Government Executive - Authors - Adam Mazmanian

FBI is losing track of classified and sensitive data, watchdog finds

Adam Mazmanian — Mon, 26 Aug 2024 12:48:58 -0400

The FBI needs to do a better job keeping track of electronic media slated for destruction and disposal at bureau facilities, according to an advisory memo from the Justice Department's Inspector General publicly released on Thursday.

The bureau isn't labeling and tracking internal hard drives with sensitive and even top secret national security information once they're removed from computers and servers, according to the memo from DOJ IG Michael E. Horowitz, and FBI officials aren't able to confirm when such drives were destroyed in accordance with bureau policy. Similarly, thumb drives, flash drives and floppy disks are also being handled in ways that don't comport with bureau policies.

"The lack of accountability of these media increases the risk of loss or theft without possibility of detection," Horowitz wrote.

The memo also notes that drives slated for destruction are often subject to insecure storage. In one instance cited by Horowitz, an open, unwrapped pallet holding internal hard drives extracted from bureau computers was stored for almost two years in a facility shared with other FBI functions including mail sorting and information technology acquisition. Almost 400 people including contractors had access to the pallet.

"Both the FBI supervisor and contractor confirmed that they would not be aware if someone was to take hard drives from the pallets because these assets are not accounted for or tracked," Horowitz said.

The Office of Inspector General made three recommendations to the FBI about bringing its media storage methods in line with bureau standards. The FBI concurred with the recommendations, which were not detailed in the memorandum.

]]>

Acting Secret Service head suggests that better tech could have thwarted would-be Trump assassin

Adam Mazmanian — Wed, 31 Jul 2024 15:00:00 -0400

The acting head of the Secret Service told Congress on Tuesday that additional tech will be deployed to campaign events in the wake of the attempted assassination of former President Donald Trump on July 13 in Butler, Pa.

Ronald Rowe Jr., who was tapped to lead the Secret Service after the resignation of Kimberly Cheatle, told a joint hearing of the the Senate Homeland Security and Government Affairs Committee and the Senate Judiciary Committee that a lack of communications capacity, radio interoperability challenges and the absence of a counter-drone system were all key elements that allowed Thomas Crooks to evade Secret Service detection and fire eight shots, nicking Trump in the ear, killing one rally attendee and wounding two others.

Rowe told lawmakers that he visited the Butler Farm Show site and lay in the same position as the shooter to "to evaluate his line of sight," as one of his first acts as agency head.

"What I saw made me ashamed," Rowe said. "As a career law enforcement officer and a 25 year veteran with the Secret Service, I cannot defend why that roof was not better secured. To prevent similar lapses from occurring in the future, I directed our personnel to ensure every event site security plan is thoroughly vetted by multiple experienced supervisors before it is implemented."

Improvements include directing the Secret Service CIO to shore up bandwidth at campaign events with "redundancies as far as cellular on the ground or additional repeaters," Rowe said. He added that counter-drone technology was not deployed and that the Secret Service declined an offer from a state or local agency to operate a surveillance drone at the site. Crooks himself flew a drone on the periphery of the site hours ahead of the shooting, and, had this shown up on a DHS counter-drone system, he would have been singled out for special attention by Secret Service agents.

Rowe noted that the use of counter-drone tech is "a little complex" and requires layers of approval.

"State and locals don't necessarily have this ability to do that. It does require coordination with the [Federal Aviation Administration] because it…could impact commercial travel," Rowe said.

Radio interoperability with state and local authorities continues to pose challenges for the Secret Service, Rowe said.

"It's not just about being able to find whatever frequency our local counterparts are on and then just piping it in," Rowe said.

Crooks reportedly used a laser-powered golf rangefinder from his sniper position. Rowe told lawmakers that such gear is going to be banned at campaign events in the future.

Rowe also said that the Secret Service would begin recording agency radio traffic at campaign events. There's no record of conversations among Secret Service agents from the Butler event. Recordings of communications among state and local law enforcement are currently being used as part of ongoing investigations by the FBI and other agencies.

Social profiles

At the same hearing, FBI Deputy Director Paul Abbate revealed that the agency had unearthed a social media account "believed to be associated with the shooter" with posts dating back to 2019 and 2020.

"There were over 700 comments posted from this account. Some of these comments, if ultimately attributable to the shooter, appear to reflect anti-Semitic and anti-immigration themes, espouse political violence, and are extreme in nature," Abbate said in his opening statement. He declined to specify the platform in question because the FBI hadn't confirmed the account belonged to Crooks.

Separately, Crooks may have had an account on the far-right social network Gab, according to an exchange between Abbate and Sen. Marsha Blackburn, R-Tenn., at the hearing.

Abbate said they were still "awaiting returns from a number of the companies, to include other social media companies as well" in response to possible social network activity by Crooks.

]]>

Biden looks to preserve his tech and cyber legacy with veto threat

Alexandra Kelley, Adam Mazmanian, Edward Graham, and David DiMolfetta — Tue, 23 Jul 2024 12:08:44 -0400

Just one day after President Joe Biden’s decision to shutter his bid for reelection and endorse his number two Kamala Harris in the race against Donald Trump, the administration issued a veto threat against a key spending bill in part because of cuts to key tech priorities.

The administration warned Monday it would veto the House-passed Financial Services and General Government Appropriations Act. As Biden’s time winds down, the policy statement could double as a laundry list of the administration’s tech and cyber accomplishments.

The White House is looking for Congress to pass the $75 million request for the Technology Modernization Fund in the fiscal year 2025 budget. The revolving fund, which supports IT modernization and cybersecurity efforts at federal agencies, got a $1 billion boost under the American Rescue Plan Act, which is nearly depleted.

Biden also warned that a failure to fund the Information Technology Oversight and Reform account at the Office of Management and Budget could result in “layoffs of 251 of 278 staff across [the U.S. Digital Service] and the office of the Federal Chief Information Officer,” which would threaten modernization efforts across government agencies including the Departments of Veterans Affairs, Health and Human Services, Treasury and the Social Security Administration.

The message also complains about efforts to eliminate the ability of the Securities and Exchange Commission to enforce recently adopted cybersecurity rules.

Mike Hettinger, a former senior congressional staffer who lobbies on behalf of technology companies, said the plus-up of the TMF was one of Biden’s signature achievements when it comes to modernization of government IT.

“There’s no way we get a billion dollars without the money going through the American Rescue Plan,” Hettinger told Nextgov/FCW in an interview. “That's tremendous. He recognized the need to promote technology modernization enough to put the money forward.”

Biden also wants to restore funding to the Federal Citizen Services Fund at the General Services Administration, noting that cuts would hamper the ability to follow through on the administration's guidance to the Trump-era 21st Century Integrated Digital Experience Act.

Hettinger noted that the IDEA Act guidance “was something we couldn't get the last administration to do,” and said that generally “that’s a lot of progress in what amounts to three-and-a–half years.”

"No president has done more to drive meaningful, lasting change in how people interact with government services than President Biden," Code for America CEO told Nextgov/FCW in an emailed statement. "He issued a first-of-its-kind executive order on improving the customer experience, making it easier for people to navigate safety net programs, file taxes, claim retirement benefits, and renew passport [and] fostered critical collaborations between government and civic-tech organizations, like Code for America, to build a more inclusive, responsive digital age that works for all."

But IT modernization, even at the scale of IRS legacy tech, is only part of the story. As Hettinger pointed out, there’s a “long tail” of tech policy emanating from executive orders on artificial intelligence, customer experience and cybersecurity that could establish continuity between Biden’s term and possible Harris presidency.

However, on other tech policy matters including antitrust, a Harris administration could serve as a soft reset for executive branch oversight of big tech.

Harris, who represented California in the Senate, has built close ties with the tech industry, given the presence of Silicon Valley startups and tech giants that have permeated everyday societal life, said Adam Kovacevich, a former Google policy director who now leads Chamber of Progress, a center-left tech policy think tank.

