News & Updates

2024 Federal Tech Trends: Zero Trust, Customer Experience Top the List

The 2024 federal technology trends are heavily influenced by executive orders focusing on zero-trust security and enhancing citizens' digital experience with government services. Agencies are gearing up to meet the zero-trust deadlines and are looking forward to measuring their progress towards the customer experience goals set by the 21st Century Integrated Digital Experience Act (21st Century IDEA). The move towards zero-trust security is a top priority, with a significant percentage of agencies confident in meeting the requirements. However, challenges remain, and there's a call for improved engagement between the federal government and private industry to navigate these complex initiatives. Additionally, the federal government is making strides in customer experience projects, taking a human-centered approach to service delivery. Other key concerns for 2024 include data management, cybersecurity, and workforce issues, with a focus on system interoperability, common data standards, and the need for a more robust understanding of data and analytics.

* **Zero-Trust Security:** Agencies are working towards meeting zero-trust deadlines, with many confident in their ability to comply. However, challenges persist, and collaboration with private industry is deemed crucial for success. * **Customer Experience Enhancement:** Significant progress has been made in improving the digital experience of citizens interacting with government services, with agencies focusing on human-centered service delivery. * **Data Management:** There's a need for more attention towards system interoperability, common data standards, and data accessibility to support agency modernization efforts. * **Cybersecurity Concerns:** As agencies continue to migrate services to the cloud, they face cybersecurity and procurement challenges that need to be addressed to fully benefit from digital transformation.

3 Reasons Swift Action is Needed to Prepare for a Quantum Cyberattack

Swift action is needed to prepare for potential quantum cyberattacks that could threaten national security. With quantum computing advances, current encryption methods face risks. Three reasons urgent action is required: quantum-safe encryption standards must be developed, agencies need support transitioning systems to new standards before attacks occur, and increased investment is critical for quantum-safe R&D and workforce development. The author believes policymakers need to make quantum-safe encryption a national priority and provides recommendations like establishing a coordinated federal strategy on quantum-safe security.

* Quantum computing advances mean cyberattacks could soon break current encryption. * Urgent action needed to prepare critical systems for "quantum apocalypse". * Reason 1: Develop new quantum-safe encryption standards. * Reason 2: Help agencies transition systems to new standards preemptively. * Reason 3: Prioritize investments in quantum-safe R&D and workforce.

3 tactics to beef up your agency’s cybersecurity knowledge, skills and abilities

Cybersecurity in government is getting tougher as cyber criminals and adversaries increase their attacks. Previously, only advanced individuals could execute low-level attacks, but now criminals can simply copy, paste, and press enter. These attacks are fueled by the potential financial gain from breaching large organizations with valuable data.

* The cost to organizations is growing exponentially and is projected to reach $13 trillion in losses worldwide in the next few years. * While it may be easier for cyber criminals to attack systems, defending against them and removing them from federal systems requires a sophisticated effort. * Cyberattacks are asymmetric, meaning a small, highly motivated group can have the same impact as a well-resourced group. The government needs to respond effectively. * Three tactics agencies can employ are improving the cyber knowledge, skills, and abilities (KSAs) of their security and technology teams, as well as their employees.

4 ways generative AI will improve the federal government

Generative AI will significantly improve the federal government by enhancing citizen interactions, accelerating data processing, and rewriting governmental language for clarity. These advancements will allow for more intuitive public digital services and internal efficiencies, such as smart automation and improved customer service. This tech shift includes integrating AI in cloud-based productivity tools and leveraging AI to improve data interoperability and content creation, despite current limitations and aspirational guidelines.

* Generative AI will facilitate better citizen-government interactions through improved digital services. * Will enhance data processing capabilities, solving issues like data interoperability. * AI can assist in making governmental language clearer and more accessible. * There are plans to integrate AI functionalities into existing government productivity tools and services.

5 steps for building an adaptable, dynamic zero trust architecture within federal agencies

Zero-trust architecture’s (ZTA) principle of "trust no one" revolutionizes traditional security models by treating all users and systems as potential threats and mandating verification for every access attempt. This approach, likened to airport security checks but enhanced by AI, is crucial in a world where even established systems can become vulnerabilities. Despite its benefits, ZTA adoption varies across agencies due to unique missions, cybersecurity challenges, and existing infrastructures. Success stories highlight five best practices for agencies: holistic integration, embracing cutting-edge tools, innovative risk management, ongoing learning, and sustained commitment. These practices, along with adaptability, strategic partnerships, layered defenses, an evaluative approach, and future-proofing, are crucial for a dynamic and adaptable ZTA. Looking ahead, the integration of digital twin technology and AI could enhance ZTA's efficiency and dynamism. Standardization and open-source contributions are seen as key to simplifying ZTA implementations and reducing costs, promoting a collaborative environment for setting universal benchmarks and ensuring interoperability across diverse ZTA solutions.

* ZTA transforms cybersecurity by invalidating inherent trust within network perimeters, demanding continuous verification of all users and systems. * Federal agencies' varied missions and infrastructures influence their ZTA adoption, with cutting-edge technologies like SASE, SD-WAN, and digital twin technology aiding implementation. * Success in ZTA requires holistic integration, advanced tools, risk management, continuous learning, and sustained commitment, combined with strategic partnerships and layered defenses. * The future of ZTA involves embracing AI and digital twin technology for efficiency and adopting standardization and open-source practices for cost-effective and interoperable solutions.

After a Recent Hacking—What are the Risks and Rewards of Cloud Computing Use by the Federal Government?

A recent GAO report examined the risks and rewards of federal cloud adoption following high-profile hacking incidents involving cloud services. While highlighting cloud benefits like flexibility and potential cost savings, auditors cautioned agencies to address unique security challenges. Because cloud environments are shared between organizations, compromised credentials could endanger other clients.

* Auditors recommended agencies rigorously monitor access and take full advantage of cloud security controls. However, continuously monitoring cloud configurations and staying current on patches remains challenging for resource-strapped agencies. * Further, complex cloud architectures make assessing risks difficult. But if secured properly, cloud's enhanced automation and centralized management can bolster defenses across agencies. * GAO advised applying security best practices and leveraging FedRAMP requirements to ensure the benefits of cloud outweigh the risks. * Though challenges persist, rigorous implementation of cloud security can help agencies combat modern cyber threats.

Agencies are on track with AI executive order deadlines, White House says

The White House has successfully met all 90-day benchmarks set in President Joe Biden's Executive Order on artificial intelligence, focusing on managing AI-related security risks and fostering innovation. Key actions include obliging AI software developers to report crucial system information, such as safety test results, to the Department of Commerce. Additionally, a new rule proposal requires U.S. cloud companies to disclose foreign clients using cloud software for training powerful AI models. Nine agencies have submitted AI system risk assessments to the Department of Homeland Security, laying the groundwork for ongoing federal action. The National Science Foundation launched the National Artificial Intelligence Research Resource pilot, democratizing access to AI tools. Moreover, increased hiring for AI-focused positions in the federal government is underway, with some agencies delivering on their mandated actions ahead of schedule.

* The White House has met all 90-day AI Executive Order benchmarks, focusing on AI security and innovation. * AI software developers are now required to report vital system information, including safety test results. * A proposed rule mandates U.S. cloud companies to report foreign AI training activities.\ Nine agencies have submitted AI system risk assessments to the Department of Homeland Security. * The National Science Foundation launched a pilot program to democratize AI tool access and education.

Agencies eye synthetic data to help train and test AI

The Department of Homeland Security’s Science and Technology Directorate has issued a solicitation for synthetic data solutions that can replicate real data's shape and patterns while ensuring privacy. This approach is seen as a potential game-changer, especially for the Cybersecurity and Infrastructure Security Agency, to develop realistic training scenarios and model environments in real-time. The National Strategy on Privacy-Preserving Data Sharing and Analytics highlights synthetic data as a key technology for unlocking data analysis benefits while protecting privacy. However, the adoption of synthetic data faces challenges such as limited awareness, lack of standards, and varying maturity levels. Verification and validation techniques are needed to address accuracy and data quality issues. The Chief Data Officers Council is also seeking input on synthetic data to establish best practices, including a more formalized definition, applications, challenges, limitations, and considerations for ethics and equity.

* **Synthetic Data for AI Training and Testing:** Agencies are exploring synthetic data to build or test AI applications and machine learning models. * **DHS Solicitation for Synthetic Data Solutions:** DHS is seeking solutions to generate synthetic data that mirrors real data while protecting privacy, crucial for training machine learning models where real-world data is unavailable or poses risks. * **Potential of Synthetic Data:** Recognized for its ability to facilitate realistic training scenarios and model environments, synthetic data is seen as a significant asset for agencies like CISA. * **Challenges in Adoption:** The adoption of synthetic data is slow due to limited awareness, lack of standards, and varying maturity levels. There's a need for research on verification and validation techniques to ensure data accuracy and quality. * **Chief Data Officers Council's Involvement:** The council is seeking input to establish best practices for synthetic data generation, including its definition, applications, challenges, limitations, and ethical considerations.

AI can shore up federal cybersecurity overwhelmed by data, GDIT says

General Dynamics Information Technology (GDIT) conducted a study on defensive cyber operations, revealing the potential of AI in bolstering federal cybersecurity. The study, based on a survey of 200 government leaders in national security, found that 41% are overwhelmed by data. AI is seen as valuable for real-time threat detection and automated countermeasures, addressing the significant issue of human error in cybersecurity. As hacking threats evolve, AI, automation, and pattern-recognizing tools are increasingly utilized for digital defense, particularly by the Department of Defense and other federal agencies.

* 41% of government leaders surveyed are overwhelmed by data in cybersecurity. * AI is valued for real-time threat detection and automated countermeasures. * Human error is a significant cybersecurity challenge.\ AI and automation are increasingly important for digital defense against evolving hacking threats. * The Department of Defense and other federal agencies are focusing on AI for cybersecurity.

AI is a rising priority for federal chief data officers

Artificial intelligence is emerging as a top priority for federal chief data officers in 2023. A recent survey of federal CDOs found that AI has rapidly become one of their most important focus areas, second only to data quality management. Driving AI adoption is the vast potential of machine learning to glean insights from complex government datasets. However, federal AI development also faces barriers like skills gaps and biased algorithms. As stewards of data, CDOs are critical players in enabling ethical, responsible AI across agencies. Key recommendations for CDOs include auditing datasets for accuracy, considering algorithmic fairness, establishing AI review boards, and embracing transparency in capabilities. With more investment pouring into federal AI, CDO oversight must similarly intensify to instill public trust. Guiding sound data governance and AI best practices will allow agencies to tap the technology’s benefits while managing risks.

* AI adoption is rising focus area for federal chief data officers. * CDO oversight key for managing complex policy issues like algorithm bias. * Teams should audit datasets, consider fairness implications, and embrace transparency. * AI review boards can help agencies apply best practices. * With AI funding growing, governance is crucial to ensure public trust.

AI provides a net advantage to federal cyber defenders — if they can use it

Artificial intelligence has the potential to be a powerful tool for federal cyber defenders given its ability to analyze vast amounts of data and detect malicious activity. However, many agencies lack the expertise to effectively implement and utilize AI. These AI tools have shown promising results in real-world applications, including detecting phishing emails with more subtle attack methods. Agencies must work to train existing employees on AI as well as recruit personnel with relevant skillsets. Adapting security frameworks and implementing machine learning best practices can also help validate and improve the effectiveness of AI cyber tools. Though barriers exist, collaboration across the government technology sector is critical to develop and deploy AI that enhances cyber defenders' abilities.

* AI has proven capable of identifying sophisticated phishing attempts missed by legacy filters. * Adapting existing security frameworks can help validate and optimize AI-powered cyber tools. * Cross-agency collaboration is important for building AI models attuned to emerging threats. * Training programs and strategic hiring initiatives must target gaps in AI expertise.

