3 Reasons Swift Action is Needed to Prepare for a Quantum Cyberattack
Swift action is needed to prepare for potential quantum cyberattacks that could threaten national security. With quantum computing advances, current encryption methods face risks. Three reasons urgent action is required: quantum-safe encryption standards must be developed, agencies need support transitioning systems to new standards before attacks occur, and increased investment is critical for quantum-safe R&D and workforce development. The author believes policymakers need to make quantum-safe encryption a national priority and provides recommendations like establishing a coordinated federal strategy on quantum-safe security.
* Quantum computing advances mean cyberattacks could soon break current encryption.
* Urgent action needed to prepare critical systems for "quantum apocalypse".
* Reason 1: Develop new quantum-safe encryption standards.
* Reason 2: Help agencies transition systems to new standards preemptively.
* Reason 3: Prioritize investments in quantum-safe R&D and workforce.
3 tactics to beef up your agency’s cybersecurity knowledge, skills and abilities
Cybersecurity in government is getting tougher as cyber criminals and adversaries increase their attacks. Previously, only advanced individuals could execute low-level attacks, but now criminals can simply copy, paste, and press enter. These attacks are fueled by the potential financial gain from breaching large organizations with valuable data.
* The cost to organizations is growing exponentially and is projected to reach $13 trillion in losses worldwide in the next few years.
* While it may be easier for cyber criminals to attack systems, defending against them and removing them from federal systems requires a sophisticated effort.
* Cyberattacks are asymmetric, meaning a small, highly motivated group can have the same impact as a well-resourced group. The government needs to respond effectively.
* Three tactics agencies can employ are improving the cyber knowledge, skills, and abilities (KSAs) of their security and technology teams, as well as their employees.
After a Recent Hacking—What are the Risks and Rewards of Cloud Computing Use by the Federal Government?
A recent GAO report examined the risks and rewards of federal cloud adoption following high-profile hacking incidents involving cloud services. While highlighting cloud benefits like flexibility and potential cost savings, auditors cautioned agencies to address unique security challenges. Because cloud environments are shared between organizations, compromised credentials could endanger other clients.
* Auditors recommended agencies rigorously monitor access and take full advantage of cloud security controls. However, continuously monitoring cloud configurations and staying current on patches remains challenging for resource-strapped agencies.
* Further, complex cloud architectures make assessing risks difficult. But if secured properly, cloud's enhanced automation and centralized management can bolster defenses across agencies.
* GAO advised applying security best practices and leveraging FedRAMP requirements to ensure the benefits of cloud outweigh the risks.
* Though challenges persist, rigorous implementation of cloud security can help agencies combat modern cyber threats.
Army moves forward with streamlining software acquisition
The Defense Department's software acquisition programs are finally making progress after five years of struggles. The Army has set delivery schedules for multiple software acquisitions and plans to establish an expert cell for improving requirements on intellectual property licensing. Although victory cannot be declared yet, progress has been made.
* Margaret Boatner, deputy assistant secretary of the Army for strategy and acquisition reform, highlighted both successes and challenges at an AFCEA NOVA event.
* This approach to software acquisition acknowledges the short lifespan of technology and aims to streamline the process. The software acquisition pathway, introduced by the Pentagon in 2020, provides flexibility for acquisition professionals.
* Currently, the Army has nine programs in the software acquisition pathway, ranging from complex to straightforward. Four of these programs are already in the execution phase with scheduled deliveries of iterative capabilities.
Biden-Harris Administration Hosts Historic Asian American, Native Hawaiian, and Pacific Islander Federal Employee Leadership Development Conference
On May 23, 2023, the Biden-Harris Administration hosted a conference. The conference was focused on supporting Asian American, Native Hawaiian, and Pacific Islander (AA and NHPI) federal employees. It aimed to cultivate leaders within the federal government. This event was the first of its kind since 2014. The conference took place at the U.S. Department of Transportation’s (DOT) headquarters in Washington, DC. It drew hundreds of AA and NHPI public servants from across the country. Additionally, hundreds more attended virtually for select portions of the program.
* The White House Initiative on Asian Americans, Native Hawaiians, and Pacific Islanders (WHIAANHPI) organized the all-day program.
* They worked closely with the U.S. Office of Personnel Management (OPM) and the DOT. Over 1,000 employees from over 100 federal agencies registered to attend the hybrid conference.
* This conference builds upon WHIAANHPI’s previous partnership with OPM.\
They have worked together on webinars to help community members start their federal careers. They have also encouraged AA and NHPI students to apply to the Presidential Management Fellows Program.
* This program is the federal government’s flagship leadership development program for advanced degree holders.
Biden-Harris Administration Announces Plan to Maximize Purchases of Sustainable Products and Services as Part of the President’s Investing in America Agenda
The Biden-Harris Administration has announced a new plan to maximize the federal government's purchases of sustainable products and services. The plan directs federal agencies to reduce their carbon emissions and achieve net-zero emissions by 2050. It calls for bold federal procurement policies to help create a market for carbon-free and sustainable materials.
* Specifically, agencies will need to transition to 100% carbon-pollution-free electricity by 2030, electrify their vehicle fleets, and purchase low carbon construction materials.
* The plan also prioritizes buying American-made products to support domestic jobs.
* According to the White House, the federal government spends over $650 billion per year on contracting, so this sustainable purchasing plan will help drive innovation while combating climate change.
* Implementation will begin immediately with commitments across federal agencies.
CIRCIA, CMMC inch closer with rulemaking marathons nearing crucial stage
The Cybersecurity Maturity Model Certification (CMMC) effort is nearing a crucial stage as it works to finalize cybersecurity regulations for defense contractors. CMMC establishes required security standards and certifies contractors across 5 levels based on the sensitivity of information they handle.
* After announcing a strategic pause and overhaul last year, the CMMC program has been working aggressively to publish a draft regulation by early 2023.
* The team has held "rulemaking marathons" to make rapid progress. Once published, industry will have opportunities to offer feedback during the rulemaking process before finalization.
* Some areas still being refined include the role of the CMMC accreditation body and ensuring reciprocity across vendors.
* While challenges remain, leaders feel CMMC 2.0 will significantly improve cyber hygiene across the 300,000 member defense industrial base when implemented. A mature CMMC ecosystem is critical to safeguarding sensitive data and weapons systems.
CISA aims to build on growing federal cyber defense responsibilities
The Cybersecurity and Infrastructure Security Agency (CISA) is looking to expand its cyber defense responsibilities across civilian federal networks. CISA was recently designated as the lead federal civilian cyber agency. With this new authority, CISA is working to take on a more central role in protecting federal systems and data. Steps include issuing binding operational directives, conducting cyber hygiene scans, and providing shared services for civilian agencies. CISA aims to leverage its unique authorities and capabilities to enhance cyber protections and resiliency across the federal government.
* CISA expanding cyber defense role across federal civilian networks.
* Recently designated lead federal civilian cyber agency.
* Taking more central role in protecting federal systems/data.
* Steps include directives, scans, shared services for agencies.
* Leveraging authorities and capabilities for enhanced protections.
CISA All-In on AI for Cyber Protection Mission
The Cybersecurity and Infrastructure Security Agency (CISA) is increasingly using artificial intelligence and machine learning to bolster cybersecurity efforts and protect federal networks. CISA sees AI as critical for automating threat detection and response as cyberattacks become more sophisticated. The agency is partnering with tech firms and academia to leverage AI, focusing on natural language processing to analyze threats in unstructured data. CISA is also using AI for network mapping and to identify vulnerabilities. The agency views AI as a force multiplier that allows them to do more with limited resources.
* CISA leveraging AI/ML to automate threat detection and response as attacks get more advanced.
* Natural language processing to analyze threats in unstructured data a priority.
* Using AI for network mapping and finding vulnerabilities.
* AI seen as a force multiplier with limited resources.
* Partnering with tech firms and academia to further develop capabilities.