It doesn’t necessarily mean Harris would always side with tech companies, especially on kids’ safety issues or AI ethics, he said, but it could help stave off more intensive oversight activity that the FTC and Justice Department have pounced on, having filed several lawsuits against tech companies since Biden took office.

“Biden decided to outsource business regulation to the left,” Kovacevich said. “I just don’t think she’s coming at this from the same posture that Biden did, which is needing to throw the left a bone on these topics,” he said.

Divyansh Kaushik, a senior fellow at American Policy Ventures, told Nextgov/FCW that her background in California politics positions her to have a strong dialogue with the tech industry. He specifically cites Harris’s involvement in the beginning of California’s data privacy policymaking, long before the state’s landmark data protection law was adopted.

“Harris will likely continue President Biden’s vision on AI and is expected to bring a nuanced approach to tech policy more broadly, balancing robust scrutiny with an appreciation for innovation,” Kaushik said. “Her work on data privacy, including brokering agreements among leading tech companies, highlights her commitment to protecting Americans' digital rights.”

Artificial intelligence

As vice president, Harris was tasked with serving as the administration’s ‘AI czar’ to promote the safe adoption of the emerging capabilities, and to promote the AI executive order to industry and global stakeholders.

Harris is anticipated to stick to the Biden administration’s perspective on safeguarding Americans from the potential misuse of emerging AI and machine learning systems.

“There's been a fairly consistent message from this administration, and Harris has helped articulate a good chunk of that vision,” Adam Thierer, a senior fellow at the R Street Institute, told Nextgov/FCW. “So I would think it would largely be steady as she goes, in terms of a Harris AI vision being a continuation of the themes we've already seen developed in the Biden administration.”

Thierer notes that much of the policy language still operates at a relatively high level of generality, making it hard to know what precise policies Harris was directly responsible for.

“I do think she was active, however, in this process,” Thierer said. “I think in some ways, I think it’s probably safe to say she was more active in the formulation of these AI policies than President Biden was in some sense.”

Rep. Yvette Clarke, D-N.Y., who has been a leading voice in Congress for more transparency around the use of AI generated content in political campaigns, said Harris “stands among our strongest and most resolved advocates for the safe use of artificial intelligence.”

“At a fundamental level, she understands both the profound opportunities for good this emerging technology offers, as well as the serious possibilities for harm inherent to it — from threats to our cybersecurity and the biases saturating algorithmic decision-making processes, to the abuses of explicit, non-consensual deepfakes and the flaws of facial recognition, the shortcomings and failings of AI are pervasive and entrenched in these systems,” she told Nextgov/FCW in a statement.

During a speech last year ahead of the AI Safety Summit in London, Harris said that she and President Biden were “committed to working with our partners in Congress to codify future meaningful AI and privacy protections.” But she added that the international community also needed to work together to mitigate AI’s harms on vulnerable populations.

“Just as AI has the potential to do profound good, it also has the potential to cause profound harm,” she said. “From AI-enabled cyberattacks at a scale beyond anything we have seen before to AI-formulated bio-weapons that could endanger the lives of millions, these threats are often referred to as the ‘existential threats of AI’ because, of course, they could endanger the very existence of humanity.”

Harris is also likely to continue fulfilling the requirements of Biden’s October 2023 executive order on the safe, secure and trustworthy use of AI, which outlined how federal agencies should use the technologies while taking steps to mitigate their potential risks.

The vice president also took the lead in announcing final AI guidance issued by the Office of Management and Budget in March, which was required by Biden’s order.

During a press call on the release of OMB’s memo, Harris said she believed “all leaders from government, civil society and the private sector have a moral, ethical and societal duty to make sure that artificial intelligence is adopted and advanced in a way that protects the public from potential harm while ensuring everyone is able to enjoy its full benefit.”

Harris also played a key role in securing voluntary commitments from AI companies to manage the risks posed by AI and met with leading AI firms to discuss the importance of establishing safeguards around their technologies’ use. She has also engaged with consumer and civil rights groups to discuss ways of limiting AI’s negative impact on American workers.

“Vice President Kamala Harris has demonstrated a clear commitment to upholding civil rights values in governing emerging technology, including artificial intelligence,” Koustubh “K.J.” Bagchi, vice president of the Center for Civil Rights and Technology at The Leadership Conference on Civil and Human Rights, told Nextgov/FCW, adding that “at every step of the way, Harris has been a trusted messenger, speaking to the importance of protecting people’s rights and safety amid the industrial revolution of our time.”

Surveillance tech

On privacy and surveillance policy, civil liberties groups are hopeful that a Harris administration may turn the tide in their favor.

As a senator, she backed a measure pushed by privacy hawks that would have added a warrant requirement to Section 702 of the Foreign Intelligence Surveillance Act. The spying power allows intelligence agencies to warrantlessly collect the communications of foreigners abroad for use in national security investigations but has come under fire for a function that permits collection of Americans’ communications when they speak with a foreign target, raising concerns over whether the tool violates Fourth Amendment rights.

Biden in April signed a two-year extension of the law without the warrant measure in place. The intelligence community has frequently argued a warrant obligation would slow down ongoing terrorism investigations and gut the effectiveness of 702. The tool, which spy agencies say is vital for stopping cyberattacks and tracking terror threats, contributes to a major chunk of President Biden’s daily briefings.

“If Harris were to win, civil liberties advocates hope being ‘unburdened by what has been’ won’t mean flipping from her strong voting record and statements on the need for serious FISA reform,” said Jake Leperruque, who helps lead the Security and Surveillance Project at the Center for Democracy and Technology.

An official stance remains to be seen, but there are signs that a hypothetical President Harris could lean more toward the side of the intelligence community now that she’s been on the receiving end of classified security briefings.

“My gut tells me that four years have given her a unique perspective on this, and that may inform her thinking today,” said Suzanne Spaulding, a former CIA and DHS official who now leads the Defending Democratic Institutions project at the Center for Strategic and International Studies.

A spokesperson for Harris did not return a request for comment by publishing time.

“The executive branch is not above the law. The President can override or bypass federal statutes that are clearly unconstitutional, but the Foreign Intelligence Surveillance Act, anti-torture laws, and the detainee transfer law are constitutional. As President, I would respect these laws,” Harris told the New York Times in a 2020 presidential candidate survey series.

Cybersecurity

A Harris administration could also focus on continuing to bolster the cyber policy groundwork laid under Biden’s time in the Oval Office, including the establishment of the Office of the National Cyber Director as well as the Bureau of Cyberspace and Digital Policy in the State Department.

In the wake of Friday’s mass IT outages linked to CrowdStrike and Microsoft, the conversations over reliance on a small number of major tech vendors must continue, said Kiersten Todt, a former chief of staff at CISA. “It’s not to say those two companies shouldn’t be involved, but we have to ask: what resilience do we need to be baking into our infrastructure?” she said.

Other themes should continue, said both Todt and Spaulding. CISA under the Biden administration has thoroughly pushed “secure by design” principles in which software manufacturers are encouraged to design their offerings with built-in security features that come pre-installed at point-of-sale.

Software liability, where manufacturers are held to account over poor feature design that enables cyberattacks, has become a major component of the Biden administration’s National Cyber Strategy that experts say should be continued under Harris. A new implementation plan of the strategy outlines nearly 70 objectives aimed at shoring up U.S. cyber posture, calling on the government to leverage “all instruments of national power” to make it harder for hackers to threaten national security and public safety.

“If those offices transition leadership to a Harris administration, there’s a lot of great work that has been done that has developed a foundation off of which the next iteration of leadership can certainly take it to the next place,” Todt said.

But ONCD may need to further integrate itself into future discussions with the National Security Council, said Spaulding. Former national cyber director Chris Inglis had clashed with Anne Neuberger, the deputy national security advisor for cyber and emerging technology, prompting him to resign early last year, Bloomberg reported last April.

Nextgov/FCW staff reporter Natalie Alms contributed reporting to this article.

