Page 767 | FedScoop

HHS gets Navy vet as new cybersecurity chief

The Department of Health and Human Services has a new CISO, a Nebraska Navy vet who has worked in IT inside and outside government.

Christopher Wlaschin retired after 28 years in the Navy in 2008 as a lieutenant commander and has held a variety of civilian jobs since, including several stints at major health care companies in his home state. He came to HHS from the Nebraska-based, for-profit National Research Corporation, where he was senior director for information security and infrastructure for NRC Health.

His last stint with a federal agency was for the troubled Department of Veterans’ Affairs, where he was associate deputy assistant secretary for security operations for one year beginning in August 2012. He joined VA from Military Sealift Command, where he was the civilian CIO 2010-12. Prior to that, he was the assistant director for unified communications at the Missile Defense Agency.

“As a member of the U.S. government’s Senior Executive Service … Wlaschin will lead the cybersecurity program across HHS, with a goal to foster an enterprise-wide secure and trusted environment in support of HHS’ commitment to better health and well-being of the American people,” the department said in a statement.

The HHS position is not politically appointed. Wlaschin, who started work earlier this month, got in under the wire of the new administration’s hiring freeze — which affects all current vacancies and any new hires with a start date after Feb. 22 — but said HHS has several open cybersecurity positions that might be frozen.

“We hope fill these critical vacancies under the guidance” interpreting the freeze that will be issued shortly, Wlaschin told CyberScoop.

The hiring freeze includes exceptions for vital national security and public safety positions, but until the guidance is issued, it’s not clear what that means or who has the authority to invoke it.

There’s a place for tech in infrastructure planning, experts say

As transportation enthusiasts wait for President Donald Trump’s leadership to begin unveiling a plan for improving the nation’s infrastructure, experts said Tuesday that technology has a place in that discussion.

And there are “several thousand” Transportation Department employees who haven’t forgotten about issues like connected vehicle technology and intelligent transportation, said former NHTSA Administrator David Strickland at a conference hosted Thursday by the Eno Center for Transportation, a nonpartisan think-tank.

In his “Contract with the American Voter” Trump said he would, within his first 100 days in office, work with Congress to introduce the “American Energy and Infrastructure Act.” In the document, Trump says the proposal would leverage “public-private partnerships, and private investments through tax incentives, to spur $1 trillion in infrastructure investment over ten years.”

McClatchy recently reported Trump’s team had given the National Governors Association a drafted list of possible infrastructure projects with a price tag of at least $137.5 billion.

“I think when you actually get down to the budget situation where yes, you do have the money to spend and here is your frame to do it, I think those very details that you’re talking about will come to the floor, because there’s been a lot of people looking for the opportunity to do that,” Strickland said to a question about incorporating technology into infrastructure investments.

Strickland, who is now with the Self-Driving Coalition for Safer Streets, said that details around the Trump administration’s “broad proclamation” of $1 trillion in infrastructure investments will have to be “teased out.”

And Elaine Chao, who has been nominated for Transportation secretary, “is going to have to talk about how we make these investments … thinking about the forward-leaning planning about communications technology and other intelligent transportation investments that are being made within that,” Strickland said.

In her confirmation hearing this month, Chao did not have a lot of precise answers for how she planned to regulate or foster transportation technology development. But she did say: “We want to work with Congress to position the federal government as a catalyst for safe, efficient technologies, not as an impediment.”

The Eno Center’s vice president of policy and finance at the Eno Center for Transportation Paul Lewis said Thursday that all discussions about infrastructure investment programs should be focused on “what those programs are hoping to achieve,” and that technology can be considered as a way to get to those program goals.

“So if there’s a safety program for example, it doesn’t matter whether you’re spending a bunch of money trying to straighten a road, or implementing some technology that will make that road just as safe, if not safer,” Lewis said.

He added: “Technology needs to be eligible for solving those problems, it doesn’t have to be a ‘build it’ kind of mentality. It doesn’t have to be infrastructure if we’re trying to achieve those goals. Technology needs to be definitely part of that discussion, and not focused on one specific technology but technology as a whole.”