AI talent wanted: The federal government is searching far and wide to fill new cutting-edge positions

There is growing demand for AI talent in the federal government and the challenges agencies face in recruiting and retaining skilled AI professionals. Nearly every federal agency has major AI initiatives underway, from using AI to process benefit applications to leveraging AI for national security purposes. However, the private sector often offers higher salaries and the misperception exists of federal government work being less innovative. The Biden Administration has introduced several efforts to close the AI talent gap such as the creation of the AI COE program to share best practices in AI adoption. Advocates also point to the need to establish an AI-literate workforce through re-skilling programs as only a small number of specialized AI experts are needed to complement such a workforce.

* Nearly all federal agencies have major AI initiatives underway but struggle to recruit and retain skilled AI talent. * Private sector offers higher AI salaries while a misperception exists of less innovation in government work. * New AI COE program shares best practices in AI adoption among agencies. * Most federal staff will simply need to be AI-literate to complement a small number of AI experts. * Re-skilling programs needed to create an AI-literate federal workforce to close the talent gap.

Army moves forward with streamlining software acquisition

The Defense Department's software acquisition programs are finally making progress after five years of struggles. The Army has set delivery schedules for multiple software acquisitions and plans to establish an expert cell for improving requirements on intellectual property licensing. Although victory cannot be declared yet, progress has been made.

* Margaret Boatner, deputy assistant secretary of the Army for strategy and acquisition reform, highlighted both successes and challenges at an AFCEA NOVA event. * This approach to software acquisition acknowledges the short lifespan of technology and aims to streamline the process. The software acquisition pathway, introduced by the Pentagon in 2020, provides flexibility for acquisition professionals. * Currently, the Army has nine programs in the software acquisition pathway, ranging from complex to straightforward. Four of these programs are already in the execution phase with scheduled deliveries of iterative capabilities.

Artificial Intelligence: Agencies Have Begun Implementation but Need to Complete Key Requirements

The GAO report reveals that while federal agencies have initiated AI implementation, they still need to fulfill key requirements. Agencies reported about 1,200 AI use cases, mostly in the planning phase. However, gaps in data completeness and accuracy were found in these inventories. The report also notes that certain agencies have not fully met AI implementation requirements set by executive orders and federal law. This incomplete compliance hinders effective management and oversight of AI use within these agencies.

* Federal agencies reported around 1,200 AI use cases, largely in planning stages. * Data gaps and inaccuracies exist in AI use case inventories. * Some agencies have not fully complied with AI implementation requirements. * Incomplete compliance affects the management and oversight of AI. * Addressing these issues is crucial for effective AI implementation in government.

Biden-Harris Administration Hosts Historic Asian American, Native Hawaiian, and Pacific Islander Federal Employee Leadership Development Conference

On May 23, 2023, the Biden-Harris Administration hosted a conference. The conference was focused on supporting Asian American, Native Hawaiian, and Pacific Islander (AA and NHPI) federal employees. It aimed to cultivate leaders within the federal government. This event was the first of its kind since 2014. The conference took place at the U.S. Department of Transportation’s (DOT) headquarters in Washington, DC. It drew hundreds of AA and NHPI public servants from across the country. Additionally, hundreds more attended virtually for select portions of the program.

* The White House Initiative on Asian Americans, Native Hawaiians, and Pacific Islanders (WHIAANHPI) organized the all-day program. * They worked closely with the U.S. Office of Personnel Management (OPM) and the DOT. Over 1,000 employees from over 100 federal agencies registered to attend the hybrid conference. * This conference builds upon WHIAANHPI’s previous partnership with OPM.\ They have worked together on webinars to help community members start their federal careers. They have also encouraged AA and NHPI students to apply to the Presidential Management Fellows Program. * This program is the federal government’s flagship leadership development program for advanced degree holders.

Biden-⁠Harris Administration Announces Plan to Maximize Purchases of Sustainable Products and Services as Part of the President’s Investing in America Agenda

The Biden-Harris Administration has announced a new plan to maximize the federal government's purchases of sustainable products and services. The plan directs federal agencies to reduce their carbon emissions and achieve net-zero emissions by 2050. It calls for bold federal procurement policies to help create a market for carbon-free and sustainable materials.

* Specifically, agencies will need to transition to 100% carbon-pollution-free electricity by 2030, electrify their vehicle fleets, and purchase low carbon construction materials. * The plan also prioritizes buying American-made products to support domestic jobs. * According to the White House, the federal government spends over $650 billion per year on contracting, so this sustainable purchasing plan will help drive innovation while combating climate change. * Implementation will begin immediately with commitments across federal agencies.

CIRCIA, CMMC inch closer with rulemaking marathons nearing crucial stage

The Cybersecurity Maturity Model Certification (CMMC) effort is nearing a crucial stage as it works to finalize cybersecurity regulations for defense contractors. CMMC establishes required security standards and certifies contractors across 5 levels based on the sensitivity of information they handle.

* After announcing a strategic pause and overhaul last year, the CMMC program has been working aggressively to publish a draft regulation by early 2023. * The team has held "rulemaking marathons" to make rapid progress. Once published, industry will have opportunities to offer feedback during the rulemaking process before finalization. * Some areas still being refined include the role of the CMMC accreditation body and ensuring reciprocity across vendors. * While challenges remain, leaders feel CMMC 2.0 will significantly improve cyber hygiene across the 300,000 member defense industrial base when implemented. A mature CMMC ecosystem is critical to safeguarding sensitive data and weapons systems.

CISA aims to build on growing federal cyber defense responsibilities

The Cybersecurity and Infrastructure Security Agency (CISA) is looking to expand its cyber defense responsibilities across civilian federal networks. CISA was recently designated as the lead federal civilian cyber agency. With this new authority, CISA is working to take on a more central role in protecting federal systems and data. Steps include issuing binding operational directives, conducting cyber hygiene scans, and providing shared services for civilian agencies. CISA aims to leverage its unique authorities and capabilities to enhance cyber protections and resiliency across the federal government.

* CISA expanding cyber defense role across federal civilian networks. * Recently designated lead federal civilian cyber agency. * Taking more central role in protecting federal systems/data. * Steps include directives, scans, shared services for agencies. * Leveraging authorities and capabilities for enhanced protections.

CISA All-In on AI for Cyber Protection Mission

The Cybersecurity and Infrastructure Security Agency (CISA) is increasingly using artificial intelligence and machine learning to bolster cybersecurity efforts and protect federal networks. CISA sees AI as critical for automating threat detection and response as cyberattacks become more sophisticated. The agency is partnering with tech firms and academia to leverage AI, focusing on natural language processing to analyze threats in unstructured data. CISA is also using AI for network mapping and to identify vulnerabilities. The agency views AI as a force multiplier that allows them to do more with limited resources.

* CISA leveraging AI/ML to automate threat detection and response as attacks get more advanced. * Natural language processing to analyze threats in unstructured data a priority. * Using AI for network mapping and finding vulnerabilities. * AI seen as a force multiplier with limited resources. * Partnering with tech firms and academia to further develop capabilities.

CISA establishing new office focused on zero trust

The Cybersecurity and Infrastructure Security Agency (CISA) is establishing a new office dedicated to advancing zero trust security principles across federal agencies, aligning with the Biden administration's broader cybersecurity strategy. Announced by Sean Connelly, CISA’s senior cybersecurity architect, at the Zero Trust Summit, the Zero Trust Initiative Office aims to provide federal agencies with comprehensive training, resources, and guidance on implementing zero trust architectures. This initiative is part of a concerted effort to enhance cybersecurity defenses by adopting a zero trust framework, which assumes no entity inside or outside the network is trusted by default.

* The Zero Trust Initiative Office will focus on education, training, and resource provision to federal agencies. * It will build upon existing CISA guidance, including the Zero Trust Maturity Model and Trusted Internet Connections 3.0. * The office plans to foster community building and collaboration through interagency working groups focused on zero trust implementation and network modernization. * Part of its mandate includes assessing agencies' zero trust maturity and developing metrics and benchmarks to track progress towards implementing the zero trust model effectively.

CISA issues updated cloud security resources for federal agencies

The Cybersecurity and Infrastructure Security Agency has released final cloud cybersecurity guidance for U.S. government agencies. This guidance is part of the Secure Cloud Business Applications Project. The agency has provided a guidebook and a technical reference architecture document that will assist public and private entities in implementing cloud cybersecurity best practices.

* This past October, CISA issued recommended Microsoft 365 security configuration baselines for federal agencies to use in cloud security pilots and for public input. * The Secure Cloud Business Applications project aims to safeguard sensitive information by establishing minimum system specifications for agencies to follow. * This technical reference architecture document focuses on facilitating the adoption of cloud deployment technology, adaptable solutions, and zero-trust frameworks for government agencies.

CISA Official Details New Fed Operational Cyber Alignment Plan

The Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Operational Cyber Alignment Plan (FOCAL) to enhance cybersecurity coordination across the Federal government. This initiative, as explained by CISA Associate Director Michael Duffy, aims to unify the cybersecurity efforts of Federal agencies by setting clear, achievable targets. The plan was developed in response to the evolving threat environment and the growing list of cybersecurity tasks agencies face. FOCAL is designed to not only streamline efforts but also to leverage existing programs like the Continuous Diagnostics and Mitigation (CDM) program for better defense and communication among agencies. This shift represents a significant change in CISA's approach, moving from merely providing information and guidance to offering capabilities that alleviate the cybersecurity burden on agencies, thereby improving operational visibility and threat information sharing.

* FOCAL aims to unify Federal agencies' cybersecurity efforts and set clear, achievable targets. * The plan leverages existing programs like CDM to enhance cyber defense and inter-agency communication. * CISA's approach has shifted towards providing capabilities to reduce the cybersecurity burden on agencies. * The initiative is a response to the evolving threat environment and the increasing cybersecurity tasks for agencies. * FOCAL is part of a broader effort to improve operational visibility and threat information sharing across the Federal government.

CISA Releases 2023 Year in Review Showcasing Efforts to Protect Critical Infrastructure

In 2023, the Cybersecurity and Infrastructure Security Agency (CISA) made significant strides in enhancing the security and resilience of critical infrastructure in the United States. The agency's efforts were multifaceted, focusing on promoting secure software development through the Secure by Design campaign, leading initiatives in Artificial Intelligence (AI) security, reducing ransomware risks, and emphasizing cyber hygiene. CISA also prioritized supporting critical infrastructure sectors, enhancing emergency communications, and providing resources to state and local governments. Notably, the agency launched the State and Local Cybersecurity Grant Program and established dedicated election security advisors. Additionally, CISA celebrated the second anniversary of its ChemLock program, aimed at improving security for chemical facilities. The 2023 Year in Review showcases these accomplishments, reflecting CISA's commitment to protecting the nation's critical infrastructure against evolving threats.

* Secure by Design Campaign: Launched to promote secure software development and published a white paper on secure software principles. * AI Security Roadmap: Published the first Roadmap for AI, outlining plans to assess AI-related cyber risks and guide critical infrastructure sectors. * Ransomware Risk Reduction: Initiated the Pre-Ransomware Notification Initiative, significantly reducing ransomware risks through early-stage warnings. * Cyber Hygiene Emphasis: Launched the Secure Our World program, focusing on fundamental cyber hygiene practices and public awareness. * Support for Critical Infrastructure: Enhanced engagement with key sectors, improved emergency communications, and implemented cybersecurity grant programs for state, local, and territorial governments.

CISA releases new guidance on boosting open source software security

The Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance for improving the security of open source software. As open source becomes more prevalent, securing it is crucial for cybersecurity. CISA's guidance focuses on four key areas: understanding the open source ecosystem, knowing and managing dependencies, securing the software supply chain, and promoting secure software development practices. The guidance outlines best practices such as maintaining a comprehensive inventory of dependencies, establishing SLAs with suppliers, integrating security earlier into the development process, and contributing back fixes to improve software resilience. Overall, CISA aims to promote more secure open source development and use across the software ecosystem.

* CISA released new guidance on improving open source software security as its use proliferates. * Guidance focuses on understanding the open source ecosystem, managing dependencies, securing the supply chain, and promoting secure development. * Best practices include maintaining a dependency inventory, establishing supplier SLAs, integrating security earlier in development, and contributing back fixes. * Goal is to promote more secure open source development and use across the software industry.