CISA issues updated cloud security resources for federal agencies
The Cybersecurity and Infrastructure Security Agency has released final cloud cybersecurity guidance for U.S. government agencies. This guidance is part of the Secure Cloud Business Applications Project. The agency has provided a guidebook and a technical reference architecture document that will assist public and private entities in implementing cloud cybersecurity best practices.
* This past October, CISA issued recommended Microsoft 365 security configuration baselines for federal agencies to use in cloud security pilots and for public input.
* The Secure Cloud Business Applications project aims to safeguard sensitive information by establishing minimum system specifications for agencies to follow.
* This technical reference architecture document focuses on facilitating the adoption of cloud deployment technology, adaptable solutions, and zero-trust frameworks for government agencies.
CISA releases new guidance on boosting open source software security
The Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance for improving the security of open source software. As open source becomes more prevalent, securing it is crucial for cybersecurity. CISA's guidance focuses on four key areas: understanding the open source ecosystem, knowing and managing dependencies, securing the software supply chain, and promoting secure software development practices. The guidance outlines best practices such as maintaining a comprehensive inventory of dependencies, establishing SLAs with suppliers, integrating security earlier into the development process, and contributing back fixes to improve software resilience. Overall, CISA aims to promote more secure open source development and use across the software ecosystem.
* CISA released new guidance on improving open source software security as its use proliferates.
* Guidance focuses on understanding the open source ecosystem, managing dependencies, securing the supply chain, and promoting secure development.
* Best practices include maintaining a dependency inventory, establishing supplier SLAs, integrating security earlier in development, and contributing back fixes.
* Goal is to promote more secure open source development and use across the software industry.
CISA unveils plan to measure cybersecurity success
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new plan to measure and improve the nation's cybersecurity posture. The CISA Metrics Plan aims to evaluate readiness, effectiveness, and accountability across the cyber ecosystem. It establishes 27 metrics across three goal areas - transforming the cyber ecosystem, strengthening the security of technology assets, and enabling operational resilience.
* Specific metrics track things like vulnerability disclosure rates, security control adoption, and incident response capabilities. CISA will collect data from partners in industry and all levels of government to inform the metrics.
* The plan is part of CISA's ongoing effort to take a more data-driven approach to cybersecurity.
* CISA director Easterly said metrics will help identify gaps, improve programs, and evaluate progress in managing cyber risk. The agency will update the metrics annually based on evolving threats and the cyber landscape.
Clean energy advancements hinge on steady funding, Energy official says.
The U.S. Department of Energy aims to be a major innovator in critical technologies for clean energy development and global leadership in emerging tech sectors. Geri Richmond, Energy’s Undersecretary for Science and Innovation, discussed the agency’s research priorities and funding requests for the fiscal year 2024 budget.
* The budget, totaling $52 billion, will support clean energy research, development, and demonstration programs for a range of energy solutions.
* It will also enhance research and development, strengthen the energy manufacturing supply chain, and improve overall energy security.
* Richmond emphasized the importance of funding research on critical technologies and innovations in the domestic energy sector to maintain U.S. technological competitiveness against countries like China and Russia.
Congress advances SAMOSA bill to overhaul federal software purchasing
The bipartisan legislation for consolidating US government software purchasing and giving agencies more control over software licensing has advanced in the House of Representatives. The Strengthening Agency Management and Oversight of Software Assets Act passed mark-up in the House Oversight Committee and will now be debated by lawmakers on the House floor.
* The SAMOSA legislation could have significant implications for US government software procurement, including centralized purchasing and independent audits of agency contracts with big tech companies.
* Industry leaders and experts have both supported and criticized the proposed legislation, with some seeing it as a way to improve competition and reduce fees, while others believe it may limit product choices in an already consolidated market.
* The bill moves forward amidst a broader discussion on how software is sold to government agencies by big tech companies and received unanimous approval in the committee mark-up vote.
Congress solved acquisition reform. Now we must fix incentives.
The Department of Defense has challenges. Acquisition reform is needed. Congress has instituted rules for the DoD to follow for procurement. However, the DoD still struggles to rapidly deliver technology from science and technology to programs of record. Many innovations are stuck in research and development and never reach the warfighter.
* There are two reasons for this lack of progress. First, collaboration between the S&T community, program executive offices, and tech companies needs improvement. Collaboration is crucial to accelerate the deployment of defense capabilities.
* Second, institutional incentives need to align with fast-tracking technology to warfighters.\
Currently, the DoD doesn't provide enough incentives for transitioning from research and development to procurement.
* There are also too many innovation offices without ties to programs and program executive offices. The DoD should reduce or remove these offices and focus on those that work.
Court of Federal Claims decision results in a ‘sea change’ for federal acquisition
The Court of Federal Claims made a decision that affected two major governmentwide acquisition contracts from the General Services Administration. This decision also disrupted almost five years of effort to change the culture of federal contracting. Tiffany Hixson, the assistant commissioner for the Office of Professional Services and Human Capital Categories in the GSA's Federal Acquisition Service, stated that the decision will impact the approach to OASIS+'s acquisition strategy.
* Originally, price was not going to be considered as an evaluation factor in the RFP, but based on the judge's decision, there will be a pivot.
* The Court's decision not only delays the release of the OASIS+ final solicitation and awards under Polaris but also hinders the efforts to change the evaluation and award process for GWACs and multiple award contracts.
* The Court ruled that GSA applied the Section 876 statute too broadly in Polaris, stating that price was not necessary as an evaluation factor. GSA allowed agencies to award task orders under Polaris with different contract types, but with a preference for firm fixed price contracts.
Cyber investments aim to paint broader view of digital threats, official says
The federal government is looking to increase investments in cybersecurity capabilities that provide greater visibility into digital threats, according to CISA Director Jen Easterly. She highlights expanding partnerships with the private sector as crucial for gaining insights into cyber trends and attacks. Key focus areas for investment include cloud security, endpoint detection and response, zero trust architecture, and identity threat detection and response. The goal is to move from a compliance-based approach to one focused on understanding holistic risk and rapidly identifying threats. Easterly emphasizes the importance of cyber resilience and the ability to continue critical services despite disruptions. Overall, the government aims to work closely with industry to gain a more comprehensive view of the digital threats landscape.
* Federal government looking to increase cybersecurity investments to gain greater visibility into digital threats.
* Expanding partnerships with private sector key for insight into cyber trends/attacks.
* Focus areas include cloud security, endpoint detection/response, zero trust architecture, identity threat detection.
* Shift from compliance-based to risk-based approach to rapidly identify threats.
* Partnership with industry crucial for comprehensive view of digital threats landscape.
Cybersecurity: Launching and Implementing the National Cybersecurity Strategy
In April 2023, GAO reported that the goals and strategic objectives in the document provide a solid foundation for a comprehensive strategy. The strategy fully addressed three out of six desirable characteristics of a national strategy, but only partially addressed the other three. These include goals, resources, and organizational roles. ONCD plans to work with federal agencies to develop an implementation plan that includes milestones, performance measures, and budget priorities.
* It is crucial for these details to be issued promptly so agencies can start planning and allocating resources properly.
* Without a clear roadmap for overcoming cyber challenges, the nation will lack guidance. GAO has designated ensuring cybersecurity as a high-risk issue because federal agencies and critical infrastructure rely on information systems.
* The urgency to address these challenges led to the establishment of the Office of the National Cyber Director, responsible for developing and implementing a comprehensive national strategy.
Cybersecurity’s role in digital transformation at the General Services Administration
This interview discusses how the General Services Administration (GSA) is working to modernize federal IT and create a more digital government. Shive talks about GSA's role as an enabler, helping agencies adopt technologies like cloud computing and artificial intelligence. He highlights GSA's Centers of Excellence, which are working with agencies on IT modernization projects. Shive also discusses cybersecurity challenges and how GSA is focused on reducing risk across government. Overall, the interview provides insight into GSA's efforts to drive digital transformation and innovation across federal agencies.