CIO transition shakeup: The new (and old) faces under Donald Trump

President Donald Trump’s Cabinet and some other top positions are filling up, but not many of the federal government’s top IT leaders have been selected yet.

Career officials had to step into those roles until new leaders are appointed. Some chief information officers were politically appointed, and many of those left on or before Inauguration Day.

Those career officials may be there awhile. Management openings, including CIOs, have historically been low-priority for a new president, David Eagles, director of the Partnership for Public Service’s Center for Presidential Transition recently told FedScoop. “These are positions that have come in months, if not even sometimes years,” he said.

Here’s a breakdown of Trump’s IT leadership right now in some of those non-career IT positions:

Social Security Administration

The Trump administration asked Rob Klopp to stay on as deputy commissioner and CIO of Systems, a spokesperson told FedScoop.

Klopp has been in the role since August 2015, and served before that as the administration’s chief technology officer.

Department of Defense

In a special case, Defense CIO Terry Halvorsen is retiring Feb. 28.

Halvorsen was politically appointed as DOD CIO, but since he is also a career federal employee — spending time as Navy CIO and deputy commander of the Naval Network Warfare Command — he is not required to resign at the end of the current administration like other politically appointed CIOs, according to a DOD spokesperson.

But the DOD CIO position itself is classified as a senior executive service general position, “meaning it can be filled by a career or non career SES,” according to a DOD spokesperson.

Department of Commerce

Former Commerce CIO Steven Cooper left the post on Jan. 20, according to the department’s website. A spokesperson confirmed that Rod Turk is acting in his place.

Turk had been the department’s acting deputy chief information officer since July 2016. He has also been serving as Commerce’s CISO according to his official bio.

His prior experience includes serving as associate chief information officer for cybersecurity and CISO at the Energy Department, and CISO at the U.S. Patent and Trademark Office.

Department of Housing and Urban Development

A spokesman confirmed that Kevin Cooke is acting in place of former HUD CIO Rafael Diaz.

Cooke served as acting CIO in 2014 after then-CIO Jerry Williams left the department. Most recently, Cooke had moved back into serving as deputy CIO for the department.

The acting CIO first came to the department after serving in several roles at the Energy Department. In the Energy Department’s chief information office, Cooke was director of IT office systems, director of human capital and administrative management and associate chief information officer for information technology corporate management.

Environmental Protection Agency

Former EPA CIO Ann Dunkin has already moved on to a new position as chief information officer for the County of Santa Clara, California, she confirmed to StateScoop last week.

Steven Fine has taken her place in the interim.

Fine came to the agency from the National Oceanic and Atmospheric Administration, where he served as deputy assistant administrator for Laboratories and Cooperative Institutes.

Department of Transportation

The Transportation Department’s deputy chief information officer has stepped into the acting CIO role, a spokesperson confirmed to FedScoop.

During her time in the department, Kristen Baldwin has also served as the associate CIO for business technology alignment & governance.

Department of Energy

The Energy Department’s chief information officer left the agency in December, and as FedScoop reported at the time, Robbie Green took his place in the interim.

Before stepping into the acting role, Green served as the department’s principal deputy CIO for enterprise information resources management.

Green comes to the acting CIO role after nearly eight years in the Energy Department’s Office of the Chief Information Officer.

When Green served as a senior adviser to the associate chief information officer for the Department of Energy’s IT services, he oversaw the budget process there. And before that role, Green also worked for the National Nuclear Security Administration as its deputy CIO for information technology.

Department of Veterans Affairs

Rob Thomas has taken over as acting chief information officer, replacing LaVerne Council.

The VA CIO, also known as the assistant secretary for information and technology, requires confirmation by the Senate.

Thomas was the deputy assistant secretary for OI&T’s Enterprise Program Management Office, and mostly recently has been serving as deputy CIO. He also served as a deputy CIO and acting CIO at the Federal Emergency Management Agency, according to his official biography.

Department of Homeland Security

Jeanne Etzel is now serving as acting DHS CIO, replacing temporarily the agency’s former IT head Luke McCormack.