]]>

DHS cyber hiring program got off on the wrong foot, CIO says, but progress is showing

Adam Mazmanian — Wed, 26 Jun 2024 17:26:00 -0400

A top tech official at the Homeland Security Department acknowledged to Congress today that a special hiring program could have been put to better advantage at a time when the department — and government writ large — is struggling to attract cybersecurity talent.

The Cybersecurity Talent Management System, authorized by Congress in 2014 and launched by DHS in 2021, has so far resulted in 345 job offers and 189 employees currently working in the Office of the Chief Information Officer at DHS, as well as at the Federal Emergency Management Agency and the Cybersecurity and Infrastructure Security Agency.

"While CTMS is delivering significant results, its rollout was not without challenges," DHS CIO Eric Hysen told the House Homeland Security Committee on Wednesday. "It took us too long from receiving the authority to launch the program and begin hiring under it, and our initial rate of hires has been slower than expected."

As Nextgov/FCW previously reported, it took DHS six months to make its first hire under CTMS, and the agency struggled to get its numbers up over the course of the first year of the program.

Hysen told Congress that the department has almost 2,000 cybersecurity vacancies and said that DHS "has committed to expanding CTMS" to include other agency components while also broadening the program to accommodate applicants specializing in artificial intelligence and data science.

Additionally, Hysen stressed that the individuals hired under the program are adding value to cybersecurity efforts, and because about half of the CTMS hires are at the entry level, DHS is able to build a bench of future managers and executives. Currently, CTMS is showing a 94% two-year retention rate for hires, which exceeds overall tech industry benchmarks, Hysen said. That means for the future, DHS could expect to see "reduced labor time and costs associated with recruitment and backfilling."

At the hearing, which included witnesses from cybersecurity operations at the White House, the Defense Department, and the National Institute of Standards and Technology, Rep. Seth Magaziner, D-R.I., noted that the Republican-led House of Representatives was intending to vote that day on a funding bill that would trim Hysen's budget by $2 million over last fiscal year and $6 million below the Biden administration's request.

"So I just suggest that perhaps we revisit that [since] this is a time to be doubling down on these recruitment efforts," Magaziner said. "So perhaps we can all work together to try to plus-up that funding as we go through the appropriations process."

]]>

DOD CIO resigns to take university post

Adam Mazmanian — Thu, 06 Jun 2024 14:06:00 -0400

The Defense Department's chief information officer is resigning from government service to lead the Bush School of Government and Public Service at Texas A&M.

The move was announced June 6. Sherman will exit government service at the end of this month.

John Sherman was confirmed by the Senate to serve as CIO in December 2021, and he'd been serving in the role on an acting basis before that. His leadership of tech at DOD spanned the Trump and Biden administrations.

At DOD, Sherman championed zero trust cybersecurity policies and was an advocate for research and development and fielding of artificial intelligence capabilities. He led the effort to pivot to virtual remote work for DOD staff during the COVID-19 pandemic, and he was a key player in the cancellation of the embattled Joint Enterprise Defense Infrastructure cloud contract, as well as the development of its replacement, the $9 billion Joint Warfighter Cloud Capability vehicle.

"Mr. Sherman has been a steadfast advisor and an innovative leader who has helped the department adopt and utilize modern information technology to keep our country safe," Defense Secretary Lloyd Austin said in a statement. “His technical expertise has proven invaluable in tackling a variety of digital challenges. His focus on mission readiness has ensured that each of the services is equipped with both the capabilities and the digital workforce necessary for modern warfighting."

Before joining DOD, Sherman served as CIO for the intelligence community in the Office of the Director for National Intelligence, deputy director for the CIA's Open Source Enterprise and as a deputy national intelligence officer on the National Intelligence Council.

Sherman and his wife Liz are both graduates of Texas A&M.

“I’m tremendously honored and humbled to be selected as the next dean of the Bush School," Sherman said in a statement. "The spirit of service and focus on preparing students for the future they instilled in the school will be our guiding light as we look to the challenges the next generation of leaders will face. Liz and I are excited to get back home to College Station and beginning this next chapter in our lives."

]]>

House bill targets AI-generated comments in rulemaking

Adam Mazmanian — Thu, 09 May 2024 16:00:00 -0400

The House passed a bill on Monday that tasks federal agencies with managing computer-generated comments in rulemaking proceedings. The Comment Integrity and Management Act of 2024 passed without opposition on a voice vote.

The bill, sponsored by Rep. Clay Higgins, R-La., doesn't look to block comments generated by large language models like ChatGPT, Google's Gemini and others. Rather, the bill puts a legislative framework around existing efforts to identify and manage the flow of computer-generated comments to proceedings on Regulations.gov and elsewhere.

"The cornerstone of this bill is its commitment to ensuring that every comment submitted by electronic means comes from a real person, not an automated program," Higgins said on the House floor on Monday. "By requiring human verification, we are taking a significant step towards preserving the authenticity of public input."

Even before the advent of publicly available generative AI applications, policymakers were concerned about how to treat bulk submissions in response to federal agency rulemaking proceedings.

"The basic issue is that it has gotten easier for people to post comments online in a rulemaking," Rep. Jamie Raskin, D-Md., said on the House floor on Monday in support of the bill. "That is a really good thing because it means that the process of implementing regulations is more accessible, more transparent, more open, and more participatory, but a number of the agencies have found, I think, what Members of Congress have found. Sometimes you get the same paragraph 100 times, 1,000 times, or 3,000 times."

In one instance, the Federal Communications Commission's docket on the repeal of net neutrality policy in 2017 generated more than 22 million comments — more than 8.5 million of which were posted via a campaign led by broadband providers who wanted to see an end to the policy, according to a probe by New York's attorney general. There were 7 million comments traced to a computer science student, who attributed the comments to computer-generated names and addresses.

The Biden administration is also concerned about the issue. Its 2023 executive order on Modernizing Regulatory Review charges the head of the Office of Information and Regulatory Affairs with considering "guidance or tools to modernize the notice-and-comment process, including through technological changes…[including] guidance or tools to address mass comments, computer-generated comments (such as those generated through artificial intelligence), and falsely attributed comments."

One new wrinkle posed by generative AI, according to Mark Febrizio, a senior policy analyst at the George Washington University Regulatory Studies Center, is whether bot-generated comments can escape detection of tools designed to identify spam comments. In a 2023 paper, Febrizio argued that existing checks in place in the Regulations.gov platform could thwart efforts to flood proceedings with AI-generated comments.

These checks include a CAPTCHA interface to identify individual posters as human and, more significantly, a registration system used to authorize and track bulk comment submissions.

"Even with an unlimited supply of AI-generated content, a malicious user would quickly hit a bottleneck when trying to submit those comments on agency rules," Febrizio wrote.

Under the bill, any agency with its own rulemaking docket would be subject to policies similar to the one governing comments on Regulations.gov on the posting of AI-generated comments. Specifically, such policies would task agencies with publishing just a single representative version of mass comments, rather than having each listed separately in the docket, and publicly state the number of computer-generated submissions in a rulemaking proceeding.

The Office of Management and Budget is charged with issuing guidance for agencies to follow when implementing commenting policies and using "new technology to offer new opportunities for public participation in the rulemaking process." The bill tasks the Government Accountability Office with delivering a report to Congress with recommendations on how to identify computer-generated content, the prevalence of such comments and their actual impact on rulemaking.

]]>

Education secretary pledges troubled online student aid tool will be ready for next fall

Adam Mazmanian — Thu, 02 May 2024 12:01:00 -0400

Education Secretary Miguel Cardona told Senate appropriators on Tuesday that the agency's online student aid form would be ready with improvements for students to begin submitting applications on October 1.

The tool debuted online in late December, in the middle of a busy college application season, but problems with limited uptime and bad data led to user complaints

"I do share the frustration you share," Cardona said in response to questions from Sen. Susan Collins, R-Maine. "Our kids deserve better, and we are working around the clock to make sure it improves. We've had delays. We had issues with some of the coding that we had to make changes to, and it is an overhaul. It's not just a new website."

