Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

News & Updates

Take advantage of the ITVMO’s reach and discover ITVMO updates, the latest relevant news, and other recent publications. We have gathered federal, trusted, and open source articles and publications below for your convenience.

4 ways generative AI will improve the federal government

Generative AI will significantly improve the federal government by enhancing citizen interactions, accelerating data processing, and rewriting governmental language for clarity. These advancements will allow for more intuitive public digital services and internal efficiencies, such as smart automation and improved customer service. This tech shift includes integrating AI in cloud-based productivity tools and leveraging AI to improve data interoperability and content creation, despite current limitations and aspirational guidelines.

* Generative AI will facilitate better citizen-government interactions through improved digital services. * Will enhance data processing capabilities, solving issues like data interoperability. * AI can assist in making governmental language clearer and more accessible. * There are plans to integrate AI functionalities into existing government productivity tools and services.

A university creates an artificial intelligence institute, partly to help government

The University of Maryland has established a new Artificial Intelligence Institute to advance AI research and support government initiatives. The institute aims to develop cutting-edge AI technologies and address national challenges. By collaborating with federal agencies, the institute will contribute to enhancing government capabilities in areas such as cybersecurity, healthcare, and infrastructure. This initiative aligns with broader efforts to integrate AI into public sector operations, promoting innovation and efficiency.

* University of Maryland launches AI Institute. * Focus on advancing AI research and supporting government initiatives. * Collaboration with federal agencies. * Enhances government capabilities in cybersecurity, healthcare, and infrastructure. * Promotes innovation and efficiency in the public sector.

Agencies Fall Short on IoT Cyber Deadlines, GAO Warns

The Government Accountability Office (GAO) reported that several federal agencies failed to meet deadlines for IoT cybersecurity requirements under the IoT Cybersecurity Improvement Act of 2020. The act requires agencies to inventory IoT devices and enforce security measures to mitigate vulnerabilities like malware and botnet attacks. While some agencies, including the State and Treasury Departments, have completed inventories, others are behind schedule or lack timelines. GAO criticized the Office of Management and Budget (OMB) for inadequate oversight and provided 11 recommendations, including improved verification of waivers and stricter adherence to deadlines for inventory completion to bolster IoT security across agencies.

* IoT Cybersecurity Act: The act mandates federal agencies to inventory IoT devices and implement security measures to address risks such as botnet and malware attacks. * Agency Delays: Three agencies missed deadlines, six lacked timelines, and only a few agencies, like State and Treasury, have completed inventories. * OMB Oversight Issues: Waivers were inconsistently reported, and OMB failed to verify their accuracy before submitting them to Congress. * GAO Recommendations: Includes verifying waiver submissions, developing plans for inventory completion, and enforcing stricter deadlines. * High Stakes: IoT devices are integral to federal operations, making robust cybersecurity vital to protect systems, infrastructure, and national security.

Agencies Full Steam Ahead One Year After Biden’s AI EO

The Biden Administration’s AI Executive Order (EO), launched on October 30, 2023, catalyzed a year of significant federal progress in AI governance. Over 100 EO-mandated actions were completed, focusing on AI safety, security, equity, innovation, and global leadership. Key accomplishments include OMB’s guidance on responsible AI use and procurement, the establishment of Chief AI Officers across agencies, and the creation of NIST’s AI Safety Institute (AISI) as the primary industry contact for AI governance. Agencies like the Departments of Labor and Education released specialized AI guidance, ensuring consumer and worker protection. Experts praise the EO's comprehensive approach to responsible AI.

* Executive Order Progress: Over 100 AI-related actions were completed on schedule, addressing safety, privacy, equity, innovation, and global AI leadership. * Guidance from OMB: Federal agencies were directed to mitigate AI risks, ensure safeguards in AI procurement, and hire Chief AI Officers to lead governance efforts. * NIST's AI Safety Institute: Established as the government’s main industry liaison, tasked with testing frontier AI models and issuing critical guidance.

Agencies get creative to recruit AI experts

Jennifer Anastasoff, who co-founded the U.S. Digital Service, established the Tech Talent Project to connect technologists with government roles. In response to 2023 tech industry layoffs, the project organized job fairs, leading to over 4,700 attendees and participation from 100+ agencies. These efforts align with President Biden's AI talent surge directive, which has already resulted in 200+ hires and aims to bring in more through public technology fellowships and new hiring flexibilities.

* Tech Talent Project bridges technologists and government roles. * Biden's AI talent surge directive led to 200+ hires. * Public tech fellowships and hiring flexibilities support this initiative. * Federal AI roles applications doubled in early 2024.

Agencies have cleared AI executive order’s talent benchmarks, GAO says

A Government Accountability Office (GAO) report confirms that key requirements from President Biden’s AI executive order, aimed at expanding AI talent within the federal government, have been successfully met by the March 2024 deadline. The report highlights efforts by six agencies, including the Office of Personnel Management (OPM) and the Office of Management and Budget (OMB), in recruiting AI professionals, offering hiring guidance, and establishing frameworks for AI use across agencies. These actions are intended to enhance the federal government's AI capabilities and talent pool, supporting broader governmentwide AI initiatives.

* 13 AI talent and management requirements from Biden’s executive order were met by the March 2024 deadline. * The Office of Personnel Management led key efforts in AI recruitment and hiring guidance. * Over 150 AI professionals have been hired, with more expected by the end of summer 2024. * The Federal Risk and Authorization Management Program (FedRAMP) issued a framework prioritizing generative AI tools. * The White House AI Council and the AI and Technology Talent Task Force are overseeing federal AI efforts.

Agencies set records for small business contracting in 2023

In 2023, U.S. federal agencies achieved significant milestones in small business contracting, surpassing their set goals and marking a notable year for government engagement with small enterprises. This achievement underscores the government's commitment to enhancing small business participation in federal procurement, supported by specific measures to reduce barriers and ensure fair competition. Agencies received high grades on the government-wide scorecard, reflecting their effective strategies to integrate small businesses into the federal marketplace​.

* The federal government not only met but exceeded goals in small business subcontracting, directing a substantial 30.9% of subcontracts to these enterprises​. * Women-Owned Small Businesses received significant attention, with over $26 billion awarded for the fourth consecutive year, indicating ongoing efforts to meet the 5% contracting goal for this group​. * The overall success is part of broader efforts under the Biden-Harris administration to foster economic growth and equitable participation in federal contracting opportunities​.

Agencies start to focus on zero trust outcomes, instead of checklists

Federal agencies aim to adopt zero trust cybersecurity architectures by September 30, 2024, following the White House's 2022 strategy. Progress is seen in modernizing zero trust concepts, focusing on outcomes, and particularly on identity security. However, challenges remain due to the federated nature of agencies. AI and automation are viewed as essential tools for enhancing cybersecurity, though they also present risks. Agencies must balance leveraging AI while ensuring data security.

* Zero Trust Adoption Deadline: Federal agencies are required to implement zero trust architectures by September 30, 2024. * Progress and Challenges: Agencies show progress, especially in identity security, but face difficulties due to siloed deployments. * Outcome Focus: There's a shift towards understanding and achieving desired outcomes from zero trust implementations. * AI and Automation: These technologies help in focusing on critical cybersecurity issues but pose risks if not managed securely. * Federal Strategies: Both the Office of Management and Budget and the Defense Department have specific zero trust strategies and deadlines for agencies to follow.

Agency Intel Officials Tackling Complex Implications of AI

As AI becomes more integrated into U.S. intelligence operations, officials face challenges balancing its benefits in data analysis with concerns about privacy, civil liberties, and potential misuse by adversaries. During a webinar, intelligence officials discussed AI's role in improving data analysis and pattern recognition, highlighting the need for careful strategy and privacy safeguards. The Department of Homeland Security and other agencies are actively developing policies to ensure AI is used responsibly and effectively.

* Enhanced Data Analysis: AI tools help intelligence agencies quickly analyze large datasets and improve pattern recognition. * Privacy Concerns: Agencies must ensure AI use complies with privacy and civil liberties protections. * Potential Misuse: There is a risk of adversaries misusing AI technologies. * Policy Development: Departments are creating guidelines to regulate AI use, balancing effectiveness and ethical considerations.

Agency IT Grades Soar on Latest FITARA Scorecard

The 18th edition of the FITARA Scorecard, released by Rep. Gerry Connolly, shows significant improvements in federal agency IT performance, with 18 of 24 agencies increasing their grades. The scorecard, which tracks IT progress across categories such as cloud computing, cybersecurity, and modernization, has led to billions in savings for the government. Notably, 13 agencies earned A grades, a sharp rise from the previous edition, which only had one A.

* 18 out of 24 agencies improved their FITARA grades; 13 now hold A grades. * Grading tracks areas like cloud adoption, cybersecurity, and IT modernization. * No agency received a lower grade, and several advanced from C or D to A. * The scorecard has driven significant cost savings and improved IT governance.

Ahead of mandatory rules, CISA unveils new cyber incident reporting portal

The Cybersecurity and Infrastructure Security Agency (CISA) launched the “CISA Services Portal” to simplify cyber incident reporting, integrating features like Login.gov credentials, report management, and informal chats with officials. This rollout precedes the implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), requiring organizations to report serious cyber incidents within 72 hours and ransomware attacks within 24 hours. CISA expects over 25,000 reports annually once the law takes effect. To manage this, CISA plans to hire more staff, upgrade technology, and align CIRCIA with existing sector-specific reporting rules to minimize burdens on the private sector.

* CISA launched a new CISA Services Portal for streamlined cyber incident reporting. * The portal includes enhanced features like Login.gov integration and report management. * CIRCIA will mandate cyber incident reporting within specific timeframes starting next year. * CISA anticipates at least 25,000 incident reports annually under the new rules. * Efforts are underway to harmonize CIRCIA with existing reporting regulations and reduce private sector burdens.

AI can improve how federal employees do their jobs, but training and resources need to be a priority

Federal officials stress the urgent need for congressional funding of workforce development programs to equip employees with skills, particularly in AI, to meet emerging challenges. During a panel at SAP’s Federal Forum, IRS and Commerce Department leaders highlighted the critical role of training, often sidelined during budget cuts, and emphasized the importance of AI education for current employees. The federal shift towards skills-based hiring, prioritizing competencies over formal education, is expected to continue, recognizing diverse skill acquisition through trade schools, military experience, and apprenticeships.

* Workforce Development Funding: Essential for federal employees to address challenges, especially in AI. * Training as a Priority: Training must be maintained despite budget constraints. * AI Education for Federal Employees: Equally important as recruitment for AI readiness. * Shift to Skills-Based Hiring: Focus on competencies rather than traditional educational paths. * Diverse Skill Acquisition: Valuing trade schools, military experience, and apprenticeships.

AI-enabled digital twins are transforming government critical infrastructure

Digital twins are increasingly utilized in public and private sectors for creating virtual models of physical objects or spaces, enhancing decision-making, reducing costs, and increasing safety and efficiency. These models, especially when AI-enabled, address key challenges in government critical infrastructure by providing dynamic, real-time data inputs to monitor and optimize processes, ensuring high reliability and minimum downtime. Digital twins are essential for operations in sectors like defense, energy, and public health, allowing for continuous improvement and proactive maintenance.

* Dynamic Modeling: Digital twins allow real-time monitoring and optimization of processes, making them crucial for critical infrastructure. * AI-Enabled Benefits: AI enhances digital twins by enabling predictive capabilities, autonomous actions, and more efficient operations. * Types of Digital Twins: There are descriptive, informative, and predictive/autonomous twins, each serving different operational needs. * Implementation Priorities: Key priorities include data accuracy, security, robust authentication protocols, and integration with existing systems to ensure smooth and secure deployment.

AI Experts Recommend Structured Data, Strong Leadership for Fed AI Efforts

At a GovLoop-organized AI event, experts recommended that federal leaders prioritize good data structure and governance as they implement AI technologies. Effective data organization and governance are essential for successful AI integration in government. Key recommendations include managing data outside administrative files, ensuring strong leadership, and leveraging AI for various administrative and departmental tasks. Challenges such as storing massive data sets generated by AI and choosing appropriate data management strategies were highlighted. Integration approaches and patient, collaborative development of domain-specific AI tools were also discussed.

* Prioritize comprehensive data governance and organization. * Manage data outside of administrative files like PDFs. * Ensure strong leadership and expertise sharing within AI and government communities. * Address challenges in storing large data sets generated by AI. * Utilize both top-down and bottom-up approaches for AI integration.

AI-Focused Talent Powers GSA’s Largest-Ever U.S. Digital Corps Cohort

The General Services Administration (GSA) welcomed 70 new fellows to the U.S. Digital Corps (USDC), marking the largest cohort since the program's inception. This year, 2,000 applicants competed for the two-year paid fellowship, which offers early-career technologists opportunities to work in areas like AI, cybersecurity, data science, and software engineering across federal agencies. The majority of this cohort will focus on AI projects, aligning with the Biden-Harris administration’s push to enhance AI talent in government. The GSA aims to scale the program further, building on a successful inaugural class with high retention rates.

* Record Applications: 2,000 applications were received for 70 positions in the 2024 cohort. * Focus on AI: 50 fellows will work on AI-related projects, reflecting the administration's emphasis on AI in government. * Largest Cohort: This is the third and largest USDC cohort, with significant growth from previous years. * High Retention: The inaugural class had a 97% retention rate, with most fellows staying on in federal roles. * Expansion Plans: GSA plans to scale the program further based on agency needs and project demands.

Army wants more agile approach to software, including how it buys it

The U.S. Army is modernizing its software development processes, emphasizing agile methodologies and adapting its procurement strategies accordingly. A new directive promotes agile development, continuous collaboration between users and developers, and a flexible acquisition framework. The Army is working on a $1 billion, 10-year software contract, featuring an innovative indefinite-delivery/indefinite-quantity (IDIQ) structure with flexible contract types at the task order level. Industry feedback on this hybrid approach is mixed. Internally, the Army is transitioning to agile frameworks like SAFe, aiming to fully implement DevSecOps with automated processes.

* The Army is modernizing software development with agile methodologies and flexible procurement contracts. * A $1 billion, 10-year IDIQ contract will allow flexibility in contract types at the task order level. * Industry feedback is mixed on the hybrid contract approach, but 93% agree with the overall scope. * Agile transformation efforts within the Army include using SAFe frameworks and transitioning to DevSecOps. * Continuous feedback from industry is shaping the Army’s approach to software procurement.