In the past Etzel served as the agency’s acting deputy chief information officer, and before that as the executive director of NextGen.

Office of Management and Budget

Former U.S. Federal CIO Tony Scott’s last day was January 17.

“Honored and blessed to have served last two years with this great team! Experience of a lifetime!” he wrote in a tweet the following day.

It may be awhile before a federal chief information officer is appointed.

Margie Graves has been serving as deputy federal chief information officer, the second-highest IT leader in government that typically acts as federal CIO in an absence. Graves could not be reached by publication time.

Billy Mitchell contributed to this report.

Report: Pre-flight screening programs need better metrics, baselines

U.S. Customs and Border Protection may have a data-driven process for flagging high-risk travelers before they board airliners, but the agency doesn’t have a data-driven procedure for measuring whether the system is working, a congressional watchdog said in a new report.

CBP’s National Targeting Center checks traveler information against government databases and lists, and uses rules-based targeting to try to flag people like “foreign fighters and potential terrorists, human traffickers, drug smugglers and otherwise inadmissible persons” before they get on a U.S.-bound flight. CBP officers at various different pre-departure programs told the GAO they work on “targets” the NTC has identified.

But the agency doesn’t have an established set of metrics and baselines to measure the performance of its several pre-flight programs, the Government Accountability Office said in a public version published Tuesday of a sensitive report issued in Sept. 2016.

CBP’s data showed that through pre-departure programs it identified and “ultimately interdicted” about 22,000 high-risk air travelers in fiscal year 2015. And in that same year the pre-departure programs helped the agency identify 1,500 previously unknown-high risk people to nominate for inclusion into the Terrorist Screening Database.

While the CBP tracks some data, the GAO recommended the CBP commissioner “develop and implement a system of performance measures and baselines to evaluate the effectiveness of CBP’s pre-departure programs and assess whether the programs are achieving their stated goals.”

The report seems to imply that some review occurs for various aspects of the programs. For example, when it comes to the rules-based targeting, officials told the GAO “CBP reviews the targeting rules on a periodic basis to assess whether the rules remain relevant in light of evolving threats” and that “CBP also conducts constant rule maintenance and development as needed in response to new or changing threats.”

But Rebecca Gambler, director of homeland security and justice issues at GAO, told FedScoop that the agency could be using data it already collects to better measure the overall performance of of its pre-departure programs.

“It certainly can be difficult to measure programs like this but what we found in the report is that they could look at some of the data that they are already collecting, and use, for example data from fiscal year 2015 to develop initial baselines and then they can measure program performance over a time relative to the baseline,” Gambler said.

CBP officials told the GAO that they collect a lot of data on their pre-departure programs, but it was collected inconsistently due to operational focus shifts and technology updates. But now the agency has “updated and uniform data collection systems that are consistent across all predeparture programs,” officials told the GAO.

“They have these different sets of data like traveler volume or the number of invalid travel documents that they seized, but just looking at you know increases and decreases doesn’t really allow them to fully evaluate the programs,” Gambler said. “And so being able to measure against baselines over time would help them kind of understand what increases or decreases in that program data mean, as an example.”

CBP is planning to expand its pre-departure programs, the GAO found in its report, and Gambler said “as they do continue to move forward with their plans it is important for them to establish these performance metrics and use them going forward.”

The Department of Homeland Security agreed with the watchdog’s recommendation, and said it plans to create a working group to develop and implement a system for measuring performance.

The GAO said that “if implemented effectively,” the agency’s plan should address the watchdog’s recommendation.

States call for collaboration with federal government on cybersecurity

With a new presidential administration in town, the chairman and vice chairman of the National Governors Association called for more collaboration between the federal government and states on cybersecurity.

Virginia Gov. Terry McAuliffe, NGA’s chair, said governors across the nation are ready to work with the Trump administration and the 115th Congress on issues like cybersecurity and more over the course of 2017.

“We have a simple message: Governors are here, we are ready to work with you on an agenda that makes lives better for the people who we all serve,” McAuliffe, a Democrat, said during remarks at the “State of the States” address at the Newseum in Washington. “While partisanship grinds Washington to a halt, we are Democrats, we are Republicans, and we are independents who every day work across party lines to get things done.”

