has reached every sector in our country and driven innovation, but we cannot ignore the vulnerabilities and risks that come with it,” Luján said in a statement shared with FedScoop. “While these systems have the power to change lives, they can also fall short — providing inaccurate or biased data — and are at risk of malicious attacks or misuse by our adversaries.”
“The TEST AI Act addresses these shortcomings by creating government testbeds to better evaluate AI systems,” added Luján, a frequent advocate for New Mexico’s Los Alamos and Sandia national labs. “This will help leverage the talent of our National Laboratories and strengthen the federal government’s ability to implement responsible guardrails that protect our national security and the American people.”
Blackburn, who has championed quantum legislation that builds on work done at Tennessee’s Oak Ridge National Laboratory, said the TEST AI Act would direct NIST, DOE and national labs teams “to establish safeguards, enabling AI to evolve while lowering the risk of manipulating this technology.”
The bill, shared first with FedScoop, seeks to not only codify the NIST-DOE partnership on the evaluation of AI models, but also aims to boost public-private partnerships via an AI-testing working group. That group, made up of no more than 10 members, would include the top NIST, Energy and Commerce officials or their designees, as well as representatives from the private sector and academia.
That body would guide the development of standards for AI testing, with reliability, performance, capability, interpretability, security, privacy and data bias in mind. A strategy for measurement standards would then be posted on a Commerce Department website.
The first testbed would be detailed in a report to Congress within 180 days of the initial demonstration. Additional recommendations for future standards development would also be included in the report.
The legislation has at least one prominent non-governmental backer in its corner: the nonprofit Americans for Responsible Innovation, which has pushed the government to modernize federal systems and warned the Trump White House that cuts to NIST would put the country behind the eightball in the global AI race.
“The TEST AI Act is a step towards transparency and accountability in artificial intelligence,” ARI President Brad Carson said in a statement. “Right now, AI systems are being deployed in high-stakes environments without independent oversight or clear standards. By building federal capacity for rigorous AI evaluations, this bill helps ensure AI tools are secure, effective, and ready for deployment.”
U.S. court system eyeing AI use cases for access to justice, cost savings
The federal judicial branch is exploring uses of artificial intelligence aimed at promoting access to justice and cost efficiencies, a judiciary official focused on the technology said.
Paul Drutz-Hannahs, the AI pilot lead at the Administrative Office of the U.S. Courts, told FedScoop in a recent interview that the court system is — much like the other branches of government — looking at the technology to improve its operations. Those efforts currently involve working with the individual courts to figure out what they need.
“We are aware that across the country there are different district courts with different local business needs,” Drutz-Hannahs said. “So a lot of what we are doing right now is working with our customer base — the federal courts — to understand what AI could potentially do … to help their work.”
The federal judiciary is unique in that its structure is federated, giving each court a fair amount of latitude in its operations. That presents a different environment than executive branch agencies, many of which have adopted policies and use cases for their entire workforce.
But the independence of courts is something that Drutz-Hannahs counted as a strength for the judicial branch. He likened it to the concept of states as laboratories of democracy, in which one state will try something that others will learn from and follow.
“It can be similar with the federal courts in that we might have a district court somewhere that tries something because it has an autonomy and it’s able, because of its scale, to be a little more nimble … than perhaps a nationwide product would be, and consequently, we can learn from those quicker,” he said.
Drutz-Hannahs’ comments came during a fireside chat about the judiciary’s AI use at FedScoop’s AI & Tech for Government: Innovation In Action event last week.
As an example of a type of use case that the federal courts are looking at, Drutz-Hannahs pointed to chatbots, which he said could provide the public with a mechanism to ask questions after hours or when offices are closed.
“That’s just an example of a use case where we’re aware of potential opportunity and upside to using these technologies, but I will always come back to the risk management side of our equation, too,” Drutz-Hannahs said.
Unlike private industry, the judiciary has a responsibility to public trust, he explained.
“You will often notice that we are proud of the fact that our risk tolerance is lower in the private industry,” Drutz-Hannahs said. “Our risk tolerance is lower than even perhaps on executive branch agencies, and that’s because we are safeguarding public justice and access to justice.”
While the judiciary historically hasn’t been on the leading edge of technology, advancements were made during the pandemic when they were needed to continue moving cases forward safely, such as the adoption of remote video participation.
When asked how the rapid adoption of new technology has compared to the current AI moment, Drutz-Hannahs said the spirit of innovation from the pandemic-era has lingered.
