Vote today for the 2025 FedScoop 50 awards.

Cast your vote!

USDS and DHS built a tool to help Americans choose the best trusted traveler program

TSA Pre-Check or Global Entry? NEXUS or SENTRI? Have you even heard of the latter two?

The Department of Homeland Security runs a number of trusted traveler programs — programs through which low-risk individuals can use expedited lanes and other benefits when passing through airports. Each program is slightly different, includes a different fee and is best-targeted to slightly different users. So how do you know which trusted traveler program is best for you?

Until recently, the U.S. Digital Service found, you probably didn’t.

In a blog post published on Monday, USDS’ Lauryn Fantano details how one of its teams at DHS built the Trusted Traveler Comparison Tool. The tool, as its name suggests, allows users to answer a couple of questions about their travel habits and learn which trusted traveler program is best suited for them.

“The project kicked off when [Customs and Border Protection] asked USDS for help rethinking the Trusted Traveler application process,” Fantano wrote. “After an initial discovery sprint to see how people were interacting with these services, it was apparent that many real travelers were genuinely confused about the various programs available to them, which government agencies were administering them, and how to apply.”

The team found that while people are interested in applying for TSA’s Pre-Check or CBP’s Global Entry — these websites are among DHS’s 10 most visited — they often don’t know the difference between the two programs.

The comparison tool, released in April, makes answering this kind of basic question easy. The tool is live on the DHS’s website, but is also embeddable on other websites, like airline or travel sites.

“It sets an important precedent that government sites should display the information that’s most useful to user decision making first,” Fantano wrote. “This requires testing, ranking, and displaying data accordingly.”

Watchdog: Pentagon needs stronger guidance for IoT device security

A report from the Government Accountability Office has found that the Defense Department’s policies on Internet of Things devices aren’t sufficient enough to guard against potential security risks.

The July 27 report analyzed the agency’s guidance on IoT devices regarding cybersecurity, information security and physical security concerns, finding that they either didn’t address the devices — which include items like digital wearables and smart televisions — or failed to attribute security procedures for industrial control systems.

“According to the Director of National Intelligence, IoT devices are designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems,” the report says.

GAO officials found that while the agency has begun looking at the security risks posed by IoT devices, no one office oversees security policy for them. Rather, the policy is split between numerous offices, including the DOD chief information officer; the Office of the Assistant Secretary of Defense for Energy, Installations and Environment; the Office of the Under Secretary of Defense for Intelligence; the Defense Information Systems Agency and others.

The agency went as far as to identify a series of risk points in which an IoT device could be compromised — from malware installation during a device’s construction to lack of software patches that make it vulnerable to attack — and has developed mission assurance assessments to outline vulnerabilities from the devices.

While the DOD has policies for the IoT devices, those policies still have gaps where it concerns the potential of a compromised IoT device, such as a smart TV, the GAO noted.

“DoD officials told us that existing DoD policies and guidance do not clearly address security risks relating to smart televisions, and particularly smart televisions in unsecure areas,” the report says. “Officials from military services and other DoD components described smart televisions as a risk to operations security due, in part, to the ability of commercial providers to access the devices remotely—potentially eavesdropping on conversations or sending recordings of these conversations to third parties.”

Officials also acknowledged that the policies don’t address the sharing of data through apps added to DOD mobile devices, potentially allowing developers or hackers to capture data through unauthorized third-party apps.

The report also notes that the DOD’s core cybersecurity policies do not focus specifically on IoT devices, though the agency’s CIO does have policy recommendations centered on IoT security that could inform broader cybersecurity best practices.

The GAO did outline ongoing DOD efforts to address IoT security, including conducting an inventory of its industrial control systems, research and testing of device security by the Defense Advanced Research Projects Agency, and the formation of an IoT forum to examine the potential security risks of the devices.

The report offered three recommendations, including that:

DOD officials concurred with the recommendations and said it was in the process of or had already begun applying them.

18F working to overhaul the ATO process

The General Services Administration’s innovation arm has its sights set on changing the way the federal government decides what software it buys.

In a July 24 comment on its GitHub site, 18F officials said they are developing a plan entitled “Project Boise” to overhaul the authority to operate process by which an agency determines that products meet the security requirements needed to operate on federal IT systems.

18F innovation specialist and developer Aidan Feldman — who is leading the Project Boise team with designer Andrew Maier and strategist Timothy Jones — said in the post that the plan aims to “reduce the burden (time, cost, and pain) and improve the effectiveness of the federal government’s software security compliance processes.”