Ascend Updates

The General Services Administration (GSA) is addressing government cloud technology adoption challenges with the Ascend Blanket Purchase Agreement (BPA). This initiative aims to simplify cloud procurement and enhance security, compliance, and data management. Ascend will provide standardized, FedRAMP and Department of Defense-compliant cloud solutions, emphasizing cybersecurity, data ownership, and portability. Based on industry feedback, GSA adjusted requirements related to catalog management, cybersecurity logging, and FinOps monitoring, among others. The final solicitation for Ascend's first pool, covering Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), is nearing completion.

* Ascend BPA simplifies cloud procurement for federal, state, local, and tribal governments. * Focus on security: Incorporates FedRAMP and DoD cloud authorizations, with a focus on cybersecurity and supply chain risk management. * Data control: Agencies retain ownership of their data, with provisions for data portability. * FinOps monitoring: Contractors must enable usage tracking and automatic suspension when thresholds are met. * Industry feedback: GSA incorporated feedback, adjusting catalog and incident reporting requirements for flexibility.

Biden admin pushing promise of AI for cyber defense

White House officials are considering a new cybersecurity executive order focused on AI's role in enhancing federal cyber defenses. AI presents both risks and opportunities, with officials emphasizing its potential to automate threat detection, patch vulnerabilities, and improve software security. However, concerns about adversaries leveraging AI for cyberattacks persist. Efforts to improve AI-driven security involve collaboration with industry and adherence to Responsible AI Guidelines. Leaders stress the need for continued research into the underlying workings of AI to build trust in its capabilities.

* AI can enhance threat detection, automate patching, and strengthen software security. * U.S. adversaries like China and Russia could exploit AI-driven vulnerabilities. * Responsible AI guidelines and cross-industry collaboration are key to secure AI use. * More research is needed to understand AI’s risks and limitations for cybersecurity.

Breaking down government hacks: The rise of the modern kill chain

Cyberattacks on public sector organizations are increasingly targeting mobile devices and using phishing as a key attack vector. The 2024 Verizon Data Breach Investigations Report highlights that phishing accounted for 66% of breaches in the public sector, with attackers focusing on social engineering through mobile devices. The rise of BYOD policies and cloud dependence has introduced new vulnerabilities, making mobile security critical. To defend against these threats, organizations must implement advanced mobile security, test defenses, and prioritize strong identity and data protection protocols to safeguard sensitive information from modern cyber kill chains.

* Phishing caused 66% of public sector breaches in 2023. * Mobile devices are often used in social engineering and MFA-targeted attacks. * Government organizations are prime targets for financially motivated cyberattacks. * Advanced mobile security, detection, and threat response are essential to protecting against modern kill chain attacks.

Carnahan explains GSA's path to AI adoption

GSA Administrator Robin Carnahan discussed the General Services Administration's (GSA) approach to AI adoption, emphasizing the deployment of around 150 AI pilot projects to streamline government operations. These pilots aim to leverage AI to improve efficiency and effectiveness across federal agencies, with a strong focus on ethical AI use and robust governance frameworks. The GSA also released a comprehensive resource guide to assist federal buyers in acquiring AI technologies, ensuring informed and strategic AI implementation.

* GSA is deploying approximately 150 AI pilot projects to enhance government operations. * Emphasis on ethical AI use and strong governance frameworks. * The AI pilots focus on improving efficiency and effectiveness in federal agencies. * A new resource guide has been released to assist federal buyers in acquiring AI technologies. * The guide aims to ensure informed and strategic AI implementation across the government.

Chief AI Officers Ready Agencies for What’s Next

The federal government is embracing AI and machine learning, with agencies appointing Chief Artificial Intelligence Officers (CAIOs) to oversee AI initiatives. Following an October 2023 executive order, agencies are focusing on safe and responsible AI use, modernizing IT infrastructure, and setting policies to enhance citizen services. Efforts are underway to harness AI for productivity and mission-critical needs, with a commitment to training and removing bureaucratic barriers.

* Federal push for AI and machine learning integration. * Executive order directs safe AI use and IT modernization. * New CAIOs lead AI strategy across agencies. * Focus on enhancing services and infrastructure.

CISA details software security keys in new guide for acquisition pros

The Cybersecurity and Infrastructure Security Agency (CISA) has released a new Software Acquisition Guide for Government Enterprise Consumers to help federal acquisition professionals assess the security of software they purchase. Developed by the Information and Communications Technology Supply Chain Risk Management Task Force, the guide includes key principles like CISA's Secure by Design and provides questions to evaluate software security, aligning with ongoing efforts such as the secure software attestation form. This initiative is part of broader efforts, including an upcoming Federal Acquisition Regulatory (FAR) rule, to strengthen the government's software supply chain security. Additionally, CISA has appointed Lisa Einstein as its first Chief Artificial Intelligence Officer to oversee AI-related risks in critical infrastructure.

* CISA released a guide to help federal acquisition professionals assess software security. * The guide aligns with existing security efforts like the secure software attestation form. * The guide provides questions for evaluating software supply chain security and practices. * CISA’s efforts are part of broader initiatives, including a pending FAR rule on secure software development. * Lisa Einstein has been named CISA’s first Chief Artificial Intelligence Officer to lead AI risk evaluation in critical infrastructure.

CISA issues guide to help federal agencies set cybersecurity priorities

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch Operational Cybersecurity Alignment plan to help civilian agencies strengthen their cybersecurity capabilities. The plan focuses on improving asset management, vulnerability management, defensible architecture, supply chain resilience, and incident detection and response. This guidance is part of broader efforts to bolster federal defenses against rising cyber threats. Agencies are working towards the September 30 zero trust architecture deadline, aiming to enhance overall security and prevent future cyberattacks targeting sensitive federal data.

* CISA’s cybersecurity plan focuses on asset management, vulnerability management, and incident detection. * The goal is to create synchronized, robust cyber defenses across civilian agencies. * Government agencies are prime targets for cyberattacks due to sensitive data storage. * Agencies are working to meet the zero trust architecture deadline by September 30. * Strengthening federal cybersecurity is critical following recent cyberattacks on government systems.

CISA, NCA Kick Off Cybersecurity Awareness Month

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance have launched the 21st annual Cybersecurity Awareness Month, focusing on the theme Secure Our World. Throughout October, the campaign will promote online safety through public education and outreach, including public service announcements and resources. CISA Director Jen Easterly emphasized simple steps like using strong passwords and multi-factor authentication. CISA Deputy Director Nitin Natarajan highlighted the need for action in improving cyber preparedness, while Harry Wingo from the White House promoted cybersecurity careers through the Service for America hiring sprint.

* The theme of Cybersecurity Awareness Month is Secure Our World. * CISA and its partners are promoting online safety through public education. * Four key safety tips: strong passwords, multi-factor authentication, phishing awareness, and software updates. * There are 500,000 open jobs in cybersecurity, with a hiring sprint to encourage more applicants. * The campaign includes public service announcements and resources to raise awareness and preparedness.

CISA Official Details New Fed Operational Cyber Alignment Plan

The Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Operational Cyber Alignment Plan (FOCAL) to enhance cybersecurity coordination across the Federal government. This initiative, as explained by CISA Associate Director Michael Duffy, aims to unify the cybersecurity efforts of Federal agencies by setting clear, achievable targets. The plan was developed in response to the evolving threat environment and the growing list of cybersecurity tasks agencies face. FOCAL is designed to not only streamline efforts but also to leverage existing programs like the Continuous Diagnostics and Mitigation (CDM) program for better defense and communication among agencies. This shift represents a significant change in CISA's approach, moving from merely providing information and guidance to offering capabilities that alleviate the cybersecurity burden on agencies, thereby improving operational visibility and threat information sharing.

* FOCAL aims to unify Federal agencies' cybersecurity efforts and set clear, achievable targets. * The plan leverages existing programs like CDM to enhance cyber defense and inter-agency communication. * CISA's approach has shifted towards providing capabilities to reduce the cybersecurity burden on agencies. * The initiative is a response to the evolving threat environment and the increasing cybersecurity tasks for agencies. * FOCAL is part of a broader effort to improve operational visibility and threat information sharing across the Federal government.

CISA Official Urges Greater Focus on OT Systems Security

CISA Deputy Director Nitin Natarajan emphasized the need to address the growing risks of legacy operational technology (OT) systems in critical infrastructure sectors. Unlike legacy IT systems, OT systems are harder to replace and essential for industries like energy and manufacturing. Natarajan highlighted workforce gaps, lack of investment, and evolving adversarial tactics as key challenges. He called for stronger partnerships between public and private sectors and international collaboration to safeguard these systems. Natarajan also stressed the importance of bridging knowledge gaps and enabling organizations, particularly smaller ones, to engage with federal resources like CISA and the FBI.

* Legacy OT Risks: Legacy OT systems are harder to replace and critical for industries such as energy and transportation, making them a unique challenge compared to IT systems. * Workforce Gaps: Insufficient workforce knowledge transfer and lack of investment have left systems vulnerable, especially for smaller organizations. * Evolving Threats: Adversaries are increasingly targeting vulnerable high-value environments, like schools and hospitals, previously considered off-limits. * Public-Private Collaboration: Strengthening engagement between organizations, federal resources (CISA, FBI), and global partners is vital for addressing these risks. * Call for Action: Open dialogue and proactive partnerships are essential to safeguarding critical infrastructure nationwide.

CISA rolls out integrated cyber education platform

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new education platform, CISA Learning, to provide modern cybersecurity training for federal employees, veterans, and other users. Replacing the Federal Virtual Training Environment (FedVTE), the platform offers courses on topics like cloud security, ethical hacking, and malware analysis. CISA Learning integrates user data for over 500,000 individuals and aims to enhance the user experience through personalized course recommendations and progress tracking. The platform also enables detailed metrics reporting and includes training resources from partners like NIST and GSA, with an emphasis on emerging technologies such as artificial intelligence.

* Modern Training Platform: CISA Learning replaces older systems to deliver a unified, integrated learning environment. * Wide Reach: Over 500,000 users, including federal employees, veterans, and external partners, are migrating to the platform. * Course Offerings: Includes topics like cloud security, risk management, AI, and ethical hacking, with a mix of online and in-person options. * Enhanced User Experience: Features personalized course recommendations, progress tracking, and improved search capabilities. * Collaborative Efforts: Partners with organizations like NIST and GSA to incorporate cutting-edge training resources.

CISA to issue list of software products critical to agency security by end of September

The Cybersecurity and Infrastructure Security Agency (CISA) is planning to provide a list of software products deemed critical for federal government security by the end of September 2024. This initiative aims to address vulnerabilities in essential software used across various federal agencies and critical infrastructure, enhancing overall cybersecurity resilience. The focus is particularly on open source software (OSS), which is widely used within government systems and is integral to their operations. CISA's efforts involve engaging with the OSS community to understand and mitigate risks associated with its use, thereby securing a more resilient cyberspace ecosystem.

* Identification of Critical Software: CISA will compile a list of software products that are vital for the security of federal agencies and critical infrastructure, focusing on open source software (OSS). * Engagement with OSS Community: The agency plans to work closely with the OSS community to better understand and secure the ecosystem, addressing risks associated with OSS usage in government operations. * Vulnerability and Risk Mitigation: CISA aims to reduce the risks to federal agencies by identifying vulnerabilities in widely used software and deploying measures to mitigate these risks. * Enhancing Cybersecurity Resilience: By securing critical software components, CISA intends to enhance the overall cybersecurity resilience of federal infrastructure. * Support for Secure Technology Practices: The initiative will also include developing best practices for OSS usage and coordination of vulnerability disclosure and response efforts.

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Preston Werntz, as the Chief Data Officer for the Cybersecurity and Infrastructure Security Agency (CISA), focuses on addressing bias in the datasets used for artificial intelligence within the agency. Werntz highlights the importance of understanding and managing this bias, especially given CISA's extensive use of AI across a variety of applications. His role involves overseeing data governance and ensuring that data management practices are consistent across different divisions within CISA. This is crucial as inconsistent data management can skew AI model outputs, thereby affecting their effectiveness and fairness​.

* Focus on Data Bias Management: Werntz emphasizes the importance of managing biases in datasets used for AI to ensure fairness and accuracy in AI outcomes. * Consistent Data Governance: He is dedicated to implementing consistent data governance across CISA to prevent skewed AI analyses due to inconsistent data practices. * Engagement Across Divisions: Werntz actively engages with different divisions within CISA to harmonize data management and governance efforts. * Education and Training: Part of his strategy includes educating CISA staff about their roles in data stewardship and the impact of data management on AI applications.

Critical infrastructure group launches effort to aid federal agencies’ cyber defenses

The Institute for Critical Infrastructure Technology launched the Center for Federal Civilian Executive Branch Resilience to improve cyber defenses for federal agencies. This initiative focuses on updating standards and procedures, particularly in response to significant cyber incidents like the SolarWinds hack. The center will educate leaders, develop policy recommendations, and prioritize identifying critical cyber issues.

* Initiative launched to enhance federal cyber defenses. * Response to major cyber incidents, including SolarWinds. * Focus on educating leaders and policy recommendations. * Prioritizing zero trust architecture implementation. * Identifying critical cyber issues for federal agencies.

CYBERCOM embraces the non-traditional as acquisition program grows

U.S. Cyber Command (CYBERCOM) is expanding its acquisition team and adopting flexible buying strategies to become the Defense Department's hub for cyber procurement. Initially granted limited acquisition authority in 2016, CYBERCOM has seen these limits lifted by Congress, allowing for increased spending and staffing. The command now enjoys the status of a federal laboratory, enhancing its collaboration with industry and academia, and providing greater control over budgetary decisions for cyber programs. CYBERCOM aims to streamline cyber acquisitions, moving away from traditional DoD processes to accommodate the rapid pace of cybersecurity needs.

* Expanded Authority and Team: Initially granted limited acquisition authority in 2016, CYBERCOM now has expanded spending limits. * Federal Laboratory Status: The designation enhances CYBERCOM's collaboration with industry and academia and gives it more budgetary control. * Joint Cyber Warfighting Architecture: CYBERCOM is building a program office to oversee cyber products and services integration across the military. * Flexible Acquisition Strategies: Moving away from traditional DoD acquisition methods, CYBERCOM is adopting faster, more adaptable processes like DIU’s prototyping process and the Adaptive Acquisition Framework.