CISA to issue list of software products critical to agency security by end of September

The Cybersecurity and Infrastructure Security Agency (CISA) is planning to provide a list of software products deemed critical for federal government security by the end of September 2024. This initiative aims to address vulnerabilities in essential software used across various federal agencies and critical infrastructure, enhancing overall cybersecurity resilience. The focus is particularly on open source software (OSS), which is widely used within government systems and is integral to their operations. CISA's efforts involve engaging with the OSS community to understand and mitigate risks associated with its use, thereby securing a more resilient cyberspace ecosystem.

* Identification of Critical Software: CISA will compile a list of software products that are vital for the security of federal agencies and critical infrastructure, focusing on open source software (OSS). * Engagement with OSS Community: The agency plans to work closely with the OSS community to better understand and secure the ecosystem, addressing risks associated with OSS usage in government operations. * Vulnerability and Risk Mitigation: CISA aims to reduce the risks to federal agencies by identifying vulnerabilities in widely used software and deploying measures to mitigate these risks. * Enhancing Cybersecurity Resilience: By securing critical software components, CISA intends to enhance the overall cybersecurity resilience of federal infrastructure. * Support for Secure Technology Practices: The initiative will also include developing best practices for OSS usage and coordination of vulnerability disclosure and response efforts.

CISA unveils plan to measure cybersecurity success

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new plan to measure and improve the nation's cybersecurity posture. The CISA Metrics Plan aims to evaluate readiness, effectiveness, and accountability across the cyber ecosystem. It establishes 27 metrics across three goal areas - transforming the cyber ecosystem, strengthening the security of technology assets, and enabling operational resilience.

* Specific metrics track things like vulnerability disclosure rates, security control adoption, and incident response capabilities. CISA will collect data from partners in industry and all levels of government to inform the metrics. * The plan is part of CISA's ongoing effort to take a more data-driven approach to cybersecurity. * CISA director Easterly said metrics will help identify gaps, improve programs, and evaluate progress in managing cyber risk. The agency will update the metrics annually based on evolving threats and the cyber landscape.

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Preston Werntz, as the Chief Data Officer for the Cybersecurity and Infrastructure Security Agency (CISA), focuses on addressing bias in the datasets used for artificial intelligence within the agency. Werntz highlights the importance of understanding and managing this bias, especially given CISA's extensive use of AI across a variety of applications. His role involves overseeing data governance and ensuring that data management practices are consistent across different divisions within CISA. This is crucial as inconsistent data management can skew AI model outputs, thereby affecting their effectiveness and fairness​.

* Focus on Data Bias Management: Werntz emphasizes the importance of managing biases in datasets used for AI to ensure fairness and accuracy in AI outcomes. * Consistent Data Governance: He is dedicated to implementing consistent data governance across CISA to prevent skewed AI analyses due to inconsistent data practices. * Engagement Across Divisions: Werntz actively engages with different divisions within CISA to harmonize data management and governance efforts. * Education and Training: Part of his strategy includes educating CISA staff about their roles in data stewardship and the impact of data management on AI applications.

Clean energy advancements hinge on steady funding, Energy official says.

The U.S. Department of Energy aims to be a major innovator in critical technologies for clean energy development and global leadership in emerging tech sectors. Geri Richmond, Energy’s Undersecretary for Science and Innovation, discussed the agency’s research priorities and funding requests for the fiscal year 2024 budget.

* The budget, totaling $52 billion, will support clean energy research, development, and demonstration programs for a range of energy solutions. * It will also enhance research and development, strengthen the energy manufacturing supply chain, and improve overall energy security. * Richmond emphasized the importance of funding research on critical technologies and innovations in the domestic energy sector to maintain U.S. technological competitiveness against countries like China and Russia.

Congress advances SAMOSA bill to overhaul federal software purchasing

The bipartisan legislation for consolidating US government software purchasing and giving agencies more control over software licensing has advanced in the House of Representatives. The Strengthening Agency Management and Oversight of Software Assets Act passed mark-up in the House Oversight Committee and will now be debated by lawmakers on the House floor.

* The SAMOSA legislation could have significant implications for US government software procurement, including centralized purchasing and independent audits of agency contracts with big tech companies. * Industry leaders and experts have both supported and criticized the proposed legislation, with some seeing it as a way to improve competition and reduce fees, while others believe it may limit product choices in an already consolidated market. * The bill moves forward amidst a broader discussion on how software is sold to government agencies by big tech companies and received unanimous approval in the committee mark-up vote.

Congress solved acquisition reform. Now we must fix incentives.

The Department of Defense has challenges. Acquisition reform is needed. Congress has instituted rules for the DoD to follow for procurement. However, the DoD still struggles to rapidly deliver technology from science and technology to programs of record. Many innovations are stuck in research and development and never reach the warfighter.

* There are two reasons for this lack of progress. First, collaboration between the S&T community, program executive offices, and tech companies needs improvement. Collaboration is crucial to accelerate the deployment of defense capabilities. * Second, institutional incentives need to align with fast-tracking technology to warfighters.\ Currently, the DoD doesn't provide enough incentives for transitioning from research and development to procurement. * There are also too many innovation offices without ties to programs and program executive offices. The DoD should reduce or remove these offices and focus on those that work.

Court of Federal Claims decision results in a ‘sea change’ for federal acquisition

The Court of Federal Claims made a decision that affected two major governmentwide acquisition contracts from the General Services Administration. This decision also disrupted almost five years of effort to change the culture of federal contracting. Tiffany Hixson, the assistant commissioner for the Office of Professional Services and Human Capital Categories in the GSA's Federal Acquisition Service, stated that the decision will impact the approach to OASIS+'s acquisition strategy.

* Originally, price was not going to be considered as an evaluation factor in the RFP, but based on the judge's decision, there will be a pivot. * The Court's decision not only delays the release of the OASIS+ final solicitation and awards under Polaris but also hinders the efforts to change the evaluation and award process for GWACs and multiple award contracts. * The Court ruled that GSA applied the Section 876 statute too broadly in Polaris, stating that price was not necessary as an evaluation factor. GSA allowed agencies to award task orders under Polaris with different contract types, but with a preference for firm fixed price contracts.

Cyber investments aim to paint broader view of digital threats, official says

The federal government is looking to increase investments in cybersecurity capabilities that provide greater visibility into digital threats, according to CISA Director Jen Easterly. She highlights expanding partnerships with the private sector as crucial for gaining insights into cyber trends and attacks. Key focus areas for investment include cloud security, endpoint detection and response, zero trust architecture, and identity threat detection and response. The goal is to move from a compliance-based approach to one focused on understanding holistic risk and rapidly identifying threats. Easterly emphasizes the importance of cyber resilience and the ability to continue critical services despite disruptions. Overall, the government aims to work closely with industry to gain a more comprehensive view of the digital threats landscape.

* Federal government looking to increase cybersecurity investments to gain greater visibility into digital threats. * Expanding partnerships with private sector key for insight into cyber trends/attacks. * Focus areas include cloud security, endpoint detection/response, zero trust architecture, identity threat detection. * Shift from compliance-based to risk-based approach to rapidly identify threats. * Partnership with industry crucial for comprehensive view of digital threats landscape.

CYBERCOM embraces the non-traditional as acquisition program grows

U.S. Cyber Command (CYBERCOM) is expanding its acquisition team and adopting flexible buying strategies to become the Defense Department's hub for cyber procurement. Initially granted limited acquisition authority in 2016, CYBERCOM has seen these limits lifted by Congress, allowing for increased spending and staffing. The command now enjoys the status of a federal laboratory, enhancing its collaboration with industry and academia, and providing greater control over budgetary decisions for cyber programs. CYBERCOM aims to streamline cyber acquisitions, moving away from traditional DoD processes to accommodate the rapid pace of cybersecurity needs.

* Expanded Authority and Team: Initially granted limited acquisition authority in 2016, CYBERCOM now has expanded spending limits. * Federal Laboratory Status: The designation enhances CYBERCOM's collaboration with industry and academia and gives it more budgetary control. * Joint Cyber Warfighting Architecture: CYBERCOM is building a program office to oversee cyber products and services integration across the military. * Flexible Acquisition Strategies: Moving away from traditional DoD acquisition methods, CYBERCOM is adopting faster, more adaptable processes like DIU’s prototyping process and the Adaptive Acquisition Framework.

Cybersecurity: Launching and Implementing the National Cybersecurity Strategy

In April 2023, GAO reported that the goals and strategic objectives in the document provide a solid foundation for a comprehensive strategy. The strategy fully addressed three out of six desirable characteristics of a national strategy, but only partially addressed the other three. These include goals, resources, and organizational roles. ONCD plans to work with federal agencies to develop an implementation plan that includes milestones, performance measures, and budget priorities.

* It is crucial for these details to be issued promptly so agencies can start planning and allocating resources properly. * Without a clear roadmap for overcoming cyber challenges, the nation will lack guidance. GAO has designated ensuring cybersecurity as a high-risk issue because federal agencies and critical infrastructure rely on information systems. * The urgency to address these challenges led to the establishment of the Office of the National Cyber Director, responsible for developing and implementing a comprehensive national strategy.

Cybersecurity starts in the Security Operations Center

The Security Operations Center (SoC) at a federal agency plays a crucial role in cybersecurity, consisting of experts who monitor systems to prevent or respond to security threats. Recent years have seen an increase in procedures to protect SoCs, guided by federal directives and a cybersecurity executive order enhancing cloud and network security. Management complexities arise regarding leadership and incident response, with a mix of federal employees and contractors involved. Jennifer Franks from the Government Accountability Office highlights the importance of a diverse skill set, information sharing, and the challenges of managing sensitive data across different agencies. Protecting critical services requires continuous effort, risk management, and readiness to respond to incidents.

* SoCs are essential for monitoring and responding to cybersecurity threats in federal agencies. * Federal guidance and a cybersecurity executive order have strengthened SoC protections. * Management involves a mix of federal employees and contractors, with complexities in leadership and incident response. * Information sharing between agencies is crucial but challenged by varying sensitivities of data. * Continuous protection, risk management, and incident response planning are fundamental to SoC operations.

Cybersecurity’s role in digital transformation at the General Services Administration

This interview discusses how the General Services Administration (GSA) is working to modernize federal IT and create a more digital government. Shive talks about GSA's role as an enabler, helping agencies adopt technologies like cloud computing and artificial intelligence. He highlights GSA's Centers of Excellence, which are working with agencies on IT modernization projects. Shive also discusses cybersecurity challenges and how GSA is focused on reducing risk across government. Overall, the interview provides insight into GSA's efforts to drive digital transformation and innovation across federal agencies.

DAFITC 2023: The DOD Is Charting a New Path to Zero Trust

Recently the Department of Defense has been embracing zero trust as a new approach to cybersecurity according to speakers at DAFITC 2023. The DoD sees zero trust as a way to enhance protections for critical data and assets. Adopting zero trust will require changes to identity management, network segmentation, and device security. The DoD plans to issue a zero trust reference architecture to guide implementation across services and agencies. Challenges include educating users and integrating legacy systems. But zero trust offers benefits like improved visibility, granular access controls, and operational resilience. DoD's path to zero trust aligns with government-wide efforts to transition away from perimeter-based security models. Implementation will take years but is critical to enable multi-domain operations.

* DoD embracing zero trust at DAFITC 2023 as new cybersecurity approach. * Will enhance protection of critical data and assets via identity, segmentation, device security. * DoD to issue zero trust reference architecture to guide adoption across services/agencies. * Transition faces challenges but offers improved visibility, access controls, resilience. * Aligns with government-wide shift away from perimeter-based security models.