DAFITC 2023: The DOD Is Charting a New Path to Zero Trust
Recently the Department of Defense has been embracing zero trust as a new approach to cybersecurity according to speakers at DAFITC 2023. The DoD sees zero trust as a way to enhance protections for critical data and assets. Adopting zero trust will require changes to identity management, network segmentation, and device security. The DoD plans to issue a zero trust reference architecture to guide implementation across services and agencies. Challenges include educating users and integrating legacy systems. But zero trust offers benefits like improved visibility, granular access controls, and operational resilience. DoD's path to zero trust aligns with government-wide efforts to transition away from perimeter-based security models. Implementation will take years but is critical to enable multi-domain operations.
* DoD embracing zero trust at DAFITC 2023 as new cybersecurity approach.
* Will enhance protection of critical data and assets via identity, segmentation, device security.
* DoD to issue zero trust reference architecture to guide adoption across services/agencies.
* Transition faces challenges but offers improved visibility, access controls, resilience.
* Aligns with government-wide shift away from perimeter-based security models.
DeRusha: U.S. Must Keep its Foot on the Cybersecurity ‘Gas Pedal’
There is a growing need for the U.S. government to maintain its focus and effort on cybersecurity according to Anne Neuberger, Deputy National Security Advisor. She emphasizes that cyber threats from nation-state actors and ransomware groups continue to pose major risks. In her words progress has been made, including mandated multi-factor authentication and improved information sharing, Neuberger warns against complacency. She recommends continued investment in modernization, recruiting top talent, and building partnerships between government and the private sector. Neuberger cites recent attacks on critical infrastructure and supply chains as reminders that cybersecurity must remain a top priority. She urges both the public and private sectors to keep collaborating and innovating to stay ahead of emerging threats.
* Anne Neuberger, Deputy National Security Advisor, says U.S. can't ease up on cybersecurity.
* Major risks remain from nation-state and ransomware cyber threats.
* Progress made but can't afford to get complacent.
* Must continue prioritizing cybersecurity through investment, talent, and public-private partnerships.
* Recent critical infrastructure attacks highlight need to stay vigilant.
DHS is the Largest Federal Agency to Receive 14 Consecutive “A” Grades on SBA’s Annual Small Business Procurement Scorecard
The Department of Homeland Security (DHS) received an "A+" on the Small Business Administration's FY 2022 Small Business Procurement Scorecard. This is the fourteenth year in a row DHS has earned an "A" and the seventh year in a row it has earned an "A+" – the highest score possible.
* Secretary of Homeland Security Alejandro N. Mayorkas set a goal in June 2022 to surpass the FY 2022 small, disadvantaged business goal of 17%, and this accomplishment fulfills that goal.
* The Scorecard is an assessment tool that measures how well federal agencies achieve their small business and socioeconomic contracting goals, provides contracting data, and reports small business program progress.
DHS Issues Recommendations to Harmonize Cyber Incident Reporting for Critical Infrastructure Entities
The Department of Homeland Security has issued recommendations to streamline and standardize cyber incident reporting across critical infrastructure sectors. The goal is to enable consistent reporting to CISA to improve national situational awareness and provide targeted support. Key proposals include using a standard format for reporting, establishing common data elements, and sharing information on incidents in real-time. Stakeholder feedback will help refine the recommendations before they are finalized as reporting requirements. Standardized reporting is part of broader efforts to enhance public-private cooperation on cybersecurity and create a unified view of threats across critical infrastructure.
* DHS issued recommendations to harmonize cyber incident reporting for critical infrastructure.
* Aims to enable consistent reporting to CISA to improve situational awareness.
* Proposals include standard reporting format, common data elements, real-time sharing.
* Seeks to align reporting across regulatory frameworks like TSA directives.
* Standardized reporting part of efforts to enhance public-private cooperation on cybersecurity.
DOD pushes cloud buyers to JWCC
The Department of Defense is encouraging defense agencies and military services to utilize the Joint Warfighting Cloud Capability (JWCC) for their cloud computing needs. JWCC is the DoD's enterprise-wide cloud program providing both unclassified and classified capabilities.
* The Pentagon wants to consolidate cloud contracts under JWCC to improve security, interoperability, and cost-savings.
* Recently the DoD CIO released a memo directing that all DoD components moving applications to the cloud must first consider JWCC rather than procuring their own cloud services.
* Some DoD entities have already embraced JWCC, like the Army which plans to migrate many applications. However, others like the Air Force have been more hesitant to use the mandated cloud solution over commercial options.
* The DoD aims to make JWCC more attractive by adding new features and services tailored for defense users.
Executive Order on Further Advancing Racial Equity and Support for Underserved Communities Through The Federal Government
On February 16, 2023, President Joe Biden signed Executive Order 14091. This executive order aims to further advance racial equity and support underserved communities through the federal government. It shows the administration's commitment to addressing systemic barriers that hinder prosperity, dignity, and equality for many underserved communities.
* This is a continuation of the administration's efforts, starting with Executive Order 13985 signed two years ago.
* The new executive order integrates equity-focused policies and processes within government operations across the executive branch and federal agencies.
* To achieve equitable outcomes, the administration must implement additional policies and processes that remove systemic barriers and promote equal opportunity for all.
FACT SHEET: Biden-Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing America’s Cyber Talent
The Biden-Harris administration has unveiled a new national strategy aimed at strengthening the cybersecurity workforce. The strategy seeks to recruit more Americans into cyber careers and align cyber education with in-demand skills. Key elements include launching apprenticeship programs, integrating cybersecurity into primary and higher education, and expanding federal cyber scholarship programs.
* The administration plans to work with the private sector to create career pathways for cyber professionals.
* A joint Cyber Talent Management System will also improve hiring and retention of cyber talent in government.
* Overall the strategy aims to build a more diverse, equitable cyber workforce of over 500,000 professionals over the next five years.
* The administration argues this will help protect national security, public safety, and essential services from increasingly sophisticated cyber threats.
FACT SHEET: Biden-Harris Administration Announces New Better Contracting Initiative to Save Billions Annually
The Biden-Harris Administration recently announced the Better Contracting Initiative, which aims to save billions of dollars annually by modernizing how the federal government purchases goods and services. The initiative will focus on improving management of service contracts, reducing unnecessary contract duplication, increasing small business participation, and leveraging the government's buying power. Key components include new training for acquisition personnel, enhanced data analysis to identify savings opportunities, strengthened contractor oversight, and pilot programs to test new procurement approaches. Overall, the initiative seeks to deliver better value for taxpayers by making federal contracting more efficient, transparent, and cost-effective.
* Modernizes federal procurement to save billions annually.
* Improves management of service contracts, reduces duplication.
* Increases small business participation, leverages buying power.
* Provides new training for acquisition personnel.
* Strengthens contractor oversight, pilots new approaches.
FACT SHEET: Biden-Harris Administration Issues Landmark Blueprint to Advance American Innovation, Competition and Security in Wireless Technologies
The Biden-Harris administration has released a blueprint outlining steps to advance American innovation, competition, and security in wireless technologies like 5G and 6G. The plan aims to increase access to spectrum for both private sector and government users, promote open architecture, and strengthen supply chain security. It calls for investing billions into wireless research and development and expanding public-private partnerships. The blueprint provides recommendations across ten key areas including spectrum policy, network security, and semiconductor supply chains. The administration views leadership in wireless technology as critical to economic growth, national security, and maintaining global influence.
* Recommendations across several key areas like spectrum, security, semiconductors.
* Blueprint to advance US innovation, competition, security in 5G/6G and wireless tech.
* Increase spectrum access, open architecture, supply chain security.
* Wireless leadership seen as vital for economy, security, global influence.
FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence
On October 30, 2023, President Biden issued an executive order aimed at fostering responsible development and use of Artificial Intelligence (AI) in the United States. The order establishes a framework of principles that federal agencies must follow when adopting AI systems. It directs agencies to assess AI risks, minimize harmful bias, ensure high standards of data quality, and regularly test systems for safety and security vulnerabilities. The order also creates an AI Bill of Rights that protects citizens' civil liberties and sets limits on how their data can be used by AI systems. To oversee implementation, the order establishes a National AI Advisory Committee comprising government, private sector, academic and civil society experts.
* Establishes principles for responsible AI use in federal agencies.
