Vote today for the 2025 FedScoop 50 awards.

Cast your vote!

NASA commissions experimental ‘low boom’ supersonic jumbo jet

NASA is commissioning an experimental aircraft that aims to produce quieter sonic booms, in the hope that it will make supersonic jet travel available once again.

Since Concorde, an Anglo-French plane designed in the 1960’s, was withdrawn from service in 2003, there has not been a commercial jumbo jet capable of faster-than-sound flight, but NASA scientists hope to spur its reintroduction.

The experimental plane, the first in a series of “X-planes” that NASA will commission as part of its New Aviation Horizons initiative, seeks efficiency across the board: Officials say it will be faster, more fuel efficient, and safer than conventional tube and wing commercial jet designs.

“NASA is working hard to make flight greener, safer and quieter — all while developing aircraft that travel faster, and building an aviation system that operates more efficiently,” said agency Administrator Charles Bolden.

“To that end, it’s worth noting that it’s been almost 70 years since Chuck Yeager broke the sound barrier in the Bell X-1 as part of our predecessor agency’s high speed research,” noted Bolden. “Now we’re continuing that supersonic X-plane legacy with this preliminary design award for a quieter supersonic jet with an aim toward passenger flight.”

Supersonic jets emit a sonic “boom” upon breaking the sound barrier — an explosive sound that exceeds acceptable levels of noise for commuter aircraft flying over populated areas. By reducing this thunderclap to a less noisy “heartbeat,” NASA hopes to boost the X-plane’s range of possible destinations to include overland routes.

NASA awarded the $20 million initial design contract to Lockheed Martin during an event at Ronald Reagan Washington National Airport in Arlington, Va., Monday. Lockheed will draw up preliminary plans for the Quiet Supersonic Technology, deemed QueSST, in collaboration with subcontractors from GE Aviation and Tri Models Inc. Though construction will be limited to a test model, it will be subject to analytical validation to include wind tunnel trials.

The main production phase of the X-plane project will fall under a future contract competition.

The planes are expected to be in the air by 2020, and will measure in at around half the size of current large commuter jets. NASA officials said that they will “likely” flown by an onboard human pilot.

“Developing, building and flight testing a quiet supersonic X-plane is the next logical step in our path to enabling the industry’s decision to open supersonic travel for the flying public,” said Jaiwon Shin, associate administrator for NASA’s Aeronautics Research Mission.

GSA’s Digital Registry running low on mobile apps

The General Services Administration’s U.S. Digital Registry has been populated with more than 7,300 verified federal accounts on third-party websites, social media and other platforms since its launch, but of those, just 323 are mobile apps and sites, an agency official said. 

GSA’s Jacob Parcell, manager of the agency’s mobile programs office, told FedScoop he doesn’t know the exact number of mobile apps and responsive, mobile-friendly Web pages the federal government operates, but “there are a lot more than 300.”

Parcell said it’s important that federal agencies and offices with mobile services take part in the registry — launched in late January to authenticate government digital accounts outside of the traditional .gov or .mil domains — because it “offers an opportunity for federal agencies to show they are leveraging cutting-edge mobile technologies to engage their audiences anytime, anywhere,” and serves as an inventory of federal apps and mobile websites, Parcell said in a GSA blog post.

About two-thirds of Americans own a smartphone, and 30 percent of all federal Web traffic comes from mobile devices.

“Agencies can register their mobile products — mobile websites (including responsive design) and native apps to verify they’re mobile-friendly authoritative sources of government information,” Parcell wrote. He added, “[A] mobile registration in the U.S. Digital Registry demonstrates an agency’s commitment to serving their customers’ needs anytime, anywhere and on any device.”

Despite that, many mobile app and website operators aren’t there yet, made apparent by the just over 300 mobile accounts registered of the 7,300-strong registry.  

Some of that small number has to do with agencies not knowing about the mobile side of U.S. Digital Registry, which since its launch has been mainly touted as a verification tool for federal social media accounts.

“Agencies don’t know about the mobile side of the U.S. Digital Registry,” Parcell said, but he thinks that will change as GSA and its DigitalGov team spread the word about it. He also mentioned there are a number of mobile apps and website that are “lost,” or that agencies haven’t added to the federalwide list on USA.gov, which the Digital Registry now feeds into.  