McAuliffe’s initiative as NGA chair centers around helping state governments “meet the [cybersecurity] threat.” In October, he announced the partnership of 26 states that had pledged to work together on a regional cybersecurity initiative.

In 2016, McAuliffe said Virginia was hit with 70 million cyberattacks — or one every four seconds. Turning his focus to Washington, McAuliffe said states should collaborate with the federal government on critical infrastructure protection.

“We can work together to protect our critical infrastructure and data from cyberattacks,” McAuliffe said. “These are real opportunities to bring the pragmatic bipartisan leadership that we practice in our states every day in Washington.”

Sandoval, a Republican, said he appreciated McAuliffe bringing the focus to cybersecurity — something he acted on last week in his own State of the State address with the announcement of the creation of a Nevada cyber-defense center.

“The foundation of today’s economy, national security and the daily operations of government are increasingly dependent upon the security and reliability of communications technology and other digital infrastructure,” Sandoval said.

Sandoval called on the federal government to look to states as primary sources of information and intelligence around cybersecurity, and “full fledged partners” in cyber-intelligence sharing.

On Jan. 20, Inauguration Day, the NGA released its “We the States” platform, which also touched on collaboration with the federal government on cybersecurity.

The plan calls on the Trump administration to provide states with flexibility with regard to cybersecurity, both through collaboration and information sharing. In that plan, governors requested “clear guidance” on the assistance that would be offered by the Federal Emergency Management Agency and other federal agencies in the event of a cyberattack that exhausts the capabilities of state and local resources.

Superstar cybersecurity committee proposed by senators

A new bipartisan bill introduced Wednesday in the Senate would create a Select Committee on Cybersecurity to act as a central entity overseeing cybersecurity efforts across multiple federal agencies.

The committee would be empowered to write legislation, act as a powerful oversight group, organize investigations, coordinate with the intelligence community and make recommendations to the executive branch. Members would receive direct briefings from the intelligence community.

The bill by Cory Gardner, R-Colo., and Chris Coons, D-Del., would fundamentally alter the way the Senate handles legislation relevant to cybersecurity. The Homeland Security, Armed Services and Intelligence panels currently share jurisdiction over digital security issues and would have to cede some of their existing influence.

The 21-member committee would bring together a star-studded cast of lawmakers that are currently the highest-ranking Republicans and Democrats on the Appropriations, Armed Services, Foreign Relations and Intelligence committees, among others.

Notably, the bill to create the Select Committee on Cybersecurity stipulates that it will oversee “the organization or reorganization of any department or agency to the extent that the organization or reorganization relates to a function or activity involving preventing, protecting against, or responding to cybersecurity threats.”

The committee would effectively decide when and if U.S. Cyber Command, the military cyberwarfare unit, would be split from the National Security Agency, which focuses on signals intelligence collection. A division of the currently conjoined organizations had become a point of debate in Washington during the Obama administration. U.S. Cyber Command achieved “initial operating procedure” in October 2016.

Introduction of the bill follows the creation of a Senate Armed Services subcommittee focused on cybersecurity, with Mike Rounds, R-S.D., serving as chairman and Bill Nelson, D-Fla., as ranking member.

Mulvaney: DATA Act crucial for sorting out federal spending

After two Senate confirmation hearings Tuesday, it was clear that President Donald Trump’s nominee to head the Office of Management and Budget has DATA Act implementation in mind.

Rep. Mick Mulvaney was peppered with questions Tuesday in two confirmation hearings on how he plans to advise Trump on reducing government spending. And while the South Carolina Republican offered ideas on everything from the defense budget to Social Security, he also made a point that structural changes like implementing the DATA Act are crucial to even fully understanding how federal money is being spent.

The 2014 law requires all agencies to report spending data in a standardized way, and some have reported to a congressional watchdog that they are facing challenges implementing it. The Government Accountability Office said recently some agencies are at greater risk of missing a May 2017 reporting deadline as a result.