* Creates AI Bill of Rights to protect civil liberties and data privacy.
* Directs testing of AI systems for biases, safety issues and security flaws.
* Sets up National AI Advisory Committee to guide implementation.
* Aims to strengthen public trust and prevent harmful impacts from AI.
FACT SHEET: Vice President Harris to Announce Support to Help Historically Underserved Entrepreneurs Tap into Bidenomics-Fueled Small Business Boom
Vice President Harris recently announced new support to help historically underserved entrepreneurs access the small business boom fueled by the Biden-Harris economic agenda. The administration is expanding outreach to minority-owned and rural small businesses to better connect them with federal resources and contracting opportunities.
* New initiatives will simplify the federal procurement process, provide mentorship to startup owners, and direct investment into underserved communities.
* The Small Business Administration will lead an all-of-government approach focused on equitable delivery of services.
* According to the White House, the administration's investments in infrastructure, manufacturing, clean energy and more have created ideal conditions for entrepreneurship.
* This new effort aims to ensure all Americans can participate in the small business surge, especially those from disadvantaged backgrounds who face systemic barriers.
Failing to Invest in Climate Change Means Failure to Taxpayers, Says New Assessment
Preliminary numbers from a new climate evaluation indicate potential damage to federal property. It is crucial for the country to take action now. The president's budget request for fiscal 2024 examines the increased costs and risks to the federal government due to climate change. This analysis fulfills the requirements of President Biden's executive order on climate-related financial risks issued in May 2021. The budget documents emphasize the importance of investing in climate change to responsibly manage funding on behalf of taxpayers.
* Mitigating greenhouse gas emissions and adapting to future climate scenarios through federal investments can help reduce future financial burdens.
* However, congressional appropriations and federal implementation are necessary to address these risks.
* Regarding sea level rise, the assessment reveals a lack of available climate data to accurately estimate the cost implications on federal facilities. Nevertheless, an illustrative analysis using limited public data suggests that the annual replacement value affected by sea level rise could range from $72 million to $127 million by mid-century and from $449 million to $1.786 billion by the end of the century.
* The Biden administration emphasizes the need for better data and modeling to accurately assess the true cost of climate change.
Fed Experts: Start by Tackling Employee Pain Points to Build Trust in AI
Federal experts advise that agencies should focus first on alleviating employee pain points as they start implementing AI systems in order to build trust. Employees are more likely to embrace AI if it helps their day-to-day work rather than complicates or disrupts it. Agencies should identify frustrating tasks that can be automated or streamlined using AI. They should also communicate clearly how AI will and won't be used, and train employees to work alongside AI systems. Building guardrails and testing for fairness and bias are also key in ensuring AI is trustworthy. Agencies are encouraged to start small with pilot projects and expand as they demonstrate benefits. Keeping humans involved and being transparent about AI will be critical for its acceptance.
* Alleviate employee frustration and pain points with AI to build trust.
* Communicate how AI will/won't be used, provide training.
* Start small with pilots, expand as benefits demonstrated. Build guardrails, test for fairness and bias.
* Keep humans involved, be transparent about AI usage.
Federal agencies must do more on sustainability
President Joe Biden's executive order on sustainability has prompted federal agencies to prioritize reducing emissions and modernizing legacy technology. The General Services Administration is working on decarbonizing federal buildings and adopting carbon pollution-free electricity. The Energy Department is increasing its acquisition of electric vehicles and electric vehicle supply equipment. However, federal agencies need to accelerate their efforts to achieve the administration's ambitious climate goals.
* Technology modernization initiatives must be balanced with these goals. Fortunately, sustainability and digital transformation are interconnected, as newer technologies are more energy efficient.
* When considering IT modernization, federal leaders should also consider the business case for sustainability.
* Data-driven sustainability initiatives will provide government leaders with valuable information for making informed operational decisions. The availability of actionable data is crucial for achieving sustainability objectives.
Federal CISO looks ahead to conversation around new contractor cyber rules
The federal chief information security officer (CISO) is looking ahead to an important conversation around new contractor cybersecurity rules. These rules will update regulations that IT contractors must follow to protect sensitive government data. The CISO expects the conversation to center around what should be mandated versus suggested best practices. While no specific timeline is set, the CISO aims to release a draft version of the updated rules for public comment in the coming months. This will be an important step toward finalizing regulations that balance security needs with flexibility for contractors. The CISO recognizes the challenges but believes there is momentum toward modernizing cyber standards.
* Federal CISO planning for conversation around updating contractor cyber rules.
* New regulations will mandate IT security standards for contractors handling government data.
* Draft rules expected for public comment in coming months.
* Goal is balancing security needs with contractor flexibility.
* CISO acknowledges challenges but sees momentum for modernizing cyber standards.
Federal CISO: New Cyber Metrics Improving Feds’ Risk Posture
The Federal Chief Information Security Officer (CISO) recently discussed how new cybersecurity metrics are helping improve the federal government's risk posture. The CISO office has been working with agencies to develop data-driven metrics to better understand cyber vulnerabilities and threats. Some examples include measuring patch management, multifactor authentication implementation, and exposure of high value assets.
* The CISO said this metrics-based approach moves cybersecurity discussions from theoretical to data-driven decisions. It also provides greater visibility across the entire federal enterprise to combat threats.
* The office is looking into further metrics like cyber workforce readiness and supply chain risks.
* Overall, leveraging metrics helps focus limited cybersecurity resources on the most critical risks facing federal systems and data.
Federal CISO Talks NCS, Next Steps, Legacy IT Burden
Recently the Federal Chief Information Security Officer (CISO) recently discussed next steps for improving federal cybersecurity under the Federal Information Security Modernization Act (FISMA) and the Cybersecurity Executive Order. She said implementing the new National Cyber Strategy remains a key focus, including pushing agencies to encrypt data, use multi-factor authentication, and adopt endpoint detection and response capabilities.
* The CISO office is prioritizing tackling technical debt by modernizing legacy systems, which pose security risks.
* Reducing the burden of outdated technology will enable implementing stronger controls.
* Furthermore, advancing the cyber workforce through new pay structures, training programs, and recruiting is critical to executing cyber plans. The CISO stressed that driving FISMA and the cyber executive order forward through metrics and accountability will enhance defenses against modern threats.
Feds Leveraging Data to Modernize Government Business Practices
Federal agencies are leveraging data to modernize and improve government business practices. The General Services Administration's efforts to use data to transform acquisition practices through category management, which consolidates spending on common goods and services. Other agencies like the Department of Health and Human Services are also using data-driven insights to improve operations. Overall, there is an emphasis on the growing role of data analytics in enabling agencies to reduce costs, increase efficiency, and better serve citizens.
* GSA using data-driven category management to consolidate federal spending and procurement.
* HHS and other agencies also adopting data analytics to optimize operations.
* Data enabling agencies to cut costs, boost efficiency, and improve citizen services.
* Analytics becoming integral to modernizing and transforming government business.
For the federal government, Zero Trust is just the beginning
The federal government is increasingly adopting zero trust security models, but sees it as just the first step towards more advanced approaches to cybersecurity. Zero trust is focused on constantly validating every user and device before granting the minimum access needed, but has limitations. The government is looking towards concepts like assume breach, which assumes systems are compromised from the start, and evolving to self-healing networks that can automatically detect and respond to threats. The ability to understand normal behavior and identify anomalies will be critical. There also needs to focus on identity management as the foundation for these future security architectures.
* Federal government adopting zero trust but sees it as just a first step.
* Looking towards more advanced models like assume breach, self-healing networks.
* Focus on understanding normal behavior, identifying anomalies.
* Identity management foundational for future security architectures.
* Evolving to autonomous systems that automatically detect and respond.
GAO sustains 93 bid protests filed over CIO-SP4 solicitation
The Government Accountability Office reviewed 93 legal challenges to the National Institutes of Health's solicitation, CIO-SP4. They found that the agency did not advance proposals past the first phase of evaluation in a reasonable manner. Kenneth E. Patton, the managing associate general counsel for procurement law at GAO, stated that the agency's decision was flawed because NIH failed to show proper evaluation of phase one proposals and determination of which ones would move forward.