But it also points to the complexity of developing mobile apps and the corresponding low number of them in the federal government, compared to social media accounts, for which all of the technical development work is handled by the platforms themselves.

“For mobile, you have to develop a native app or responsive Web design concept, prototype it, develop it and then launch,” Parcell said. 

Many agencies are looking to responsive Web design as a way to be mobile but avoid the complex development needs associated with apps. But “even for responsive design, development is not a walk in the park,” he added. “For instance agencies have to decide which content will be prioritized on the smaller phone screens.”

Nevertheless, it’s imperative that agencies face those mobile challenges head-on. Mobile technology is not a fad, Parcell wrote in the blog post, “it’s a must.” 

“Agencies must find and engage customers at their mobile moments and the registry is just the place to verify they are doing it,” Parcell said. He added, “If an agency’s products aren’t registered, their voice won’t be as loud.”

Contact the reporter on this story via email at Billy.Mitchell@FedScoop.com or follow him on Twitter @BillyMitchell89. Subscribe to the Daily Scoop to get all the federal IT news you need in your inbox every morning at fdscp.com/sign-me-on.

Survey: Only 1 in 7 CISOs has access to CEO

The disconnect between chief information security officers and the executive suite, while narrowing, remains dangerously wide, according to a new survey that found only one in seven CISOs report directly to their CEO.

The survey, administered jointly by ISACA and the RSA Conference, asked 461 senior information security and cybersecurity professionals — 79 percent of them at the management level — to gauge the security climate in their enterprise. More than two-thirds, 69 percent, worked for an organization with more than 1,000 employees, spanning a breadth of industries across North America and Europe, with a small margin of respondents based in Africa, Latin America, Oceania and Asia. 

As a baseline, only 75 percent of respondents are confident in their team’s ability to detect and respond to incidents -— a 12 percent dip from last year. That 75 percent falls to 60 percent, when the incident is anything beyond simple.

The survey found that 74 percent of security professionals are anticipating a cyberattack on their organization in 2016, while 30 percent currently stave off phishing attacks on a daily basis. The vast majority, 82 percent, indicated that their company boards are concerned about cybersecurity.

Fifty-nine percent of respondents that said fewer than half of cybersecurity candidates were “qualified upon hire,” underscoring a widening skills gap that has caused cybersecurity vacancies to linger at most companies — 27 percent said that jobs had gone unfilled for up to half a year for lack of qualified candidates.

Another issue plaguing security professionals is situational unawareness, which has roots even among the top levels of enterprise security. Nearly a quarter, 24 percent, of security professionals did not know if any user credentials had been stolen in 2015. The same proportion weren’t sure which threat actors had exploited their companies, while 23 percent couldn’t say whether an advanced persistent threat attack had been mounted against them.

“The lack of confidence in current cybersecurity skill levels shows that conventional approaches to training are lacking,” said Ron Hale, chief knowledge officer of ISACA. “Hands-on, skills-based training is critical to closing the cybersecurity skills gap and effectively developing a strong cyber workforce.”

The survey also polled participants on the expected security impact of new trends in tech — artificial intelligence and the Internet of Things. Fifty-three percent said IoT would exacerbate risks by expanding attack surfaces, while 62 percent thought AI would pose a risk in the long term and the short term.

“While there are signs that C-level executives increasingly understand the importance of cybersecurity, there are still opportunities for improvement,” said Jennifer Lawinski, editor-in-chief of online engagement for the RSA Conference. “The majority of CISOs still report to CIOs, which shows cybersecurity is viewed as a technical rather than business issue. This survey highlights the discrepancy to provide an opportunity for growth for the infosec community in the future.”

Proposed crypto commission needs supermajority for report

A bipartisan, bicameral pair of lawmakers Monday published the eagerly-awaited text of their bill setting up a national commission on encryption to resolve the conflicts being played out in the Apple versus FBI case.

The bill, co-sponsored by Rep. Michael McCaul, R-Texas, and Sen. Mark Warner, D-Va., would create a 16-strong National Commission on Security and Technology Challenges, with each party appointing eight members. A supermajority of 12 would be required to approve a subpoena — and to sign off on the commission’s final report on the impact, role and future of digital encryption in the U.S., due after one year.