“I think there’s been an interesting linkage in these two moments where we are seeing some lingering desires to innovate, perhaps more than it was before culturally,” Drutz-Hannahs said.
‘AI boom’ will make up for IRS workforce cuts, Treasury secretary says
Drastic cuts to the IRS workforce won’t impact tax collection because an “AI boom” will pick up the slack, Treasury Secretary Scott Bessent told lawmakers Tuesday.
Appearing before the House Appropriations Committee, Bessent was peppered with questions about the overhaul of the IRS in recent months, including the slashing of the tax agency’s IT budget and widespread staff reductions across collection and enforcement functions.
A Treasury Inspector General for Tax Administration report released last week found that as of March, the IRS’s workforce had shrunk 11%, with 11,433 IRS employees terminated since President Donald Trump took office.
According to the TIGTA report, 18% of the IRS’s revenue officers — staffers who work to collect delinquent taxes, survey for unreported taxes and secure delinquent returns — have been cut from the agency. Another 31% of revenue agents and 10% of tax examiners — job functions that also have collection responsibilities — have also been dismissed.
Rep. Steny Hoyer, ranking member of House Appropriations’ Financial Services and General Government Subcommittee, noted that Treasury’s budget proposes additional “substantial cuts” to the IRS, with another 40,000 jobs or so to be eliminated, including up to half of the agency’s enforcement staff. Despite those planned cuts, the Maryland Democrat said Bessent promised him during a prior meeting that he was “not going to … sabotage collections.”
When asked by Hoyer if he was still confident that cuts wouldn’t negatively impact the collections process, Bessent pushed back against the idea that a bigger enforcement staff would be more effective than leveraging tech to do the work.
“There is nothing that shows, historically, that by bringing in unseasoned collections agents, that that … results in more collections or high-end collections,” Bessent said. “So I believe, through smarter IT, through this AI boom, that we can use that to enhance collections. And I would expect that collections would continue to be very robust, as they were this year.”
IT modernization, Bessent said, was key to improved agency operations. The secretary took a victory lap in his opening statement on making over $2 billion in cuts to the IRS IT budget “without any operational disruptions.” Several former, high-ranking IRS IT executives have told FedScoop that the impact of those cuts will likely be felt during the next filing season.
“We achieved these cost savings by eliminating, renegotiating, and descoping wasteful IT and professional services contracts and addressing longstanding inefficiencies such as auto-renewed licenses unused for years,” Bessent said. “This intervention alone will save taxpayers hundreds of millions of dollars each year.”
Bessent also touted the administration’s push to reduce paper processing — an initiative well underway during the Biden era that the secretary acknowledged is a “longstanding bipartisan goal.” Via policy changes and an embrace of automation, Bessent said Treasury is targeting a $20 million reduction in those expenses by the end of Trump’s term.
Democrats also pressed Bessent on the so-called Department of Government Efficiency’s involvement with the IRS. Hoyer raised concerns about “DOGE operatives rifling through IRS databases” that contain Americans’ sensitive information, while Rep. Glenn Ivey, D-Md., asked how a 25-year-old DOGE staffer with a history of racist social media posts was granted access to systems that house the public’s financial data.
That staffer, Bessent said, was dismissed from the department after the Wall Street Journal unearthed his racist posts (though he was quickly rehired by the Trump administration and deployed to other agencies).
And as for DOGE at large, Bessent said the Elon Musk-led group’s work to “constrain the spending” is “admirable, important and necessary.”
“As I’ve continually pointed out, DOGE is the Office of Government Efficiency, not the Office of Government Extinction or Eradication,” he said. “So I think that it is not a big leap to do much more with less.”
Trump administration kicks off federal acquisition overhaul with new website
The Trump administration has launched an effort to overhaul the Federal Acquisition Regulation with a focus on delivering a quicker, more efficient and less burdensome procurement process for federal agencies.
To provide details on the progress of the so-called “Revolutionary FAR Overhaul,” the General Services Administration — one of the federal government’s lead procurement agencies and a member of the FAR Council — launched a new website Tuesday for the initiative.
Federal acquisition stakeholders can expect to find a streamlined version of the FAR, buying guides — the first of which will be focused on software-as-a-service — and opportunities to share their feedback about acquisition policy on the new website, according to a release from GSA.