CYBERCOM seeks to get more acquisition authority

U.S. Cyber Command (CYBERCOM) is seeking expanded acquisition authority to streamline the procurement of cyber-specific tools and technologies. This effort is part of a broader strategy to enhance its capabilities and agility in addressing rapidly evolving cyber threats. The new authority would allow CYBERCOM to manage and execute contracts more efficiently, reduce redundancies, and better integrate various service components.

* Expanded Authority: CYBERCOM seeks to extend its acquisition authority to streamline procurement processes for cyber-specific tools and technologies. * Interoperability Focus: Aiming to enhance interoperability and reduce redundancies across service components, ensuring a unified technology stack. * Service-like Model: Following a model similar to U.S. Special Operations Command to leverage trained forces from various services while maintaining its own acquisition capabilities. * Industry Collaboration: Plans to expand partnerships with industry and academia to improve acquisition strategies and integrate cutting-edge technologies.

Demystifying AI for the public sector

Government agencies are turning to the private sector for guidance on artificial intelligence (AI), but they face unique challenges compared to businesses. While private sector mistakes may result in profit loss or unsatisfied customers, AI failures in the public sector could disrupt critical services, even affecting lives. Thus, government agencies approach AI more cautiously, often exploring low-risk internal applications before scaling up. Though there are opportunities, agencies must address challenges like ethics, data management, and infrastructure. AI, particularly generative AI (GenAI), can enhance back-office processes but will not replace employees, only augment their productivity.

* Government AI mistakes carry higher risks compared to the private sector. * Agencies are encouraged to begin with internal, low-risk AI applications. * AI can automate back-office tasks, improving efficiency without replacing employees. * Ethical concerns, data organization, and infrastructure gaps are major challenges. * Effective data management is crucial for leveraging AI in public services.

Department of Commerce announces US, UK AI safety partnership

The U.S. and U.K. have formalized a partnership to enhance AI safety through collaborative research, evaluations, and guidance. This agreement, signed by Commerce Secretary Gina Raimondo and U.K. Technology Secretary Michelle Donelan, aims to align scientific approaches and develop robust evaluations for AI models, systems, and agents. The partnership, effective immediately, is part of the Biden administration's broader strategy to work with international partners on AI regulation. It includes plans for joint testing exercises, personnel exchanges between AI safety institutes, and the development of common AI safety testing approaches. This collaboration is housed within the Department of Commerce’s National Institute of Standards and Technology in the U.S. and seeks to extend similar partnerships globally to promote AI safety.

* The U.S. and U.K. have signed a memorandum of understanding for AI safety collaboration. * This partnership aims to align scientific approaches and develop robust evaluations for AI technologies. * Plans include joint testing exercises and personnel exchanges between AI safety institutes. * The collaboration is part of a broader effort to establish international frameworks for AI regulation.

DHS AI roadmap stakes claim to lead government in responsible AI use

The Department of Homeland Security (DHS) has released an AI roadmap outlining its strategy for integrating artificial intelligence into its operations in 2024. This initiative includes launching multiple AI pilot projects and establishing an "AI sandbox" for testing large language models (LLMs). Homeland Security Secretary Alejandro Mayorkas emphasized that these efforts aim to enhance national security, improve departmental operations, and deliver more efficient services to the public, all while safeguarding civil rights, liberties, and privacy. The roadmap highlights the use of generative AI and LLMs in training U.S. Citizenship and Immigration Services officers, assisting law enforcement investigations, and supporting disaster mitigation planning.

* Multiple AI Pilot Projects: DHS plans to implement AI in training, law enforcement investigations, and disaster mitigation planning. * AI Sandbox: An initiative to test LLMs within DHS, aiming to responsibly integrate AI into various operations. * Cybersecurity and AI: CISA to assess AI-enabled capabilities for detecting and remedying cybersecurity vulnerabilities. * Commitment to Privacy and Security: The roadmap emphasizes protecting civil rights and privacy while using AI to enhance national security and efficiency. * Leadership in Responsible AI Use: DHS seeks to set a federal example for ethical AI deployment, including establishing an AI Safety and Security Board and a new AI policy.

DHS unveils practical AI responsibilities for critical infrastructure

The Department of Homeland Security (DHS) unveiled the: Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure, offering voluntary guidelines for safe AI use across 16 critical infrastructure sectors. Developed with the AI Safety and Security Board, the framework addresses AI-related risks, including attacks and design flaws, while proposing roles for cloud providers, AI developers, public sector entities, and others. DHS also highlighted successful AI pilot projects, such as using generative AI for officer training, investigative summaries, and community resilience planning. While future federal adoption may face uncertainty under the incoming Trump administration, the framework aims to endure.

* Framework Introduction: DHS launched voluntary AI guidelines for 16 critical infrastructure sectors to ensure safety and security. * Collaborative Development: The AI Safety and Security Board, including industry and government leaders, helped craft the framework. * Focus Areas: Covers risks like AI misuse, attacks, and design flaws; emphasizes data governance, deployment, and monitoring. * AI Pilot Projects: DHS tested GenAI tools for officer training, investigative summaries, and community resilience planning. * Public Sector Guidance: Encourages responsible AI use, avoiding discriminatory outcomes, and advancing innovation through regulation.

DoD CIO Unveils Zero Trust Overlays Guide

The Department of Defense (DoD) has released the Zero Trust Overlays guide, a comprehensive 400-page document designed to help defense agencies implement zero trust principles. This guide aims to provide clear guidance on controls that facilitate zero trust activities and outcomes, aligning with the goals set forth in a 2021 executive order. The overlays are intended to support risk management practitioners in preventing lateral movement by adversaries within networks and ensuring robust data security.

* Zero Trust Framework: Assumes no inherent trust within the network, requiring continuous authentication and authorization for access to data, assets, and applications. * Comprehensive Guide: A nearly 400-page document providing detailed guidance on implementing zero trust principles within the DoD. * Security Enhancement: Focuses on preventing adversaries from moving laterally within networks, thereby enhancing overall security. * Standardization: Introduces standardized procedures for implementing zero trust across the defense enterprise.

DoD considers faster acquisition pathway for AI

The Defense Department’s software acquisition pathway, designed to streamline software development, has seen slow adoption, with only 50 programs utilizing it. The Army, in particular, is considering creating a sub-path within the software pathway specifically for artificial intelligence (AI) to accelerate AI development and deployment. Young Bang, the Army’s principal deputy assistant secretary for acquisition, logistics, and technology, highlights the need for a faster path for AI, given the rapid cycles required for algorithm development. The Army is working with the Office of the Secretary of Defense to explore this faster process, potentially incorporating AI into the existing software acquisition framework.

* The Army is considering a separate AI-specific sub-path within the software pathway. * AI development requires faster cycles than the current minimum viable capability release (MVCR) timeline of one year. * The software pathway offers flexibility, but AI requires shorter development timelines for faster deployment. * Army leadership is collaborating with the Office of the Secretary of Defense to develop a more agile AI acquisition process.

DoD stands up ‘SWAT team’ to help speed software acquisition

The Department of Defense (DoD) has established a specialized team to expedite software acquisition processes. This SWAT team aims to streamline procurement, ensuring faster delivery and integration of critical software systems. The initiative addresses existing delays and inefficiencies, aiming to enhance the DoD's technological capabilities and responsiveness. By leveraging expertise and optimizing workflows, the team seeks to meet the evolving demands of defense operations more effectively.

* DoD forms a SWAT team to speed up software acquisition. * Focus on streamlining procurement processes. * Aims to enhance technological capabilities and responsiveness. * Addresses existing delays and inefficiencies. * Optimizes workflows to meet defense operation demands.

DoD to add more providers, streamline contracting for JWCC

The Defense Department (DoD) is advancing the Joint Warfighting Cloud Capability (JWCC) initiative by streamlining contracting processes and incorporating more cloud service providers. Over $1 billion in task orders have been issued under JWCC, with the potential for the contract to reach $9 billion over 10 years. The DoD is now preparing for the next phase by identifying new requirements and learning from past experiences with previous contracts like the Joint Enterprise Defense Infrastructure (JEDI). The contract supports various missions, including the Combined Joint All Domain Command and Control (CJADC2), with an average task order lead time of 25 days.

* DoD is expanding JWCC by streamlining contracts and adding more cloud service providers. * $1 billion in task orders have been issued, with a potential $9 billion contract value. * The next phase will incorporate lessons learned and new requirements. * JWCC supports a range of missions, including CJADC2. * The average lead time for task orders is 25 days.

Easterly Pitches Procurement Power to Enforce Cybersecurity

Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), emphasized the significant leverage the Federal government has in enforcing security standards through procurement processes at the GovernmentDX event in D.C. She highlighted the government's ability to mandate security standards for software vendors as a critical tool for enhancing cybersecurity. This approach supports the implementation of President Biden’s cybersecurity executive order aimed at securing the software supply chain. Additionally, the introduction of a secure software development attestation form and compliance with the National Institute of Standards and Technology guidelines are central to these efforts, ensuring that all third-party software meets baseline cybersecurity standards before being utilized by Federal agencies.

* The Federal government uses its procurement power to enforce security standards among software vendors. * The release of a secure software development attestation form is part of efforts to comply with President Biden's 2021 cybersecurity executive order. * This form aligns with an OMB directive from September 2022, requiring adherence to NIST guidance on software security. * CISA promotes a "secure-by-design" approach, emphasizing that building resilience into software from the design phase is essential for operational effectiveness and security.

Empowering responsible AI: How expanded AI training is preparing the government workforce

Over the past decade, the government has embraced user-friendly technology to enhance digital services. The GSA’s AI Community of Practice partnered with OMB to offer the 2024 AI Training Series, expanding on the previous year’s success to train over 14,000 participants from nearly 200 government organizations. The training emphasized responsible AI use and offered three specialized tracks—Acquisitions, Leadership and Policy, and Technical—delivered by leading academic institutions. Grounded in principles of AI safety, transparency, and trust, the program supports government employees in responsibly adopting AI to streamline services and optimize operations. Recordings are now available for broader access.

* Expanded AI Training: The 2024 AI Training Series trained 14,000+ participants across three tailored tracks: Acquisitions, Leadership, and Technical. * High Engagement: Participants reported a 92% satisfaction rate, with positive feedback on content relevance and presentation quality. * AI Safety Principles: Training emphasized safety, transparency, and trustworthiness, in alignment with federal AI directives and policies. * Broad Access: Recordings from the sessions are now available online, with modules to be added to agency learning systems by FY25 Q2. * Continuous Learning: Federal employees can earn Continuous Learning Points and access past recordings via the AI CoP Community Connect page.

Ensuring the Nation’s Cybersecurity Is a Whole-of-Government Effort

The nation's growing reliance on the internet has increased vulnerability to cyberattacks, emphasizing the need for robust cybersecurity. The Software Assurance Community of Practice (SwA CoP), an interagency group founded in 2012, plays a crucial role in enhancing software assurance (SwA) for critical infrastructure and defense systems. Comprising over 300 members from various federal agencies, the SwA CoP develops best practices, shares research, and guides strategies on emerging technologies and threats, including AI and open-source software. Key working groups focus on SBOMs, binary analysis, and workforce development, contributing to national cybersecurity efforts.

* SwA CoP Role: Enhances cybersecurity through interagency collaboration on SwA best practices and strategies. * Focus Areas: AI, open-source software, and mitigating novel security risks in critical infrastructure. * Active Working Groups: Address SBOMs, binary analysis, and SwA education and workforce development. * HSQA Research: Measures source code quality and security in critical infrastructure.

Executive Order on Further Advancing Racial Equity and Support for Underserved Communities Through The Federal Government

On February 16, 2023, President Joe Biden signed Executive Order 14091. This executive order aims to further advance racial equity and support underserved communities through the federal government. It shows the administration's commitment to addressing systemic barriers that hinder prosperity, dignity, and equality for many underserved communities.

* This is a continuation of the administration's efforts, starting with Executive Order 13985 signed two years ago. * The new executive order integrates equity-focused policies and processes within government operations across the executive branch and federal agencies. * To achieve equitable outcomes, the administration must implement additional policies and processes that remove systemic barriers and promote equal opportunity for all.

Expedited STEM and cybersecurity hiring authority extended

The Office of Personnel Management (OPM) has extended and modified direct hire authority for federal agencies to facilitate hiring in STEM, acquisitions, and cybersecurity roles through December 31, 2028. This authority simplifies the hiring process by removing ranking procedures when there is a candidate shortage or critical hiring need. It now includes criminal investigators with cybersecurity and IT expertise, covering positions at pay grade levels 11 through 15. Additionally, agencies can appoint individuals for up to 10 years for certain long-term STEM projects, and the Biden administration has shifted the focus of IT and cyber roles towards skills rather than educational qualifications.

* OPM extended direct hire authority for STEM, acquisitions, and cybersecurity personnel through 2028. * The authority now includes criminal investigators with cybersecurity and IT expertise. * Positions covered range from pay grade levels 11 to 15. * Agencies can hire for up to 10 years for specific long-term STEM projects. * The administration is prioritizing skills over educational qualifications for IT and cyber roles.

FACT SHEET: Biden-⁠Harris Administration Announces New AI Actions and Receives Additional Major Voluntary Commitment on AI

The Biden-Harris Administration announced new actions and major voluntary commitments on AI. These include AI safety guidelines, expanded AI talent recruitment, and initiatives for responsible AI development and use. The administration aims to enhance AI safety, advance U.S. leadership in AI, and address AI's ethical and societal impacts through comprehensive strategies and international collaboration.

* AI safety guidelines and frameworks released. * Over 200 AI professionals hired under the AI Talent Surge. * $23 million initiative for privacy-enhancing technologies. * Global AI standards and leadership initiatives.

FACT SHEET: Biden-⁠Harris Administration Announces New Better Contracting Initiative to Save Billions Annually

The Biden-Harris Administration recently announced the Better Contracting Initiative, which aims to save billions of dollars annually by modernizing how the federal government purchases goods and services. The initiative will focus on improving management of service contracts, reducing unnecessary contract duplication, increasing small business participation, and leveraging the government's buying power. Key components include new training for acquisition personnel, enhanced data analysis to identify savings opportunities, strengthened contractor oversight, and pilot programs to test new procurement approaches. Overall, the initiative seeks to deliver better value for taxpayers by making federal contracting more efficient, transparent, and cost-effective.