There are already ATO reform efforts underway at the GSA-based Federal Risk and Authorization Management Program, where officials are developing multiple formats to streamline the authorization process for cloud service providers and give agencies more vendors to choose from.

FedRAMP released a new baseline for its anticipated Tailored service — a proposed software-as-a-service cloud solution would provide agencies with lower-risk security options — for public comment July 13, shortly after requesting information from industry on how it could automate some of its ATO processes.

To develop new policies, the 18F team will collaborate with stakeholders like the Department of Homeland Security’s Continuous Diagnostics and Mitigation group, the Office of Management and Budget, the White House’s Office of American Innovation, the National Institute of Standards and Technology, and FedRAMP.

While the plan is in its discovery phrase, Feldman added that the Project Boise would be reaching out to stakeholders in both the public and private sectors for feedback through the GitHub site on how to simplify the process, including chief information security officers, cybersecurity policymakers and companies crafting products surrounding security compliance.

In the first month, the Project Boise plan calls for the team to map ATO processes across federal agencies to determine the common paths and where they can be improved.

Nick Sinai, a former U.S. deputy CTO under President Obama and now a venture partner at Insight Venture Partners, explained the importance of improving the ATO process in a recent Medium blog post. As it stands, it can take a vendor more than a year to receive an authorization, deterring many innovative companies from even trying.

“We need innovative firms entering the federal market — like those that Insight Venture Partners invests in — to make our government more secure, more effective at delivering services, and more efficient for the taxpayer,” Sinai wrote.

He added: “If the Trump Administration is going to build on the Obama Administration’s efforts to modernize, it will need to transform how the federal government does security compliance.”

Bug bounty industry, helped by federal business, is growing up fast

The bug bounty industry — which basically hires and sells the services of freelance hackers who are paid to find weaknesses in systems or products — is seeing a period of rapid growth, in part because of early successes in the federal market.

Chris Bing of Cyberscoop takes a close look at the leaders of the three companies that are making the most noise in the niche industry: Bugcrowd, HackerOne and Synack. All three firms boast platforms that privately funnel information about software and hardware bugs to their customers so that affected parties can fix software flaws.

Over the last year, the three companies have each expanded in size and influence due to private investors betting big. Significant contracts with the Defense Department, General Services Administration, U.S. Air Force and Army, quickly popularized the disruptive industry, even though the premier brands are still in many ways developing their business strategies and identities.

Crowdsourced suggestions for passport process get a close look from State Department

Applying for a passport can be confusing and costly, but the Department of State is actively trying to figure out how to improve the user experience — and it’s taking suggestions straight from citizens.

State recently teamed up with USAGov to crowdsource suggestions on how the passport application and renewal process might get a citizen experience upgrade. The department and the federal information office used an unnamed “software tool” to create a website where they could solicit and collect citizen responses to one question: “How can we improve the [passport] application process to make it simpler and easier?”

Over two weeks in December 2016 the site collected nearly 1,000 responses and sorted them into general topic areas: on-demand support, renewal reminders, online applications and more.

From there State made several “decisions” — responses on how the department proposes to improve trouble areas. For example, State is in the process of developing an online passport renewal option. It’s also working to improve the plain-writing standards on Travel.State.Gov and find ways to reduce the fees associated with obtaining or renewing a passport.

According to a USAGov blog post, this partnership was the first time USAGov or State had used the unnamed software tool. It’s unclear whether either party intends to use the tool for future projects, but all published reports suggest that this pilot was a success.

Hybrid IT gives agencies ‘the best of both worlds,’ HPE exec says

Hybrid IT gives federal agencies “the best of both worlds,” allowing for the efficiencies of public cloud and the security of traditional on-premise IT.

Hybrid IT enables “us to operate as we’re comfortable and often as mission or security requires, and then [also] be able to share that data in a public form,” Jeff Lush, CTO of HPE federal, says in an interview with FedScoop TV.

And moving to such a model isn’t such a huge lift as one might expect.

“The nice thing about hybrid IT is it allows you to operate as you are today,” Lush says. “This notion of being able to rip and replace everything that you have — it just doesn’t work. There’s nothing about it that’s good. It’s costly, it interrupts the flow of business”

Rather, hybrid IT allows agencies to “truly embrace emerging technology but not have to wait around forever” to completely replace legacy systems.

In the end, hybrid allows agencies to avoid the costly interruption and security risks of completely replacing their critical systems while having the flexibility and savings found in modern cloud services, Lush explains.