During Mulvaney’s first confirmation hearing, before the Budget Committee, Republican Mike Enzi brought up the committee’s efforts to make the budget process more efficient. One of the problems it identified, Enzi said, is that various versions of the budget conflict with one another and make it difficult to track the money.

In particular, he mentioned the Defense Department, which consistently has trouble with audits.

“It goes deeper than that,” Mulvaney responded and noted the DATA Act could help.

“It’s almost as if the computer systems in the agencies are set up to not even allow the men and women working there to understand how the money is getting spent,” he said. “So you’re right, there could be a lot of structural reforms that we could put in place that OMB could drive in order to make it easier to understand how the government works.”

He added: “We’re living in an age of big data, and then here we are as the federal government and we probably have some of the best big data available anywhere, but we can’t use it because no one can share it or read it.”

Enzi’s concerns and Mulvaney’s responses echoed a December hearing by the House Oversight and Government Reform Subcommittee on Government Operations.

When asked during that hearing how the DATA Act might help identify potential Defense Department savings, an expert from the Government Accountability Office said the law would provide more transparency to where funds are being spent.

“Hopefully it’s also going to provide a vehicle for DOD management and other agencies to manage their funds and manage their programs, and make sure that as obligations are incurred that they are de-obligated in the proper time,” said Paula Rascona, GAO’s director of financial management and assurance. “Another benefit of the DATA Act should be through oversight on the part of not only DOD management but their auditors, and also the Congress. And this should give more visibility to how DOD is spending their money.”

In Mulvaney’s second confirmation on Tuesday — before the Senate Homeland Security and Governmental Affairs Committee — the nominee was again asked how Congress can get better data on the federal budget.

When working through budget issues, “one of the hardest things to get in Washington, D.C., is the real number, for anything,” said panel member James Lankford, R-Okla. “How can you help us get the real number, coming from the White House and coming from your estimates, from OMB?”

Mulvaney responded: “Well the first step is obviously to get them myself, which is why the DATA Act is so important. It’s behind schedule as I understand, as we try to figure out a way to get data that we can actually all use.”

“One of the keys is to try to figure out a way to fix the system so that the data that we all have access to is the best possible number,” Mulvaney added. “And then simply be honest about those numbers with the president.”

USDS = taxpayer value, former White House deputy CTO says

The White House tech-surge team’s mission of developing more effective and efficient digital services for Americans fits quite nicely with the Trump administration’s agenda to decrease the burden on taxpayers, a former White House deputy CTO said Monday.

The U.S. Digital Service doesn’t explicitly tout “taxpayer value” as one of its core focuses, but it’s inherently tangential to its mission, said Nick Sinai, a former deputy CTO in the Obama administration when the White House launched the USDS. Though the program isn’t a codified component of the Office of Management and Budget, which oversees its operation, the Trump White House has signaled its interest in keeping the team around in some capacity.

You can “point to a bunch of projects that have saved many tens of millions of dollars and have taken something that wasn’t working and replaced it at a fraction of the cost with either something that they built or something that they bought from the tech industry,” said Sinai, now a venture partner with Insight Ventures and adjunct faculty at the Harvard Kennedy School.

“I really do hope the new administration seizes this,” he said at the 2017 State of the Net Conference in Washington, D.C. “And of course, they’re going to focus on taxpayer value, and that’s something we were focused on as well — we just didn’t use that term. A modern, efficient, effective government that delivers on its promise using the best practices of the tech sector — I mean how could you be against that?”

Monday’s State of the Net discussion came as the future of the U.S. Digital Service hasn’t been explicitly set in stone by the new administration. But hints of support from the new White House for the tech fix-it team have trickled out, including an encouraging tweet from recently named Chief Digital Officer Gerrit Lansing:

FYI: @USDS is here to stay in the new administration. Period.

— Gerrit Lansing (@lansing) January 23, 2017

It also appears White House senior adviser Jared Kushner, President Trump’s son-in-law, reached out to former U.S. CTO Todd Park to express the new administration’s support for USDS, OSTP and the General Services Administration’s Technology Transformation Service, which houses 18F, Bloomberg reported. Park was Sinai’s boss in the Office of Science and Technology Policy for a bit and served as the point man between the White House and Silicon Valley during the latter part of the Obama administration.