Department of Commerce announces US, UK AI safety partnership

The U.S. and U.K. have formalized a partnership to enhance AI safety through collaborative research, evaluations, and guidance. This agreement, signed by Commerce Secretary Gina Raimondo and U.K. Technology Secretary Michelle Donelan, aims to align scientific approaches and develop robust evaluations for AI models, systems, and agents. The partnership, effective immediately, is part of the Biden administration's broader strategy to work with international partners on AI regulation. It includes plans for joint testing exercises, personnel exchanges between AI safety institutes, and the development of common AI safety testing approaches. This collaboration is housed within the Department of Commerce’s National Institute of Standards and Technology in the U.S. and seeks to extend similar partnerships globally to promote AI safety.

* The U.S. and U.K. have signed a memorandum of understanding for AI safety collaboration. * This partnership aims to align scientific approaches and develop robust evaluations for AI technologies. * Plans include joint testing exercises and personnel exchanges between AI safety institutes. * The collaboration is part of a broader effort to establish international frameworks for AI regulation.

DeRusha: U.S. Must Keep its Foot on the Cybersecurity ‘Gas Pedal’

There is a growing need for the U.S. government to maintain its focus and effort on cybersecurity according to Anne Neuberger, Deputy National Security Advisor. She emphasizes that cyber threats from nation-state actors and ransomware groups continue to pose major risks. In her words progress has been made, including mandated multi-factor authentication and improved information sharing, Neuberger warns against complacency. She recommends continued investment in modernization, recruiting top talent, and building partnerships between government and the private sector. Neuberger cites recent attacks on critical infrastructure and supply chains as reminders that cybersecurity must remain a top priority. She urges both the public and private sectors to keep collaborating and innovating to stay ahead of emerging threats.

* Anne Neuberger, Deputy National Security Advisor, says U.S. can't ease up on cybersecurity. * Major risks remain from nation-state and ransomware cyber threats. * Progress made but can't afford to get complacent. * Must continue prioritizing cybersecurity through investment, talent, and public-private partnerships. * Recent critical infrastructure attacks highlight need to stay vigilant.

Developing AI Literacy in the Workforce is Central to U.S. Leadership in AI

The Subcommittee on Cybersecurity, Information Technology, and Government Innovation held a hearing titled: Toward an AI-Ready Workforce, focusing on developing AI literacy in the workforce as a central component of U.S. leadership in AI. The hearing emphasized the importance of training and up-skilling workers for AI and AI-adjacent roles to maintain America's global leadership in AI, considering the transformative impacts of AI on defense, security, economic growth, and service delivery. The hearing underscores the critical need for AI literacy and skill development in the workforce to ensure the U.S. maintains its leadership in AI technology and innovation.

* AI's Role in National Security and Economy: AI adoption is crucial for maintaining national security and economic prosperity. The U.S. needs to ensure its workforce is AI-ready to maintain its competitive edge globally. * Private Sector Initiatives: IBM's commitment to AI literacy was highlighted, with initiatives like IBM SkillsBuild offering free AI-related coursework and aiming to skill 30 million people by 2030, including training two million in AI in the next three years. * Federal Workforce Challenges: Discussions addressed the challenges the federal government faces in adopting AI, including bureaucratic hurdles and the need for cross-agency and industry collaboration. The issue of federal contracts often requiring four-year degrees, potentially hindering the inclusion of qualified individuals without such degrees, was also discussed. * Workforce Training and Up-skilling: The importance of professional development, receptive learning environments, and leadership in fostering an AI-ready workforce was emphasized. IBM's approach to retraining and up-skilling existing employees as a model for the federal government was also discussed.

DHS AI roadmap stakes claim to lead government in responsible AI use

The Department of Homeland Security (DHS) has released an AI roadmap outlining its strategy for integrating artificial intelligence into its operations in 2024. This initiative includes launching multiple AI pilot projects and establishing an "AI sandbox" for testing large language models (LLMs). Homeland Security Secretary Alejandro Mayorkas emphasized that these efforts aim to enhance national security, improve departmental operations, and deliver more efficient services to the public, all while safeguarding civil rights, liberties, and privacy. The roadmap highlights the use of generative AI and LLMs in training U.S. Citizenship and Immigration Services officers, assisting law enforcement investigations, and supporting disaster mitigation planning.

* Multiple AI Pilot Projects: DHS plans to implement AI in training, law enforcement investigations, and disaster mitigation planning. * AI Sandbox: An initiative to test LLMs within DHS, aiming to responsibly integrate AI into various operations. * Cybersecurity and AI: CISA to assess AI-enabled capabilities for detecting and remedying cybersecurity vulnerabilities. * Commitment to Privacy and Security: The roadmap emphasizes protecting civil rights and privacy while using AI to enhance national security and efficiency. * Leadership in Responsible AI Use: DHS seeks to set a federal example for ethical AI deployment, including establishing an AI Safety and Security Board and a new AI policy.

DHS is the Largest Federal Agency to Receive 14 Consecutive “A” Grades on SBA’s Annual Small Business Procurement Scorecard

The Department of Homeland Security (DHS) received an "A+" on the Small Business Administration's FY 2022 Small Business Procurement Scorecard. This is the fourteenth year in a row DHS has earned an "A" and the seventh year in a row it has earned an "A+" – the highest score possible.

* Secretary of Homeland Security Alejandro N. Mayorkas set a goal in June 2022 to surpass the FY 2022 small, disadvantaged business goal of 17%, and this accomplishment fulfills that goal. * The Scorecard is an assessment tool that measures how well federal agencies achieve their small business and socioeconomic contracting goals, provides contracting data, and reports small business program progress.

DHS Issues Recommendations to Harmonize Cyber Incident Reporting for Critical Infrastructure Entities

The Department of Homeland Security has issued recommendations to streamline and standardize cyber incident reporting across critical infrastructure sectors. The goal is to enable consistent reporting to CISA to improve national situational awareness and provide targeted support. Key proposals include using a standard format for reporting, establishing common data elements, and sharing information on incidents in real-time. Stakeholder feedback will help refine the recommendations before they are finalized as reporting requirements. Standardized reporting is part of broader efforts to enhance public-private cooperation on cybersecurity and create a unified view of threats across critical infrastructure.

* DHS issued recommendations to harmonize cyber incident reporting for critical infrastructure. * Aims to enable consistent reporting to CISA to improve situational awareness. * Proposals include standard reporting format, common data elements, real-time sharing. * Seeks to align reporting across regulatory frameworks like TSA directives. * Standardized reporting part of efforts to enhance public-private cooperation on cybersecurity.

DOD pushes cloud buyers to JWCC

The Department of Defense is encouraging defense agencies and military services to utilize the Joint Warfighting Cloud Capability (JWCC) for their cloud computing needs. JWCC is the DoD's enterprise-wide cloud program providing both unclassified and classified capabilities.

* The Pentagon wants to consolidate cloud contracts under JWCC to improve security, interoperability, and cost-savings. * Recently the DoD CIO released a memo directing that all DoD components moving applications to the cloud must first consider JWCC rather than procuring their own cloud services. * Some DoD entities have already embraced JWCC, like the Army which plans to migrate many applications. However, others like the Air Force have been more hesitant to use the mandated cloud solution over commercial options. * The DoD aims to make JWCC more attractive by adding new features and services tailored for defense users.

Easterly Pitches Procurement Power to Enforce Cybersecurity

Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), emphasized the significant leverage the Federal government has in enforcing security standards through procurement processes at the GovernmentDX event in D.C. She highlighted the government's ability to mandate security standards for software vendors as a critical tool for enhancing cybersecurity. This approach supports the implementation of President Biden’s cybersecurity executive order aimed at securing the software supply chain. Additionally, the introduction of a secure software development attestation form and compliance with the National Institute of Standards and Technology guidelines are central to these efforts, ensuring that all third-party software meets baseline cybersecurity standards before being utilized by Federal agencies.

* The Federal government uses its procurement power to enforce security standards among software vendors. * The release of a secure software development attestation form is part of efforts to comply with President Biden's 2021 cybersecurity executive order. * This form aligns with an OMB directive from September 2022, requiring adherence to NIST guidance on software security. * CISA promotes a "secure-by-design" approach, emphasizing that building resilience into software from the design phase is essential for operational effectiveness and security.

Ensuring identity-proofing works for all populations

The increasing need for delivering public services quickly, accurately, and securely has led federal, state, and local government agencies to turn to modern and scalable platforms for identity verification. Dan Lopez, GSA’s director for Login.gov, emphasized that the platform, serving over 80 million user accounts across more than 40 agencies, must ensure accessibility and security for all, including those with disabilities or digital challenges. The goal is to serve all members of the public while respecting privacy, mitigating fraud, and preserving the integrity of government systems, despite the challenges of reaching the full American public due to disparities in access to facilities, technologies, and support. Success stories include Login.gov's facilitation of secure access to unemployment insurance benefits during the Maui wildfires.

* **Modern Platforms for Identity Verification:** Agencies are adopting modern platforms to manage identity verification efficiently and securely. * **Accessibility and Security for All:** Ensuring that identity-proofing efforts work for all populations, including those with disabilities or digital challenges, is a priority. * **Adaptable Solutions:** The need for solutions that cater to the most underserved demographics and avoid a one-size-fits-all approach. * **Harnessing Technology:** Emphasis on using the latest technology, such as AI and machine learning, to address and solve systemic gaps in identity verification.

Executive Order on Further Advancing Racial Equity and Support for Underserved Communities Through The Federal Government

On February 16, 2023, President Joe Biden signed Executive Order 14091. This executive order aims to further advance racial equity and support underserved communities through the federal government. It shows the administration's commitment to addressing systemic barriers that hinder prosperity, dignity, and equality for many underserved communities.

* This is a continuation of the administration's efforts, starting with Executive Order 13985 signed two years ago. * The new executive order integrates equity-focused policies and processes within government operations across the executive branch and federal agencies. * To achieve equitable outcomes, the administration must implement additional policies and processes that remove systemic barriers and promote equal opportunity for all.

FACT SHEET: Biden-⁠Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing America’s Cyber Talent

The Biden-Harris administration has unveiled a new national strategy aimed at strengthening the cybersecurity workforce. The strategy seeks to recruit more Americans into cyber careers and align cyber education with in-demand skills. Key elements include launching apprenticeship programs, integrating cybersecurity into primary and higher education, and expanding federal cyber scholarship programs.

* The administration plans to work with the private sector to create career pathways for cyber professionals. * A joint Cyber Talent Management System will also improve hiring and retention of cyber talent in government. * Overall the strategy aims to build a more diverse, equitable cyber workforce of over 500,000 professionals over the next five years. * The administration argues this will help protect national security, public safety, and essential services from increasingly sophisticated cyber threats.

FACT SHEET: Biden-⁠Harris Administration Announces New Better Contracting Initiative to Save Billions Annually

The Biden-Harris Administration recently announced the Better Contracting Initiative, which aims to save billions of dollars annually by modernizing how the federal government purchases goods and services. The initiative will focus on improving management of service contracts, reducing unnecessary contract duplication, increasing small business participation, and leveraging the government's buying power. Key components include new training for acquisition personnel, enhanced data analysis to identify savings opportunities, strengthened contractor oversight, and pilot programs to test new procurement approaches. Overall, the initiative seeks to deliver better value for taxpayers by making federal contracting more efficient, transparent, and cost-effective.

* Modernizes federal procurement to save billions annually. * Improves management of service contracts, reduces duplication. * Increases small business participation, leverages buying power. * Provides new training for acquisition personnel. * Strengthens contractor oversight, pilots new approaches.

FACT SHEET: Biden-⁠Harris Administration Issues Landmark Blueprint to Advance American Innovation, Competition and Security in Wireless Technologies

The Biden-Harris administration has released a blueprint outlining steps to advance American innovation, competition, and security in wireless technologies like 5G and 6G. The plan aims to increase access to spectrum for both private sector and government users, promote open architecture, and strengthen supply chain security. It calls for investing billions into wireless research and development and expanding public-private partnerships. The blueprint provides recommendations across ten key areas including spectrum policy, network security, and semiconductor supply chains. The administration views leadership in wireless technology as critical to economic growth, national security, and maintaining global influence.

* Recommendations across several key areas like spectrum, security, semiconductors. * Blueprint to advance US innovation, competition, security in 5G/6G and wireless tech. * Increase spectrum access, open architecture, supply chain security. * Wireless leadership seen as vital for economy, security, global influence.

FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence

On October 30, 2023, President Biden issued an executive order aimed at fostering responsible development and use of Artificial Intelligence (AI) in the United States. The order establishes a framework of principles that federal agencies must follow when adopting AI systems. It directs agencies to assess AI risks, minimize harmful bias, ensure high standards of data quality, and regularly test systems for safety and security vulnerabilities. The order also creates an AI Bill of Rights that protects citizens' civil liberties and sets limits on how their data can be used by AI systems. To oversee implementation, the order establishes a National AI Advisory Committee comprising government, private sector, academic and civil society experts.

* Establishes principles for responsible AI use in federal agencies. * Creates AI Bill of Rights to protect civil liberties and data privacy. * Directs testing of AI systems for biases, safety issues and security flaws. * Sets up National AI Advisory Committee to guide implementation. * Aims to strengthen public trust and prevent harmful impacts from AI.

FACT SHEET: Vice President Harris to Announce Support to Help Historically Underserved Entrepreneurs Tap into Bidenomics-Fueled Small Business Boom

Vice President Harris recently announced new support to help historically underserved entrepreneurs access the small business boom fueled by the Biden-Harris economic agenda. The administration is expanding outreach to minority-owned and rural small businesses to better connect them with federal resources and contracting opportunities.

* New initiatives will simplify the federal procurement process, provide mentorship to startup owners, and direct investment into underserved communities. * The Small Business Administration will lead an all-of-government approach focused on equitable delivery of services. * According to the White House, the administration's investments in infrastructure, manufacturing, clean energy and more have created ideal conditions for entrepreneurship. * This new effort aims to ensure all Americans can participate in the small business surge, especially those from disadvantaged backgrounds who face systemic barriers.

Failing to Invest in Climate Change Means Failure to Taxpayers, Says New Assessment

Preliminary numbers from a new climate evaluation indicate potential damage to federal property. It is crucial for the country to take action now. The president's budget request for fiscal 2024 examines the increased costs and risks to the federal government due to climate change. This analysis fulfills the requirements of President Biden's executive order on climate-related financial risks issued in May 2021. The budget documents emphasize the importance of investing in climate change to responsibly manage funding on behalf of taxpayers.

* Mitigating greenhouse gas emissions and adapting to future climate scenarios through federal investments can help reduce future financial burdens. * However, congressional appropriations and federal implementation are necessary to address these risks. * Regarding sea level rise, the assessment reveals a lack of available climate data to accurately estimate the cost implications on federal facilities. Nevertheless, an illustrative analysis using limited public data suggests that the annual replacement value affected by sea level rise could range from $72 million to $127 million by mid-century and from $449 million to $1.786 billion by the end of the century. * The Biden administration emphasizes the need for better data and modeling to accurately assess the true cost of climate change.

Fed Experts: Start by Tackling Employee Pain Points to Build Trust in AI

Federal experts advise that agencies should focus first on alleviating employee pain points as they start implementing AI systems in order to build trust. Employees are more likely to embrace AI if it helps their day-to-day work rather than complicates or disrupts it. Agencies should identify frustrating tasks that can be automated or streamlined using AI. They should also communicate clearly how AI will and won't be used, and train employees to work alongside AI systems. Building guardrails and testing for fairness and bias are also key in ensuring AI is trustworthy. Agencies are encouraged to start small with pilot projects and expand as they demonstrate benefits. Keeping humans involved and being transparent about AI will be critical for its acceptance.

* Alleviate employee frustration and pain points with AI to build trust. * Communicate how AI will/won't be used, provide training. * Start small with pilots, expand as benefits demonstrated. Build guardrails, test for fairness and bias. * Keep humans involved, be transparent about AI usage.

Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements

The U.S. Government Accountability Office (GAO) report highlights that federal agencies have made progress in cybersecurity, particularly in incident response, but still need to fully implement specific requirements. Despite advancements in handling cyber incidents, gaps remain in event logging, a key aspect for managing cybersecurity incidents effectively. The GAO stresses the importance of complete adherence to these requirements to enhance the detection, investigation, and remediation of cyber threats.

* Federal agencies have improved in cybersecurity incident response. * Complete implementation of incident response requirements is still lacking. * Event logging, crucial for incident management, is inadequately addressed. * The GAO underscores the need for strict adherence to federal cybersecurity standards. * Effective detection and handling of cyber incidents hinge on fulfilling these requirements.

Federal agencies must do more on sustainability

President Joe Biden's executive order on sustainability has prompted federal agencies to prioritize reducing emissions and modernizing legacy technology. The General Services Administration is working on decarbonizing federal buildings and adopting carbon pollution-free electricity. The Energy Department is increasing its acquisition of electric vehicles and electric vehicle supply equipment. However, federal agencies need to accelerate their efforts to achieve the administration's ambitious climate goals.

* Technology modernization initiatives must be balanced with these goals. Fortunately, sustainability and digital transformation are interconnected, as newer technologies are more energy efficient. * When considering IT modernization, federal leaders should also consider the business case for sustainability. * Data-driven sustainability initiatives will provide government leaders with valuable information for making informed operational decisions. The availability of actionable data is crucial for achieving sustainability objectives.

Federal CISO looks ahead to conversation around new contractor cyber rules

The federal chief information security officer (CISO) is looking ahead to an important conversation around new contractor cybersecurity rules. These rules will update regulations that IT contractors must follow to protect sensitive government data. The CISO expects the conversation to center around what should be mandated versus suggested best practices. While no specific timeline is set, the CISO aims to release a draft version of the updated rules for public comment in the coming months. This will be an important step toward finalizing regulations that balance security needs with flexibility for contractors. The CISO recognizes the challenges but believes there is momentum toward modernizing cyber standards.

* Federal CISO planning for conversation around updating contractor cyber rules. * New regulations will mandate IT security standards for contractors handling government data. * Draft rules expected for public comment in coming months. * Goal is balancing security needs with contractor flexibility. * CISO acknowledges challenges but sees momentum for modernizing cyber standards.

Federal CISO: New Cyber Metrics Improving Feds’ Risk Posture

The Federal Chief Information Security Officer (CISO) recently discussed how new cybersecurity metrics are helping improve the federal government's risk posture. The CISO office has been working with agencies to develop data-driven metrics to better understand cyber vulnerabilities and threats. Some examples include measuring patch management, multifactor authentication implementation, and exposure of high value assets.

* The CISO said this metrics-based approach moves cybersecurity discussions from theoretical to data-driven decisions. It also provides greater visibility across the entire federal enterprise to combat threats. * The office is looking into further metrics like cyber workforce readiness and supply chain risks. * Overall, leveraging metrics helps focus limited cybersecurity resources on the most critical risks facing federal systems and data.

Federal CISO Talks NCS, Next Steps, Legacy IT Burden

Recently the Federal Chief Information Security Officer (CISO) recently discussed next steps for improving federal cybersecurity under the Federal Information Security Modernization Act (FISMA) and the Cybersecurity Executive Order. She said implementing the new National Cyber Strategy remains a key focus, including pushing agencies to encrypt data, use multi-factor authentication, and adopt endpoint detection and response capabilities.

* The CISO office is prioritizing tackling technical debt by modernizing legacy systems, which pose security risks. * Reducing the burden of outdated technology will enable implementing stronger controls. * Furthermore, advancing the cyber workforce through new pay structures, training programs, and recruiting is critical to executing cyber plans. The CISO stressed that driving FISMA and the cyber executive order forward through metrics and accountability will enhance defenses against modern threats.

Federal government begins advertising new cyber rotation program

The federal government is launching a new cyber rotation program to develop its cybersecurity workforce. Managed by OPM and the Office of the Chief Information Officer, the program will assign information technology specialists across multiple federal agencies over two years. Modeled after the military's National Guard, the rotations aim to increase collaboration and knowledge sharing in cybersecurity. Participants will tackle real-world challenges, gaining experience protecting critical systems and data. Though still in the early planning stages, the program hopes to instill a "unity of effort" in combating cyber threats across government bodies like the Cybersecurity and Infrastructure Security Agency. With cyberattacks a mounting concern, deepening the bench of cyber talent and fostering cooperation is crucial.

* New federal cyber rotation program to assign IT specialists across agencies. * Modeled after military's National Guard to increase cyber workforce skills. * Participants will collaborate on solving real-world security challenges. * Aims to instill "unity of effort" in government cyber protections.

Feds Leveraging Data to Modernize Government Business Practices

Federal agencies are leveraging data to modernize and improve government business practices. The General Services Administration's efforts to use data to transform acquisition practices through category management, which consolidates spending on common goods and services. Other agencies like the Department of Health and Human Services are also using data-driven insights to improve operations. Overall, there is an emphasis on the growing role of data analytics in enabling agencies to reduce costs, increase efficiency, and better serve citizens.

* GSA using data-driven category management to consolidate federal spending and procurement. * HHS and other agencies also adopting data analytics to optimize operations. * Data enabling agencies to cut costs, boost efficiency, and improve citizen services. * Analytics becoming integral to modernizing and transforming government business.

For the federal government, Zero Trust is just the beginning

The federal government is increasingly adopting zero trust security models, but sees it as just the first step towards more advanced approaches to cybersecurity. Zero trust is focused on constantly validating every user and device before granting the minimum access needed, but has limitations. The government is looking towards concepts like assume breach, which assumes systems are compromised from the start, and evolving to self-healing networks that can automatically detect and respond to threats. The ability to understand normal behavior and identify anomalies will be critical. There also needs to focus on identity management as the foundation for these future security architectures.

* Federal government adopting zero trust but sees it as just a first step. * Looking towards more advanced models like assume breach, self-healing networks. * Focus on understanding normal behavior, identifying anomalies. * Identity management foundational for future security architectures. * Evolving to autonomous systems that automatically detect and respond.

GAO Agile Assessment Guide: Best Practices for Adoption and Implementation

The GAO Agile Assessment Guide presents best practices for adopting and implementing Agile software development methodologies in federal agencies. This guide addresses the need for improved management of IT acquisitions and operations, an area highlighted on the GAO High Risk List. The federal government's annual IT expenditure exceeds $100 billion, with a history of challenges in IT investment development, implementation, and maintenance. The guide serves as a resource for federal auditors, organizations, and programs either adopting or evaluating their Agile practices. It aims to enhance the transition and management of Agile programs in government settings.

* Focus on Agile Methodologies: The guide emphasizes the adoption and execution of Agile software development in federal IT projects. * Federal IT Spending: Addresses the management of the substantial IT budget within federal agencies. * Resource for Multiple Audiences: Designed for federal auditors, established Agile programs, and those in transition to Agile practices. * Improving IT Project Outcomes: Aims to reduce IT project failures, cost overruns, and schedule delays. * Legislative Background: References the Federal Information Technology Acquisition Reform Act (FITARA) for context and compliance.

GAO sustains 93 bid protests filed over CIO-SP4 solicitation

The Government Accountability Office reviewed 93 legal challenges to the National Institutes of Health's solicitation, CIO-SP4. They found that the agency did not advance proposals past the first phase of evaluation in a reasonable manner. Kenneth E. Patton, the managing associate general counsel for procurement law at GAO, stated that the agency's decision was flawed because NIH failed to show proper evaluation of phase one proposals and determination of which ones would move forward.

* GAO recommended that the agency reevaluate the proposals and make new determinations based on the results. * This decision was issued under a protective order due to sensitive information. * Protests from entities represented by outside counsel were addressed, while protests from entities without counsel will be addressed separately. CIO-SP4 has faced protests since the agency requested proposals in May 2021. The contract vehicle has a $50 billion ceiling.

GAO Urges Pentagon to Ensure Full Implementation of Agile Principles in Software Procurement

A recent report from the Government Accountability Office (GAO) recommends the Department of Defense fully implement agile principles when procuring software. Agile development delivers software in short increments rather than waiting for the full system to be completed.