Learn more about how HPE can help agencies’ modernization with its hybrid IT solutions.

New House bill taps Silicon Valley for ‘smart’ border wall

It seems Rep. Will Hurd understands the importance of building a little buzz around an idea.

Two days after calling for a “smart wall” in a House Homeland Security Subcommittee hearing on technology use in customs and border operations, the Texas Republican co-sponsored legislation to provide just that.

CNN first reported that Hurd would introduce the Secure Miles with All Resources and Technology Act, or SMART Act, on Thursday. It would leverage a mix of technology and U.S. Customs and Border Protection assets to the secure the U.S.-Mexico border for a fraction of the cost the White House’s proposed physical wall.

“Violent drug cartels are using more modern technology to breach our border than what we are using to secure it. We can’t double down on a Third Century approach to solve 21st century problems if we want a viable long-term solution,” Hurd said in a statement. “We need a Smart Wall that uses high-tech resources like sensors, radar, LIDAR, fiber optics, drones and cameras to detect and then track incursions across our border so we can deploy efficiently our most important resource, the men and women of Border Patrol to perform the most difficult task — interdiction.”

Hurd represents 800 miles of border in his district, more than any other member of Congress.

The president requested $1.6 billion in fiscal 2018 for border wall construction, and the House included that provision in its own budget proposal last week. The funding would cover primary and secondary fencing, as well as levee walls, over a combined 74 miles of the border, in addition to planning and development.

The SMART Act would require the Department of Homeland Security to initially deploy more technology to secure the border while it crafts a more comprehensive strategy, which could later include physical construction elements.

The report said Hurd had worked with Oculus VR founder Palmer Luckey and his defense technology company Anduril Industries on cost estimates for the technology required.

In talking about how to deploy technology in border operations at the July 25 committee hearing, Hurd basically telegraphed the plans for the SMART Act.

“You can deploy a lot of off-the shelf technology to do [interdiction with integrated technology] for half-a-million dollars a mile. And if we add this out to the additional 1,350 miles of the border that doesn’t have fencing, that’s $33 billion,” he said. “I can use $32 billion of that for other things, like give y’all’s folks more pay for the hard work that they do.”

The new bill projects that securing the border with technology would cost $500,000 a mile, or 98 percent less than $24.5 million a mile Hurd estimates it would take to build a physical wall on the border.

CBP officials testified that physical barriers often prove more successful in urban settings, while technology and watch towers serve more of a role in rural areas.

Agency officials added that they are hoping to acquire more interoperable technology systems that can work in concert for border operations. But the Government Accountability Office also recently recommended that CBP apply more performance metrics to its technology and barrier assets to determine their effectiveness in life cycle cost estimates.

Officials said they are looking to employ a mix of technology and physical barriers to meet administration guidance on border security.

The bill would also authorize $110 million to enhance work among CBP and state, county, tribal and other governmental law enforcement at the border, and create a two-year grant program to improve emergency communications in the southern border region.

Reps. Henry Cuellar, D-Texas, David G. Valadao, R-Calif., Steve Knight, R-Calif., Steve Pearce, R-N.M., Brian Fitzpatrick, R-Penn., and Keith Rothfus, R-Penn., signed the bill with Hurd.

“This bill provides a pragmatic approach to secure our borders,” Cuellar said in a statement. “It calls on DHS to deploy the most effective security technology — such as sensors, aerostats, and cameras — and rather than building walls to meet campaign promises, it takes a measured approach by directing DHS, in conjunction with state and local agencies, to conduct a comprehensive study and analysis of the different tools and solutions available to provide security on our borders.”

“A giant wall is nothing more than a 14th century solution to a 21st century problem,” he said.

USDS’ Haley Van Dyck departs the office she helped create

Haley Van Dyck, the Obama-era tech leader who co-founded the U.S. Digital Service in 2014, is leaving the office she helped create.

Van Dyck joined the White House in 2012 as a senior technology adviser, before going on to co-found USDS two years later. She stayed on as the Trump administration transitioned into government, even as other top USDS officials like erstwhile administrator Mikey Dickerson left. Former Google engineer Matthew Cutts has been serving as acting administrator ever since.

Politico first reported the news.

“Haley had a specific goal of assisting USDS through the administration transition and left when she felt that was completed to the best of her abilities,” Cutts said in a statement quoted by Politico. “Although the USDS team is sad to see her go, we’re excited to see what’s around the corner for Haley and wish her the best.”