* Modernizes federal procurement to save billions annually. * Improves management of service contracts, reduces duplication. * Increases small business participation, leverages buying power. * Provides new training for acquisition personnel. * Strengthens contractor oversight, pilots new approaches.

FACT SHEET: OMB Releases FedRAMP Guidance to Accelerate the Secure Adoption of Cloud Services

The White House released new FedRAMP guidance to improve federal cloud service adoption, focusing on security, automation, and efficiency. Agencies have 180 days to update policies in line with this guidance. The initiative aims to streamline security assessments, enhance governance, and encourage secure cloud adoption to better serve the public and protect data.

* Security Emphasis: Strengthening security standards for cloud services. * Automation: Implementing automated processes for quicker security assessments. * Policy Updates: Agencies must align policies with the new guidance within 180 days. * Enhanced Governance: Strengthening oversight through the FedRAMP Board and Technical Advisory Group.

FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence

On October 30, 2023, President Biden issued an executive order aimed at fostering responsible development and use of Artificial Intelligence (AI) in the United States. The order establishes a framework of principles that federal agencies must follow when adopting AI systems. It directs agencies to assess AI risks, minimize harmful bias, ensure high standards of data quality, and regularly test systems for safety and security vulnerabilities. The order also creates an AI Bill of Rights that protects citizens' civil liberties and sets limits on how their data can be used by AI systems. To oversee implementation, the order establishes a National AI Advisory Committee comprising government, private sector, academic and civil society experts.

* Establishes principles for responsible AI use in federal agencies. * Creates AI Bill of Rights to protect civil liberties and data privacy. * Directs testing of AI systems for biases, safety issues and security flaws. * Sets up National AI Advisory Committee to guide implementation. * Aims to strengthen public trust and prevent harmful impacts from AI.

FDA’s Digital Transformation Mantra: Buy vs. Build

FDA CTO Mohammed Sohail Chaudhry emphasized the pivotal role of cloud technology in the FDA’s digital transformation, aligning with the agency's Buy vs. Build approach. Speaking at the Cloud Summit, he highlighted cloud’s contributions to innovation, scalability, cost-effectiveness, and collaboration. The FDA is developing a OneFDA Ecosystem to unify its applications and systems, enhancing efficiency and innovation. The FDA also promotes transparency and communication through its annual IT operating plan and events like the upcoming Scientific Computing and Digital Transformation Symposium.

* Cloud Technology in FDA: Central to innovation, scalability, cost-effectiveness, and reducing IT overhead. * Buy vs. Build Mantra: Focus on adopting cloud solutions over custom on-premise systems. * OneFDA Ecosystem: A unified system to streamline operations and foster collaboration. * Transparency and Communication: Emphasized through annual IT plans and strategic events.

Fed CIOs: AI Surge Offers Chance to Reform Hiring

Federal Chief Information Officers (CIOs) see the rapid increase in artificial intelligence (AI) usage as an opportunity to reform federal hiring practices. By incorporating AI tools, agencies can streamline the recruitment process, enhance the identification of qualified candidates, and improve diversity in hiring. The surge in AI adoption also offers a chance to address skill gaps and build a more agile and technologically adept workforce within federal agencies.

* Federal CIOs leverage AI to reform hiring practices. * AI tools streamline recruitment and improve candidate identification. * Efforts aim to enhance diversity in hiring. * Addresses skill gaps in the federal workforce. * Promotes a technologically adept and agile federal workforce.

Federal CIO: The TMF has been vital to government’s improved cybersecurity stature

Federal CIO Clare Martorana highlighted the critical role of the Technology Modernization Fund (TMF) in advancing federal cybersecurity since the signing of Executive Order 14028 in 2021. With $935 million invested across 56 projects, primarily addressing cybersecurity, the TMF has helped agencies adopt zero trust, multi-factor authentication, and identity management. Despite its success, including an 80% project success rate compared to 13% for traditional IT acquisitions, Congress has been hesitant to sustain funding. Martorana and GSA head Robin Carnahan urged continued support for TMF, emphasizing its necessity for agile, timely investments in the face of evolving cyber threats.

* Technology Modernization Fund (TMF): Critical for modernizing federal cybersecurity and addressing immediate security gaps. * Significant Investment: $935 million invested in 56 projects, 92% addressing cybersecurity needs. * Success Rate: TMF projects boast an 80% success rate, vastly outperforming traditional IT projects. * Funding Challenges: Congress zeroed TMF funding for fiscal 2024, despite its demonstrated effectiveness. * Call to Action: Federal leaders urge industry partners and Congress to advocate for sustained TMF funding to ensure continued cybersecurity advancements.

FedRAMP board launched to support safe, secure use of cloud services in government

The U.S. General Services Administration (GSA) has launched a new governing board for the Federal Risk and Authorization Management Program (FedRAMP). This board will replace the Joint Authorization Board and support the safe and secure use of cloud services in the federal government. The board consists of federal agency executives with expertise in technology, cybersecurity, and engineering. It aims to streamline the FedRAMP process, enhance cybersecurity, and foster collaboration across agencies.

* GSA launches a new FedRAMP governing board. * The board replaces the Joint Authorization Board. * Comprised of federal executives with tech and cybersecurity expertise. * Aims to streamline processes and enhance federal cybersecurity. * Supports secure cloud service adoption across federal agencies.

FedRAMP’s new director has big plans for the cloud compliance program

Pete Waterman, the new FedRAMP director, is spearheading significant changes to the cloud services compliance program. His focus is on speeding up authorizations, improving quality, and increasing transparency and collaboration with industry. Waterman plans to introduce a new FedRAMP roadmap within two months and implement a minimum viable program authorization by fiscal year 2025. He emphasizes making the process more efficient, repeatable, and defensible, with a goal of lowering risk, complexity, and costs for both government and cloud service providers.

* New FedRAMP roadmap and minimum viable program authorization planned for FY25. * Waterman aims to reduce current application review times of 20+ weeks. * Focus on making authorization processes more efficient, transparent, and defensible. * Prioritizes industry collaboration and public engagement for long-term program improvements. * Goal is to reduce risk and complexity for government cloud adoption.

Feds Beware: NSA Details how China-Based Attacks Unfold

The National Security Agency (NSA), in collaboration with the Australian Signals Directorate (ASD) and other agencies, has released a cybersecurity advisory detailing the tactics of a Chinese state-sponsored cyber group, APT40. Known for targeting organizations in the U.S. and Australia since 2017, APT40 exploits vulnerabilities in widely used software and uses compromised devices, including home office devices, for its operations. The advisory outlines how APT40 quickly exploits new public vulnerabilities, such as those in Log4J and Microsoft Exchange, and provides mitigation strategies for network defenders.

* APT40 Overview: The group, linked to the PRC Ministry of State Security, targets government networks using advanced cyber espionage techniques. * Exploitation Tactics: APT40 focuses on exploiting public-facing infrastructure vulnerabilities rather than user-initiated actions like phishing. * Compromised Devices: The group uses end-of-life or unpatched small-office/home-office (SOHO) devices for attacks, blending in with normal network traffic. * Mitigation Strategies: The advisory recommends comprehensive logging, prompt patching, network segmentation, close monitoring of services, and disabling unused network services.

Feds, military personnel compete in President's Cyber Cup Challenge

The 2024 President’s Cyber Cup Challenge, aimed at identifying top cybersecurity talent within the federal government, concluded in mid-April. The team "Artificially Intelligent," composed of four Army members and one Air Force member, clinched the victory. Organized by CISA, the competition offered a platform for participants to showcase and enhance their cybersecurity skills through a series of practical and playful tasks. These in-person events, resumed after COVID, have fostered valuable networking and friendly competition among government cybersecurity professionals.

* Team Composition: The winning team, "Artificially Intelligent," consisted of four Army members and one from the Air Force. * Event Organization: The challenge is run by the Cybersecurity and Infrastructure Security Agency (CISA) and includes multiple rounds of cybersecurity-related tasks. * Task Design: Competitions feature practical cybersecurity simulations and more creative challenges like spaceship-themed games. * Networking and Growth: The in-person format post-COVID enhances networking among participants and fosters a competitive yet collegial atmosphere. * Talent Showcase: The event aims to highlight and develop the cybersecurity capabilities already present within the federal workforce.

GAO pushes forward on intelligent automation to improve cybersecurity, CX

The Government Accountability Office (GAO) is leveraging intelligent automation to improve cybersecurity, operational efficiency, and customer experience. This approach enhances GAO’s proactive cyber defense, automating processes to prevent data exposure and secure sensitive information. GAO's upcoming IT strategic plan (2025-2027) focuses on automation for cybersecurity, legislative mandate tracking, and improved customer experience. Tools like chatbots and AI-driven editors help streamline workflows, reduce manual effort, and boost employee self-service. The goal is to make technology intuitive, enabling employees to focus on core tasks while improving both customer satisfaction and efficiency.

* GAO is using intelligent automation to enhance proactive cybersecurity and prevent data breaches. * The 2025-2027 IT strategic plan focuses on automation for cybersecurity and legislative tracking. * Automation helps manage thousands of devices while complying with cybersecurity mandates. * GAO aims to improve the customer experience through user-centric, automated systems. * The agency is measuring and working to reduce customer effort to improve mission outcomes.

GSA AI-themed hackathon reimagines user experience for federal websites

On July 31, the GSA, alongside industry and federal agency sponsors, hosted the Federal AI Hackathon to enhance government websites and digital services using AI. Over 250 participants across Washington, Atlanta, and New York City collaborated to optimize government services by writing code, proposing development standards, and improving AI reliability. GSA Administrator Robin Carnahan emphasized that leveraging AI is crucial for improving public trust and government efficiency, aligning with the Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. The event aimed to shape the future of digital government, with solutions judged and rewarded from five federal websites.

* Federal AI Hackathon focused on improving government digital services using AI. * Over 250 participants across three cities collaborated on optimizing government services. * GSA Administrator Carnahan highlighted the importance of AI in building public trust and efficiency. * Participants developed AI-powered solutions for five federal websites, with four teams winning cash prizes.

GSA announces AI-themed hackathon

The General Services Administration (GSA) is organizing an AI-themed hackathon on July 31, 2024, across Atlanta, New York, and Washington, D.C. The event aims to enhance federal websites for AI usability while maintaining human user experience. Participants will compete for a $10,000 prize, utilizing AI and cloud tools from co-sponsors like OpenAI, Microsoft, and Slack. The goal is to reimagine government websites to ensure reliable AI-generated information and improved user interactions.

* Event Date and Locations: July 31, 2024, in Atlanta, New York, and Washington, D.C. * Prize: $10,000 cash prize. * Objective: Optimize federal websites for AI and human usability. * Sponsors: OpenAI, Microsoft, and Slack. * Tools: Access to advanced AI and cloud technologies provided by sponsors.

GSA begins FedRAMP pilot to change request process

The General Services Administration (GSA) has announced a new FedRAMP pilot program utilizing a non-blocking process to review significant changes to the governmentwide compliance program for cloud services. The Agile Delivery pilot aims to replace the current significant change request process with a more streamlined approach, removing the need for advanced approval for each change. Cloud service providers are invited to apply, with the GSA emphasizing the importance of continuous assessment rather than point-in-time evaluations to enhance security and efficiency.

* Non-Blocking Process: The pilot will remove the requirement for advanced approval for each change, allowing cloud service providers to move through the process more smoothly. * Focus on New Features: The pilot will concentrate on adding new features to existing cloud service offerings, addressing a significant pain point in the current FedRAMP process. * Application and Timeline: Applications are open until July 26, with selections expected by August 16. Providers planning to release new features by the end of the year are encouraged to apply. * Continuous Assessment: The long-term goal is to shift towards a continuous assessment model, ensuring ongoing confidence in security without the delays associated with the current process. * Stakeholder Impact: The pilot may initially result in delays for agencies, and cloud providers might create government-specific offerings that lag behind commercial ones to avoid development delays.

GSA calls for nominations to emerging tech-focused acquisition advisory committee

The General Services Administration (GSA) is seeking nominations for its emerging tech-focused Acquisition Policy Federal Advisory Committee (GAP FAC). This committee advises the GSA Administrator on key acquisition challenges and opportunities, emphasizing emerging technologies and sustainability. The focus is on integrating climate and sustainability considerations into federal acquisition processes to support the agency's role as America's primary buyer of goods and services. The GAP FAC aims to drive regulatory, policy, and process changes to enhance federal acquisition strategies.

* Advisory Role: The GAP FAC provides guidance on acquisition challenges, focusing on emerging tech and sustainability. * Climate and Sustainability: The committee aims to embed climate and sustainability considerations in acquisition processes. * Diverse Expertise: The committee includes experts and leaders from various fields to shape acquisition policies and practices. * Regulatory and Policy Changes: Recommendations focus on driving necessary changes to streamline acquisitions and support sustainable practices.

GSA chief advocates for simplified cloud buying, ‘best value’ contracting as Congress considers legislation

Robin Carnahan, head of the General Services Administration (GSA), is optimistic about legislative efforts to modernize federal procurement policies for cloud services and adopt a best value approach rather than prioritizing the lowest cost. Speaking at the Imagine Nation ELC 2024 conference, she highlighted the Federal Improvement in Technology Procurement Act and the Value Over Cost Act, which aim to streamline procurement and enhance value. Both bills have passed the House Oversight Committee, but Congress faces a tight deadline to act before its term ends in January 2025.

* Legislation for Modern Procurement: Two bills aim to update federal procurement policies for the digital age. * Cloud Services Subscription Model: The Federal Improvement in Technology Procurement Act promotes a subscription-based model for cloud services. * Best Value Over Lowest Cost: The Value Over Cost Act allows awarding contracts based on best value rather than the lowest cost. * Bipartisan Support: Both bills passed the House Oversight Committee unanimously.

GSA closes in on enterprisewide software deal with Microsoft

The General Services Administration (GSA) is nearing completion of a governmentwide framework for standardized software contract terms with Microsoft, addressing challenges identified by the Office of Federal Procurement Policy (OFPP) under its Better Contracting Initiative (BCI). This effort aims to streamline software procurement, reduce pricing disparities, and enhance federal cybersecurity. The initiative involves 24 key terms and conditions, based on extensive analysis of contracts from the 24 CFO Act agencies. GSA's optimism stems from collaboration with agencies and lessons from past initiatives. While Microsoft is the first focus, similar agreements with other major vendors are anticipated.