* GAO recommended that the agency reevaluate the proposals and make new determinations based on the results.
* This decision was issued under a protective order due to sensitive information.
* Protests from entities represented by outside counsel were addressed, while protests from entities without counsel will be addressed separately. CIO-SP4 has faced protests since the agency requested proposals in May 2021. The contract vehicle has a $50 billion ceiling.
GAO Urges Pentagon to Ensure Full Implementation of Agile Principles in Software Procurement
A recent report from the Government Accountability Office (GAO) recommends the Department of Defense fully implement agile principles when procuring software. Agile development delivers software in short increments rather than waiting for the full system to be completed.
* The GAO found the DoD has guidance on using these methods, but program offices are not consistently adopting agile methods or applying them effectively. This can limit the flexibility and collaboration of developers with users that are central to agile.
* The report recommends several actions to integrate agile further, including revising policies to mandate key agile practices, providing better training and resources to program staff, and developing metrics to measure the effectiveness of agile methods.
* Implementing these recommendations would help the DoD deliver needed software capabilities to warfighters faster and stay ahead of evolving threats.
GSA debuts new search tool to support Native Governments and Businesses
The U.S. General Services Administration has introduced a new search tool. This tool allows buyers to search for Native business categories in GSA Advantage!, GSA eBuy, and GSA eLibrary for commercial products and services. Tribal governments have limited ability to generate traditional government revenues due to their unique federal status. Therefore, income from Tribal businesses is crucial for their development.
* The new search feature will help Native businesses gain visibility in various channels to sell their products and services. The search identifiers have been designed to enable multiple search criteria, such as office supplies and 8(a) status.
* This feature helps federal agency partners comply with the Buy Indian Act. These recent enhancements to the search function enable buyers to meet socioeconomic contracting goals more efficiently and identify specific acquisition pathways.
* Federal and Tribal buyers can now easily search for hand tools made by American Indian-owned small businesses.
GSA’s IT Category Office Enhancing Software Supply Chain Management
The General Services Administration's IT Category office is working to enhance software supply chain management across the federal government. They are developing a software bill of materials (SBOM) standard that provides transparency into the components and dependencies in software. This will help agencies better manage risks and vulnerabilities in their software supply chains. The office is also exploring the use of artificial intelligence to analyze SBOMs and provide insights to improve supply chain security.
* GSA's IT Category office enhancing software supply chain management for federal agencies.
* Developing standard for software bill of materials (SBOM) to provide transparency into software components.
* SBOM will help agencies manage risks and vulnerabilities in software supply chains.
* Overall goal is to strengthen federal software supply chain security through standards and emerging technologies like AI.
Independent Oversight Coming to Major VA IT Contracts
The Department of Veterans Affairs (VA) is planning to strengthen oversight of its major IT modernization contracts. This is in response to recent legislation from Congress. The VA has released a draft request for proposals (RFP) to request industry input on its plans to initiate independent verification and validation (IV&V) for its major acquisition programs.
* The RFP comes after Rep. Mark Takano introduced the VA IT Modernization Improvement Act, which called for IV&V support for major acquisitions.
* VA Chief Acquisition Officer Michael Parrish stated that this will provide independent oversight to ensure that contractors deliver on time and budget.
* The VA expects to implement this contract by the end of the year, aligning with Rep. Takano's legislation.
* This RFP mentions that programs like the Electronic Health Record Modernization, Financial Management Business Transformation, and Supply Chain Modernization will likely be assessed, with the possibility of considering additional programs. Both VA and Government Accountability Office officials support the legislation.
Keep the focus in procurement on best value products and services for the government
Federal government procurement should prioritize "best value" over lowest cost when purchasing products and services. The best value enables the government to consider factors beyond just price, including quality, technical capability, past performance, and environmental or social impacts.
* Focusing solely on lowest cost can result in lower quality goods and services that don't fully meet the government's needs.
* More training on best value procurement strategies is needed for acquisition professionals.\
Additionally, updating regulations and policies can help encourage a best value approach.
* Emphasizing best value rather than lowest cost will ultimately provide taxpayers with higher quality, more innovative, and more sustainable solutions from government contractors.
New bill aims to codify NIST AI risk management in federal procurement
A new bill introduced in Congress aims to establish the National Institute of Standards and Technology's (NIST) AI risk management framework as the baseline for federal procurement of artificial intelligence systems. The Artificial Intelligence Procurement Act would mandate agencies to adopt NIST's voluntary guidance on identifying, assessing and mitigating risks when acquiring AI tools. This framework provides a methodology to evaluate factors like data quality, system security, and potential biases. Codifying these best practices into law would provide consistent standards for trustworthy AI across government. However, some opponents argue NIST's framework is too rigid for the dynamic evolution of AI. If passed, the bill would grant NIST statutory authority to update the framework with stakeholder input. Proponents believe regulating AI procurement is an important step toward responsible AI adoption. Critics contend it could hamper innovation and ignore the unique needs of individual agencies. Further debate is expected on balancing AI progress and prudence.
* New bill would codify NIST's AI risk management framework for procurement.
* NIST framework offers methodology to assess AI risks like biases and security flaws.
* Would standardize trustworthy AI practices across federal government.
* Balances twin goals of spurring AI innovation while managing potential downsides.
New FedRAMP guidance forthcoming as the cloud marketplace evolves
The Federal Risk and Authorization Management Program (FedRAMP) is preparing to release updated guidance and requirements for cloud service providers this fall. FedRAMP ensures cloud products meet federal security standards before being authorized for government use. The program management office says forthcoming guidance will address evolving needs as the marketplace matures.
* Areas of focus include clarifying criteria for higher security baselines, enforcing authorization boundaries, and requiring vulnerability scanning for high-value assets.
* There will also be a push towards automation and standardized assessments to improve efficiency.
* Updated guidance aims to increase security while removing obstacles to rapid cloud adoption. However, some industry experts are concerned the new requirements may be too rigid and discourage commercial solutions.
* The pending release comes as more agencies embrace multi-cloud approaches and migrate critical systems to the cloud.
New rule sets stage for banning risky technologies from government supply chains
The General Services Administration has issued a rule to implement provisions in the 2021 defense bill that allow the government to prohibit federal acquisition of certain telecom and video surveillance equipment. The rule lays the groundwork to block purchase of technology that poses national security risks, namely gear from Chinese companies like Huawei and ZTE. It establishes procedures for assessing risks, identifying covered equipment, providing notice to vendors, and allowing waivers in special cases. While not an outright ban yet, the rule is a significant step toward enabling stricter screening of government technology supply chains. It reflects growing concerns about potential vulnerabilities from foreign-sourced gear that could enable spying or disruption of government systems and operations.
* GSA rule lays groundwork to prohibit federal purchase of risky telecom/video surveillance tech.
* Establishes procedures for risk assessments, notifications, waivers.
* Not an outright ban yet but enables stricter supply chain screening.
* Addresses concerns about foreign gear enabling spying, disruption of government systems.
NIST releases revised cyber requirements for controlled unclassified information
The National Institute of Standards and Technology (NIST) has updated its requirements for protecting controlled unclassified information (CUI). The revised guidelines aim to modernize security controls for CUI systems based on emerging technologies and new cyber threats. Key updates include additional multifactor authentication methods, improving identity and access management, enhanced logging and monitoring capabilities, and integrating security into system development processes. The guidelines also provide scalable baseline security requirements that can be tailored based on an organization's risk management strategy. Adopting the guidelines will be mandatory for federal agencies and contractors handling CUI. NIST developed the updates with input from public and private sector stakeholders. Implementing the guidelines will improve real-time detection of cyber incidents and unauthorized access attempts across CUI systems. Overall, the changes seek to bring CUI cybersecurity policies in line with today's digital environment.
* Modernizes security controls for CUI systems based on new tech and threats.
* Adds multifactor authentication methods, improves identity management.
* Enhances logging, monitoring, integrating security into development.
* Provides scalable baseline requirements tailored to risk strategy.