Cardona steered clear of apologizing for the disappointing rollout, but he did acknowledge the confusion and anxiety experienced by students and by school administrators as a result of the rocky rollout of the online Free Application for Federal Student Aid tool.

Students typically face a May 1 deadline to commit to attending a college or university, but doing so can be problematic without knowing what kind of financial aid package they are in line to receive. The online form was designed to be dynamic to only require applicants to submit answers to necessary questions. The previous iteration of the form included 103 possible questions, but under the revised FAFSA applicants can skip up to 26 questions depending on the information they input. Despite the streamlined format, data shows that students are still facing challenges completing the application.

Sen. Shelley Moore Capito, R-W.Va., called the rollout of the new system "bungled" and said that " FAFSA completions are down 36% nationally compared to this time last year" and down almost 40% in her home state.

Later in the hearing, Cardona noted that the old form also presented challenges, and that he thinks that the digital FAFSA will improve accessibility across the board.

"I think one of the things that we don't really talk about a lot is that across our country we've normalized a 60% completion, 70% completion of FAFSA. It is our expectation as we work together to get those numbers closer to 90%, 95% of students filling it out," Cardona said.

]]>

Feds need to be careful when tapping generative AI for work

Adam Mazmanian — Tue, 30 Apr 2024 06:00:00 -0400

Generative artificial intelligence can help federal employees do their jobs better in certain cases, but there are risks to watch out for, according to the Office of Personnel Management.

The federal HR shop issued guidance today on the Responsible Use of Generative AI, which points out some key pitfalls — as well as benefits — of using the emerging technology in federal work, such as document drafting, coding, translation, data analysis and more.

First, it's important to make sure your agency has cleared employees to use GenAI apps in the workplace. Agencies have different policies about onboarding tools that assist in writing, computer coding and image generation. While these tools are often freely available over the open internet, it's up to agencies to authorize access. Some agencies may have their own enterprise GenAI tools. In any case, OPM notes, feds should "expect that your use of GenAI technology may be logged and monitored."

Even approved tools can generate outputs that aren't suitable for public-facing or even internal use, because of the potential for copyright infringement and plagiarism, as well as the release of personal information contained in training materials used by these large language models. Additionally, OPM notes the risk "to agency credibility if content is inaccurate, unreliable or discriminatory."

OPM urges feds to impose human checks on AI outputs before any publication or dissemination of written materials or AI-generated images. It is especially important to "review AI-generated material for potentially biased, harmful, stereotypical, or otherwise offensive language or images," the guidance states. Additionally, some agencies may require some disclaimer or watermark that identifies AI-generated material.

The guidance comes 180 days after the release of the Biden administration's executive order on AI. The White House noted separately that all federal agencies completed the 180-day deliverables contained in the order on schedule. These include, on the government operations front, guidance from the Department of Labor's Office of Federal Contract Compliance Programs on deploying AI in the workplace, as well as multi-agency guidance on the responsible and equitable use of GenAI in public benefits programs.

]]>

National Weather Service says partial circuit failure caused network outage

Adam Mazmanian — Fri, 05 Apr 2024 16:00:00 -0400

The National Weather Service attributed a six-hour weather data outage on April 2 to an "intermittent hardware failure" of a circuit in its College Park, Maryland data center, according to a statement shared with Nextgov/FCW.

The Advanced Weather Interactive Processing System, which combines telecommunications services and an interactive user interface, is designed to switch operations to a backup system in the event of a failure, but because the circuit failure was intermittent, the automated switch to the backup system did not occur, the agency said.

A team of vendor and NWS specialists manually switched operations to the backup system in Boulder, Colorado once they figured out the root cause of the outage. NWS has since reconfigured the system to prevent an intermittent failure from taking weather services offline for such a long time.

Currently NWS weather dissemination systems have an uptime goal of 97%, the agency said, noting that allows for a total of 11 days downtime per year. The National Oceanic and Atmospheric Administration, the parent agency of NWS, is seeking an $11.4 million boost for system maintenance and support that it hopes will result in 99% uptime. The agency is also looking to migrate AWIPS to the cloud to eliminate the need for shifting operations between data centers.

"Transforming AWIPS to a cloud framework will give forecasters efficient, secure remote access to the system, therefore allowing them to be more nimble and flexible in providing [impact-based decision support services] in embedded partner locations," the agency said in its budget request.

]]>

Federal weather system experiences outage amid severe weather nationwide

Adam Mazmanian — Wed, 03 Apr 2024 12:08:45 -0400

Multiple National Weather Service forecast offices nationwide experienced an overnight network outage early Tuesday that lasted over five hours and impacted some warning services, according to a statement released by the National Oceanic and Atmospheric Administration.

In response, the NWS technology team switched network services from its College Park, Maryland data center to a data center in Boulder, Colorado. NOAA said that normal operations resumed at 6:30 a.m. EDT on April 2, 2024.

The 122 regional NWS offices are charged with keeping the public and local media up-to-date on weather conditions. The outages coincided with an outbreak of severe weather, including tornado watches and warnings across multiple states.

Meteorologists in the impacted regions were posting about the outage on social media, as reported by the Washington Post.

NOAA declined to specify what systems were at issue and said "we are working with the vendor to identify the root cause of the outage." An agency spokesperson said on Tuesday afternoon that, "all signs right now point to a hardware failure."

The agency is seeking a more than $22 million budget increase for fiscal year 2025 for several weather forecasting and information dissemination systems.

That increase includes $11 million to move the Advanced Weather Interactive Processing System to the cloud. AWIPS is the system "that weather forecasters at NOAA/NWS use on a daily basis to process, display, and communicate meteorological data to make accurate weather predictions and dispense rapid warnings and advisories," according to the NWS website.

Editor's note: This story was updated April 2 with additional information.

]]>

National Archives tees up new rules for UFO records

Adam Mazmanian — Wed, 07 Feb 2024 09:00:00 -0500

Congress wants to know what agencies know about UFOs, and, under a new law, agencies have to tell them.

New records management provisions included in the recently enacted 2024 defense policy bill require federal agencies to organize and tag records related to what the government calls "unidentified anomalous phenomena" or UAP.

Agencies have until the end of the current fiscal year to "review, identify, and organize each UAP record in its custody for disclosure to the public and transmission to the National Archives," according to a memo sent Tuesday afternoon from Laurence Brewer, chief records officer for the U.S. Government, and Chris Naylor, NARA's executive for research services, to federal agency records managers.

A new, central collection of UAP records will be housed at the National Archives and Records Administration.

The law passed without measures sought by backers, notably Senate Majority Leader Chuck Schumer, D-N.Y., that would have set up a presidential commission with the authority to declassify records pertaining to UAP.

"For decades, many Americans have been fascinated by objects mysterious and unexplained and it’s long past time they get some answers,” Schumer said last July when the bipartisan legislation was introduced. "The American public has a right to learn about technologies of unknown origins, non-human intelligence, and unexplainable phenomena.

Brewer and his team at NARA are tasked with providing records officers with guidance on the information required to set up the UAP collection and with creating a form agencies can use to tag records for collection in the UAP archive.

The memo gets into the weeds about what records officers can expect from the metadata requirements, including information on classification levels and restrictions, as well as what can and can't be publicly disclosed.

NARA is asking agencies to get started identifying relevant records and to expect further instructions on tagging and transmitting records to the Archives.

]]>

OMB head 'not optimistic' about avoiding a government shutdown

Adam Mazmanian — Sun, 07 Jan 2024 17:33:48 -0500

White House budget director Shalanda Young told reporters on Friday that she's "not optimistic" about avoiding a government shutdown when the current stopgap bills funding government agencies expire in the coming weeks.

Congress will be back in session this week to confront that possible government shutdown as well as requests for supplemental appropriations for wars in Ukraine and Israel. House Republicans and some in the Senate are signaling that they would back a shutdown if their demands for new policies and funding for border security aren't met.