* The GAO found the DoD has guidance on using these methods, but program offices are not consistently adopting agile methods or applying them effectively. This can limit the flexibility and collaboration of developers with users that are central to agile. * The report recommends several actions to integrate agile further, including revising policies to mandate key agile practices, providing better training and resources to program staff, and developing metrics to measure the effectiveness of agile methods. * Implementing these recommendations would help the DoD deliver needed software capabilities to warfighters faster and stay ahead of evolving threats.

GSA debuts new search tool to support Native Governments and Businesses

The U.S. General Services Administration has introduced a new search tool. This tool allows buyers to search for Native business categories in GSA Advantage!, GSA eBuy, and GSA eLibrary for commercial products and services. Tribal governments have limited ability to generate traditional government revenues due to their unique federal status. Therefore, income from Tribal businesses is crucial for their development.

* The new search feature will help Native businesses gain visibility in various channels to sell their products and services. The search identifiers have been designed to enable multiple search criteria, such as office supplies and 8(a) status. * This feature helps federal agency partners comply with the Buy Indian Act. These recent enhancements to the search function enable buyers to meet socioeconomic contracting goals more efficiently and identify specific acquisition pathways. * Federal and Tribal buyers can now easily search for hand tools made by American Indian-owned small businesses.

GSA hosts roundtable with business leaders on advancing equity in federal contracting

The General Services Administration (GSA) hosted a roundtable with leaders from small and mid-sized businesses, including those from underserved communities, at its headquarters. The meeting, led by Deputy Administrator Katy Kale, aimed to gather input and feedback on the challenges and strategies for success as federal contractors. Senior leaders from GSA, Small Business Administration (SBA), Office of Federal Procurement Policy (OFPP), and the Minority Business Development Agency (MBDA) were also present. The roundtable was part of GSA's Equity Action Plan and focused on advancing equity in federal procurement. This aligns with the Biden-Harris Administration's efforts to increase participation rates and federal contracting dollars awarded to small businesses, especially those from underserved communities. The discussion covered federal tools, best practices for company success, and how the government can contribute to this success

* Equity in Federal Contracting: The GSA's roundtable, part of its Equity Action Plan, aimed to advance equity in federal procurement, focusing on increasing participation and contracting dollars for small businesses, particularly those from underserved communities. * Leadership Engagement: The event was led by GSA Deputy Administrator Katy Kale and attended by senior leaders from GSA, SBA, OFPP, and MBDA, emphasizing the importance of top-level commitment to fostering diversity and inclusion in federal contracting. * Discussion of Challenges and Strategies: Participants discussed challenges faced by small and mid-sized businesses in federal contracting, best practices for success, and how the government can support these businesses, with a special focus on expanding opportunities for underserved communities. * Diverse Representation: The roundtable included leaders from a variety of businesses and organizations, ensuring a broad representation of perspectives and experiences in the conversation about advancing equity in federal procurement.

GSA’s IT Category Office Enhancing Software Supply Chain Management

The General Services Administration's IT Category office is working to enhance software supply chain management across the federal government. They are developing a software bill of materials (SBOM) standard that provides transparency into the components and dependencies in software. This will help agencies better manage risks and vulnerabilities in their software supply chains. The office is also exploring the use of artificial intelligence to analyze SBOMs and provide insights to improve supply chain security.

* GSA's IT Category office enhancing software supply chain management for federal agencies. * Developing standard for software bill of materials (SBOM) to provide transparency into software components. * SBOM will help agencies manage risks and vulnerabilities in software supply chains. * Overall goal is to strengthen federal software supply chain security through standards and emerging technologies like AI.

GSA’s new approach to small business matchmaking

The General Services Administration (GSA) is refining its approach to small business matchmaking by implementing new strategies to attract small enterprises, particularly those with innovative technology capabilities. This initiative is part of the solicitation for the Alliant 3 IT services contract, which is in its final stages of preparation. The focus is on creating more opportunities for small businesses in the federal marketplace, encouraging their participation in larger contracts and promoting technological innovation within government projects.

* Enhanced Opportunities for Small Businesses: The initiative aims to attract more small businesses, especially those with innovative technological solutions, to engage in federal contracting. * Focus on Technology and Innovation: The approach emphasizes technological innovation, encouraging small businesses with such capabilities to participate. * Integration in Alliant 3 IT Services Contract: This strategy is a part of the solicitation for the Alliant 3 IT services contract, indicating a significant opportunity for small businesses. * Promotion of Larger Contract Participation: The effort is designed to facilitate the entry of small enterprises into larger contracts, thereby expanding their potential market within the federal sector. * Support for Business Growth: The GSA is providing platforms and resources to support the growth and development of small businesses in the federal marketplace.

House committee introduces 5 guardrails for internal AI use

The Committee on House Administration has introduced five AI guardrails to guide responsible AI use within the U.S. House of Representatives. These guardrails emphasize human oversight, clear policies, thorough testing, transparency, and workforce education. Developed through discussions with various officials, these guidelines aim to balance operational efficiency with careful control over AI deployment. Key activities include upskilling staff, conducting hearings, and planning future AI uses with other government entities. The committee focuses on integrating AI safely with existing IT policies and exploring its impact through the federal acquisitions process.

* Five AI Guardrails Established: Human oversight, clear policies, robust testing, transparency, and workforce education. * Development through Discussion: Collaborative efforts with key legislative and technology officials during a private roundtable. * Upcoming Focus Areas: Upskilling staff, harmonizing AI use cases, and planning future AI implementations. * Integration with IT Policies: Prioritizing the integration of AI systems with broader cybersecurity and IT protocols. * Future Acquisitions: Examining the federal acquisitions process to ensure safe AI use and learning from state and local governments.

How Agencies are Driving CX Across Government

Federal agencies are actively pursuing improvements in customer experience (CX) through digital transformation initiatives, notably in website modernization. A prime example is the Centers for Medicare & Medicaid Services (CMS), which achieved a significant increase in customer satisfaction with its Medicare.gov website, jumping from 56% to 72% in a year. This success is part of CMS's broader effort to enhance the Medicare enrollment process by exploring automatic enrollment options, thereby eliminating the need for manual form submissions. CMS aims to further its CX efforts by recruiting digitally savvy Gen Z employees, emphasizing the importance of fresh talent in driving innovation.

* Federal agencies are prioritizing customer experience improvements through digital transformation, including website modernization. * CMS's update to Medicare.gov resulted in a significant increase in customer satisfaction, with plans to further streamline the Medicare enrollment process. * OPM's website modernization through the Digital Services BPA is a flagship CX effort, aligning with strategic goals to enhance service delivery to the Federal workforce. * CMS is targeting the recruitment of Gen Z employees to infuse new talent and perspectives into its CX efforts.

Improving government capacity is key for AI deployment, experts tell Congress

The Senate Homeland Security and Governmental Affairs Committee, led by Sen. Gary Peters, D-Mich., is emphasizing the importance of enhancing government capacity for the effective deployment of Artificial Intelligence (AI). During a recent hearing, experts highlighted the potential of AI in transforming government services, such as offering translation services, creating chatbots, and aiding employees in their daily tasks. However, to fully harness AI's capabilities, significant investment in government capacity is necessary. Key issues discussed include the simplification of the federal procurement process, the need for streamlined policy frameworks, and the importance of sound data practices. Witnesses also stressed the importance of hiring AI experts and training current federal employees in AI, as well as the need for public sector innovation and experimentation with AI.

* **Federal Procurement and AI:** The committee is focusing on federal procurement and AI, recognizing its significant impact on AI regulation and deployment throughout the economy. * **Simplification and Streamlining:** Witnesses urged for a simplification of the Federal Acquisition Regulation and streamlining processes to facilitate smaller vendors' entry into the marketplace. * **Hiring and Training:** Emphasis on the need for government to reevaluate its hiring practices for AI experts and to provide AI training for current federal employees. * **Data Practices and Open Government Data:** The importance of establishing strong data practices and promoting open government data to avoid risks like disparate impacts and poorly informed decisions.

Independent Oversight Coming to Major VA IT Contracts

The Department of Veterans Affairs (VA) is planning to strengthen oversight of its major IT modernization contracts. This is in response to recent legislation from Congress. The VA has released a draft request for proposals (RFP) to request industry input on its plans to initiate independent verification and validation (IV&V) for its major acquisition programs.

* The RFP comes after Rep. Mark Takano introduced the VA IT Modernization Improvement Act, which called for IV&V support for major acquisitions. * VA Chief Acquisition Officer Michael Parrish stated that this will provide independent oversight to ensure that contractors deliver on time and budget. * The VA expects to implement this contract by the end of the year, aligning with Rep. Takano's legislation. * This RFP mentions that programs like the Electronic Health Record Modernization, Financial Management Business Transformation, and Supply Chain Modernization will likely be assessed, with the possibility of considering additional programs. Both VA and Government Accountability Office officials support the legislation.

Informatica's Data in Action Summit: A Comprehensive Overview

On December 6th, 2023 the governmentwide ITVMO attended the Data in Action Summit by Informatica. As more government agencies evolve their citizen services into efficient platforms, leaders are increasingly relying on data as a key indicator of success and a means to drive change. Data, once a helpful resource, has now become crucial in the intricate modernization journey. IT officials find data and its analytical tools indispensable for building a government that is not only effective but also transparent, allowing them to witness their efforts in real time.

Keep the focus in procurement on best value products and services for the government

Federal government procurement should prioritize "best value" over lowest cost when purchasing products and services. The best value enables the government to consider factors beyond just price, including quality, technical capability, past performance, and environmental or social impacts.

* Focusing solely on lowest cost can result in lower quality goods and services that don't fully meet the government's needs. * More training on best value procurement strategies is needed for acquisition professionals.\ Additionally, updating regulations and policies can help encourage a best value approach. * Emphasizing best value rather than lowest cost will ultimately provide taxpayers with higher quality, more innovative, and more sustainable solutions from government contractors.

Many agencies fail to meet tech accessibility mandates, report finds

A new report from GSA sheds a new light on government tech accessibility, revealing that the government as a whole is failing to meet the minimum standard or legal obligation to provide equal access to all members of the public and federal employees with disabilities. The report focuses on federal compliance with Section 508 of the Rehabilitation Act, which mandates that government technology be accessible to people with disabilities. Despite this requirement, the report finds that less than 30% of the most viewed intranet and internet pages, electronic documents, and videos are fully in line with Section 508 standards. The report, mandated as an annual exercise under the 2023 appropriations law, used self-reported data from 249 respondents across the government. It found that agencies with more mature Section 508 programs and more staff had more accessible tech. However, 38 reporting components reported having no Section 508 staff at all. The report recommends that Congress focus oversight efforts on major tech vendors to improve the accessibility of widely used software products and encourages agencies to use acquisition tools to incorporate accessibility requirements into procurement and contracting documents. It also suggests increased accessibility testing, mandatory training for relevant employees, and more internal agency oversight and leadership accountability on accessibility.

* **Widespread Non-Compliance:** The government is not meeting its legal obligation to provide equal access to technology for people with disabilities. * **Low Conformance Rates:** Less than 30% of the most viewed pages and documents meet Section 508 standards, indicating ineffective accessibility policies and practices. * **Recommendations for Improvement:** The report suggests focusing on major tech vendors, incorporating accessibility requirements into procurement, increasing accessibility testing, and enhancing internal oversight and accountability. * **Data Quality Concerns:** Reporting officers expressed concerns about retribution for honest reporting and pressure to alter responses, leading to data quality issues.

New Biden Administration Actions Aim to Help Small Businesses Access Government Contracts

The Biden administration has introduced new measures to enhance the accessibility of major government contracts for small businesses. These initiatives involve guidance from the Office of Management and Budget (OMB) and efforts by the Small Business Administration (SBA) to improve the technical assistance program. The OMB's guidance encourages federal agencies to adopt strategies that enable small businesses to participate in multiple-award contracts, which represent nearly 20% or $160 billion of government contract funds. Furthermore, the SBA aims to diversify technical assistance opportunities through its Empower to Grow (E2G) program, targeting small disadvantaged businesses in low-income or high-unemployment areas. The program will offer customizable one-on-one training to guide small businesses through the contract bidding process and facilitate networking and matchmaking events with government organizations and prime contractors.