The Trump administration’s overhaul of the FAR was spurred by an executive order in April that called on the Office of Federal Procurement Policy in the Office of Management and Budget to lead the effort with FAR Council members GSA, NASA and the Defense Department. Within 180 days of that order, the group is expected to “amend the FAR to ensure that it contains only provisions that are required by statute or that are otherwise necessary to support simplicity and usability, strengthen the efficacy of the procurement system, or protect economic or national security interests.”
“This is about permanent change in how the government partners with the private sector to accelerate innovation and promote competition,” GSA acting Administrator Stephen Ehikian said in the release. “We’re cutting the outdated red tape and focusing on value for American taxpayers.”
The launch of the website to provide information about the FAR overhaul “aligns with the Trump Administration’s goal of transparency in the deregulation process,” OMB Senior Advisor Kevin Rhodes said in a statement. “Stakeholders across industry and government alike will see how we are reducing bureaucracy to accelerate procurement, reduce costs, and increase competition.”
GSA says the resources that will be included on the new website are being developed with feedback from the federal acquisition workforce and will include “interactive tools that deliver real-time guidance and insights.”
“Feedback will help shape formal rule changes and ensure the final system works in practice — not just on paper,” the release said.
DOGE has arrived at the heart of Homeland Security’s biometrics operations
The Department of Government Efficiency has arrived at the Office of Biometric Identity Management, a quiet but powerful component of the Department of Homeland Security that handles a critical database of fingerprint, facial, and iris data used throughout the federal government.
Three people, including one person within DHS and two more familiar with the matter, confirmed that DOGE now has a presence at the agency. Two of those sources added that DOGE seems to have restarted conversations about the future of the Homeland Advanced Recognition Technology (HART) program, which DHS has long hoped would replace the agency’s current biometrics database — the Automated Biometric Identification System (IDENT), one of the world’s largest known systems of that kind.
OBIM was created more than a decade ago to manage the biometric information used to make border security decisions. As a relatively small office, OBIM provides assistance to DHS and federal agencies, including the State Department. OBIM also sometimes exchanges biometrics with other countries.
OBIM’s biometric database stores hundreds of millions of biometric data points. A DHS website notes that a single query of the system “can retrieve data for an individual tied to a Department of State visa application, a U.S. Customs and Border Protection log of an entry into the United States, and an immigration status change logged by U.S. Citizenship and Immigration Services.”
DOGE has not directly accessed these systems, two of the sources believe. But one person within the agency noted that DOGE has recently been involved in a decision to request a memo about the future of HART, the IDENT system, and the Traveler Verification Service, a separate system run by Customs and Border Protection. The person said there was a recent meeting between OBIM, CBP, and DOGE about the future of these biometric systems.
Two other people confirmed that DOGE is involved at OBIM and one of them confirmed that DOGE is interested in reevaluating the future of HART.
The Department of Homeland Security did not respond to a request for comment.
The current IDENT system has been a workhorse of DHS’s biometrics program for decades. The system can run close to half a million queries a day, sometimes 150,000 in an hour, one person said. But the system’s configuration reveals its age: The IDENT system is physically stored on-premise, in two different locations. IDENT is also dependent on specific hardware to support its fingerprint matching technology, which the person said comes at a significant cost.
With more than 300 million identities stored, IDENT is now one of the largest biometric databases in the world. The world’s largest database is the Aadhaar system in India.
DHS has wanted to replace IDENT with HART, which is supposed to be hosted in the cloud and use a software-based approach to biometric matching. In the eyes of some government leaders, it’s a critical part of modernizing DHS’s approach to biometrics.
Still, the operation of HART has been controversial within the agency and the program has run into a series of challenges.
In 2022, the program failed when an attempt was made to enter “parallel operations,” which would have seen HART deployed alongside IDENT to measure its performance, two people said.
In 2023, the Government Accountability Office flagged that the program was running into problems with privacy issues, program management, and cost-tracking. The program is running several years behind and, according to the GAO, costs significantly more than originally anticipated.
In recent years, there was intense investment in getting the HART program back on track, a former senior DHS official told FedScoop. Management of the program was moved from the OBIM office to DHS’s Office of the Chief Information Officer in 2024. The program also saw a series of restructurings, with federal technical officials having a greater role in the process, the official said, and several vendors were brought on instead of just one.
OBIM is currently aiming for HART to reach initial operating capacity in fiscal year 2027, a person within DHS said, adding that parallel operations between HART and IDENT are not currently feasible.