Currently the federal government is being funded by two continuing resolutions, with a Jan. 19 expiration date for discretionary funds at the Departments of Veterans Affairs, Agriculture, Transportation, Housing and Urban Development and Energy as well as the Environmental Protection Agency and military construction. A second provision funding the Pentagon, the Departments of Justice, Homeland Security, Treasury, State and more expires Feb. 2.

On Wednesday, more than 60 House Republicans led by Speaker Mike Johnson, R-La., visited the border town of Eagle Pass, Texas to press the administration for concessions on immigration policy.

"If the Biden administration does not shut the border down, we'll shut the government down. We control the money," Rep. Andy Biggs, R-Ariz., told reporters during the visit.

Young quoted that comment and told reporters that "there are a growing number of House Republicans with this mindset. So I wouldn't say pessimistic [about a shutdown] but I'm not optimistic."

With just a few exceptions, federal agencies updated their contingency plans in the event of a shutdown in the runup to the close of fiscal 2023. In the event of a shutdown, many essential functions will be allowed to continue, with employees temporarily foregoing paychecks. Furloughed employees will be paid for missed time when their agencies reopen.

Some operations on the tech side will suffer under a shutdown: The Cybersecurity and Infrastructure Security Agency will only retain about 30% of its workforce in that event. Some activities, such as the Technology Modernization Fund, that are paid for by working capital funds, no-year money or administrative fees will be allowed to continue operating with phased shutdowns in the event of a prolonged lapse in appropriations.

]]>

Sonny Hashmi to depart GSA

Adam Mazmanian — Tue, 12 Dec 2023 17:24:00 -0500

The federal civilian government's top buyer is exiting his role at the end of the year.

Sonny Hashmi will step down as commissioner of the Federal Acquisition Service on Dec. 29. FAS Deputy Commissioner Tom Howder will take over the top job on an acting basis, according to an agency announcement.

Hashmi, who won Federal 100 honors in 2013 while serving as GSA's chief information officer, led a reorganization of the FAS that deemphasized its legacy regional structure in favor of a more centralized approach.

FAS Commissioner Sonny Hashmi (Photo courtesy: GSA)

"Our regional-based employees aren’t going away, but this shift to our structure will meet the growing demand from our customers that FAS respond holistically when it comes to contracting assistance," Hashmi said in a GSA blog post in September, when the reorganization was announced.

Hashmi told Nextgov/FCW in an interview published earlier this month that reorganization was motivated by a desire to simplify customer service.

“It became very clear quickly that the way we were organized… was actually getting in the way of us serving our customers,” he said. “Often times, our customers have had to navigate our internal organization structure before they could get service, and that’s unacceptable.”

Hashmi said in a statement that he's "confident that FAS is better prepared than ever to meet the needs of both its federal partners, who require innovative products and services, as well as the Americans who depend on their government to deliver."

He added that "it has been a true honor to help lead the Federal Acquisition Service, an entity that helps the world’s largest buyer get exactly what it needs to serve millions of Americans every day.”

Hashmi told Nextgov/FCW he will be returning to the private sector, and said he would announce his new job next year. Hashmi has previously worked as managing director of global government for Box between 2015 and 2021, a role he started after serving as GSA's CIO. Before that, he held various posts at Xerox and IBM, and he served in technology management in the government of the District of Columbia.

]]>

Hackers exploited out-of-support software to scan federal systems, CISA says

Adam Mazmanian — Thu, 07 Dec 2023 10:21:00 -0500

The nation's cyber defense agency is warning tech shops about two cybersecurity breaches targeting out-of-support versions of Adobe ColdFusion and reminding agencies to keep up with software updates.

The Dec. 5 bulletin from the Cybersecurity and Infrastructure Security Agency details two incidents dating back to June 2023 in which public-facing web servers were targeted using a known vulnerability in out-of-support versions of Adobe ColdFusion. The agency that was victimized by the exploits was not named.

In one incident, CISA's analysts observed that hackers uploaded malware designed to abet "future malicious activity by the threat actors" including the siphoning of user credentials for further access. The infiltrators also created a "staging folder to support threat actors' malicious operations" The infiltrators also took steps to cover their tracks, the report said.

In the second incident, hackers were able to move laterally across a public-facing web server running an unsupported version of Adobe ColdFusion and attempted unsuccessfully to exfiltrate registry files containing account information on users. Additionally, the CISA analysts concluded that hackers were able to view information in a file that could support password decryption, but according to the report, "no malicious code was found on the victim system to indicate the threat actors attempted to decode any passwords" using information contained in the compromised file.

According to the report, it's not known whether the same threat actors were responsible for both incidents.

Under CISA's standing binding operational directive from November 2021, "known exploited vulnerabilities should be the top priority for remediation." In the Dec. 5 advisory, CISA urged agencies to upgrade all software that is vulnerable to the exploit and to prioritize fixes to public-facing systems.

]]>

Okta breach includes theft of data on nearly all help desk users, including some feds

Adam Mazmanian — Thu, 30 Nov 2023 06:00:00 -0500

Identity management company Okta said in a Wednesday blog post that hackers stole a report that included names and email addresses of users of the company's customer support system.

The company said that FedRamp High and Defense Department Impact-Level 4 customers were not affected by the breach, but that data on all other Workforce Identity Cloud and Customer Identity Solution customers was exfiltrated in the hack. This includes users of Okta's FedRAMP Moderate and DOD IL2 systems, the company told Nextgov/FCW in an emailed statement.

FedRAMP High and DOD IL4 customers have a separate support platform, according to Okta.

Initially Okta said that information on 1% of its customers was compromised. In a subsequent letter to customers, the company indicated that more than 99% of customers had at least an email and name compromised in the hack.

Okta is a leading provider of identity authentication services. It counts dozens of federal agencies among its customers, including the Department of Veterans Affairs, the Centers for Medicare and Medicaid Services, the Department of Defense, Treasury, NASA and more, according to federal contracting data. On the corporate side, Okta provides services to FedEx, Zoom, JetBlue and other customers, according to its website.

The stolen data includes customer usernames, emails, phone numbers, dates of last login and other information. The hack, which was discovered in October, affected customer support systems, not Okta's core identity management service. The company still urged customers to be wary, because the purloined information could be used to target impacted individuals with email and telephone scams.

"While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks," David Bradbury, the company's chief security officer, said in the blog post.

The company advised customers to implement multifactor authentication and urged users with administrative authority over client systems to use phishing resistant authenticators, like a FIDO-compliant token such as a Yubikey or smartcards like the PIV and CAC cards used by federal and defense customers. The company also recommended additional measures, detailed in Bradbury's blog post, to secure administrative accounts.

Okta is continuing to investigate. Bradbury said the company is "working with a third-party digital forensics firm to validate our findings and we will be sharing the report with customers upon completion." In a statement shared with Nextgov/FCW, the company said it would also reach out to individuals whose information was downloaded in the breach.

]]>

House GOP pulls funding bill covering IRS, GSA, OMB and more

Adam Mazmanian — Thu, 09 Nov 2023 14:56:51 -0500

With a potential government shutdown looming in just over one week, the House of Representatives adjourned without voting on the $25 billion Financial Services and General Government appropriations bill that funds the Office of Management and Budget, the Treasury, the General Services Administration, the Office of Personnel Management and more.

Plans to vote on the bill on Thursday were scuttled because of an intra-party dispute among Republicans about a measure that forbids the District of Columbia from implementing a 2014 law preventing employers from discriminating against workers based on their use of birth control or for having had an abortion.

This is the second appropriations bill that had to be shelved because the GOP couldn't muster the votes to pass its own legislation. Earlier this week, House Republicans pulled the Transportation and Housing funding bill because moderate Republicans in the northeast wouldn't back deep cuts to Amtrak.

On the tech front, the General Government bill would have zeroed out appropriations for the Technology Modernization Fund, though the Biden administration had sought $200 million in new TMF funding in its fiscal year 2024 budget request. Rep. Gerry Connolly, D-Va., had sought to restore $50 million in TMF funding via an amendment to the bill, but it was not put up for a vote.