Each party would appoint one member to the commission to focus on each of the following topics: cryptography; global commerce and economics; federal law enforcement; state and local law enforcement; consumer-facing technology sector; enterprise technology sector; intelligence community; and privacy and civil liberties community. One of those, chosen by the GOP House speaker and Senate majority leader, will be the chairman. Another, picked by the Democratic minority leaders in both chambers, will be a vice chairman. Additionally, the president will appoint another member in an “ex officio capacity” who will not vote.

The chairman and vice chairman would have to agree on the appointment and pay of an executive director and “other necessary staff.” The bill enjoins federal agencies and departments to “cooperate expeditiously” in getting security clearances for commission members and their staff. The staff could include “detailees, experts, and consultants,” according to a fact sheet, and the commission could accept voluntary and uncompensated services.

According to the factsheet, the commission would be required, in its report to Congress after one year, to assess:

Commissioners would be expected to produce recommendations on:

Encryption has risen to the national spotlight in recent weeks after the FBI and Apple went toe-to-toe in a court battle over unlocking the encrypted iPhone of San Bernardino terrorism suspect Syed Rizwan Farook. The FBI obtained his phone in December 2015 but has been unsuccessful in attempts to bypass its security and access its contents. A federal judge ordered Apple to create special custom software to bypass the security features, what many refer to as a backdoor. Apple, however, has refused to cooperate.

Experts, like retired four-star Air Force Gen. Michael Hayden, the former director of NSA, have been calling on Congress to resolve the dispute, but the future of any legislative fix is murky.

Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., the chairman and vice-chair respectively of the Senate Select Committee on Intelligence, have promised a bill requiring companies to create a way that they can grant court-mandated access for law enforcement to their encrypted products. They compare the requirement to that on telephone network operators who have to provide a facility for wiretaps.

The bill has yet to materialize (congressional sources told FedScoop to expect a March publication date), but when it does, it likely faces a hugely uphill battle in Congress, where the tech industry, which largely sides with Apple, has many supporters.

“The issue of ‘going dark’ has driven a wedge between law enforcement and our nation’s leading innovators,” the lawmakers wrote in a one-pager on the proposed commission. “But we must stop shouting past each other and start talking with each other. Americans have heard too much bluster and too little substance, and so far Washington has failed to bridge the divide.”

TechDirt first reported this story, and posted the leaked versions of the documents that we link to.

Advice to fed agencies? Endpoints are everything!

The outgoing director of the Department of Homeland Security’s U.S. Computer Emergency Readiness Team has a message for federal agencies: Know your endpoints, know your data and boost your internal training to retain your best talent.

Ann Barron-DiCamillo, the longest tenured leader in US-CERT history, left her position earlier this month for the private sector. Her new role, chief technology officer at Strategic Cyber Ventures, will see her advise early-stage cybersecurity companies on technology that fills what she said are “gaps in the marketplace.”

The ever-growing endpoints

When it comes to gaps in federal cybersecurity, Barron-DiCamillo said endpoints need to be more of a focus for those charged with guarding agency assets. She said over her three years, she has seen an evolution from crude DDoS and SYN Flood attacks to spear phishing that’s meant to inject malware further down the stack.

“It’s all about the endpoint now,” Barron-DiCamillo told FedScoop. “It’s where you have the biggest bang for your buck right now. Look, users are going to click things. You are going to get a click rate with” phishing.

She said US-CERT has seen a rise in spear phishing payloads that carry attacks associated with macros, which execute malware inside applications like Microsoft Office. A popular form of attack in the ’90s, macro threats have re-emerged as browser vendors have patched vulnerabilities in Flash, Java and other various add-ons and plugins, Barron-DiCamillo said. With spear phishing, the highly targeted attacks are carefully crafted to be indistinguishable from genuine communications — often from a victim’s actual colleagues — with the malicious payload hidden in an attachment. The malware only executes and installs itself once the seemingly innocuous Word document or Excel spreadsheet is opened.

To combat these attacks, US-CERT has been working on pilot programs that use containerization, which allows malware to be cordoned off from infecting an entire system. And gives analysts the opportunity to learn more about the attack in a virtualized environment known as a sandbox. This is the kind of technology Barron-DiCamillo said advances cyber defenses by moving past signature examination and more toward protecting endpoints.  

“Think about adversarial modeling and how the whole enterprise protects its capabilities … there’s been anti-virus products around for a long time,” she said. “You have to get past signature-based detection and get into a sandbox where you ask ‘is this behavior normal?’ and put it into a virtualized environment.”