* Early Engagement and Planning: Agencies are encouraged to engage and plan for multiple-award contracts earlier in the process. * On-Ramps for New Companies: The guidance suggests expanding the consideration of on-ramps to allow new companies to enter during a contract's performance period. * Leveraging Small Business Set Aside Orders: Agencies are advised to make use of small business set-aside orders to open up opportunities.

New bill aims to codify NIST AI risk management in federal procurement

A new bill introduced in Congress aims to establish the National Institute of Standards and Technology's (NIST) AI risk management framework as the baseline for federal procurement of artificial intelligence systems. The Artificial Intelligence Procurement Act would mandate agencies to adopt NIST's voluntary guidance on identifying, assessing and mitigating risks when acquiring AI tools. This framework provides a methodology to evaluate factors like data quality, system security, and potential biases. Codifying these best practices into law would provide consistent standards for trustworthy AI across government. However, some opponents argue NIST's framework is too rigid for the dynamic evolution of AI. If passed, the bill would grant NIST statutory authority to update the framework with stakeholder input. Proponents believe regulating AI procurement is an important step toward responsible AI adoption. Critics contend it could hamper innovation and ignore the unique needs of individual agencies. Further debate is expected on balancing AI progress and prudence.

* New bill would codify NIST's AI risk management framework for procurement. * NIST framework offers methodology to assess AI risks like biases and security flaws. * Would standardize trustworthy AI practices across federal government. * Balances twin goals of spurring AI innovation while managing potential downsides.

New direct hire authority aims to assist agencies with AI talent surge

The federal government is granting new direct hiring authority to help agencies recruit talent in artificial intelligence as investments and applications accelerate. The Office of Personnel Management has approved direct hiring for over 50 AI-related positions including data scientists, developers, and engineers. This will allow agencies to expedite hiring, bypassing traditionally lengthy competitive hiring processes. As AI proliferates across national security, healthcare, transportation and more, demand for technical experts is surging. However, recruitment remains challenging with private sector competition. Direct hiring provides flexibility to attract qualified candidates to serve in government. This complements other federal efforts to upskill current staff and develop AI career paths. Though AI talent is scarce, empowering agencies to hire rapidly and competitively at scale will build critical personnel pipelines to support ethical and responsible adoption.

* New direct hiring authority fast-tracks recruitment of AI talent. * Addresses urgent need for technical experts as AI funding grows. * Government faces talent competition from private sector. * Allows flexible, competitive hiring to build critical AI personnel pipelines. * Complements efforts to train existing staff on AI skills.

New FedRAMP guidance forthcoming as the cloud marketplace evolves

The Federal Risk and Authorization Management Program (FedRAMP) is preparing to release updated guidance and requirements for cloud service providers this fall. FedRAMP ensures cloud products meet federal security standards before being authorized for government use. The program management office says forthcoming guidance will address evolving needs as the marketplace matures.

* Areas of focus include clarifying criteria for higher security baselines, enforcing authorization boundaries, and requiring vulnerability scanning for high-value assets. * There will also be a push towards automation and standardized assessments to improve efficiency. * Updated guidance aims to increase security while removing obstacles to rapid cloud adoption. However, some industry experts are concerned the new requirements may be too rigid and discourage commercial solutions. * The pending release comes as more agencies embrace multi-cloud approaches and migrate critical systems to the cloud.

New rule sets stage for banning risky technologies from government supply chains

The General Services Administration has issued a rule to implement provisions in the 2021 defense bill that allow the government to prohibit federal acquisition of certain telecom and video surveillance equipment. The rule lays the groundwork to block purchase of technology that poses national security risks, namely gear from Chinese companies like Huawei and ZTE. It establishes procedures for assessing risks, identifying covered equipment, providing notice to vendors, and allowing waivers in special cases. While not an outright ban yet, the rule is a significant step toward enabling stricter screening of government technology supply chains. It reflects growing concerns about potential vulnerabilities from foreign-sourced gear that could enable spying or disruption of government systems and operations.

* GSA rule lays groundwork to prohibit federal purchase of risky telecom/video surveillance tech. * Establishes procedures for risk assessments, notifications, waivers. * Not an outright ban yet but enables stricter supply chain screening. * Addresses concerns about foreign gear enabling spying, disruption of government systems.

NIST adds 5 new members to its AI Safety Institute

The National Institute of Standards and Technology (NIST) has recently expanded its AI Safety Institute by adding five new members. These members come from a variety of backgrounds, enhancing the institute's expertise and ability to address AI safety in line with national security needs and standards development. This move aligns with the broader federal initiative to prioritize AI safety and effectiveness in government operations.

* Five new experts have joined the NIST AI Safety Institute. * The new members bring diverse skills to enhance AI safety and standards. * This initiative is part of a broader federal focus on AI technology. * The goal is to integrate AI safely into national security and governmental standards​.

NIST releases revised cyber requirements for controlled unclassified information

The National Institute of Standards and Technology (NIST) has updated its requirements for protecting controlled unclassified information (CUI). The revised guidelines aim to modernize security controls for CUI systems based on emerging technologies and new cyber threats. Key updates include additional multifactor authentication methods, improving identity and access management, enhanced logging and monitoring capabilities, and integrating security into system development processes. The guidelines also provide scalable baseline security requirements that can be tailored based on an organization's risk management strategy. Adopting the guidelines will be mandatory for federal agencies and contractors handling CUI. NIST developed the updates with input from public and private sector stakeholders. Implementing the guidelines will improve real-time detection of cyber incidents and unauthorized access attempts across CUI systems. Overall, the changes seek to bring CUI cybersecurity policies in line with today's digital environment.

* Modernizes security controls for CUI systems based on new tech and threats. * Adds multifactor authentication methods, improves identity management. * Enhances logging, monitoring, integrating security into development. * Provides scalable baseline requirements tailored to risk strategy. * Mandatory for federal agencies and contractors handling CUI.

NSF launches AI resource pilot to spur US innovation

The National Science Foundation (NSF) has initiated the National Artificial Intelligence Research Resource (NAIRR) pilot to democratize access to essential AI technologies and foster U.S. innovation in the field. The pilot aims to make federal resources like advanced computing, datasets, training models, and user support widely accessible, promoting the Biden administration's goal of establishing the U.S. as a leader in AI innovation. The NAIRR pilot focuses on four areas: NAIRR Open for general AI resource access, NAIRR Secure for privacy-preserving AI research, NAIRR Software for interoperable AI tool uses, and NAIRR Classroom for educational initiatives. Industry partners, including major tech companies, are supporting the program by providing resources and expertise. The pilot is designed to be a collaborative platform, inviting contributions from the community to ensure diverse engagement and foster a trustworthy AI ecosystem.

* Democratizing AI Access: The NAIRR pilot aims to make key AI resources publicly accessible, supporting the U.S. as a leader in AI innovation. * Focus Areas: The pilot concentrates on four areas: general AI resource access, privacy-preserving AI research, interoperable AI tool uses, and educational initiatives. * Industry Collaboration: Major tech companies are contributing resources and expertise to the pilot, emphasizing the collaborative nature of the initiative. * Community Engagement: The pilot encourages community contributions to create a diverse and trustworthy AI ecosystem, aligning with broader federal efforts to advance AI technology.

OMB Memo on Increasing Small Business Participation on Multiple-Award Contracts

The Office of Management and Budget (OMB) issued a memo on January 25, 2024, aimed at increasing small business participation in multiple-award contracts (MACs). This directive encourages federal procurement agencies to apply the "rule of two," which mandates that if at least two small businesses can perform the required work at a fair price, the competition should be limited to small businesses. However, the Federal Supply Schedule is exempt from this rule. The memo has sparked a debate over its implications, including whether it represents a significant policy shift without undergoing the standard rule-making process, its impact on medium and large businesses, potential increases in procurement costs due to reduced competition, and the likelihood of increased litigation and procurement delays.

* The OMB memo, issued on January 25, 2024, aims to boost small business participation in multiple-award contracts by advocating for the "rule of two." * It specifies that if two or more small businesses can offer fair market prices, competitions should be limited to them, excluding the Federal Supply Schedule. * The memo has sparked discussions regarding its potential to change procurement dynamics, particularly affecting medium and large businesses and possibly leading to increased procurement costs due to less competition. * Concerns have been raised about the memo's bypassing of the standard rule-making process, its impact on federal contracting, and the possibility of increased litigation and procurement delays.

OMB Releases Implementation Guidance Following President Biden’s Executive Order on Artificial Intelligence

The White House Office of Management and Budget recently issued guidance to federal agencies on implementing President Biden's executive order on responsible artificial intelligence adoption. The guidelines provide a timeline for agencies to inventory their AI use cases, assess risks, and develop policies aligned with the order's principles for trustworthy and equitable AI. Agencies must submit plans detailing how they will minimize harmful bias, evaluate AI impacts on underserved communities, improve data quality, and continually monitor AI system performance. The guidance also establishes reporting requirements for agencies to update the public on their progress. While praising the administration's commitment to AI oversight, some industry observers caution against overregulation that stifles innovation. Others argue the guidelines lack enforcement mechanisms. As agencies move to transform the principles into practice, effective implementation will determine whether the order achieves its goals of ensuring AI safety, protecting civil rights, and building public trust.

* OMB released guidance for agencies to implement Biden's AI executive order. * Directs risk assessments before AI deployment to address biases, privacy, security. * Seeks to boost innovation while protecting civil rights and privacy. * Creates Central Hub to coordinate AI regulation across government. * Implementation requires resources, expertise and sustained leadership.

OMB releases ‘broad’ accessibility guidance for government tech

OMB has released new guidance aimed at improving the accessibility of government technology, marking the first update to Section 508 of the Rehabilitation Act since 2013. The guidance addresses the concerning fact that nearly half of federal websites are not fully accessible, and only 23% of top PDF downloads from major agencies conform to 508 standards. The new guidance aims to instigate a culture change towards digital accessibility, emphasizing that it's a collective responsibility and an integral part of government modernization. Agencies are now required to establish a Section 508 program with a dedicated program manager and develop policies and procedures to ensure accessibility. This includes setting up digital accessibility statements on websites, providing feedback mechanisms for reporting issues, and conducting comprehensive accessibility testing before deployment. GSA is tasked with exploring a standardized accessibility conformance reporting process for vendors and establishing a government-wide service for accessibility-related products and services. The CIO Council will consider a government-wide program for assistive technology devices and consultation services. The Technology Modernization Fund may finance potential accessibility projects, aligning with the fund's customer experience allocation.

* **New OMB Guidance on Tech Accessibility:** OMB has issued new guidance to improve the accessibility of federal technology, the first update since 2013. * **Current Accessibility Status:** Nearly half of federal websites are not fully accessible, and a small percentage of top PDF downloads meet 508 standards. * **Establishment of Section 508 Program:** Agencies are required to set up a Section 508 program with a program manager and develop related resources, policies, and procedures. * **Website Accessibility Statements and Feedback Mechanisms:** Agencies must implement digital accessibility statements on their websites and establish mechanisms for the public to report accessibility issues. * **Comprehensive Accessibility Testing and Monitoring:** Agencies should conduct thorough accessibility testing before deployment and continuously monitor accessibility.

ONCD Seeks Input on Strategy to Strengthen Open-Source Software

The National Cyber Director's office has issued a request for information to help shape a new government-wide strategy for leveraging open source software. The strategy aims to strengthen cybersecurity, lower costs, and benefit from community-driven innovation. The RFI seeks feedback on establishing procurement best practices, increasing open source contributions from agencies, addressing dependencies like foreign-developed software, measuring ROI, and more.

* Inputs will inform policy recommendations in several areas including workforce, Intellectual Property, and supply chain security around open source adoption. * The strategy will also look at DevSecOps approaches and other technical considerations. * According to the NCD, properly harnessing open source will enhance resilience, lower barriers to entry, and benefit national economic competitiveness. But challenges remain around security, licensing, and sustainment. * This RFI underscores the administration’s growing focus on maximizing open source to transform government digital services.