"The pandemic taught us that the federal government is only as good as its IT — a lesson my Republican colleagues are unwilling to learn," Connolly told Nextgov/FCW in an emailed statement. "I am disappointed that my amendments were not made in order in this year’s appropriations bill, but I will keep up the fight for as long as it takes to fully fund these important programs."

Rep. Pete Sessions, R-Texas, sponsored an amendment to defund the 18F innovation group at GSA. That amendment passed on a voice vote without any debate from the Democratic side of the aisle, and without any request for a recorded vote.

Sessions, who is chairman of the Government Operations and the Federal Workforce subcommittee of the House Oversight Committee, said he wants to eliminate funding for 18F because of its role in managing Login.gov, the federal government's digital identity service, which got in hot water over claims that it met key federal identity proofing standards when it did not.

"So we have here a federal entity marketing a service to a federal customer that is intended to assure identity, but that federal entity is not telling the truth. This amendment targets 18F and not Login.gov itself. This is because, since its inception in 2014 in the wake of the Healthcare.gov debacle, trouble has followed 18F around," Sessions said on the House floor. "It was envisioned to be a tech-savvy group within the federal government that would…usher federal agencies into the digital era. But in practice, it was no more than a group run amok."

]]>

Cyber Director nominee talks AI, collaboration at confirmation hearing

Adam Mazmanian — Fri, 03 Nov 2023 10:00:00 -0400

A lot of tech policy wonks in Washington, D.C., still haven't read the entire executive order on artificial intelligence released earlier this week by the White House. Harry Coker, the administration's pick to serve as national cyber director, was brave enough to admit the fact under oath at his Senate confirmation hearing on Thursday. But the nominee said he was excited about the prospects of the emerging tech to help manage workloads for cybersecurity pros.

"There is an awful lot of data that is not just available but that is essential to cybersecurity. So much so that big data analytics need artificial intelligence capability to process through those mounds of data and turn it into actionable intelligence in a timely manner. That's a direct area in which artificial intelligence can and must support cybersecurity," Coker told lawmakers on the Senate Homeland Security and Government Affairs Committee. "But like with many technologies and emerging capabilities, there are other sides that we need to be concerned about with artificial intelligence and AI. Although I haven't made it through the recent executive order just yet — it's over 100 pages — from what I've seen at the top level, there's recognition of those potential concerns. And that needs to be a focus area along with the potential benefits of artificial intelligence."

Coker, a Naval Academy graduate and a career public servant, was nominated by President Joe Biden to take over the vacant position in July. He served 20 years in the Navy before taking on senior roles at the CIA and the National Security Agency, including the post of executive director at NSA. He's currently senior fellow at Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security and advises private companies on tech and cybersecurity.

He struck some familiar notes at his confirmation hearing in response to questioning from lawmakers: the importance of public-private partnerships and the need for cooperation among federal agencies and across state, local and tribal governments. But he also stressed his work deep in the weeds of naval and intelligence community operations.

In response to a question about delivering on the National Cybersecurity Strategy, Coker focused as much on the implementation plan as on the overall goals. He noted that there are 69 initiatives across 18 departments and agencies that need to be coordinated to operationalize the strategy.

"As a former program manager in the government, I know it's key to have cost, schedule and performance…metrics. They have to be there. If you can't measure it, you can't manage it. So ONCD, to their credit…has done a masterful job and pulling their strategy and implementation plan together."

Coker also spoke to concerns that many in the private sector have expressed about partnership with the government on cybersecurity issues. He likened private sector cybersecurity operators to a "combatant command" that is "on the front line fighting the threats every day," with ONCD as a "supporting command."

"National security, especially cybersecurity, requires partnerships across the public sector and the private sector," Coker said. "Although I've been in situations where that partnership wasn't a true partnership, where it was more one way: 'Give me what you got. Tell me what you know, and I'll see you later.'"

He sees the role of the National Cyber Director as "ensuring that the private sector knows there is a true partnership, and that their knowledge, their capabilities and their risks are appreciated and supported."

Coker also lauded the "Secure By Design" guidance updated by the Cybersecurity and Infrastructure Security Agency in October. The CISA guidance looks to the private sector to build security into software and services and to shift responsibility for cybersecurity away from end users and onto manufacturers.

"We need to ensure that it's not just a focus on first-to-market. It needs to be secure-to-market. And the government can incentivize secure-by-design, secure-to-market, and so that's the way that needs to be demonstrated as we shift that balance to realign the incentives towards that."

]]>

Supreme Court lifts restrictions on federal agency contacts with social media firms

Adam Mazmanian — Mon, 23 Oct 2023 13:02:06 -0400

The U.S. Supreme Court on Friday lifted restrictions imposed by a federal appeals court on contacts between federal officials and social media platforms.

The original case was brought by Republican officials in Missouri and Louisiana, as well as several individual plaintiffs, and alleged that the Biden administration used its authority to coerce social media networks, most prominently Facebook and Twitter, into suppressing speech about election security, COVID-19 vaccine safety and other matters, in violation of the First Amendment.

According to an appellate ruling from September, the plaintiffs target is "the government’s interference with those social-media companies’ independent application of their policies." Lawyers representing the government said in arguments before the Fifth Circuit Court of Appeals that contacts with social media companies over content moderation issues are an ongoing government activity.

A district court judge in the case had imposed a broad injunction barring most contacts between federal officials and social media companies in early July.

The appeals court modified that injunction to permit contacts with social media companies by officials at the State Department, the Cybersecurity and Infrastructure Security Agency and the National Institute of Allergy and Infectious Diseases.

However, the appeals court upheld the injunction where White House, FBI and Centers for Disease Control officials were concerned.

With the Supreme Court ruling lifting the injunction, federal officials are free to refer potential misinformation or incidents of possible violations of social media platforms' content moderation policies to company officials until the underlying case is decided.

Justice Samuel Alito dissented from the decision staying the injunction. He was joined by Justices Clarence Thomas and Neil Gorsuch.

"Government censorship of private speech is antithetical to our democratic form of government, and therefore today’s decision is highly disturbing," Alito wrote in his dissent.

Separately, the Supreme Court agreed in late September to review a series of state laws passed in Texas and Florida that put limits on the ability of social media platforms to moderate content posted to their networks. The Biden administration had urged the Court to take on the case.

"When a social-media platform selects, edits, and arranges third-party speech for presentation to the public, it engages in activity protected by the First Amendment," the Justice Department stated in a brief.

]]>

Ahead of shutdown, House and Senate Dems propose back pay for furloughed contractors

Adam Mazmanian — Fri, 29 Sep 2023 10:00:00 -0400

With a partial government shutdown seeming likely starting Oct. 1, Democrats in the House and Senate are looking to make sure furloughed contractors receive back pay just like federal employees.

Reps. Ayanna Pressley, D-Mass., Eleanor Holmes Norton, D-D.C., and Donald Norcross, D-N.J., along with Sen. Tina Smith, D-Minn., have introduced the Fair Pay for Federal Contractors Act to pay federal contractors wages lost during a shutdown. The bill also proposes restoring paid leave time used by furloughed contractors during a shutdown.

"This is about fairness," Smith said in a statement. "Contractor workers and their families should not be penalized for a government shutdown that they did nothing to cause”

Pressley noted that federal contractors may have lost up to 15% of annual income during the previous extended government shutdown.

"Government shutdowns are destabilizing events with disastrous consequences, especially for the thousands of low-wage service workers and their families," Pressley said.

The back pay provision is capped at $1,442 per 40-hour work week.

Pressley and Smith proposed similar legislation during the 35-day shutdown of 2018-2019. After that shutdown, federal employees were guaranteed back pay for time on furlough, but efforts to extend the same benefit to contract workers failed.