This type of protection is something that the private sector has asked the government to take a look at for some time. Anup Ghosh, CEO of Invincea, told FedScoop last year that containerization would allow agencies to respond to attacks in hours instead of having to rely on other agencies.

He reiterated last week that the work DHS is doing is where the vast majority of attacks are currently taking place.

“Ninety-five percent of all breaches start with spear phishing end users,” Ghosh told FedScoop. “The end point is the new battleground between attackers and defenders.”

Moving to Mobile

Barron-DiCamillo said that battle of the endpoints will soon shift to mobile ground as more agencies equip their workforce with smartphones and tablets. She sees attacks on mobile devices geared toward obtaining credentials for other endpoints instead of trying to find valuable data on the device. The areas for attack seem to be wide: Barron-DiCamillo said a joint program between US-CERT and Carnegie Mellon University found 26,000 vulnerabilities in Google’s Android OS in 2015. Despite that figure, she said mobile attacks are only being conducted by advanced adversaries.

“It’s a huge attack vector, but you have to look at the bang for the buck you get from a mobile device,” she said. “You are not going to be able to get access to the content that a lot of [criminals] are going to want. If I pop your device, there’s nothing there that I can monetize.”

However, she said, as attackers find ways to make compromising mobile devices more lucrative, so the huge mobile attack surface starts to attract more attention.

“That’s the scary aspect. Cyber crime isn’t doing that,” she said. “It will not be very long before you see movement in that. 

“Once it becomes monetized, then it’s blown up.”

Train to Retain

Be it current or emerging threats, Barron-DiCamillo said it’s important for agencies to invest in training for their workforce. She told FedScoop that she was extremely proud of the public-private partnership US-CERT established with Northrop Grumman and George Mason University that trained everyone from entry-level analysts to “cyber ninjas” in areas like network analysis, malware analysis, digital media analysis and incident response. These courses, she said, led to the “biggest retention within our organization of anything I can point to.”

“Cyber depends on three things: data, which we have tons of, tools, which are difficult to do in an environment where things are changing and evolving, and then the last thing is the training aspect,” Barron-DiCamillo told FedScoop. “It gives [employees] a clear path of ‘What I do need to do to get to the next level?’ and it helps them understand what expectations their supervisors or managers have of them, as well as what industry is looking at.”

The training program, which started in US-CERT, has since moved throughout the National Cybersecurity & Communications Integration Center.

“We grew it from what we needed to do in our organization and then it grew from there,” Barron-DiCamillo told FedScoop. “I’m really proud of that program, I’m proud of what we were able to accomplish. I’m also proud of where it’s headed.”

Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found hereSubscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

Medical device makers need to share info, but how?

The Food and Drug Administration in recent draft guidance urges medical device makers to join a group that would allow them to share information on cyberthreats, but big questions remain about what the structure of such a group — called an information sharing analysis organization, or ISAO — would be.

The draft, released last month, outlines recommendations to help manufacturers manage vulnerabilities of their devices once they hit the market. If device makers participate in an ISAO and meet a few other requirements, they wouldn’t have to undergo corrective actions, like a recall, if they uncover certain kinds of online vulnerabilities in their products. 

Only a year ago, the president issued an executive order encouraging the development of ISAOs to promote collaboration between the public and private sectors. The contract to the research organization that is writing a set of guidelines and best practices for ISAOs was only awarded last fall — leaving major questions unanswered as yet. Those big gaps are posing “probably the biggest challenge for us,” said Dr. Suzanne Schwartz, the FDA’s associate director for science and strategic partnerships, last week at the Atlantic Council’s Cyber Statecraft Initiative.

Currently, the agency is taking feedback on what characteristics such an ISAO for medical devices should have and recently held an industry day to garner comments as well, she said.

[Read more: FDA wants input on medical device cybersecurity]

“This is an opportunity that we see at the agency to really jump in and have the community help us define it for health care and public health, for our sector, in a way that’s going to work,” she said.

Indeed, Axel Wirth, distinguished technical architect for U.S. health care industry at Symantec, told FedScoop different types of medical devices face different risks. For example, malfunctions of pacemakers and implantable devices could directly cause a patient harm, but if a bad actor exploits vulnerabilities in X-ray or ultrasound imaging equipment, it may only stymie a hospital’s ability to deliver care, he said.