* Standardized Terms: GSA is finalizing 24 standardized contract terms for Microsoft software to streamline agency contracts. * Cost and Efficiency Gains: Aims to reduce up to 20% price variance, secure favorable terms, and capture 25% efficiency gains. * Collaborative Approach: Developed through interagency collaboration, workshops, and lessons from past software initiatives. * Focus on Major Vendors: Microsoft is the first target, with plans to expand to other OEMs. * Impact: Expected to enhance cybersecurity and reduce duplicative or unnecessary license purchases.

GSA Extends Alliant 3 Contract Deadline to January

The General Services Administration (GSA) extended the deadline for the Alliant 3 Governmentwide Acquisition Contract (GWAC) proposals from October 28, 2024, to January 10, 2025, to allow time for reviewing public questions and ensuring high-quality submissions. GSA aims to provide clarity to vendors by releasing government responses and amendments until October 25. The Alliant 3 contract, covering a broad range of IT services with no maximum ceiling, was released in June 2024 after a draft in October 2022. A pre-recorded conference for vendors will be available around November 8, 2024.

* Proposal deadline for Alliant 3 extended to January 10, 2025. * Extension allows time for reviewing public questions and amendments. * Alliant 3 contract covers extensive IT services with no maximum ceiling. * First set of government responses to vendor questions has been released. * GSA plans a pre-recorded conference for vendors around November 8, 2024.

GSA Multiple Award Schedule update reduces barriers and costs for buyers and sellers of software licenses

The U.S. General Services Administration (GSA) updated the Multiple Award Schedule (MAS) to allow upfront payments for Software as a Service (SaaS) licenses, reducing costs and administrative burdens for agencies and vendors. This change supports small businesses and aligns government practices with commercial norms. The update stems from GSA's research and feedback from stakeholders, aiming to facilitate easier, more cost-effective cloud solutions procurement.

* Upfront payments for SaaS licenses now allowed. * Reduced administrative burdens for agencies and vendors. * Supports small business participation. * Aligns with commercial payment practices. * Aims to make cloud solutions procurement easier and less costly.

GSA recruits diverse tech talent to drive innovation across the federal government

GSA is recruiting diverse tech talent through the U.S. Digital Corps (USDC) and Presidential Innovation Fellows (PIF) programs to drive federal innovation. These programs are bringing in technologists with skills in AI, data strategy, and digital transformation to address critical challenges. In 2024, the aim is to hire over 100 technologists, focusing on areas like AI's responsible use in energy, healthcare, and mortgage lending.

* GSA is using USDC and PIF programs to recruit diverse tech talent. * Over 100 technologists are being hired in 2024. * Focus areas include AI, data strategy, and digital transformation. * PIF is a one-year program for mid-to-senior level leaders, while USDC is a two-year fellowship for early-career technologists.

GSA releases generative AI resource guide for federal purchasers

The General Services Administration (GSA) recently unveiled a comprehensive resource guide aimed at federal purchasers interested in acquiring generative artificial intelligence (AI) solutions and related computing infrastructure. This initiative fulfills a mandate from the White House's October AI executive order. The guide provides practical advice on navigating the procurement process for generative AI, offering key questions and considerations for contracting officers to deliberate. Laura Stanton, the assistant commissioner in the GSA’s Office of Information Technology Category, emphasized the dynamic nature of generative AI technology and the ongoing evolution of the guide to match technological advancements. She highlighted the crucial role of contracting officers in collaborating with program and IT staff to ensure that the acquired AI solutions meet agency needs securely and effectively.

* Procurement Strategies: It outlines strategic approaches for contracting officers to handle gen AI procurement, ensuring they make informed decisions. * Usage and Testing: The guide suggests using sandboxes or testbeds for agencies to experiment with generative AI before making significant investments. * Problem Definition: It assists agencies in clearly defining the problems they aim to solve with AI technology. * Ongoing Updates: The GSA plans to regularly update the guide as AI technology progresses, ensuring it remains relevant.

GSA’s new approach to small business matchmaking

The General Services Administration (GSA) is refining its approach to small business matchmaking by implementing new strategies to attract small enterprises, particularly those with innovative technology capabilities. This initiative is part of the solicitation for the Alliant 3 IT services contract, which is in its final stages of preparation. The focus is on creating more opportunities for small businesses in the federal marketplace, encouraging their participation in larger contracts and promoting technological innovation within government projects.

* Enhanced Opportunities for Small Businesses: The initiative aims to attract more small businesses, especially those with innovative technological solutions, to engage in federal contracting. * Focus on Technology and Innovation: The approach emphasizes technological innovation, encouraging small businesses with such capabilities to participate. * Integration in Alliant 3 IT Services Contract: This strategy is a part of the solicitation for the Alliant 3 IT services contract, indicating a significant opportunity for small businesses. * Promotion of Larger Contract Participation: The effort is designed to facilitate the entry of small enterprises into larger contracts, thereby expanding their potential market within the federal sector. * Support for Business Growth: The GSA is providing platforms and resources to support the growth and development of small businesses in the federal marketplace.

Harnessing AI innovation across federal agencies

Federal agencies are increasingly adopting AI to improve mission effectiveness, security, and operational efficiency, as highlighted in a recent FedScoop video series. AI is enhancing decision-making in battlefield applications, disaster management, and cybersecurity while also supporting space exploration and IRS operations. Key challenges include building flexible AI infrastructure, ensuring responsible AI use, and upskilling personnel.

* AI supports critical battlefield, disaster management, and cybersecurity operations. * Federal agencies are investing in flexible AI infrastructure and workforce upskilling. * NASA and IRS use AI to optimize operations and improve efficiency. * Challenges include ensuring data privacy, responsible AI use, and managing costs. * Broadcom’s “private AI” solutions offer scalable AI while maintaining security and compliance.

HHS Creates new Office to Oversee Cyber, AI; Seeks to Fill key Tech Roles

The Department of Health and Human Services (HHS) announced a reorganization to streamline and enhance its technology, cybersecurity, data, and AI strategy and policy functions. This includes establishing a new office, renaming ONC to the Assistant Secretary for Technology Policy and ONC (ASTP/ONC), and consolidating oversight of technology-related roles. The reorganization aims to bolster HHS’s capabilities in addressing pressing issues in healthcare technology.

* HHS has created a new office, ASTP/ONC, to consolidate technology, data, and AI strategy and policy. * The search for permanent positions of CTO, CDO, and CAIO has begun. * Oversight of technology, data, and AI policy will move from ASA to ASTP/ONC. * National Coordinator Micky Tripathi will serve as the assistant secretary for technology policy and acting CAIO. * The public-private cybersecurity efforts will transfer from ASA to ASPR to enhance healthcare cybersecurity.

House committee introduces 5 guardrails for internal AI use

The Committee on House Administration has introduced five AI guardrails to guide responsible AI use within the U.S. House of Representatives. These guardrails emphasize human oversight, clear policies, thorough testing, transparency, and workforce education. Developed through discussions with various officials, these guidelines aim to balance operational efficiency with careful control over AI deployment. Key activities include upskilling staff, conducting hearings, and planning future AI uses with other government entities. The committee focuses on integrating AI safely with existing IT policies and exploring its impact through the federal acquisitions process.

* Five AI Guardrails Established: Human oversight, clear policies, robust testing, transparency, and workforce education. * Development through Discussion: Collaborative efforts with key legislative and technology officials during a private roundtable. * Upcoming Focus Areas: Upskilling staff, harmonizing AI use cases, and planning future AI implementations. * Integration with IT Policies: Prioritizing the integration of AI systems with broader cybersecurity and IT protocols. * Future Acquisitions: Examining the federal acquisitions process to ensure safe AI use and learning from state and local governments.

How AI, intelligent automation can revolutionize operations for federal agencies

AI and intelligent automation are transforming data management practices across federal agencies, including the Library of Congress. Suman Shukla, head of data management at the Library, leads efforts to digitize and govern vast historical records. By establishing a centralized data warehouse and fostering data literacy, Shukla aims to modernize operations and leverage AI for efficiency. Other agencies, like the VA, are focused on AI-driven collaboration, with initiatives like Aspire enhancing workforce training. Despite AI’s potential, challenges like digitizing legacy data remain.

* AI and automation are critical to modernizing data management in federal agencies. * Suman Shukla is driving data governance and literacy at the Library of Congress. * AI tools, such as BI systems, drastically improve efficiency in reporting processes. * Cross-agency AI collaboration, especially at the VA, is crucial for innovation and training.\ * Challenges like digitizing handwritten records persist, requiring advanced technologies.

How GSA is delivering new IT capabilities faster than ever

The General Services Administration (GSA) is evolving its technology approach, focusing on human-centered design, rapid delivery, and data-driven innovation. By leveraging low-code/no-code platforms, GSA now delivers new tools in an average of 14 days, tailoring solutions to real-time and anticipated needs. GSA’s emphasis on customer and user experience has driven continuous improvements, such as refining SAM.gov through iterative feedback. For 2025, GSA prioritizes enterprise data management to ensure AI outcomes are reliable and ethical. To govern AI effectively, GSA established oversight boards for privacy, security, and safety, with plans to unify them for comprehensive management of this transformative technology.

* Rapid Delivery: GSA delivers new business tools in 14 days on average using low-code/no-code platforms. * Customer-Centric Approach: GSA emphasizes human-centered design and has iteratively improved systems like SAM.gov based on user feedback. * 2025 Priorities: Focused on enterprise data management to enhance AI reliability and address ethical computing challenges. * AI Oversight Boards: Established boards for privacy, security, and safety of AI tools, with plans to unify them for comprehensive governance. * Technology Leadership: GSA continues to lead in customer and user experience while advancing agile and responsive technology capabilities.

How the Biden administration is tackling diversity in federal AI hiring

The Biden administration is focusing on increasing diversity in federal artificial intelligence (AI) hiring. This initiative aims to create a more inclusive workforce by addressing disparities and fostering an environment that encourages varied perspectives in AI development and implementation. Efforts include targeted recruitment strategies, partnerships with diverse institutions, and the establishment of inclusive policies and training programs to support equitable hiring practices within federal agencies.

* Focus on increasing diversity in federal AI hiring. * Targeted recruitment strategies and partnerships with diverse institutions. * Establishment of inclusive policies and training programs. * Aims to create an inclusive and equitable federal workforce. * Encourages varied perspectives in AI development and implementation.

How the State Department is leaning into AI, modernization efforts to support federal workers

As technology evolves, the federal workforce must adopt innovative technologies to enhance productivity and efficiency. Don Bauer, CTO for global talent management at the Department of State, emphasizes the importance of integrating technology to support a global workforce. Challenges include data integration and maintaining control over corporate IP. Modernization efforts, including implementing trustworthy AI like state chat, are crucial. AI can help streamline recruitment and onboarding processes, while reducing overhead and vulnerabilities. Bauer highlights the importance of connectivity and integration for a modern user experience.

* Technology Integration: Essential for supporting a global workforce. * Data Control: Importance of keeping corporate IP within the department. * Modernization Challenges: Balancing ongoing operations with modernization. * Connectivity: Reducing overhead and vulnerabilities through integration.

How TMF is helping agencies harness artificial intelligence

The Technology Modernization Fund (TMF), in partnership with the Office of Management and Budget (OMB), is playing a crucial role in helping government agencies harness the power of artificial intelligence (AI). This effort is aligned with the President's Executive Order on the Safe, Secure, and Trustworthy Development and Use of AI, which emphasizes responsible AI use to enhance service delivery, drive innovation, and improve decision-making across federal agencies.

* Funding Innovation: TMF provides financial support for AI projects to overcome budget constraints and drive IT modernization across federal agencies. * Modernizing Legacy Systems: TMF funds help update outdated IT infrastructure, making it compatible with advanced AI technologies. * Building Technical Capacity: TMF offers technical assistance to ensure federal agencies can effectively implement and benefit from AI initiatives. * Ensuring Ethical AI Use: TMF invests in frameworks for data governance, privacy protection, and algorithmic transparency to mitigate risks associated with AI deployment.

Informatica's Data in Action Summit: A Comprehensive Overview

On December 6th, 2023 the governmentwide ITVMO attended the Data in Action Summit by Informatica. As more government agencies evolve their citizen services into efficient platforms, leaders are increasingly relying on data as a key indicator of success and a means to drive change. Data, once a helpful resource, has now become crucial in the intricate modernization journey. IT officials find data and its analytical tools indispensable for building a government that is not only effective but also transparent, allowing them to witness their efforts in real time.

Innovation in Supply Chain: Managing Risk With Advanced Technology

The U.S. government faces significant challenges in its logistics missions due to global supply chain disruptions and geopolitical tensions. Agencies like GDIT are focusing on sophisticated supply chain risk management, incorporating AI and emerging technologies to mitigate risks such as cyber threats and counterfeit products. Efforts include pre-positioning stock, leveraging advanced data analytics, and empowering personnel to make critical decisions. The government aims to ensure resilient and reliable supply chains by adapting processes and improving coordination among federal agencies.

* Global disruptions and geopolitical tensions impact U.S. supply chains. * Agencies use AI and advanced technologies for supply chain risk management. * Strategies include pre-positioning stock and tracking multiple risk factors. * Empowering personnel and data-driven decision-making are critical. * Focus on resilience and reliability in supply chain operations.

JWCC Surpasses $1B Mark, Over 65 Task Orders Awarded

The Department of Defense (DoD) has surpassed $1 billion in spending on its $9 billion Joint Warfighting Cloud Capability (JWCC) contract, distributing over 65 task orders to various U.S. defense organizations. The JWCC, involving Google, Oracle, Amazon Web Services, and Microsoft, replaced the canceled $10 billion JEDI project. Task orders, which focus on areas like the Combined Joint All Domain Command and Control (CJADC2) initiative, vary in classification and capability. The average lead time for a task order is 25 days, though this can vary. The DoD aims to enhance cloud integration with partners and allies.

* DoD exceeded $1 billion in spending on the JWCC contract. * Over 65 task orders distributed to various U.S. defense organizations. * JWCC involves Google, Oracle, Amazon Web Services, and Microsoft. * Task orders focus on diverse areas, including the CJADC2 initiative. * Average lead time for task orders is 25 days, with variation based on size and competition.