The bill also calls on the Office of Federal Procurement Policy to produce a report on the number of contractors who are covered by the legislation, as well as details on how many contract employees submitted claims for lost wages.

Unemployment insurance compensation is not mentioned in the bill. Feds who receive unemployment payments during a shutdown are typically on the hook to repay those benefits upon receiving back pay when the government reopens.

]]>

VA's health record 'reset' will extend into 2024

Adam Mazmanian — Fri, 15 Sep 2023 11:00:00 -0400

The Department of Veterans Affairs is eying the summer of 2024 to resume its deployments of the Oracle-Cerner electronic health record system.

The 10-year technology refresh, currently budgeted at $16 billion but widely expected to cost much more, was paused in April to focus on driving improvements at the five VA sites where the new record is currently in use.

At a Wednesday hearing of the House Appropriations subcommittee that funds VA, program head Neil Evans told lawmakers that the next deployment will take place at Lovell Federal Health Care Center in North Chicago in April 2024. This go-live was kept on the schedule despite the pause because it is taking place at a facility that also serves Defense Department patients. DOD is using the same commercial records system as VA, but it is very close to completing its full deployment.

Assuming that go-live goes well and other program improvements are on pace, VA officials expect deployments to resume in the summer of 2024.

"VA has organized the work of this program reset into three-month increments and just completed its first increment on August 31," Evans said. "Initial efforts focused on making necessary system changes, improving the technical stability of the system, enhancing end user support and ticket management, addressing communications within VA and developing a larger cohort of VA experts who can support the new system in the years to come."

Oracle executive Mike Sicilia, who also testified at the hearing, said that the reset period includes 270 workflow reconfigurations designed to improve user experience and the efficiency of the system at the sites where the new electronic health record is currently in use.

"So, these are things that we're cleaning up, if you will, based on direct provider feedback from VA providers who have given feedback around a certain way the system functions," Sicilia said.

Sicilia also said he expects VA to develop a plan to support multiple, parallel deployments of the system, once these tech, training and configuration problems are resolved. He said he doesn't expect to add to the original $10 billion for the software called for in the 2018 contract.

"And we can, to make it quite simple, deploy more than one site at a time. We don't have to be in a serial mode where you've got one site at a time," Sicilia said.

Sicilia also noted that the original training plan for VA users of the software may have been too all-encompassing rather than focusing on specific roles and responsibilities.

"I mean, very few people inside an organization like this will use the entirety of the system. They have a role. They're radiologists, they work in the ICU. They — they do something that's specific to their job," he said. "And I think some of the mistakes — and these are our mistakes, this is our job to fix — was that the training was too cumbersome."

]]>

Senate confirms deputy secretary at VA

Adam Mazmanian — Wed, 13 Sep 2023 11:00:00 -0400

The Senate confirmed Tanya Bradsher on Tuesday to serve as the second ranking official at the Department of Veterans Affairs by a vote of 50-46.

As deputy secretary, Bradsher is the top official in charge of the VA's Electronic Health Records Modernization program, a decade-long effort to replace the agency's homegrown VistA health records system with a commercial one fielded by Oracle-Cerner that is in use at the Department of Defense.

Bradsher, who served 20 years in the Army, had been serving as VA's chief of staff when she was nominated for the number two job in April. She becomes the first woman and first woman of color to serve as VA's deputy secretary.

"Now more than ever, the department needs a strong second-in-command to uphold its mission to deliver veterans the health care and benefits they have earned, and having a confirmed leader in this role better ensures we can hold VA accountable," Sen. Jon Tester, D-Mt., the chairman of the Veterans Affairs Committee, said on the Senate floor in remarks urging support for Bradsher's nomination.

At her confirmation hearing in May, Bradsher acknowledged the problems of the multibillion dollar software refresh. New deployments are currently paused, while implementation, training and help desk issues are worked out at a handful of sites where the Oracle-Cerner system is currently operational. She also touted the revised contract terms that altered the period of performance and adjusted penalties for not hitting uptime benchmarks and other goals.

"The original contract was a five-year contract. So, we didn't have the ability to bring Cerner — or now Oracle Cerner — back to the drawing board until every five years. The changes that they made… is to have five one-year contracts," Bradsher told lawmakers. "So every year we can hold Oracle Cerner accountable. Second, the penalties are now 30 times greater for outages…So we have the ability to hold Oracle-Cerner accountable in ways that the previous contract did not."

Sen. Chuck Grassley, R-Iowa, had put a hold on Bradsher's nomination, complaining that she stonewalled his efforts to pursue a whistleblower investigation into the possibility of personal health information on veterans leaking via access to the VA's Integrated Enterprise Workflow Solution application, which allegedly gives administrative personnel access to clinical information.

"Both the VA and Ms. Bradsher in her current role as chief of staff have shown repeated indifference to congressional oversight," Grassley said in a statement on Sept. 7 urging colleagues to vote no on the nomination.

]]>

Pandemic unemployment fraud as high as $135B, watchdog says

Adam Mazmanian — Wed, 13 Sep 2023 09:00:00 -0400

Fraudulent unemployment insurance payouts during the pandemic amounted to $100 billion to $135 billion, according to an estimate from the Government Accountability Office included in a report released on Tuesday.

The congressional watchdog produced the estimate based on sampling of pandemic unemployment insurance payouts and the use of a statistical model that took fraud risks into account. According to the report, as of May 1, just $1.2 billion in fraudulent overpayments have been recovered by states.

The Department of Labor, in reply comments dated Aug. 28, 2023 that were included in the report, said GAO's model "likely overestimates the level of fraud," and took issue with the sampling methodology.

However, the department isn't disputing that there was rampant fraud at the outset of the COVID-19 pandemic, when Congress passed legislation ramping up unemployment payments and permitting applicants for benefits to make claims for lost self-employment earnings and earnings for employment that had yet to start without requiring documentation.

The Labor Department is also looking to maintain its support for modernization of state-based unemployment insurance systems and the deployment of digital identity solutions to prevent systemic fraud in the future. So far, the agency has plowed $1 billion in funds appropriated via pandemic relief legislation to enhance the security and resilience of state unemployment systems.

Additionally, the department "has also strengthened the tools it offers to states to protect against criminal actors perpetrating fraud in multiple states, including by investing in and promoting the use of the UI Integrity Data Hub," which is now in use by all 53 state and territorial systems, according to Brent Parton, the agency's principal deputy assistant secretary.

Sen. Mike Crapo, R-Idaho, called for legislation to incentivize state unemployment agencies to claw back fraudulent payouts or overpayments. The House passed the Protecting Taxpayers and Victims of Unemployment Fraud Act on a vote of 230-200 in May. Crapo is hoping the Senate will take up the legislation. Some of the measures in the bill are also included in the Biden administration's 2024 budget request for the Labor Department.

"These shocking estimates continue to grow, and, as GAO notes, we may never know the full scope and scale of fraudulent pandemic payments. Unfortunately, the Administration’s efforts to address over one hundred billion dollars in fraud in the UI program have fallen woefully short," Crapo said in a statement.

]]>

GOP lawmakers tap Holman Rule to slash the salaries of agency heads

Adam Mazmanian — Thu, 07 Sep 2023 06:00:00 -0400

With about three weeks remaining before a potential government shutdown, a handful of House Republicans are looking to cut the salaries of multiple cabinet secretaries and feds in leadership positions way down the agency org charts with amendments to fiscal 2024 spending bills.

The push targets Defense Secretary Lloyd Austin and Homeland Security head Alejandro Mayorkas, as well as defense officials with oversight of diversity programs and Food and Drug Administration regulators with oversight of public health and drug approval.

The members behind the various amendments include ultra-conservative GOP Reps. Marjorie Taylor Greene, R-Ga., Lauren Boebert, R-Colo., Chip Roy, R-Texas, Bob Good R-Va., Matt Gaetz, R-Fla., and Andy Biggs, R-Ariz.. Many from this group were among the holdouts in the 15-round bid to elect Rep. Kevin McCarthy, R-Calif., as Speaker of the House in a raucous two-day session in January.