“I’m hopeful this new administration will see the value of these various efforts, because at the end of the day they are providing a lot of taxpayer value,” Sinai said.

The time to take advantage of the progress USDS and the former administration made in federal IT modernization is now, while the new White House and Congress are impassioned to make change, agreed Matt Lira, a senior adviser to House Majority Leader Kevin McCarthy, R-Calif, on the panel with Sinai.

“This is a unique opportunity, not only because of the party alignment between the two branches, but also whenever you have a new administration and kind of a re-energized Congress, the ability to make big, substantive changes, to pass big bills, to stand up big programs and projects” is exceptional, Lira said.

And he’s optimistic his fellow Republicans will seize the progress made in the last eight years.

“The administration has got the foundation built, I think, for a modern government,” Lira said. “The concrete has been laid, and the steel bars have been put in place, and I think they have the opportunity to build a modern government on that foundation.”

But perhaps most crucial to the calculus of what will continue to make programs like USDS successful, said Sinai, are the career personnel embedded in agencies who “have the scars on their back.”

The career civil servants, he said, are “heroes…who are just tremendous innovators, who are doing most of the work, frankly. It really is the pairing of the folks deep inside the agencies, with executive support.”

They “understand the program, understand the procurement, understand what’s been tried from the private sector,” Sinai said. “That’s when you see the magic.”

Defense systems agency’s CTO to retire in February

He fielded the Navy’s first firewall, helped start its information security program and led work on the Global Information Grid Bandwidth Expansion program that increased the capacity of the Defense Department’s networks. After about 31 years in government, Defense Information Systems Agency Chief Technology Officer David Mihelcic is set to retire from federal service in February.

Mihelcic, whose last day is planned for Feb. 21, served in government in leadership positions such as the chief executive engineer and deputy program director for the Global Information Grid Bandwidth Expansion program, known as GIG-BE, and head of the Network Security Section of the Naval Research Laboratory.

The CTO told FedScoop he is most proud of his work from about 2001 to 2005 on GIG-BE, a program he said increased the capacity of DOD’s network “by many orders of magnitude” and made it “thousands of times faster, many times more secure and much more reliable and of higher quality than anything that the DOD network could previously provide.”

“The other very interesting side effect of that was it helped us bring many new good people into the government,” he said. “And we actually got people when this program concluded that said, ‘I like what you do DISA, I like working for you, I want to continue to work for you.’ And they came to work for us as government employees.”

Shortly after working on that program Mihelcic became DISA’s CTO.

The slow march to modernization: The Pentagon’s cloud computing journey

Mihelcic said he wishes the Pentagon had made more progress in cloud adoption.

“We have pushed for cloud computing adoption in the DOD ever since [2006] and for a number of reasons, security and cultural, the adoption has not been as quick as we’d like,” he said.

The agency has seen some successes in fielding milCloud, Mihelcic said, and last year put out a Request for Proposals for the second version of milCloud.

He also noted the agency put together standards that allow for adoption, for unclassified DOD capabilities, of commercial cloud providers accredited by the Federal Risk and Authorization Management Program.

And he said his office is continuing to push for modernizing testing and accreditation necessary to take advantage of commercial cloud.

“So if I can turn a capability on in a commercial cloud provider in seconds but it then takes me six months or a year for me to get my applications loaded in there, configured, tested and approved to operate, I haven’t bought anything,” Mihelcic said.

The DOD hasn’t achieved as much as Mihelcic would like in accompanying cloud adoption with a change in processes that allows government to push out capabilities in real time. “Maybe that’ll be something I’ll try to continue to push from outside the DOD,” he said.

The department’s culture is one reason for slow cloud adoption, Mihelcic said.

“There are many cultural issues, and a lot of them do stem from security. We are very risk-averse in the Department of Defense,” he said. “We like to do things that we’ve done before. We do things based on precedent, so we don’t have a lot of precedent there.”