DOGE rep Sam Corcos is Treasury’s new chief information officer, source says
A startup founder and Department of Government Efficiency associate named Sam Corcos is the new chief information officer of the Treasury Department, according to a person within the agency.
Corcos was introduced with that title at a recent meeting for Treasury bureau chief information officers, the person added.
Corcos, who most recently helped create a health company called Levels, had been representing DOGE in the Treasury Department, with the official title of special advisor. Corcos, who has appeared on Fox News with Treasury Secretary Scott Bessent, has said his top priority is looking at the operations and maintenance budget, as well as modernization, at the IRS.
“A huge part of our government is collecting taxes,” he told Laura Ingraham in March. “We cannot perform the basic functions of tax collection without paying a toll to all these contractors. We really have to figure out how to get out of this hole.” He’s previously said he’s committed to spending six months in Washington.
He’s also sought access to government data and, according to Wired, was involved in an effort to organize an IRS hackathon. A source familiar with the initiative told FedScoop that the event was focused on the implementation of a unified API infrastructure.
Corcos’ appointment comes as many longtime technology leaders have departed the Treasury Department. Tony Arcadi left the role of CIO earlier this year.
Last week, FedScoop reported that Jeff King, who was appointed to replace him, would also be leaving, along with Brian Peretti, the agency’s chief technology officer, and Rick Therrien, the chief information security officer.
About 50 IT executives were recently cut from the IRS. The tax agency’s chief information officer, Rajiv Uppal, also recently announced that he was leaving.
Matt Bracken contributed reporting.
EPA system for water, air and toxics data is vulnerable to threats
The digital warehouse where companies, states, tribal groups and other regulated bodies report their data to the Environmental Protection Agency lacks adequate controls, leaving the system vulnerable to threat actors, according to a new watchdog report.
In an audit of the agency’s Central Data Exchange System (CDX), the EPA Office of Inspector General found that users could submit identity data that didn’t meet EPA and federal requirements.
Noncompliant data was able to be submitted because the CDX system doesn’t have built-in controls to stop users from entering “questionable and thus unreliable” identity data, the OIG noted.
“Without the EPA having the proper system controls in place, threat actors could create fraudulent CDX accounts that could provide unauthorized access to other EPA systems and environmental data that are used to support the EPA’s mission and strategic goals,” the report stated.
The CDX system — which contains environmental data on various air, water, hazardous waste and toxics programs throughout the country — could be an especially attractive target for threat actors. The EPA and the White House last year warned of “disabling” cyberattacks targeting water systems across the country.
In a letter to U.S. governors, then-National Security Advisor Jake Sullivan and EPA Administrator Michael Regan wrote that those attacks had “the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”
The OIG report warns specifically about the possibility of adversarial users gaining entry to CDX and entering fake data “that could undermine the credibility of the information these systems aggregate and maintain to support the EPA’s program services and strategic plan.”
“If the EPA does not mitigate its CDX data integrity issues, it cannot provide assurance that its environmental data are accurate and reliable,” the watchdog added.
The EPA’s Office of Mission Support agreed to the watchdog’s recommendation to implement a process to assess identity data in CDX that appears “questionable” and disable any accounts that cannot be verified. The office also signed off on an OIG recommendation to develop and adopt a strategy that does comply with federal and agency-specific input controls for CDX.
Other issues raised by OIG in the report include the EPA’s Office of Pesticide Programs granting non-U.S. users access to a pesticide submission portal without identity verification and the agency not disabling tens of thousands of inactive CDX accounts.
NLRB whistleblower’s attorney speaks on DOGE, the shedding of federal IT leaders
Last month, a whistleblower named Daniel J. Berulis submitted a highly concerning report to Congress about his experiences with the Department of Government Efficiency during his work as an IT staffer at the National Labor Relations Board.
DOGE, he said, had arrived at his agency and possibly enabled a breach exposing government data while they were accessing NLRB systems. Alarmingly, Berulis saw evidence that NLRB information was being accessed by users in Russia in near real-time. While he was preparing his report, Berulis said he was threatened: Someone taped a note to the front door of his home that referenced his disclosure as well as photographs of him recorded via drone.
Nonprofit legal assistance organization Whistleblower Aid has stepped in to represent Berulis and support his disclosure. Andrew Bakaj, the chief legal counsel at Whistleblower Aid, told FedScoop that the organization has since seen more outreach, with people asking questions about the whistleblower disclosure process.