Major agencies are close to meeting September zero trust deadline, federal CIO says

Federal agencies are close to meeting a September 30 deadline to adopt zero trust architecture, a cybersecurity model that requires constant verification for access to sensitive systems. According to federal CIO Clare Martorana, 24 CFO Act agencies are nearing 100% compliance, with overall federal completion at 87%. Zero trust implementation follows a 2021 executive order and a 2022 memo from the Office of Management and Budget. This initiative, driven by high-profile cyber incidents like the Colonial Pipeline attack, is seen as a continuous process to strengthen federal cybersecurity against evolving threats.

* Agencies are close to meeting a deadline for zero trust architecture adoption. * Zero trust requires continuous verification for network access, enhancing security. * The initiative follows a 2021 executive order and aims for completion by fiscal 2024. * Federal compliance has increased from 81% to 87%. * The approach addresses cyber threats and aims to prevent breaches like those in recent years.

MITRE’s Federal AI Sandbox will focus on critical infrastructure, weather modeling, social services

MITRE announced plans to train three new AI foundation models focused on critical infrastructure, weather modeling, and sustainable social services using its Federal AI Sandbox, a supercomputer designed for large-scale AI model training. This AI initiative aims to enhance cybersecurity, improve weather predictions, and streamline government workflows. Agencies can access the sandbox through existing MITRE contracts, with the sandbox expected to be available by the end of 2024. The White House emphasizes the importance of strong federal R&D funding to ensure the success of AI and other transformative technologies in addressing national challenges.

* MITRE will train AI models focused on critical infrastructure, weather, and social services. * The Federal AI Sandbox will support generative AI, multimodal perception, and reinforcement learning. * The AI models aim to improve cybersecurity, weather forecasting, and government workflows. * Agencies can access the AI sandbox through MITRE's federally funded R&D centers. * The White House calls for robust funding for R&D to support national technology goals.

More agencies turn to AI to fix website accessibility issues

Federal agencies are increasingly leveraging AI to enhance the accessibility of their digital services, ensuring compliance with government standards like Section 508. AI tools are being used to flag and address accessibility issues on government websites more effectively. Key figures like Betsy Sirk from NASA and Joe Carter from HUD emphasize the potential of AI to improve user experience, particularly for individuals with disabilities. Agencies are focusing on co-designing digital platforms with inclusivity in mind, driven by the belief that accessible services not only comply with regulations but also build public trust and enhance overall service delivery.

* Federal agencies are using AI tools to improve compliance with accessibility standards on their websites. * AI can enhance digital accessibility by creating more adaptive user interfaces and flagging accessibility issues more efficiently. * HUD is focusing on co-designing accessible digital platforms with input from users, including those with disabilities. * The General Services Administration hosted an AI hackathon to improve user experience across federal websites. * Enhancing digital accessibility is seen as crucial for building public trust and improving service delivery for all users.

Nearly 200 firms have signed pledge to build more secure software, top cyber official says

Nearly 200 tech and cybersecurity companies have signed the U.S.-led Secure by Design pledge, which commits them to incorporating default secure features in their products, particularly for enterprise customers and retail sales. The Cybersecurity and Infrastructure Security Agency (CISA) initiated this pledge to address ongoing software quality issues, emphasizing the need for secure products rather than additional security tools. The pledge, first introduced at the RSA Conference, includes measures such as managing vulnerability disclosure programs and reducing default passwords. Legal experts argue that the software market lacks incentives for secure development, leaving customers vulnerable to cyber exploitation.

* Nearly 200 companies signed the Secure by Design pledge led by CISA. * The pledge emphasizes building default secure features in tech products. * CISA's initiative addresses software quality issues rather than adding more security products. * The pledge includes managing vulnerability disclosures and reducing default passwords.

New CISA Issuance to Help Federal Agencies Implement DNS Encryption

The Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal civilian agencies implement Domain Name System (DNS) encryption. The "Encrypted Domain Name System Implementation Guidance" includes technical advice, references, and a checklist for necessary changes. This effort is part of a broader initiative mandated by the Office of Management and Budget (OMB) to enhance zero trust cybersecurity principles within government agencies. The guidance is also beneficial for non-governmental organizations aiming to improve their cybersecurity frameworks.

* CISA's new guidance aids federal agencies in implementing DNS encryption. * The guidance is part of OMB's zero trust cybersecurity initiative. * Resources include technical guidance, references, and a checklist. * Enhances overall cybersecurity posture of federal IT networks. * Useful for both governmental and non-governmental organizations.

New US cyber official wants ‘brutal honesty’ on industry collaboration efforts

The new U.S. Cybersecurity official is advocating for brutal honesty in collaboration efforts with the industry. This approach emphasizes transparent communication about vulnerabilities and challenges to improve the overall cybersecurity posture. The official aims to foster a cooperative environment where industry and government can work together to address pressing cyber threats, particularly those targeting critical infrastructure. This initiative is part of broader efforts to enhance resilience against cyber incidents and advance secure technology practices.

* Brutal Honesty: Advocating for transparent communication about vulnerabilities and challenges. * Industry Collaboration: Strengthening partnerships between government and private sector. * Critical Infrastructure: Focus on protecting key infrastructure from cyber threats. * Enhanced Cybersecurity: Improving overall cybersecurity posture through cooperation. * Resilience: Building a more resilient cybersecurity framework against potential incidents.

NIST adds 5 new members to its AI Safety Institute

The National Institute of Standards and Technology (NIST) has recently expanded its AI Safety Institute by adding five new members. These members come from a variety of backgrounds, enhancing the institute's expertise and ability to address AI safety in line with national security needs and standards development. This move aligns with the broader federal initiative to prioritize AI safety and effectiveness in government operations.

* Five new experts have joined the NIST AI Safety Institute. * The new members bring diverse skills to enhance AI safety and standards. * This initiative is part of a broader federal focus on AI technology. * The goal is to integrate AI safely into national security and governmental standards​.

NIST Wants Feedback on Zero Trust Architecture Guide

NIST's National Cybersecurity Center of Excellence (NCCoE) has released a draft practice guide, Implementing a Zero Trust Architecture (ZTA), for public feedback. The guide simplifies the process of adopting ZTA by showcasing 19 example implementations created with 24 technology providers. These implementations include detailed instructions, models, and resources for IT professionals to replicate or adapt based on their needs. Organizations can choose from approaches like enhanced identity governance (EIG), software-defined perimeter (SDP), microsegmentation, or secure access service edge (SASE). Public feedback on the draft is open until Jan. 31, 2025, before finalization.

* Purpose: The guide demystifies zero trust architecture (ZTA) implementation and offers a gradual approach for organizations. * Example Implementations: Features 19 builds developed in collaboration with 24 technology providers, including diagrams, technologies, and instructions. * Customization: Organizations can select relevant ZTA approaches like EIG, SDP, microsegmentation, or SASE and adapt builds accordingly. * Final Feedback: Public comments on the draft guide are accepted until Jan. 31, 2025. * Practical Focus: Designed to save time and resources for IT professionals through detailed, replicable models.

OMB releases AI procurement guidelines

The White House Office of Management and Budget (OMB) released new AI procurement guidance aimed at fostering risk management in federal AI acquisitions. This guidance supports the Biden administration’s goal of ensuring responsible AI use in government operations, promoting interagency collaboration and innovation. Key provisions include early privacy involvement, collaboration between agencies and vendors, outcomes-based acquisition, contract safeguards, and interagency teamwork. The guidance encourages careful AI adoption to enhance mission delivery while managing associated risks. It highlights the importance of responsible innovation and data protection in the evolving AI market.

* OMB’s AI procurement guidance emphasizes risk management and responsible AI acquisition. * Privacy officials must be involved early to manage AI risks. * Collaboration between agencies and vendors is crucial for AI vigilance and innovation. * Contract negotiations should safeguard government data and intellectual property. * Interagency cooperation is essential for AI investments and deployment optimization.

OMB Releases Implementation Guidance Following President Biden’s Executive Order on Artificial Intelligence

The White House Office of Management and Budget recently issued guidance to federal agencies on implementing President Biden's executive order on responsible artificial intelligence adoption. The guidelines provide a timeline for agencies to inventory their AI use cases, assess risks, and develop policies aligned with the order's principles for trustworthy and equitable AI. Agencies must submit plans detailing how they will minimize harmful bias, evaluate AI impacts on underserved communities, improve data quality, and continually monitor AI system performance. The guidance also establishes reporting requirements for agencies to update the public on their progress. While praising the administration's commitment to AI oversight, some industry observers caution against overregulation that stifles innovation. Others argue the guidelines lack enforcement mechanisms. As agencies move to transform the principles into practice, effective implementation will determine whether the order achieves its goals of ensuring AI safety, protecting civil rights, and building public trust.

* OMB released guidance for agencies to implement Biden's AI executive order. * Directs risk assessments before AI deployment to address biases, privacy, security. * Seeks to boost innovation while protecting civil rights and privacy. * Creates Central Hub to coordinate AI regulation across government. * Implementation requires resources, expertise and sustained leadership.

OMB Strengthening Federal Marketplace, Cyber Partnerships

The Office of Management and Budget (OMB) is enhancing partnerships in the federal marketplace to bolster cybersecurity. Speaking at the Second Annual ITVMO Summit Jason Miller, OMB’s Deputy Director for Management, emphasized the increase in new businesses and entrants in government contracts. This initiative is part of a broader strategy to modernize and secure federal infrastructure, leveraging partnerships with entities like Microsoft to improve logging capabilities and threat detection.

* OMB aims to strengthen cybersecurity partnerships within the federal marketplace. * New businesses and contractors are increasingly involved in federal contracts. * Expanded logging capabilities are being rolled out to improve threat detection. * The initiative supports the National Cybersecurity Strategy by enhancing security measures.

OpenAI, Anthropic enter AI agreements with US AI Safety Institute

Anthropic and OpenAI, have signed memorandums of understanding with the U.S. AI Safety Institute to collaborate on research, testing, and evaluation of their AI models. Announced as first-of-their-kind agreements, these partnerships allow the institute access to new models before and after public release to enhance safety and risk mitigation. The collaboration includes the U.K. AI Safety Institute to align research and create a unified approach to AI system testing. These agreements build on previous voluntary commitments with the U.S. government, advancing responsible AI development and establishing new standards for safety.

* Anthropic and OpenAI signed agreements with the U.S. AI Safety Institute for AI model testing and evaluation. * The government-industry collaboration is aimed at enhancing AI safety. * The U.S. AI Safety Institute will access models before and after public release for safety evaluation. * Collaboration extends to the U.K. AI Safety Institute for a unified AI safety approach. * The agreements build on previous voluntary commitments, advancing responsible AI development.

OPM will use AI to modernize legacy IT system over a two-year period

The Office of Personnel Management (OPM) will utilize artificial intelligence (AI) as part of a Technology Modernization Fund (TMF) award to update its legacy retirement system. The project will rehost legacy systems in the cloud and use AI to rewrite COBOL code, significantly accelerating modernization compared to traditional methods. The initiative, which is expected to take two years, aims to improve system transparency, usability, and efficiency. While AI will handle code rewriting, human developers will ensure quality control. The project is part of OPM’s broader modernization roadmap, informed by extensive analysis of legacy systems and millions of lines of code.

* Modernization Goal: Update OPM's retirement systems for improved transparency, efficiency, and user-friendliness through TMF funding. * AI-Driven Approach: Use generative AI to rewrite COBOL code, significantly reducing development time from five years to two. * Cloud Transition: Legacy systems will be rehosted in the cloud as part of the project. * Human Oversight: Developers, testers, and quality control staff will validate AI-rewritten code. * Extensive Preparation: Analysis of millions of lines of legacy code informed the decision to leverage AI for modernization.

Partnership for Public Service plans AI training center for federal employees in 2024

The Partnership for Public Service, with a $10 million grant from Google.org, will open the Center for Federal AI in March 2025. The center aims to educate federal employees, from interns to executives, on the potential applications of artificial intelligence (AI). It seeks to build and retain the federal AI workforce while promoting effective AI use across federal agencies. This initiative aligns with President Biden’s executive order on AI, which emphasizes responsible AI implementation, and follows efforts to train federal leaders on AI best practices.

* The Center for Federal AI will launch in March 2025, backed by a $10M Google.org grant. * It aims to educate federal employees on AI applications and promote workforce retention. * Builds on previous AI leadership programs for senior federal officials. * Aligns with President Biden’s AI executive order and recent OMB AI procurement policies. * Focuses on responsible and effective AI use within federal agencies.

Pentagon releases key CMMC contracting rules

The Defense Department has proposed a rule to incorporate Cybersecurity Maturity Model Certification (CMMC) into contracts, requiring defense contractors to meet specific cybersecurity standards. The rule, part of the Defense Acquisition Regulations Supplement (DFARS), outlines a phased rollout over three years, starting around mid-2025. Contractors must either self-assess or obtain third-party certification, depending on data sensitivity. The comment period for the proposed rule closes on October 14.

* New rule integrates CMMC into contracts for cybersecurity. * Phased rollout to minimize impacts on contractors. * Certification levels vary by contract type and data sensitivity. * Comment period ends on October 14, 2024.

Presidential Innovation Fellows launches first cohort focused exclusively on Artificial Intelligence

The GSA has launched its first Presidential Innovation Fellows (PIF) cohort exclusively focused on Artificial Intelligence (AI). This cohort, comprised of 11 experts, will work at eight federal agencies to advance AI initiatives, supporting the Executive Order on AI. Their projects will include enhancing justice access, improving the electric grid, and streamlining clean energy infrastructure. This initiative aims to recruit top AI talent into government roles to drive innovation and modernization.

* First PIF cohort focused exclusively on AI. * Projects include justice access and electric grid enhancement. * Supports the Executive Order on AI. * Part of a broader effort to increase tech talent in government.

Regulators should consider 3 factors for AI safety, former national cyber director says

Former National Cyber Director Chris Inglis recommended a comprehensive approach to regulating artificial intelligence (AI), focusing on three main areas during a National Artificial Intelligence Advisory Committee meeting. He stressed the importance of understanding the purpose behind AI tools, ensuring there is a skilled workforce to manage them, and prioritizing human-centered design in AI development. Inglis's advice aims to ensure AI technologies are used responsibly and effectively, aligning with broader goals for ethical AI governance.

* A holistic approach to AI regulation is advocated, focusing on technology, people, and doctrine. * The purpose behind AI tools must be clear, with a technically capable workforce to implement these tools. * Human-centered design is crucial in AI development, ensuring human operators are considered and prepared. * These recommendations align with the Biden administration's goals for responsible and human-centered AI governance.