Annual appropriations bills provide a forum for cutting the pay of specific federal employees thanks to the Holman Rule, an obscure legislative provision with roots in Reconstruction-era politics of the 19th century. The rule essentially offers a loophole for any member who wants to use spending bills to legislate by allowing for the addition of provisions and amendments to appropriations bills, provided they reduce spending, reduce the workforce or cut salaries.

The rule was revived in 2017, after decades of disuse, by the Republican majority in the House. Democrats ditched the rule after taking control in 2019, but it was brought back again in 2023 as part of the Republican rules package.

"Republicans use the Holman Rule for one singular purpose — to continue Donald Trump’s war against the nonpartisan civil service," Rep. Gerry Connolly, D-Va., told Nextgov/FCW in an emailed statement. "It is designed to intimidate and provide a chilling effect on the ability of federal employees to do their jobs. The American people want and deserve a federal workforce based on skill and merit, not politics and partisanship. Instead, the Holman Rule allows for a system wherein any individual federal employee who draws the ire of the Republican majority can be terminated or punished at whim without a hint of due process. It is dangerous and wrong."

This year, members are targeting officials via the Defense, Homeland Security and Agriculture bills that are before the House Rules Committee. More Holman amendments will likely be offered to other spending bills as they come up.

Rep. Good is taking on leadership at FDA with amendments to defund directors in the Office of Surveillance and Epidemiology, the Division of Risk Management, the Office of Compliance, the Office of New Drugs and the Office of Regulatory Policy.

Boebert is targeting Austin for a salary cut to $1. She's also looking to slash the pay of Gil Cisneros, the undersecretary of defense for personnel and readiness, and several other officials whose duties include implementing diversity and inclusion programs. Separately, an amendment from Rep. Paul Gosar, R-Ariz., targets the salary of Gen. Mark Milley, chairman of the Joint Chiefs of Staff.

Holman Rule amendments face a steep path to enactment. They not only have to survive House votes but also pass the Senate, where 60 votes are required to close debate on spending bills.

"There's probably less danger from that rule than meets the eye," Sarah Binder, a Congress expert at the Brookings Institution, told FCW in 2017 for a previous article on the revival of the Holman Rule. "However, if decisions are being made by leadership in big, must-pass bills at midnight — then yes, there is a danger."

Lengthy debates and floor votes on spending amendments can consume one precious commodity — time. The House returns to session on Sept. 12 with a Sept. 30 deadline to pass funding bills or a continuing resolution that keeps the federal government running while lawmakers finalize fiscal 2024 spending.

"I implore my Republican colleagues in the House to recognize that time is short to keep the government open," Senate Majority Leader Chuck Schumer, D-N.Y., said on the floor of the Senate on Wednesday, "and the only way to avoid a shutdown is through bipartisanship."

Schumer's Republican counterpart, Minority Leader Mitch McConnell, didn't sound hopeful when asked about a possible government shutdown at an event in his home state of Kentucky last week.

"Honestly, it's a pretty big mess," McConnell said.

]]>

The federal government's most disliked IT help desks

Adam Mazmanian — Thu, 31 Aug 2023 06:00:00 -0400

The Department of Defense is at the bottom of the list of federal agencies for satisfaction with IT support and IT equipment according to a survey of more than 270,000 federal employees released Wednesday.

The news should come as no surprise to anyone who followed the "fix our computers" saga launched with a viral Twitter post in January 2022 by a defense official who complained of long login times, overtaxed processors and out-of-support applications.

According to the Mission-Support Customer Satisfaction Survey, fielded by the General Services Administration in the late spring of this year, DOD employees collectively reported middling satisfaction with IT support and equipment. Overall, more employees reported satisfaction with equipment and services than did not. Just over 26% of DOD respondents said they were dissatisfied with levels of IT support and just over 27% said they were dissatisfied with their tech equipment.

The results are somewhat less grim than survey results from Defense Business Board's report from earlier this year which found that 80% of Joint Services Provider customers put their user experience at average or below, but DOD's satisfaction scores when it comes to IT support and equipment are at the bottom of federal agencies.

Source: 2023 Customer Satisfaction Survey

The departments of State and Agriculture also scored low on satisfaction with IT equipment and support. State ranked next to last in both categories among the 24 agencies surveyed, with USDA just above.

The survey ranked satisfaction levels on a seven-point scale, with a score of one reflecting strong dissatisfaction and seven indicating high levels of satisfaction. The median score for government agencies on IT support was 5.67 and 5.51 for IT equipment.

Only a handful of agencies ranked above the median level. The National Science Foundation, the Small Business Administration and the Department of Housing and Urban Development were the only agencies to score six or higher on overall satisfaction with IT support. NSF, SBA and GSA showed the highest levels of satisfaction with IT equipment.

Source: 2023 Customer Satisfaction Survey

The Mission-Support Customer Satisfaction Survey has been fielded annually since 2015. The survey was released as part of a quarterly update of the President's Management Agenda on the Performance.gov website. The survey was sent to employees at 24 CFO Act agencies and drills in on satisfaction with a number of processes, including human resources, acquisition and financial management and information technology. The results include breakdowns by agency component, job function, length of federal service of respondents and more.

]]>

VA extends PACT Act filing deadline after website glitches

Adam Mazmanian — Thu, 10 Aug 2023 14:33:00 -0400

Veterans and survivors who are seeking benefits for exposure to burn pits, Agent Orange and other toxic substances during their military service have an extra week to declare their intention to make claims in the wake of website glitches.

The Department of Veterans Affairs is giving veterans until 11:59 p.m. on Aug. 14 to file their intention to seek benefits under the PACT Act. Approved claimants are potentially eligible to have benefits backdated to Aug. 10, 2022.

According to VA, most of the website problems have been resolved, with the percentage of users receiving error messages dropping from 18% on Tuesday to 0.1% on Thursday. The VA also said it was working to decrease wait times at call centers where veterans are facing "abnormally long" waits.

The extension was offered by VA out of an "abundance of caution," and the agency had already alerted applicants that it had logged the intent to file declarations of every veteran and survivor who had received an error message from the VA.gov/PACT website.

Sen. Jon Tester, D-Mont., the chairman of the Senate Veterans Affairs Committee, asked VA Secretary Denis McDonough in a letter sent Wednesday for updates on tech issues, call wait times and more.

Tester asked VA for "an overview of what caused these technical difficulties and how VA will address this weakness in the system moving forward," and to make sure VA systems are ready for an expected traffic surge when the open enrollment deadline hits on Sept. 30.

"Extending the deadline is the right move, and I’m glad to see VA taking serious steps to ensure veterans and their families are receiving the PACT Act benefits they have earned and were promised," Tester said in a statement.

Rep. Mike Bost, R-Ill., the chairman of the House Committee on Veterans Affairs is seeking a detailed report on what when wrong with the PACT Act tech. In an Aug. 10 letter to McDonough, Bost said he wants, among other information, "a detailed plan of action for how VA will mitigate such technical problems in the future when there is a foreseeable increase in submissions, website traffic or system loads."

"VA’s failure to anticipate and prepare for the increased volume of submissions as the PACT Act deadline approached is unacceptable, given that the situation was easily foreseeable as this law is the largest expansion of healthcare and benefits for veterans in recent history," Bost wrote.

The PACT Act was signed into law a year ago today. The landmark bipartisan legislation was put in the spotlight thanks to support from comedian Jon Stewart, who lobbied Congress on behalf of the bill.

The measure provides health care and other benefits for conditions arising from exposure to Agent Orange in Vietnam and burn pits used to dispose of military waste in Afghanistan and Iraq. Under the legislation, veterans will get coverage for a host of cancers and chronic respiratory ailments arising from their exposure to these and other toxic substances.

"I’m not sure I’ve ever seen this situation where people who have already given so much had to fight so hard to get so little," Stewart said last year after the bill cleared the U.S. Senate. "I hope we learned a lesson."

]]>