Because of these differences, hypothetically, a group of ISAOs could address different sectors of medical devices.

“We have about 8,000 medical device manufactures in the U.S.,” he said. “It would probably be unrealistic to assume that they would participate in one ISAO. The devices are so different and the [company] sizes are so different.”

At the same time, more isn’t always better: He said that having too many ISAOs dilutes their effectiveness.

“There is a risk that this will not be planned and you’ll see people come out of the woodwork and declare their own ISAOs and do their own thing,” he said. “Hopefully that does not happen because I think it would create more disturbance and chaos than it would help to provide clarity.”

But he said that “the regulatory carrot is there” —— in the draft guidance — to encourage device manufacturers to join up.

The draft guidance says that FDA has entered into a memorandum of understanding with the National Health Information Sharing & Analysis Center, or NH-ISAC, “to assist in the creation of an environment that fosters stakeholder collaboration and communication” around the security of medical devices. ISACs, which have been around since 1998, are like the original ISAOs, but are built specifically for particular critical industrial sectors, like health care, financial services or oil and gas.

Already, some device manufacturers have started joining information sharing groups like NH-ISAC, according to Russell Jones, partner in Deloitte’s Cyber Risk Services. But he said others are holding back because of concerns about regulatory or reputational issues.

“There are concerns out there about thing out there such as — well, if I share this vulnerability information, what’s to stop the FDA from opening an investigation about me?” he said. “Or if I share this vulnerability information and all the circumstances surrounding it,” how does the information get anonymized? He said that NH-ISAC is working group to help address these concerns. 

NH-ISAC President Denise Anderson said the FDA seemed to want her group to fill the medical device ISAO role. Already, her organization already has a special medical device security section that includes device makers as well as hospital systems that use the devices.

“I would hope … our government partners, in recognition with their partnership with the ISAC, [would say that] this is the place to go,” Anderson said. But she said it’s incumbent upon industry to tell government that’s what they want.

She said her organization’s membership is growing rapidly, particularly in the device maker arena. But Anderson, who previously served as vice president of the Financial Services ISAC, added members of the health industry may not always grasp why information sharing is important. 

Education, she said, is key.

“We are our own worst enemy,” she said. “And if we don’t get together and share with each other and work with each other — the bad guys are doing it — it’s to our detriment.”

In the meantime, FDA is taking comments on the draft guidance through April 21.

“It will be interesting to see the collective comments to the document will be,“ Wirth said. He added, “I think it’s going to be an interesting spectrum.”

Contact the reporter on this story via email Whitney.Wyckoff@fedscoop.com; or follow her on Twitter @whitneywyckoff. Sign up for all the federal IT news you need in your inbox every morning at 6:00 here: fdscp.com/sign-me-on.

GPO, Library of Congress releases bill statuses in XML format

The Library of Congress and the U.S. Government Publishing Office have begun making data about the status of congressional bills available as a bulk XML download — meaning Web developers and software writers can produce Internet sites or apps to provide accurate, up-to-the-minute data about the progress of legislation.

A blog post from the GPO said the move was undertaken at “the direction of the House Appropriations Committee.”

The landmark change in policy comes after more than a decade of asking by “open government advocates, activists and civic hackers,” according to the website E Pluribus Unum. The Congressional Data Coalition called it a “full revolution” and complimented the efforts of the Legislative Branch Bulk Data Task Force, which was established largely to facilitate the goal of disseminating bill information.

Other open data advocates, who have long regarded the availability of active bill status as a critical step in breaking down the barrier between citizens and the legislative process, also applauded last week’s move, as did lawmakers.

“Today’s release of bill status information via bulk download is a watershed moment for Congressional transparency,” House Majority Leader Kevin McCarthy, R-Calif., said in a statement. “By modernizing our approach to government and increasing public access to information, we can begin to repair the relationship between the people and their democratic institutions.”

The bulk download bill data lays the groundwork for the wide proliferation of legislative news via social media and other mass communication platforms — a freedom long sought by transparency activists. Prior to the release, the principle source for XML data on legislation was GovTrack.us, a private website that scraped it from LOC.

House Minority Whip Steny Hoyer, D-Md., called the release of data “a major accomplishment that has been many years in the making,” and declared that “it goes a long way toward making Congress more … accessible to innovation through third party apps and systems.”