* Mandatory for federal agencies and contractors handling CUI.
OMB Releases Implementation Guidance Following President Biden’s Executive Order on Artificial Intelligence
The White House Office of Management and Budget recently issued guidance to federal agencies on implementing President Biden's executive order on responsible artificial intelligence adoption. The guidelines provide a timeline for agencies to inventory their AI use cases, assess risks, and develop policies aligned with the order's principles for trustworthy and equitable AI. Agencies must submit plans detailing how they will minimize harmful bias, evaluate AI impacts on underserved communities, improve data quality, and continually monitor AI system performance. The guidance also establishes reporting requirements for agencies to update the public on their progress. While praising the administration's commitment to AI oversight, some industry observers caution against overregulation that stifles innovation. Others argue the guidelines lack enforcement mechanisms. As agencies move to transform the principles into practice, effective implementation will determine whether the order achieves its goals of ensuring AI safety, protecting civil rights, and building public trust.
* OMB released guidance for agencies to implement Biden's AI executive order.
* Directs risk assessments before AI deployment to address biases, privacy, security.
* Seeks to boost innovation while protecting civil rights and privacy.
* Creates Central Hub to coordinate AI regulation across government.
* Implementation requires resources, expertise and sustained leadership.
ONCD Seeks Input on Strategy to Strengthen Open-Source Software
The National Cyber Director's office has issued a request for information to help shape a new government-wide strategy for leveraging open source software. The strategy aims to strengthen cybersecurity, lower costs, and benefit from community-driven innovation. The RFI seeks feedback on establishing procurement best practices, increasing open source contributions from agencies, addressing dependencies like foreign-developed software, measuring ROI, and more.
* Inputs will inform policy recommendations in several areas including workforce, Intellectual Property, and supply chain security around open source adoption.
* The strategy will also look at DevSecOps approaches and other technical considerations.
* According to the NCD, properly harnessing open source will enhance resilience, lower barriers to entry, and benefit national economic competitiveness. But challenges remain around security, licensing, and sustainment.
* This RFI underscores the administration’s growing focus on maximizing open source to transform government digital services.
ONCD Working on ‘Playbook’ for Cybersecurity in Procurement
The Office of the National Cyber Director is developing a playbook to improve cybersecurity in federal procurement and acquisition processes. The playbook aims to provide guidelines for agencies to build cybersecurity into contracts and procure more secure technologies. It will likely recommend segmenting networks, using basic cyber hygiene, and requiring vendors to meet certain cybersecurity standards. The playbook is part of a broader federal push to enhance cybersecurity protections and reduce risks across government systems.
* Office of National Cyber Director creating a playbook for better cybersecurity in federal procurement.
* Playbook will provide guidelines for agencies to build cybersecurity into contracts.
* It will recommend steps like network segmentation, cyber hygiene, vendor cyber standards.
* This is part of a broader federal effort to improve cyber protections and reduce risks.
OPM launches federal intern experience program
The Office of Personnel Management has introduced a new program. The program aims to standardize and improve the quality of internships in federal agencies. The agency sent a message to government chief human capital officers. They created the program to support early career talent by providing training, information, and support.
* Interns at federal agencies will now have access to mentoring, executive speakers, self-directed training, and a new intern hub.
* OPM launched the program to support the Biden administration's priority of strengthening and empowering the federal workforce.
* The administration's President's Management Agenda focuses on three questions: How can the federal government improve its workforce? How can it build trust through programs and services? How can it advance equity and support underserved communities?
Oversight Committee Passes Bills to Root out Waste, Fraud, and Abuse, Improve Federal Government Efficiency
The House Oversight and Reform Committee recently passed several bills aimed at improving efficiency and reducing waste, fraud, and abuse in the federal government. One bill would require agencies to conduct inventories and reduce excess property, which could save billions in storage and maintenance costs. Another bill would improve the management of government purchase cards to prevent misuse.
* The committee also passed the Taxpayer Receipt Act, requiring the government to send Americans an annual “taxpayer receipt” outlining federal spending.
* Additionally, the Federal Agency Customer Experience Act was approved to improve customer service at government agencies. Committee Chairwoman Carolyn Maloney argued these bipartisan bills will make the government more efficient, accountable, and transparent for taxpayers.
Pentagon Cyber Official Provides Progress Update on Zero Trust Strategy Roadmap
The Defense Department plans to implement its zero trust cybersecurity framework by fiscal year 2027. David McKeown, the DOD's senior information security officer, stated that his office has been working diligently to ensure a smooth rollout of the initiative.
* The partnership with the private sector has played a crucial role in the DOD's progress toward implementing the capabilities outlined in the roadmap.
* McKeown emphasized the formation of strong relationships with commercial cloud providers.
* The zero trust framework will go beyond traditional network security methods and provide capabilities to reduce cyberattack exposure, enable risk management and data sharing, and swiftly address adversary activities.
Pentagon eyes 5G, ‘future G’ to help warfighters
The Department of Defense is exploring how 5G and 6G networks can enhance military operations in the future. 5G offers faster speeds and lower latency that could enable new augmented and virtual reality capabilities for warfighters. The Pentagon is testing 5G at a handful of military bases to better understand how to leverage its capabilities. Looking ahead, the DoD is also funding university research on 6G, the next generation of wireless networks that could arrive in the 2030s. 6G promises even faster speeds and greater connectivity for advanced applications like holographic projection. While commercial 5G is still rolling out, the DoD wants to get a head start on capitalizing on 6G’s potential military benefits. However, adopting these new networks also presents cybersecurity challenges that will need to be addressed.
* DoD exploring 5G and 6G to enhance future military operations.
* 5G offers faster speeds, lower latency for new AR/VR capabilities.
* Pentagon testing 5G at bases to understand leveraging potential.
* Faster speeds and connectivity expected to transform battlefield.
* Adopting new networks presents cybersecurity challenges.
Pentagon’s 2023 Cyber Strategy Takes aim at China Threat
The Pentagon's 2023 cyber strategy identifies China as the top strategic threat and lays out plans to counter Chinese cyber capabilities. The strategy calls for new operational concepts to defend critical infrastructure, support military operations, and impose costs on adversaries. Key focus areas include building resilient systems, enabling information advantage, and recruiting talent. The strategy also emphasizes defending the homeland and allies as well as deterring significant cyberattacks. It aligns with the Biden administration's push to prioritize challenges from China and view cyberspace as a domain of great power competition.
* Pentagon's new cyber strategy identifies China as top threat, aims to counter capabilities.
* Calls for new operational concepts to defend infrastructure, support operations, impose costs.
* Seeks to integrate cyber into broader military operations and build resilient systems.
* Focuses on defending homeland and allies, enabling information advantage, deterring attacks.
* Aligns with administration's view of cyberspace as a domain of great power competition.
Private sector must proactively accept White House’s invitations on cybersecurity
The National Cybersecurity Strategy from the White House is primarily intended for federal government officials. However, the latest release of the strategy includes commitments to the private sector on various cybersecurity issues. The President has invited the private sector to work alongside the government as partners, recognizing the importance of collaboration in securing cyberspace.
* Private sector organizations should accept this invitation, both individually and through trade organizations, but they must act quickly as there are limited seats available.
* The federal government may need time to accept private sector officials as partners and build trust.
* President Biden expects private sector involvement in a range of areas, including regulations, network and system protection, investigations, information sharing, incident response, liability for software vulnerabilities, workforce development, improving insurance products, preparing for post-quantum threats, and countering attempts by autocratic governments to control information technology.
Reforming federal procurement and acquisitions policies
The government procurement process can be difficult to navigate, especially for businesses without experience in submitting bids or understanding agency requirements. There are barriers in paperwork, disparities in geographic distribution, poorly trained officials, and inequities based on race and gender.
* To address these various issues, several reforms to national procurement policies and processes have been introduced.
* These include broadening the geographic distribution of contracts, ensuring fairness and transparency, improving access for small businesses and historically disadvantaged firms, enhancing the training of government procurement officers, increasing accountability by empowering end-users, utilizing technology and machine learning software for data analysis, limiting the time period and criteria for legal challenges, and learning from reforms implemented in other countries.