Rethinking continuous risk metrics to fortify federal cybersecurity

Building cyber resilience is essential for effective disaster response and recovery. Real-time assessments of cyber resilience are necessary, requiring clear metrics to measure risks and progress. Key metrics include tracking identified risks, incidents, monitoring efforts, and mitigation success. Addressing data collection challenges is crucial to developing these metrics. Aligning cybersecurity efforts with frameworks like NIST's Cybersecurity Framework 2.0 enhances resilience, while collaboration between public and private sectors strengthens national cybersecurity defenses.

* Complex Threats: Natural disasters combined with cyberattacks strain critical infrastructure and public trust. * Importance of Cyber Resilience: Essential for effective disaster response and recovery. * Key Risk Metrics: Tracking risks, incidents, monitoring, and mitigation is crucial for resilience. * Data Collection Challenges: Clear ownership and consistent data quality are needed for effective risk metrics. * Public-Private Collaboration: Sharing insights and aligning with frameworks like NIST enhances national cyber resilience.

Rethinking Federal Network Modernization

Federal agencies must modernize their networks to support AI-driven operations, data-centric services, and edge computing. Legacy networks struggle to handle increasing data demands and the growing number of connected devices. Modernized networks are critical for cybersecurity and AI adoption. However, challenges remain in aligning procurement, budgets, and infrastructure upgrades to meet mission-critical demands effectively.

* Data Challenges: Agencies struggle with legacy networks that can’t manage massive data volumes or support modern AI-driven workloads. * Edge Computing Focus: Shifting AI and data processing to the edge reduces latency, improves bandwidth, and streamlines operations. * Open Networking: Non-proprietary, interoperable solutions enhance scalability, cost-efficiency, and innovation. * Modernization for AI & Cybersecurity: Upgraded networks are essential for robust cybersecurity and maximizing AI’s potential.

SBA Administrator Guzman Announces 2024 National Small Business Week Award Winners

SBA Administrator Isabel Casillas Guzman announced the winners of the 2024 National Small Business Week (NSBW) Awards, recognizing business owners, lending partners, and advocates from all 50 states, DC, Guam, and Puerto Rico. These awardees are celebrated for their contributions to the economy and their communities, especially in disaster recovery. The NSBW, scheduled for April 28-May 4, 2024, will include ceremonies in Washington, D.C., and a roadshow tour across several states. This initiative highlights the Biden-Harris Administration's commitment to supporting small businesses through significant investments in infrastructure, broadband, and clean energy, aiming to foster an environment where more Americans can pursue business ownership.

* NSBW 2024 Award Winners announced, recognizing small business contributors across the U.S. and territories. * Administrator Guzman to embark on a roadshow tour from April 30-May 3, 2024, visiting states to honor small businesses and discuss SBA initiatives. * The event underscores the Biden-Harris Administration's efforts to support small businesses with investments in infrastructure and clean energy.

SBA initiates seismic shift in small business contracting

The Small Business Administration (SBA) proposed a rule on October 25 to expand the rule of two to task and delivery orders under multiple award contracts (MACs). Agencies must set aside such contracts for small businesses if two qualified small firms can compete, except in limited cases like GSA schedule contracts. This marks a significant shift in small business contracting, potentially redistributing up to $6.1 billion annually to small firms. While proponents see the rule as a way to combat declining small business participation in federal contracting, critics argue it could disrupt the efficiency of MACs and harm small firms long-term.

* Proposed Rule Overview: SBA’s rule extends the rule of two to MACs and GWACs, mandating small business set-asides where applicable. * Economic Impact: SBA estimates $6.1 billion in missed small business awards could be addressed by applying the rule of two. * Diverging Opinions: Critics fear disruptions to MACs may harm small businesses, while proponents see it as reversing declining small business participation. * Small Business Trends: Federal small business contracting hit $178.6 billion in 2023, but prime contractors have declined by 40% since 2010.

Securing the AI data pipeline with confidential AI

Federal agencies face growing regulatory pressure to secure AI technologies amidst evolving requirements like the Executive Order on AI and NIST's AI Safety Institute Consortium. Confidential AI offers a solution by enhancing security, privacy, and compliance through tailored protections for data and models across the AI pipeline. This involves encryption, authentication, and cryptographic attestation to ensure sensitive information and proprietary algorithms remain secure. From classified defense projects to healthcare initiatives using synthetic data, confidential AI enables federal agencies to harness the benefits of AI while addressing security challenges in their most sensitive use cases.

* Regulatory Pressures: Agencies must comply with regulations ensuring AI security and safety, such as the Executive Order on AI and NIST guidelines. * Risks of Generative AI (GenAI): AI introduces risks of exposing sensitive data and intellectual property, particularly in highly classified or regulated environments. * Confidential AI Protections: Techniques like encryption, authentication, and cryptographic attestation create a secure AI environment for data at rest, in transit, and in use. * Applications Across Sectors: Confidential AI supports demanding use cases, including defense projects, disease modeling with synthetic data, and emergency response systems. * Operational Benefits: By safeguarding AI pipelines, confidential AI enhances mission outcomes, ensures compliance, and supports advanced AI-driven citizen services.

Securing the backbone of our nation: critical infrastructure

Securing U.S. critical infrastructure against cyber threats is a pressing concern. The federal government aims to update outdated technology with modern security practices through public-private collaboration. Key initiatives include the National Security Memorandum and the updated National Cybersecurity Strategy Implementation Plan, which set minimum cybersecurity standards. Implementing zero trust architectures is essential for protecting industrial control systems. Enhanced information sharing and modernization efforts are vital to achieving resilient infrastructure.

* Federal efforts to secure outdated infrastructure technology. * Public-private collaboration emphasized. * National Security Memorandum and Cybersecurity Strategy set standards. * Zero trust architectures crucial for industrial control systems. * Importance of enhanced information sharing and modernization.

Senate Bill to Streamline Federal Procurement Process for Agencies, Contractors

The Senate has introduced bipartisan legislation, known as the Federal Improvement in Technology Procurement Act, aimed at streamlining the federal procurement process for government agencies and contractors. Spearheaded by Senators Gary Peters (D-Mich.) and Ted Cruz (R-Texas), the bill seeks to update procurement rules by eliminating outdated requirements, simplifying the bidding process, and expanding the use of advanced procurement methods. This initiative is designed to ensure that the most innovative businesses, including new and small ones, can compete for federal contracts, thereby keeping the federal government at the forefront of technology and innovation.

* The legislation is bipartisan, introduced by Senators Gary Peters and Ted Cruz. * It aims to streamline the federal procurement process by updating rules and removing obsolete requirements. * The bill focuses on simplifying the bidding process for contractors and expanding the use of advanced procurement methods. * It seeks to enable more businesses, especially new and small ones, to compete for federal contracts, promoting innovation and efficiency.

State Dept. INR CIO Keys on Modernization, Cyber for FY25

Jimmy Hall, CIO of the State Department’s Bureau of Intelligence and Research (INR), outlined his FY 2025 priorities: IT modernization, cybersecurity, and IT expansion. At the Cloud Summit, Hall emphasized the integration of these priorities with INR’s goals, particularly through cloud expansion and the adoption of AI for improved threat detection and traffic analysis. Although progress has been made, including establishing a Top Secret (TS) cloud presence, Hall acknowledged the need for further advancements in cybersecurity and AI utilization. These priorities align with broader federal trends in cybersecurity, AI, and digital transformation.

* IT Modernization: Focused on aligning INR’s IT ecosystem with digital transformation goals. * Cybersecurity Enhancement: Strengthening cybersecurity through AI and improved log analysis. * IT Expansion: Expanding cloud capabilities, including a new TS cloud presence. * AI Integration: Leveraging AI for threat detection, traffic analysis, and cybersecurity improvements. * Federal Alignment: Priorities mirror broader federal trends in cybersecurity, AI, and digital services.

The AI leadership imperative: Preparing federal agencies for AI’s impact

A new report titled Leading Agency Innovation in the Age of AI, stresses the urgent need for federal government leaders to educate executives about artificial intelligence (AI) to leverage its potential effectively. Produced by Scoop News Group and underwritten by Microsoft, the report highlights the Partnership for Public Service's AI Federal Leadership Program, which trains senior executives on AI's capabilities and implementation. The program has trained over 500 executives from 40 federal agencies and 30 states, providing them with AI project roadmaps. The report underscores the importance of shared learning, access to AI experts, and problem-focused AI application.

* AI Federal Leadership Program: A six-month course by the Partnership for Public Service that educates senior executives on AI capabilities and culminates in developing AI project roadmaps. * Shared Learning: Participants benefit from sharing AI application lessons and aspirations, fostering cross-agency collaboration and learning. * Access to AI Experts: The program provides executives with access to AI technical experts, enhancing their understanding and strategic planning for AI implementation. * Problem-Focused Approach: Emphasizes identifying mission-critical challenges before selecting AI use cases to ensure effective application.

The CAIO’s role in driving AI success across the federal government

Chief AI Officers (CAIOs) are pivotal in implementing AI across U.S. federal agencies, motivated by recent governance guidelines and the necessity to match the private sector's pace. Their responsibilities include defining clear AI strategies, balancing risk with innovation, optimizing budgets and procurement for AI projects, and creatively sourcing AI talent. These efforts aim to enhance public services and maintain U.S. leadership in technology, amidst the challenges of managing rapid technological changes and operational risks within government frameworks.

* CAIOs drive AI adoption and strategy in federal agencies. * They balance innovation with the operational risks inherent in government functions. * Budget management and procurement adaptation are crucial for timely AI integration. * Talent acquisition strategies are vital to build AI expertise within the government. * Examples from the Defense Department and Homeland Security illustrate both opportunities and challenges in AI implementation.

The Department of State’s pilot project approach to AI adoption

The Department of State, through a partnership between three offices, is leveraging AI to streamline the declassification process of 25-year-old classified documents, addressing the growing volume of electronic records that require review. The pilot project successfully trained a model using previous declassification decisions, achieving a 97% accuracy rate and reducing the manual workload by over 65%. This AI-assisted approach will not replace jobs but will work alongside human reviewers to ensure accuracy and adapt to changing contexts. The initiative is expected to save millions of dollars in labor costs and serve as a model for future AI applications in government.

* AI for Declassification: The State Department is using AI to automate the review of classified documents, significantly reducing manual effort. * High Accuracy: The pilot achieved a 97% match with human decisions, showing AI's effectiveness in this role. * Cost Savings: The initiative could save up to $8 million in labor costs over the next decade. * Human-AI Collaboration: AI assists rather than replaces human reviewers, ensuring continued oversight and adaptability. * Broader Implications: The project highlights how AI can enhance government efficiency and transparency, with potential applications across other federal programs.

The federal government wants to teach workers about AI prompt engineering

The Federal Acquisition Institute, part of the General Services Administration (GSA), recently introduced an AI Prompt Engineering Credential to help federal acquisition staff effectively evaluate and utilize large language models, such as those developed by OpenAI. This credential focuses on practical techniques for crafting prompts, optimizing AI use, and maintaining ethical standards. The initiative highlights the growing federal interest in AI technology, though GSA currently has no plans for additional AI credentials. Efforts to enhance AI skills within the federal workforce continue, despite ongoing challenges in talent acquisition.

* AI Prompt Engineering Credential: Designed for federal acquisition staff to improve prompt crafting and AI optimization. * Focus on Large Language Models: Specifically aids in evaluating technologies like ChatGPT. * Ethical Standards: Credential emphasizes adherence to ethical practices in AI use. * Federal AI Training: Part of broader efforts to bolster AI skills across the government. * Talent Acquisition Challenges: Recruiting skilled personnel remains a hurdle in advancing federal AI capabilities.

The secret sauce to winning more government contracts

Artificial Intelligence (AI) is reshaping the dynamic business landscape, drawing attention from tech giants, governmental bodies, and the business community for its potential to boost productivity and necessitate regulatory oversight. In the government contracting (GovCon) sector, AI is emerging as a pivotal force, enabling companies to gain a competitive edge through enhanced efficiency and effectiveness. This sector, responsible for a significant portion of federal spending, is leading the tech transformation, with more than 60% of business owners believing in AI's potential to increase productivity. The adoption of AI in GovCon emphasizes the need for transparency and trust, especially when handling sensitive information, to maintain accountability and regulatory compliance. As AI technology evolves, it promises to revolutionize procurement processes, democratize opportunities for businesses of all sizes, and require government contractors to adapt swiftly to remain competitive.

* The GovCon sector is at the forefront of AI adoption, aiming to enhance efficiency and secure more business. * Transparency and trust are critical in the adoption of AI within GovCon, given the handling of sensitive information. * AI promises to revolutionize procurement processes, offering competitive advantages to early adopters. * Government contractors are encouraged to leverage AI for innovation, efficiency, and enhanced market competitiveness.

The US intelligence community is embracing generative AI

The U.S. intelligence community is increasingly adopting generative AI to enhance its capabilities. This technology aids in data analysis, operational efficiency, and decision-making while ensuring responsible use to maintain public trust. The focus is on leveraging AI for tasks such as research, queries, and coding to improve overall operations. However, there are challenges, including ensuring data quality, addressing potential risks like bias and misinformation, and training the workforce.

* Adoption of generative AI for data analysis and operational efficiency. * Emphasis on responsible AI use to maintain public trust. * Challenges include data quality and mitigating risks of bias and misinformation. * Need for workforce training and upskilling. * Importance of a robust data strategy for AI success.

Top Priorities for DoD CISO: CM, Zero Trust, DIB Cybersecurity

DoD CISO David McKeown outlined the department's top cyber priorities, focusing on cryptographic modernization (CM), zero trust, and defense industrial base (DIB) cybersecurity. At the AFCEA Tech Summit, McKeown emphasized the importance of CM in safeguarding sensitive information, with a focus on developing quantum-resistant solutions. He also highlighted progress towards achieving the DoD’s FY 2027 zero trust goal, with the Navy leading the way. The DIB cybersecurity strategy aims to secure and enhance the resilience of defense industrial networks, with an official implementation plan soon to be unveiled.