He added: “The other cultural issue is I think we have a lot of people who are comfortable being those infrastructure providers today in our DISA, and other DOD, data centers. And this is one of these areas where the world is going to change, and either you can change with it or you’ll risk becoming a dinosaur.”

Looking to the future — and advice for his replacement

The CTO is not sure of his plans for when he leaves the agency, but he said he has talked to some people about opportunities outside of government.

“Hopefully you’ll see me doing something related to these technologies such as cloud computing and networking,” he said. “And I’ll be able to help the DOD a little bit indirectly in the future.”

Mihelcic’s advice for the new CTO: Partner with industry, empower your workers and focus on automation.

“That’s probably the area where the DOD is furthest behind in IT,” he said of automation. “We still do too many tasks manually. And we need to automate everything we do, including security compliance checking.”

Security compliance checking today can add months to a program, he said, noting that it is “largely a manual process where we bring in testers at the end of program development and they validate the configuration of the running system.”

Those testers write reports that others have to then read.

“All of that can be done in real time with automated conformance testing,” he said, adding: “That’s what industry does.”

Mihelcic also said he hopes the new chief technology officer will have the latitude he did.

“I was given the chance by the Director of DISA to take that CTO role, turn it into a technology outreach and oversight organization, an organization that built capabilities with the warfighter and transitioned that to DISA programs,” he said. “So yeah I was very happy that I was given that ability to strongly influence what the DISA CTO was, and how the DISA CTO did its job.”

“Moving forward I hope the next DISA CTO will have that same opportunity,” he said.

Watchdog urges continued shutdown of online immigration system

The Department of Homeland Security shouldn’t reintroduce an electronic system for processing immigrant naturalizations that was plagued with problems after its original launch, the department’s inspector general urged Monday.

The DHS Office of the Inspector General issued a recommendation to “stop plans to reinstate use of the Electronic Immigration System” based on “an ongoing review which discovered alarming security concerns regarding inadequate background checks and other functionality problems with ELIS,” the office said in a release.

DHS’s U.S. Citizenship and Immigration Services has been developing the system, dubbed ELIS, since 2009. ELIS was originally slated to be operational by 2013, with the overall goal of allowing immigrants to more easily apply for citizenship online. Despite a 2012 launch, the project ran far over budget and only two of of about 90 benefits and services were available for processing online, according to a March 2016 OIG report.

USCIS estimated then that it would take three more years and another $1 billion to complete the work.

In August 2016, USCIS decided it would be best to take the system offline to address the critical security concerns the OIG references in this most recent recommendation issued Monday and a November audit, which revealed that about 20,000 green cards had been issued in error because of ELIS technical and functional deficiencies.

But the inspector general learned recently USCIS would reinstate the program sometime in January, it said, leaving it fearful the security and functionality issues hadn’t been fully resolved.

“Due to the significant unresolved functional and technical issues surrounding ELIS — issues my office has reported on in numerous reports in the past — we strongly advise USCIS leadership against the premature return to electronic processing of naturalization applications until corrective actions are taken and these persistent issues are resolved,” DHS Inspector General John Roth said.

Since issuing 11 recommendations with its November audit, all of which it says USCIS has resolved but are still open “pending completion of USCIS’ planned actions to address them,” the OIG has been conducting a review of ELIS systems to see if they were secure and functional. Though only in its preliminary stages, the OIG investigation found “significant operational and security issues that pose grave concern and merit your attention and corrective action,” Roth wrote in Monday’s management alert to USCIS Director Leon Rodriquez.

As of Jan. 11, testing of the system granted 175 immigrants citizenship without checking their biographic information with the FBI and U.S. Customs and Border Protection. Without such vetting, “immigrants could potentially be granted U.S. citizenship although they are ineligible or pose national security threats,” Roth’s alert says.

The USCIS Field Operations Directorate also expressed similar concerns, Roth said in his alert.

The DHS OIG wasn’t planning to release results of its current review until later this spring. But, as Roth explains in Monday’s alerts, “Rather than waiting several months to issue a report when the ongoing audit is completed, the OIG is taking the extraordinary step of elevating this urgent issue to USCIS leadership early so that immediate corrective action can be taken.”