Sen. Ernst leads bills seeking higher standard for federal small business contracting goals
The Ranking Member of the Senate Small Business Committee, Joni Ernst (R-Iowa), has introduced legislation to raise standards for federal small business contracting goals. The bill would require agencies to only include women-owned small businesses (WOSBs) and service-disabled veteran-owned small businesses (SDVOSBs) certified by the Small Business Administration in their governmentwide contracting targets.
* While agencies have consistently met or exceeded SDVOSB goals, they have only met WOSB goals in fiscal years 2019 and 2015. Under one of the bills introduced by Ernst, agencies that fail to meet their WOSB goals would be required to testify before the House and Senate small business committees.
* Another bill, the Accountability in Women-Owned Small Business Contracting Act, would only count prime and subcontract awards to SBA-certified WOSBs towards a governmentwide goal of 5% of federal contracting dollars going to WOSBs.
* Additionally, the Stop Stolen Valor for Service-Disabled Veteran-Owned Small Business Contractors Act would prevent self-certified SDVOSBs from being included in the count towards a governmentwide goal of 3% of federal contracting dollars going to SDVOSBs.
Sen. Ernst to agencies: No more ‘easy As’ on the SBA scorecard
Senator Joni Ernst recently criticized federal agencies for consistently receiving high grades on the Small Business Administration's annual small business procurement scorecard despite missing statutory contracting goals. Ernst argued agencies should not be earning "easy As" when they are failing to meet their goals for small business contracting dollars. She said agencies need to do more to remove barriers to entry and actively contract with small firms.
* Ernst suggested the SBA reconsider how grades are calculated to better reflect agencies' actual small business utilization.
* For example, the Department of Defense received an "A" on the latest scorecard despite awarding only 26.5% of contracts to small businesses.
* Senator Ernst pushed for more accountability, calling out the Department of Energy and the General Services Administration for also underperforming small business goals while maintaining high grades. She urged incorporating scorecard results into officials’ evaluations.
Six steps to safeguarding government software amid rising threats
This outlines six steps federal agencies should take to better secure their software in light of escalating cyber threats. Software security needs to become a higher priority baked into development from the start.
* The first recommendation is prioritizing application security (AppSec) by hiring experts and conducting more robust testing.
* Second is implementing DevSecOps to integrate security earlier in IT delivery pipelines.
* Third is increased use of automated scans and testing tools to find vulnerabilities proactively.
* Fourth is adopting a zero trust approach that assumes breach and limits damage.
* Fifth is training developers more on secure coding practices.
* Finally, rigorous pre-deployment testing should become standard. Implementing these six steps will bolster the government's ability to defend against sophisticated nation-state and criminal hackers trying to infiltrate agencies’ systems and data.
Small business government contracting hits record high of $163B, SBA says
The Small Business Administration announced that in fiscal year 2022, the federal government awarded $162.9 billion in contracts with small businesses. This surpasses the government's goal and sets a new record. Compared to the previous fiscal year, there was a 5.6% increase in small business contract awards, totaling $154.2 billion in fiscal year 2021.
* A notable achievement is that 26.5% of federal government contract dollars were awarded to small businesses, exceeding the Biden administration's goal of 23%.
* The SBA gave the federal government an "A" on its scorecard for work with small businesses, with ten federal agencies receiving an "A+" for their efforts.
* NASA was specifically recognized for working closely with small businesses and received an "A" for fiscal year 2022.
Small Business Works 2023: Navigating Equity in Procurement
The Small Business Works 2023 event was a training and matchmaking opportunity for small businesses interested in federal contracting opportunities and doing business with GSA. This hybrid event offered valuable resources and information to assist small businesses in navigating and succeeding in the federal government marketplace. Additionally, small businesses had the chance to expand their network and interact with industry experts through matchmaking sessions.
Small tech companies ask Congress for changes to make acquisition easier to navigate
Small technology companies recently asked Congress to implement changes to make government acquisition more navigable for new vendors. In a letter, founders of younger tech firms argued current acquisition practices favor larger, traditional government contractors and create barriers for new entrants. They cited issues like overly complex proposal requirements, restrictive classification rules, and lack of transparency around needs.
* The founders urged Congress to mandate more modular contracting, force agencies to work with new suppliers, and invest more in acquisition workforce training.
* Other recommendations included providing incentives to incumbent contractors that partner with innovative startups and subsidizing pilot contracts for new solutions.
* The technologists said that reforming acquisition is vital to tapping into emerging technologies from commercial companies and keeping up with innovations used by adversaries.
* Opening government procurement to new players will also increase competition and reduce costs.
The rising stakes of the federal digital user experience
There is an increasing importance on providing a seamless digital experience for citizens interacting with federal government services online. The COVID-19 pandemic dramatically accelerated adoption of digital services across agencies. As a result, agencies must now optimize online platforms for mobile-friendliness, accessibility, and ease of finding information. Improving user experience not only boosts citizen satisfaction but also enhances trust in government. Focus has been on understanding user needs, iterative design, plain language content, and inclusive accessibility. With digital channels becoming the predominant way citizens connect with government, delivering an excellent user experience is crucial for agency missions.
* Pandemic sped up adoption of digital government services.
* Agencies must now optimize online platforms for seamless user experience.
* Enhancing user experience builds citizen satisfaction and trust.
* Excellent user experience crucial as digital becomes main public interaction.
There’s a lot to be done’: Federal groups push for greater SES diversity
A coalition of federal affinity groups is advocating for greater diversity within the Senior Executive Service (SES) ranks across government. In letters to the Office of Management and Budget and Office of Personnel Management, the groups argue the SES lacks representation and inclusion, especially for women and people of color. They say enhancing SES diversity will improve decision making and service delivery.
* The groups made several recommendations including setting diversity goals, expanding mentorship and career development programs, and improving exit survey data collection to identify gaps.
* They also highlighted the need for more diverse SES selection panels and interview questions targeting critical competencies.
* The letters underscore ongoing efforts to ensure the federal leadership that shapes policies and programs reflects the diversity of America.
Tired of Monotonous Tasks? Federal Agencies Turn to Automation
Many federal agencies are increasingly looking to intelligent automation to handle repetitive, low-value tasks and enable employees to focus on higher-value work. RPA software can replicate human actions to complete routine processes like data entry. The General Services Administration has bots handling numerous workflows, while the IRS is automating document processing. Other use cases include automated FOIA request handling and automated security operations center functions. Agencies cite benefits like improved efficiency, accuracy, and employee satisfaction. However, they also emphasize the importance of governance and thoughtful implementation. As automation becomes more integral to federal IT, agencies will need strategies for maximizing value while managing change and mitigating risks.
* Federal agencies adopting intelligent RPA for repetitive, low-value tasks.
* Enables employees to focus on higher-value work and provides efficiency/accuracy gains.
* Use cases include data entry, document processing, FOIA handling, security operations.
* Governance and thoughtful implementation key to maximize value and manage risks.
Transparency in numbers: Federal contractors must be held accountable for their diversity efforts
Companies awarded federal government contracts, regardless of size, must ensure equal opportunity in hiring and advancement. This is to align with America's demographics. The numbers are not confidential and do not impact our competitive advantage. The federal government has a responsibility to mandate that contracted companies submit their reports and enforce this requirement.
* In every government contract, there should be incentives for annual report submission. This will require changing processes and establishing a culture that values diversity and equity.
* For non-compliant companies, contracts may be suspended.
* While diversifying the talent pool is crucial for narrowing the wealth gap and getting more people into tech jobs, it is also important for government services to be reflective of the constituents they support.
* Access to these services will improve as the talent pool becomes more diverse.