* Cryptographic Modernization (CM): A top priority, focusing on developing quantum-resistant cryptographic solutions. * Zero Trust: The DoD aims to meet its zero trust goal by FY 2027, with significant progress already made. * Defense Industrial Base (DIB) Cybersecurity: Efforts include a new cybersecurity strategy with an implementation plan forthcoming. * Quantum Computing Mitigation: CM efforts are geared towards staying ahead of emerging quantum threats.

Transforming Government IT Procurement: Better Contracting Initiative Priority 2

The Better Contracting Initiative Priority 2, focuses on improving government IT procurement through centralized negotiation of software licenses and increased collaboration with Original Equipment Manufacturers (OEMs). This initiative aims to streamline processes, achieve cost savings, enhance cybersecurity, and improve contract consistency across federal agencies.

* Centralized software procurement to increase efficiency and cost savings. * Strategic collaboration with OEMs to standardize terms and conditions. * Focus on security, reliability, and flexible software licensing. * Ongoing improvements guided by stakeholder feedback and governmentwide needs.

U.S. agencies publish plans to comply with White House AI memo

Federal agencies have begun posting their compliance plans in response to the Office of Management and Budget (OMB) memo M-24-10, which outlines AI governance requirements. These plans detail how agencies will update internal policies, manage AI risk, create AI use case inventories, and assess whether AI uses impact rights or safety. Agencies were required to publish their initial plans or indicate they don’t use AI by the deadline, and these will be updated every two years until 2036. With several upcoming deadlines, agencies are also expected to address extensions and publish updated inventories in the coming months.

* Agencies are complying with OMB memo M-24-10 on AI governance. * Compliance plans address risk management, policy updates, and AI use case inventories. * Plans must be updated every two years until 2036. * Agencies face upcoming deadlines for AI use inventories and risk management extensions. * 24 agency plans have been identified, though their locations vary across websites.

U.S. Cyber Command Unveils AI Roadmap

U.S. Cyber Command (USCYBERCOM) has unveiled a five-year AI roadmap to enhance its analytic capabilities, scale operations, and improve adversary disruption. The strategy outlines over 100 activities across key mission areas, including security and national defense, with a focus on integrating AI into all operations. Led by a new task force, the initiative includes over 60 pilot projects and partnerships with the NSA and industry to address challenges such as talent acquisition and infrastructure development. USCYBERCOM aims to position itself at the forefront of technological innovation and cyber defense.

* USCYBERCOM’s AI roadmap outlines over 100 activities, focusing on security and defense. * A new task force will lead the roadmap’s implementation, addressing talent and infrastructure challenges. * Over 60 pilot projects and partnerships with the NSA and industry will drive AI integration. * The roadmap emphasizes the need for analytic superiority and rapid adversary disruption. * The five-year plan positions USCYBERCOM as a leader in AI-driven cyber defense.

Update to Better Contracting Initiative 2

The Governmentwide Microsoft Acquisition Strategy (GMAS) is a groundbreaking initiative by the IT Vendor Management Office (ITVMO) to standardize contract terms and pricing for Microsoft products across federal agencies. Launched under the Better Contracting Initiative (BCI), GMAS seeks to consolidate best-in-class terms into a universal framework, ensuring agencies benefit from collective efficiencies, cost savings, and enhanced cybersecurity. The effort, involving comprehensive analysis and collaboration with Microsoft and federal stakeholders, aims to position the government as a unified customer. Following GMAS, ITVMO plans to extend similar strategies to other major IT Original Equipment Manufacturers (OEMs) in fiscal year 2025.

* Standardization Effort: GMAS standardizes 24 contract terms for Microsoft products, benefitting all federal agencies. * Cost and Efficiency Gains: Addresses pricing inconsistencies, achieving savings and avoiding repetitive negotiations. * Collaborative Approach: Developed with input from Microsoft, federal agencies, and cybersecurity stakeholders like CISA. * Enhanced Cybersecurity: Focuses on integrating critical cybersecurity standards into contracts. * Future Plans: ITVMO plans to expand the model to other major IT OEMs in FY25.

USACE data scientists enabling AI, analytics across Army

Federal agencies are exploring how to integrate generative AI into their operations, with the U.S. Army Corps of Engineers' Engineer Research and Development Center (ERDC) playing a significant role. ERDC is optimizing large language models (LLMs) by embedding domain-specific data to support various military and civil tasks. This includes document summarization, knowledge generation, and predictive maintenance. ERDC focuses on the front end of the data science lifecycle, providing the necessary tools and infrastructure while enabling customers to handle analytics and visualizations independently

* ERDC is optimizing LLMs with domain-specific data for Army use. * AI is used for tasks like document summarization and knowledge generation. * ERDC focuses on infrastructure, allowing customers to manage analytics. * Predictive maintenance models are enhanced using AI-driven vector databases. * Versatility in data handling allows for application across multiple domains.

Wales optimism about federal cyber is stronger than ever

Brandon Wales, former executive director of the Cybersecurity and Infrastructure Security Agency (CISA), remains highly optimistic about the future of federal cybersecurity, crediting significant advancements made during his tenure. Despite challenges like the SolarWinds compromise, Wales believes that these incidents have led to a stronger and more resilient federal cybersecurity framework. He highlights the importance of binding operational directives and emergency directives in driving cultural change and prioritizing cybersecurity efforts across federal agencies. Under his leadership, CISA's initiatives have transformed federal IT into a more security-focused environment.

* Optimism for Federal Cybersecurity: Wales sees significant progress in federal cybersecurity, despite past challenges. * Impact of SolarWinds Compromise: The incident led to fundamental changes, strengthening federal cybersecurity. * Cultural Shift: A security-focused culture has been established across federal IT. * Binding Operational Directives: These tools have been crucial in driving cybersecurity improvements and resource allocation. * CISA's Role: Wales credits CISA's flexibility and strategic use of directives for the advancements in federal cybersecurity.

WH launches cyber hiring sprint to fill open tech roles

The White House is launching a Service for America hiring sprint to fill hundreds of federal jobs in cybersecurity, technology, and artificial intelligence. This initiative aims to prepare the nation for a digitally-enabled future while providing good-paying, meaningful jobs. The push includes a series of events, like a National Cybersecurity Virtual Career Fair, and a focus on transitioning to skills-based hiring rather than traditional education and experience. The initiative is part of a broader effort to fill approximately 469,000 open cyber positions nationwide and enhance national security.

* The White House is launching a hiring sprint for federal cyber, tech, and AI jobs. * The initiative includes a National Cybersecurity Virtual Career Fair and events through October. * A shift towards skills-based hiring aims to evaluate candidates based on abilities rather than education. * The effort seeks to fill 469,000 open cyber positions nationwide. * It focuses on enhancing national security and technological innovation.

What are the Biggest Challenges to Federal Cybersecurity? (High Risk Update)

The GAO identifies four primary challenges in federal cybersecurity: the National Cybersecurity Strategy needs stronger performance measures; federal agencies face difficulties in securing systems due to ineffective controls and unaddressed vulnerabilities; critical infrastructure sectors are vulnerable to attacks with ongoing federal protection shortcomings; and efforts to protect personal privacy are insufficient, lacking comprehensive laws. These issues highlight the urgent need for improved measures to defend against increasing cyber threats.

* National Cybersecurity Strategy needs stronger performance measures. * Agencies struggle with securing federal systems. * Critical infrastructure remains vulnerable to attacks. * Personal privacy protection efforts are insufficient.

White House announces nearly $100 million in pledges to boost emerging tech workforce

The White House has announced nearly $100 million in pledges aimed at bolstering the emerging tech workforce. This initiative, part of the Biden-Harris Administration’s broader Investing in America agenda, seeks to create a diverse and skilled pipeline of workers for advanced manufacturing jobs, including clean energy, biotechnology, and semiconductors. The funds will support various programs and collaborations between federal agencies, employers, unions, and educational institutions to ensure Americans are well-prepared for high-demand occupations in these fields.

* Advanced Manufacturing Sprint: An initiative to build a skilled workforce in advanced manufacturing, launched with the support of significant federal investments. * NSF Funding: Nearly $100 million announced for research, workforce development, and experiential learning, particularly in the semiconductor industry. * Apprenticeship Programs: New and expanded apprenticeship programs for industrial manufacturing, robotics, and bio-fabrication technicians. * Workforce Hubs: Established in five cities to expand pathways into advanced manufacturing jobs, with collaborations between various stakeholders. * Equity and Job Quality: Focus on incorporating equity, job quality, and worker empowerment in advanced manufacturing and workforce development programs across federal initiatives.

White House Boosting Skills-Based Hiring in Federal Contracts

The White House announced initiatives to expand the federal workforce by adopting skills-based hiring, reducing reliance on degree requirements, and emphasizing practical abilities. Agencies like the GSA and DoE are removing unnecessary degree prerequisites for IT and cybersecurity jobs, impacting over 1,000 positions and $100 billion in contracts. The Biden administration also expanded workforce development efforts, such as regional workforce hubs and semiconductor industry training programs, aiming to connect Americans to high-paying jobs without requiring college degrees. Additional commitments include community college programs and registered apprenticeships to further prepare workers for in-demand industries like manufacturing, IT, and semiconductors.

* Skills-Based Hiring: Federal agencies, including GSA and DoE, are eliminating degree requirements for IT and cybersecurity roles, focusing on skill sets instead. * Workforce Development Hubs: Regional partnerships connect workers to high-demand jobs through training and federal investments. * Semiconductor Training Expansion: Programs like the Upstate New York Hub received $1.7M to provide technical education for high school students. * Economic Impact: Federal contracts affected include $100 billion in GSA task orders and over 1,000 DoE jobs by December 2024. * Broader Workforce Initiatives: Efforts include registered apprenticeships and community college training to fill roles in critical industries.

White House official: Next phase of zero trust will focus on operations

The federal government is progressing well in its implementation of zero-trust architecture, with agencies meeting a recent deadline for foundational controls. According to acting federal Chief Information Security Officer (CISO) Mike Duffy, the next phase will focus on more complex aspects, such as leveraging technical controls for long-term technology transformation. While agencies have made significant progress, there are still challenges in fully resourcing the final mile of implementation. The focus now is on refining high-value assets, improving operations, and enhancing collaboration through shared services and lessons learned.

* Federal agencies met a key zero-trust architecture implementation deadline. * The next phase focuses on complex architecture and long-term transformation. * Agencies are mostly resourced but face challenges in the final mile. * Shared services and interagency collaboration are key to strengthening efforts. * Operational and cybersecurity controls remain central to future progress.

White House procurement office marks 50 years

The White House Office of Federal Procurement Policy (OFPP) celebrates its 50th anniversary, highlighting its achievements in improving procurement practices across federal agencies. Established in 1974, the OFPP has played a pivotal role in shaping procurement policies, ensuring transparency, and enhancing the efficiency of federal acquisitions. The office continues to focus on modernizing procurement processes, integrating technology, and fostering innovation to meet the evolving needs of the federal government.

* OFPP celebrates 50 years of service. * Established in 1974 to improve federal procurement practices. * Key role in shaping policies and ensuring transparency. * Focus on modernizing processes and integrating technology. * Continues to foster innovation in federal acquisitions.

White House to release long-awaited FedRAMP modernization guidance for agencies, cloud service providers

The White House is set to release updated FedRAMP guidance aimed at improving cloud security authorization for federal agencies. This guidance focuses on rigorous security reviews, quick mitigation of weaknesses, and automation in security assessments to streamline processes. Agencies and the GSA have specific deadlines to update policies and processes in line with the new guidance, which emphasizes continuous monitoring and the use of emerging technologies. This modernization effort aims to accelerate secure cloud adoption and enhance digital services across the government.

* FedRAMP Guidance Release: New guidance to reform cloud security authorization. * Strategic Goals: Focus on rigorous security reviews and quick mitigation. * Automation: Emphasis on automated security assessments to speed up processes. * Agency Deadlines: Specific timelines for agencies and GSA to update policies. * Modernization Objectives: Accelerate secure cloud adoption and improve digital services.

White House unveils AI governance policy focused on risks, transparency

The White House has introduced a comprehensive artificial intelligence (AI) governance policy, aligning with President Joe Biden's AI executive order. This 34-page memo, crafted by the Office of Management and Budget (OMB) Director Shalanda D. Young, aims to guide federal agencies in responsibly managing and utilizing AI technologies. It builds on a draft released for public feedback in November, emphasizing risk management, transparency, and the establishment of chief AI officers (CAIOs) within agencies. The policy underscores the federal government's commitment to leading by example in AI usage, with specific measures to safeguard Americans' rights and safety. Additionally, it announces the National AI Talent Surge to recruit AI professionals into government roles and plans for federal procurement of AI, highlighting the administration's approach to modeling responsible AI governance domestically and globally.

* The policy mandates guardrails for AI applications affecting rights or safety and expands AI use case inventories. * Agencies are required to appoint CAIOs to oversee AI technology use. * The National AI Talent Surge aims to hire at least 100 AI professionals by the summer. * The policy serves as a domestic model for global AI governance, emphasizing transparency and risk mitigation.

Zero Trust 101: How TMF is revolutionizing federal cybersecurity

The Technology Modernization Fund (TMF) is driving the adoption of zero trust architecture across federal agencies, emphasizing enhanced cybersecurity in the face of growing cyber threats and a more distributed workforce. Zero trust operates on the principle that no user or device is inherently trusted, requiring continuous authentication and authorization for access. TMF's financial support, such as the $20 million for the Department of Education’s zero-trust project, is crucial in overcoming resource and technical challenges, leading to a more secure federal IT infrastructure.

* Zero Trust Overview: No default trust; every access request must be authenticated and authorized. * TMF Support: Provides financial and technical resources for agencies to implement zero trust. * Examples: Two-factor authentication and biometric identification are common zero trust practices. * Department of Education Project: $20 million TMF investment for secure student aid services. * Future Impact: TMF's investment fosters a more secure and resilient federal IT landscape.

Zero Trust and Improving the Nation's Cybersecurity

In May 2021, the Biden Administration issued Executive Order 14028, revolutionizing U.S. federal cybersecurity with a focus on Zero Trust security. This model, based on "Never trust, always verify," mandates stringent verification for all access attempts within government networks, regardless of origin. Emphasizing a continuous, multifaceted approach, Zero Trust requires a blend of technologies and practices, marking a significant departure from traditional cybersecurity strategies towards a more secure, resilient governmental infrastructure.

All News Articles ()

Filters:

Applied Filters:

Help us to unite buyers, vehicles, and suppliers to make smarter, faster IT acquisitions.