DHS releases 250 geospatial data sets on U.S. infrastructure

The Department of Homeland Security is opening 250 sets of geospatial data about the location of vital industries across the country to the public.

The data comes from the Homeland Infrastructure Foundation-Level Data working group, or HIFLD, a DHS initiative to catalogue U.S. critical infrastructure initiated after 9/11. Called HIFLD Open, the data sets are being released to help Americans and their communities prepare to deal with attacks on critical infrastructure, with a focus on safeguarding economic stability.

“HIFLD Open marks an evolution in DHS information sharing, and we have an opportunity to be open and secure; to empower citizens and communities; to support local law enforcement and first responders, businesses and the private sector,” David Alexander, director of Geospatial Information for the DHS, said in remarks at the FedGIS conference in Washington, D.C., on Wednesday.

The data represents roughly half of the information stored in the main HIFLD program, which contains more than 500 geospatial data sets from DHS and the National Geospatial Intelligence Agency.

Formerly regarded as “For Official Use Only” — one of the many ways the government labels and restricts unclassified information —  the 250 sets are broken down into distinct categories, allowing citizens to search the country for 24 different types of infrastructure, including government buildings, mines, power plants and schools. They also map emergency resources like alternative fueling stations and public refrigerated warehouses, which could help protect commerce in the case of an attack.

The data is rendered using ArcGIS, a cloud-based mapping platform that offers a suite of analytic and visualization tools and allows users to plot between points across the U.S. Much of the data is available for direct download on the HIFLD Open website.

The new interface represents a significant advancement over HIFLD’s previous system of storing information, which was limited to physical disks. 

“We used to ship DVDs,” Alexander said. “Now we use dynamic Web services that are updated from the source.”

OMB names governmentwide procurement category managers

The Office of Management and Budget has selected 11 federal procurement leaders to manage new governmentwide categories of federal acquisition, putting them in charge of streamlining and rationalizing $270 billion a year of buying, more than half of all U.S. government spending.

The 11 new category managers will each oversee a single channel in the GSA-operated acquisition gateway, a central portal for agencies to find better ways to procure the common products and services they need. 

FedScoop reported recently that Kim Luke, a former executive with Hewlett Packard Enterprise Services, was named IT category manager. OMB officially announced Luke and 10 more category leads Thursday. The other category managers, unlike Luke, are already in government. 

While serving in their new roles, they’ll continue in their current senior leadership positions throughout government at the General Services Administration, the Department of Homeland Security, the Defense Department, the Department of Veterans Affairs and the Office of Personnel Management.   

These categories serve as the basis for the federal acquisition gateway, which is rooted in the principles of category management, a procurement philosophy in which products are broken down into broad categories, centralizing decision-making, and allowing a strategic and collaborative approach to purchasing across federal agencies. 

Many of the 10 main categories are broken down into subcategories, leaving 19 category “hallways” currently on the gateway, with plans for more to come. For instance, the IT category is currently broken into four subcategories: IT hardware, IT security, IT software and IT services.

Prior to the gateway, federal agencies were spending nearly $450 billion in acquisitions across more than 3,300 often duplicative contacts. This strategy is meant to consolidate those contracts, leverage government buying power and reduce duplication. 

[Read more: OMB puts ex-HP exec in charge of IT acquisition]

Rung said that as the new managers got settled, the results — and the benefits to the taxpayer — would become clear. 

“In the coming months, I look forward to sharing their successes and new ways to leverage our buying power, drive more consistent practices across our agencies, share information, and reduce duplication,” she said. She added that if their work amounted to even a 10 percent cut in redundant, inefficient spend — what other companies typically see after switching to category management — that would result in $27 billion in savings.

The officials in charge of the acquisition gateway recently opened it to the public for the first time to give American citizens and businesses a chance to see what’s going on behind the scenes and offer their help in its ongoing development. As of January, more than 5,500 federal procurement officials have registered to use the acquisition gateway.    

Contact the reporter on this story via email at Billy.Mitchell@FedScoop.comor follow him on Twitter @BillyMitchell89. Subscribe to the Daily Scoop to get all the federal IT news you need in your inbox every morning at fdscp.com/sign-me-on.