“The worst-case nightmare scenario is that this is beyond NLRB,” Bakaj said. “This is happening in multiple agencies where DOGE has been, and that — whether it was intentional or by accident, sloppiness, etc. — foreign intelligence and our adversaries gained access into our critical infrastructure.”
Bakaj, a former intelligence officer himself, would not comment on Berulis’ current role and only said that his client was assisting in an ongoing investigation into what occurred at the NLRB. He chatted with FedScoop about the whistleblower process, the role of Congress in protecting federal data, and the impact of losing chief information officers across the government.
This interview has been edited for clarity and length.
FedScoop: Can you talk a little bit about what happened with Daniel Berulis at the NLRB? What systems and data seemed to be accessed?
Andrew Bakaj: The bottom line is that [Daniel Berulis] learned from his superiors that DOGE was going to be coming into the agency. [He learned] they were all supposed to be in their seats because [DOGE members] were going to be showing up. …
What really caught his attention at first was how data was being exfiltrated from the agency, overnight, at one point in time. [It was] a significant amount of data. The reason why that’s important is because these were all text files. It’s one thing if it were images or videos, because that’s obviously a heavier weight [and] requires more capacity. But these are all text files, so it could be as much as an entire encyclopedia’s worth of data that left the agency.
FS: What’s the line between questionable practices and something that needs to be disclosed by a whistleblower?
AB: They were told not to monitor what DOGE was doing [and] they were not supposed to log their activities, etc. That’s a huge red flag. When you have the fact that data was being exfiltrated — it was a huge blip on the timeline there — combined with the fact that in near real time, somebody or something from Russia tried to access the internal database using the correct username and password.
Because of the fact that it was coming from Russia, the NLRB tech staff saw that this was an anomaly and they were able to stop it. But that was the final failsafe, because somebody did, in fact, have the proper credentials to log in. You put that all together and that is a significant cause for concern.
FS: One of the things the disclosure says at the bottom is that this is a best guess at what might have occurred. Can you talk a little bit about the nightmare scenario given what was seen in these systems?
AB: The worst-case nightmare scenario is that this is beyond NLRB. This is happening in multiple agencies where DOGE has been, and that, whether it was intentional or by accident, sloppiness, etc., that foreign intelligence and our adversaries gained access into our critical infrastructure.
I’ve had contact, actually, with people who would like to blow the whistle, but frankly, a lot of people are afraid to come forward, right?
FS: We’re seeing a lot of turnover in the CIO role in the federal government. I’m curious if you can talk about the role of the CIO in the kind of access management issues that this whistleblower disclosure talks about — and the risks that might come with just switching people out, especially as we’re facing these concerns about DOGE.
AB: When we have a high turnover rate and when we have the federal sector losing a lot of people in critical areas, that’s going to potentially be a significant risk for potential intrusions by not just foreign adversaries, but just hackers more broadly. My concern is broader than just the NLRB.
FS: How optimistic are you that this will be a bipartisan sort of response to some of the security concerns that have been raised about DOGE?
AB: It may not happen right away. It may take time. But the reason why I’m hopeful is because when it comes to our personal data — banking information, Social Security information — exposure for Americans and American companies should be a nonpartisan issue, in my opinion. My only concern is, is that it’s going to take some harm for everybody to really coalesce and say, ‘yes, this is a problem that we should look into.’
FS: What’s the role of the whistleblower disclosure process at a time when many inspectors general seem to be under attack?
AB: A large swath of federally appointed IGs have been removed. The IG offices still exist, so that means that in many cases, there are acting IGs. Maybe new appointees will be put in place at some point in the future. In some smaller offices, their IGs may not have been removed, but that’s less common. There are offices who have staff and they’re working well, but we also recognize that there is a significant concern now about the independence and integrity of the OIGs.
FS: What advice do you have for people who work in CIO offices and IT offices about the whistleblower process and the disclosure process?
AB: The first thing is that there is a process by which those working within CIOs can come forward to properly disclose their reasonable belief that there may be violations of law, rule or regulation, or fraud, waste, or abuse. I do recommend that they first reach out to an attorney through us at Whistleblower Aid or even other attorneys who specialize in this area to make sure that they’re properly handling the information that they’re going to be disclosing.
Dan did this in a public fashion where he allowed his name to be put out publicly. He spoke publicly to encourage others to come forward as well. Many whistleblowers have disclosed things confidentially. And there is a way to do this to mitigate professional risk, while at the same time getting it to somebody who can investigate.