Recent publicized departures from the government’s other tech “startup,” 18F, have prompted debate among 18F and USDS employees about the line between politics and public service. The Obama initiatives attracted a lot of fairly liberal talent — do those individuals still want to serve under President Trump? Or is improving tech in the government a non-political exercise?

USDS also recently delivered a project update to Congress. The upshot? The organization’s priority projects remain much the same as they were, as teams continue to move the needle forward.

USDS did not return FedScoop’s requests for comment prior to publication.

Three former Presidential Innovation Fellows open up on what inspired them to join government

So you don’t want to run for office or join the military, but you do want to serve your country. What do you do?

Three former Presidential Innovation Fellows this week pointed to the PIF program as the perfect entry point for techies and other creative types looking to give back to Uncle Sam.

For Ross Dakin, a West Coast computer engineer by training with experience at a variety of startups, “It represented an opportunity to do something for my country that didn’t involve shooting guns or kissing babies,” he said.

The fellowship began in 2012 under President Obama and was made permanent this January by the TALENT Act, one of the last pieces of legislation Obama signed. The PIF website indicates that the application period for 2017 fellows closed in December 2016, but it doesn’t identify the fellows who were chosen for that cohort.

Dakin and two other former PIFs — Ashley Jablow and Jacqueline Kazil — sat on a panel at the George Washington University’s Graduate School of Political Management on Tuesday evening and shared what inspired them to join the program. While all three spoke from a similar perspective, they had distinctly different experiences of their “PIFdom,” as Kazil calls it.

Dakin was a 2015 PIF, and during his year-long tour of duty he worked at the Department of Housing and Urban Development, the Census Bureau and the Department of Agriculture. Jablow, a 2014 PIF, took the tour twice — one year at the National Archives and Records Administration, and another at the Environmental Protection Agency. And Kazil, finally, was a 2013 PIF who worked at the Federal Emergency Management Agency and went on to co-found 18F.

All came from different backgrounds too — Dakin a private sector engineer, Kazil from time building news apps at the Washington Post and Jablow from a grounding in the nonprofit world.

And yet the PIF opportunity spoke to all those backgrounds. “It offered an opportunity to use what I know how to do, no matter how niche it seemed,” Jablow said.

For Kazil, the one-year term was both attractive and a little scary. Having a limit on her time in government suited her, but what would she do for work at the end of that year? The answer, it turns out,  for all three is that they have returned to the private sector now that their government immersion is over. Still, they all think fondly about what working in government taught them.

Kazil learned that she is driven by mission — she looked for a mission she could connect with before taking her current job at Capital One. And for Dakin, who came a long way east for the PIF experience, “my biggest takeaway is was that government is just people,” he said. “There’s not the government and then other people … the government is just us.”

NGA wants to crowdsource its emergency response at Austin hackathon

The National Geospatial-Intelligence Agency is again reaching out to the public for some fresh ideas on how to use its data.

The agency — which analyzes satellite and mapping intelligence — is offering a $5,000 award for the most innovative use of its data sets to help emergency responders handle potential crises at an overnight Austin GIS hackathon on July 29 and 30.

The event, which is hosted by information technology strategy company Blue Compass, LLC, is another in a series of innovative outreach programs that NGA began sponsoring in 2016. The goal is to tap the creativity and perspectives of those outside of the intelligence community for new ways to utilize big data, artificial intelligence, automation and predictive analytics.

“We’re expecting a diverse group of participants including individuals, companies from commercial industry, academics and military personnel,” Col. Marc DiPaolo, NGA’s enterprise innovation lead, said in a statement. “Having a wide range of participants with different experiences and areas of expertise will give us a diversity of thought we don’t always have in the intelligence community.”

NGA began sponsoring the hackathons last year as a way to engage developers to tackle agency challenges through open source platforms. The agency welcomes participants to use its open source services on GitHub to create new tools “real world impact.” NGA subject matter experts will also attend the event to give participants helpful context of the agency’s data sets.

Officials said that pitches should include multiple topics of interest, “such as using artificial intelligence and machine learning to predict regional issues, analyze and interpret large raw data sets, create automated workflows and locational data to support emergency responder planning.”

Hackathon projects will be judged based on their impact, creativity, design and execution.

NGA will hold additional hackathon competitions in San Francisco in August, Boston in September and New York in November.

At a previous hackathon in Seattle, NGA offered developers $10,000 for solutions that “improve content curation and provide national security decision makers with a customized user experience that improves decision-making abilities.”