U.S. government discloses more than 700 AI use cases as Biden administration promises regulation
The Biden administration recently disclosed more than 700 examples of how federal agencies are using artificial intelligence as part of its commitment to transparency around AI adoption. The use cases span various departments and highlight AI applications like predictive analytics at Veterans Affairs, automated document processing at Labor, and object identification for aerospace images at NASA. While showing the broad utility of AI across government, the disclosures also aim to build public trust by demonstrating that agencies are deploying AI responsibly and ethically. This revelation of AI use comes as the White House develops guidance to regulate AI development and usage. The administration says new rules are needed to manage AI risks related to privacy, security, bias and safety. Though many advocates welcome oversight, some industry groups argue excessive regulation could stifle AI innovation. The disclosed use cases indicate the U.S. government will continue expanding its AI capabilities while trying to strike a balance between progress and prudence.
* U.S. government disclosed 700+ examples of AI use at federal agencies.
* Use cases highlight role of AI in data analytics, document processing, image analysis.
* Disclosure aims to build public trust in responsible AI adoption.
* Comes as Biden administration develops guidance to regulate AI systems.
Using AI to Write Contract Requirements Highlights from a Government Roundtable, hosted by ATARC, May 2023
The Advanced Technology Academic Research Center (ATARC) recently hosted a roundtable titled "Using AI to Write Contract Requirements." The discussion focused on the use of Artificial Intelligence (AI) to improve the federal acquisition process. Both federal leaders and industry experts acknowledge the significant potential of AI in enhancing and expediting all aspects of federal acquisition, particularly contract writing. Contract writing is an essential yet time-consuming task that requires specific skills to efficiently procure government services and products. As commercial AI tools like ChatGPT become more prevalent, it is crucial for government agencies to understand how AI can be applied to routine technical work such as contract writing.
* During the roundtable, industry experts and federal procurement leaders gathered to discuss the numerous potential benefits of AI in federal procurement.
* They also addressed the foreseeable challenges that agencies may face in terms of privacy, security, and the rapid advancement of technology.
* The experts explored the potential applications of AI in federal acquisition and procurement processes. They highlighted that with sufficient information, AI could significantly assist in crafting acquisition strategies for various portfolios, including IT, facilities, and professional services.
* Furthermore, AI has the potential to expedite processes by providing effective evaluation factors for solicitations and identifying possible contract modifications.
VA Launches New Team to Advance Equity in Benefits
The Department of Veterans Affairs (VA) has formed a team called the I*DEA (inclusion, diversity, equity, and access) Council. This team aims to promote equity in benefits for all veterans, regardless of their characteristics. The Council will focus on improving outcomes for underserved veterans and eliminating disparities in VA healthcare and benefits. They will develop and implement an Equity Action Plan and report directly to the VA deputy secretary.
* Senior leaders from various parts of the VA will be part of the council, including the Veterans Health Administration, Veterans Benefits Administration (VBA), National Cemetery Administration, Center for Women Veterans, and Center for Minority Veterans.
* Additionally, the VA has established an Equity Assurance Office within the VBA to ensure fair delivery of earned benefits to veterans, led by Laurine Carson, reporting to the Office of the Under Secretary for Benefits.
What Are The Top Cybersecurity Threats Facing Federal Agencies?
Federal agencies currently continue to face numerous major cybersecurity threats. Ransomware is a top concern, with recent attacks crippling critical systems and disrupting operations. Insider threats from malicious employees are also a risk as they can exploit access to sensitive data and networks.
* Agencies struggle to deal with vulnerable legacy IT systems and infrastructure containing outdated software.
* Cloud adoption expands the attack surface. Mobile devices introduce new entry points for cybercriminals.
* There is an emphasis on the challenges of combating nation-state actors and cyber espionage. This includes the importance of cyber hygiene, network segmentation, multi-factor authentication, modernization efforts, and skilled cybersecurity staff in helping agencies improve defenses.
* Ongoing vigilance and workforce education are key to mitigating persistent cyber threats.
White House and GSA launch platforms to improve equity in federal procurement
The White House and General Services Administration have introduced two platforms to enhance equity in procurement for federal agencies. These tools, launched earlier this spring, aim to assist agencies in finding new businesses for federal contracts, identifying qualified vendors, and monitoring progress towards equity goals.
* The Biden Administration has set a goal of 15% federal contract spend for small disadvantaged businesses by 2025, while the Office of Management and Budget (OMB) has set a target of 12% for fiscal 2023.
* GSA Administrator Robin Carnahan emphasized that these tools will enable agencies to connect with a diverse range of businesses in the federal marketplace, promoting equity and achieving contracting goals.
White House looks to ramp up contract spending with small disadvantaged businesses
The Biden administration is looking to increase federal contract spending with small disadvantaged businesses (SDBs) up to 15% by 2025. This initiative aims to expand opportunities for SDBs through both prime and subcontracting arrangements. Steps include getting more agency commitment through new SDB contracting goals, increasing outreach to small firms, leveraging SDB set-asides, and partnering SDBs with larger contractors. The administration will also enhance oversight and accountability to ensure progress. Overall the goal is to drive more federal procurement spending towards SDBs and strengthen the diversity of the government's contractor base.
* Seeking to increase federal contract spending with SDBs to 15% by 2025.
* Expanding SDB opportunities via prime and subcontracting.
* Agencies establishing new SDB goals, enhanced outreach to small firms.
* Leveraging set-asides, partnering SDBs with larger contractors and improving oversight to drive progress.
White House looks to scale FedRAMP with automation
The White House is looking to scale and automate FedRAMP, the government's security authorization program for cloud products and services. The goal is to accelerate agency adoption of secure cloud technologies. Through enhanced automation, the administration aims to cut review times and costs while expanding the FedRAMP marketplace. Key steps include leveraging automation to expedite authorization processes, integrating robotics process automation to reduce manual efforts, and exploring ways to automate the collection and analysis of security data from cloud platforms.
* White House seeking to scale and automate FedRAMP cloud security program.
* Aims to accelerate agency adoption of secure cloud technologies.
* Enhanced automation would cut review times and costs.
* Steps include automating authorization processes, using RPA, analyzing security data.
* Goal is to expand the FedRAMP marketplace.
White House outlines plan for green government spending spared by debt ceiling cuts
The Biden administration's goals to eliminate carbon emissions from federal buildings and vehicles were not affected by the bipartisan deal to cut government spending and raise the debt ceiling. Heather Boushey, a member of the White House Council of Economists, confirmed that the environmental components of the Inflation Reduction Act were not reduced. This is positive news and reflects the ongoing conversations and concerns surrounding this issue.
* Boushey expressed concerns about substantial cuts to the IRS's modernization fund as part of the debt ceiling deal.
* Federal agencies are actively exploring ways to make their buildings and vehicles more sustainable in order to achieve the administration's target of net-zero greenhouse gas emissions by 2050 and a 65% reduction by 2030.
White House tells federal agencies to bolster cybersecurity in memo
The White House has directed federal agencies to take new steps to strengthen their cybersecurity postures in the face of increasing threats. In a recently released memo, the Biden administration lays out immediate actions for agencies to protect networks, identify threats, and improve incident response.
* Agencies are instructed to encrypt data, implement multi factor authentication, and deploy endpoint detection and response tools.
* They must also conduct reviews of their exposure to cyberattacks within 30 days. The memo prioritizes rapid patching of critical vulnerabilities and tackling cyber workforce gaps.\
Additionally, it orders exercises to evaluate readiness and calls for evaluating the security of third-party vendors.
* According to the White House, implementing these measures will enable agencies to quickly address the most significant cyber risks and advance the nation's cybersecurity. The administration aims to lead by example in adopting cyber best practices.
Why Federal Pay Data Collection Is Critical to Equity
Kalpana Kotagal was confirmed as a commissioner to the EEOC on July 13, 2023. This confirmation renews the focus on EEOC priorities, one of which is the pay data collection program through the EEO-1.
* Pay data collection is crucial for achieving pay equity. It provides enforcement agencies, such as the EEOC, OFCCP, and state labor departments, with better data to enforce civil rights laws and encourages employers to analyze their pay practices and address disparities.
* By collecting pay data through the EEO-1, the EEOC and OFCCP can effectively target pay discrimination and occupational segregation in specific firms, industries, and localities.
* This issue briefly outlines the key aspects of pay data collection through the EEO-1 and suggests improvements for future implementation.