White House launches precision medicine projects

The White House Thursday kicked off a spate of key initiatives that lay the groundwork for using data on patients’ genes, environment and lifestyle to better treat diseases like cancer.

President Barack Obama, who launched his so-called Precision Medicine Initiative last year to encourage research in the field, said advances in computers and the use of big data have heralded a new era for medicine.

“We may be able to accelerate the process of discovering cures in ways that we’ve never seen before,” he said, speaking to a standing-room-only crowd that gathered for a PMI summit at the Eisenhower Executive Office Building.

Most of the announcements Thursday centered on the development of a million-person research cohort from which researchers could draw more detailed data about diabetes, Alzheimer’s and a host of other conditions. Such data, researchers hope, could help uncover new cures or ways to prevent illnesses. To start up the cohort, National Institutes of Health said Vanderbilt University and Verily, formerly known as Google Life Sciences, would launch a pilot to study the best ways to enroll, engage and maintain participants.

NIH Director Francis Collins said the cohort will take three to four years to assemble, and participants will be followed for “many years.”

“We want to enable and empower any person anywhere in the United States to be able to raise their hand and volunteer to participate,” he said. “And that means people from all walks of life — rich and poor, young and old, urban and rural, and all races and ethnicities.”

With that in mind, NIH also will work with the Health Resources and Services Administration — an agency of Health and Human Services — to find community health centers which will encourage members of underserved and underrepresented groups to participate in the cohort.

NIH also initiated “Sync for Science” with the Office of the National Coordinator for Health IT to develop open standards for electronic health records that would allow people to donate their data for research.

A key aspect of the Precision Medicine Initiative, Obama said during the event, is breaking down institutional barriers that “prevent us from making big leaps.”

“Part of the problem we have right now is that every patient’s data is siloed — it’s in a hospital here, a hospital there, a doctor here, a lab there,” said Obama, who requested $309 million in the next fiscal year to fund his precision medicine efforts.

He added, “If we can pool and create a common database of ultimately a million people that’s diverse so that they have a lot of genetic variation, we can now take a disease that may be relatively rare … and start seeing patterns.”

Officials also announced that a similar program happening in the Department of Veterans Affairs will begin accepting data from active-duty service members. During a panel discussion led by White House Chief Data Scientist DJ Patil, VA Secretary Bob McDonald said the agency planned to enroll half a million people in its program by July 1, and he noted that he submitted his own genetic data to the project.

Speakers at the event emphasized the need to protect privacy and promote security to help get public buy-in as precision medicine advances. So, the White House released for public comment a draft Data Security Policy Principles and Framework for the initiative. Officials said the Office of the National Coordinator for Health IT would work with the National Institute of Standards and Technology to develop a precision medicine-specific guide to the NIST Cybersecurity Framework. Also, the Department of Health and Human Services’ Office for Civil Rights announced it released new guidance regarding patients’ access to their own health information.

Finally, the Food and Drug Administration launched a challenge for researchers to use the cloud-based precisionFDA portal to foster information sharing and develop the science behind next-generation sequencing.

Obama and several other speakers said partnerships are key for advancing precision medicine, and they noted that the initiative had received 40 more commitments from companies, nonprofits and universities to promote precision medicine. Among them is big data company Cloudera, which promises to provide training to 1,000 precision medicine researchers over the next three years and offer free subscriptions to the company’s platforms to 50 institutions working in the field.

The event featured several patients who have benefited from genomic testing and their family members.

Some said it saved their life because it allowed their doctors to better tailor their treatments. For panelist Sonia Vallabh, a doctoral student at the Broad Institute of MIT and Harvard, it helped determine her risk of developing the disease that killed her mother.

“So often what we label as a ‘health care system’ is more of a ‘disease care system,’” Obama said.

He added, “One of the promises of precision medicine is not just giving researchers and health care professionals tools to help cure people, it is also empowering individuals to monitor and take a more active role in their own health.”

NIH Director Collins said there is still a lot of work ahead, but he said that the end goal could make it worth it.

“This unprecedented project truly has the potential to transform how we understand and how we approach, enhance and empower the health and wellness of families, communities and individuals,” he said.

Contact the reporter on this story via email Whitney.Wyckoff@fedscoop.com; or follow her on Twitter @whitneywyckoff. Sign up for all the federal IT news you need in your inbox every morning at 6:00 here: fdscp.com/sign-me-on.