ONCD Working on ‘Playbook’ for Cybersecurity in Procurement

The Office of the National Cyber Director is developing a playbook to improve cybersecurity in federal procurement and acquisition processes. The playbook aims to provide guidelines for agencies to build cybersecurity into contracts and procure more secure technologies. It will likely recommend segmenting networks, using basic cyber hygiene, and requiring vendors to meet certain cybersecurity standards. The playbook is part of a broader federal push to enhance cybersecurity protections and reduce risks across government systems.

* Office of National Cyber Director creating a playbook for better cybersecurity in federal procurement. * Playbook will provide guidelines for agencies to build cybersecurity into contracts. * It will recommend steps like network segmentation, cyber hygiene, vendor cyber standards. * This is part of a broader federal effort to improve cyber protections and reduce risks.

OPM announces survey to analyze AI in government jobs

The Office of Personnel Management (OPM) is advancing its efforts to integrate artificial intelligence (AI) within the federal workforce by launching a survey targeting federal employees engaged in AI-related tasks. This initiative is part of a broader strategy mandated by the 2020 AI in Government Act and President Biden's 2023 executive order, which aim to identify essential skills for federal AI roles and ensure AI's safe and secure use across agencies. Following the identification of 43 general and 14 technical competencies necessary for AI work, OPM seeks to validate these competencies through the AI job analysis survey. The survey will involve employees from various departments, including the Office of Science and Technology Policy and chief information and data officers. The outcome will contribute to developing an AI competency model, potentially leading to the revision or creation of job series to include AI skills, and help forecast AI job needs in the federal government. This model aims to enhance the recruitment, development, and promotion of AI talent, aligning with agencies' missions and strategic goals.

* OPM is surveying federal employees involved in AI to validate required competencies. * The initiative supports mandates from the 2020 AI in Government Act and a 2023 executive order. * Results will inform the development of an AI competency model and potentially revise job series. * The effort aims to enhance the federal workforce's AI capabilities, aligning with agency missions.

OPM launches federal intern experience program

The Office of Personnel Management has introduced a new program. The program aims to standardize and improve the quality of internships in federal agencies. The agency sent a message to government chief human capital officers. They created the program to support early career talent by providing training, information, and support.

* Interns at federal agencies will now have access to mentoring, executive speakers, self-directed training, and a new intern hub. * OPM launched the program to support the Biden administration's priority of strengthening and empowering the federal workforce. * The administration's President's Management Agenda focuses on three questions: How can the federal government improve its workforce? How can it build trust through programs and services? How can it advance equity and support underserved communities?

OPM leads governmentwide data scientist hiring effort to build up AI expertise

The Biden administration is spearheading a government-wide initiative to bolster AI expertise within the federal workforce, led by the Office of Personnel Management (OPM). OPM has initiated a large-scale hiring action to recruit data scientists across multiple federal agencies. This pooled hiring approach allows candidates to apply once and be considered for several GS-14 data scientist positions, streamlining the recruitment process. The initiative aligns with President Joe Biden's executive order to accelerate AI usage in government operations. OPM's direct-hire authority for AI-related job classifications further facilitates this effort. The White House emphasizes the importance of leveraging AI responsibly to enhance government services, policy-making, and research and development, ensuring the U.S. remains at the forefront of AI innovation.

* OPM leads a government-wide hiring effort to recruit data scientists, enhancing AI expertise in the federal workforce. * The initiative involves a pooled hiring action, allowing candidates to apply once for multiple positions across agencies. * The effort is part of the Biden administration's strategy to accelerate AI usage in government, as outlined in an executive order. * OPM's direct-hire authority streamlines the recruitment process, aiming to attract top talent in AI and related fields.

OPM outlines incentives to attract, retain federal AI workforce

The Office of Personnel Management (OPM) has issued guidance to federal agencies detailing pay and benefits flexibilities for AI positions to attract and retain a skilled workforce for emerging technologies. This follows President Joe Biden's executive order emphasizing federal AI hiring and the authorization of direct-hire authority for AI positions by OPM in December. The guidance includes recruitment and retention incentives, student loan repayment, higher annual leave accrual rates for certain positions, and the possibility of higher pay, alternative work schedules, and remote work. Agencies are encouraged to use these flexibilities to fill difficult positions, with OPM ready to assist in enhancing compensation tools.

* OPM's guidance offers recruitment, relocation, and retention incentives, including up to 25% of basic pay. * Direct-hire authority for AI positions to streamline recruitment and address the technology's rapid development. * Flexibilities such as student loan repayment and higher annual leave accrual rates for certain AI positions. * Encouragement for agencies to use these incentives to attract and retain AI talent, with OPM's support for enhanced compensation tools.

Oversight Committee Passes Bills to Root out Waste, Fraud, and Abuse, Improve Federal Government Efficiency

The House Oversight and Reform Committee recently passed several bills aimed at improving efficiency and reducing waste, fraud, and abuse in the federal government. One bill would require agencies to conduct inventories and reduce excess property, which could save billions in storage and maintenance costs. Another bill would improve the management of government purchase cards to prevent misuse.

* The committee also passed the Taxpayer Receipt Act, requiring the government to send Americans an annual “taxpayer receipt” outlining federal spending. * Additionally, the Federal Agency Customer Experience Act was approved to improve customer service at government agencies. Committee Chairwoman Carolyn Maloney argued these bipartisan bills will make the government more efficient, accountable, and transparent for taxpayers.

Pentagon Cyber Official Provides Progress Update on Zero Trust Strategy Roadmap

The Defense Department plans to implement its zero trust cybersecurity framework by fiscal year 2027. David McKeown, the DOD's senior information security officer, stated that his office has been working diligently to ensure a smooth rollout of the initiative.

* The partnership with the private sector has played a crucial role in the DOD's progress toward implementing the capabilities outlined in the roadmap. * McKeown emphasized the formation of strong relationships with commercial cloud providers. * The zero trust framework will go beyond traditional network security methods and provide capabilities to reduce cyberattack exposure, enable risk management and data sharing, and swiftly address adversary activities.

Pentagon eyes 5G, ‘future G’ to help warfighters

The Department of Defense is exploring how 5G and 6G networks can enhance military operations in the future. 5G offers faster speeds and lower latency that could enable new augmented and virtual reality capabilities for warfighters. The Pentagon is testing 5G at a handful of military bases to better understand how to leverage its capabilities. Looking ahead, the DoD is also funding university research on 6G, the next generation of wireless networks that could arrive in the 2030s. 6G promises even faster speeds and greater connectivity for advanced applications like holographic projection. While commercial 5G is still rolling out, the DoD wants to get a head start on capitalizing on 6G’s potential military benefits. However, adopting these new networks also presents cybersecurity challenges that will need to be addressed.

* DoD exploring 5G and 6G to enhance future military operations. * 5G offers faster speeds, lower latency for new AR/VR capabilities. * Pentagon testing 5G at bases to understand leveraging potential. * Faster speeds and connectivity expected to transform battlefield. * Adopting new networks presents cybersecurity challenges.

Pentagon’s 2023 Cyber Strategy Takes aim at China Threat

The Pentagon's 2023 cyber strategy identifies China as the top strategic threat and lays out plans to counter Chinese cyber capabilities. The strategy calls for new operational concepts to defend critical infrastructure, support military operations, and impose costs on adversaries. Key focus areas include building resilient systems, enabling information advantage, and recruiting talent. The strategy also emphasizes defending the homeland and allies as well as deterring significant cyberattacks. It aligns with the Biden administration's push to prioritize challenges from China and view cyberspace as a domain of great power competition.

* Pentagon's new cyber strategy identifies China as top threat, aims to counter capabilities. * Calls for new operational concepts to defend infrastructure, support operations, impose costs. * Seeks to integrate cyber into broader military operations and build resilient systems. * Focuses on defending homeland and allies, enabling information advantage, deterring attacks. * Aligns with administration's view of cyberspace as a domain of great power competition.

Private sector must proactively accept White House’s invitations on cybersecurity

The National Cybersecurity Strategy from the White House is primarily intended for federal government officials. However, the latest release of the strategy includes commitments to the private sector on various cybersecurity issues. The President has invited the private sector to work alongside the government as partners, recognizing the importance of collaboration in securing cyberspace.

* Private sector organizations should accept this invitation, both individually and through trade organizations, but they must act quickly as there are limited seats available. * The federal government may need time to accept private sector officials as partners and build trust. * President Biden expects private sector involvement in a range of areas, including regulations, network and system protection, investigations, information sharing, incident response, liability for software vulnerabilities, workforce development, improving insurance products, preparing for post-quantum threats, and countering attempts by autocratic governments to control information technology.

Protecting Government IT Systems is Critical to Federal Software Supply Chain

The U.S. House Committee on Oversight and Accountability recently discussed the critical need for protecting government IT systems to ensure the security of the federal software supply chain. Subcommittee Chairwoman Nancy Mace highlighted the vulnerabilities of government IT systems to cyber-attacks, including those from foreign adversaries. The release underscores the importance of secure software in federal systems, citing examples of significant breaches and emphasizing the necessity of software supply chain transparency. Measures like software bills of materials (SBOMs) are suggested to identify vulnerabilities and origins of software components.

* Importance of IT system protection in federal software supply chain. * Risks of cyber-attacks from foreign nations and other malicious actors. * Examples of major breaches highlighting system vulnerabilities. * Need for transparency in software supply chains. * Proposal of SBOMs for better vulnerability and origin tracking.

Reforming federal procurement and acquisitions policies

The government procurement process can be difficult to navigate, especially for businesses without experience in submitting bids or understanding agency requirements. There are barriers in paperwork, disparities in geographic distribution, poorly trained officials, and inequities based on race and gender.

* To address these various issues, several reforms to national procurement policies and processes have been introduced. * These include broadening the geographic distribution of contracts, ensuring fairness and transparency, improving access for small businesses and historically disadvantaged firms, enhancing the training of government procurement officers, increasing accountability by empowering end-users, utilizing technology and machine learning software for data analysis, limiting the time period and criteria for legal challenges, and learning from reforms implemented in other countries.

Regulators should consider 3 factors for AI safety, former national cyber director says

Former National Cyber Director Chris Inglis recommended a comprehensive approach to regulating artificial intelligence (AI), focusing on three main areas during a National Artificial Intelligence Advisory Committee meeting. He stressed the importance of understanding the purpose behind AI tools, ensuring there is a skilled workforce to manage them, and prioritizing human-centered design in AI development. Inglis's advice aims to ensure AI technologies are used responsibly and effectively, aligning with broader goals for ethical AI governance.

* A holistic approach to AI regulation is advocated, focusing on technology, people, and doctrine. * The purpose behind AI tools must be clear, with a technically capable workforce to implement these tools. * Human-centered design is crucial in AI development, ensuring human operators are considered and prepared. * These recommendations align with the Biden administration's goals for responsible and human-centered AI governance.

SBA Administrator Guzman Announces 2024 National Small Business Week Award Winners

SBA Administrator Isabel Casillas Guzman announced the winners of the 2024 National Small Business Week (NSBW) Awards, recognizing business owners, lending partners, and advocates from all 50 states, DC, Guam, and Puerto Rico. These awardees are celebrated for their contributions to the economy and their communities, especially in disaster recovery. The NSBW, scheduled for April 28-May 4, 2024, will include ceremonies in Washington, D.C., and a roadshow tour across several states. This initiative highlights the Biden-Harris Administration's commitment to supporting small businesses through significant investments in infrastructure, broadband, and clean energy, aiming to foster an environment where more Americans can pursue business ownership.

* NSBW 2024 Award Winners announced, recognizing small business contributors across the U.S. and territories. * Administrator Guzman to embark on a roadshow tour from April 30-May 3, 2024, visiting states to honor small businesses and discuss SBA initiatives. * The event underscores the Biden-Harris Administration's efforts to support small businesses with investments in infrastructure and clean energy.

Selected Emerging Technologies Highlight the Need for Legislative Analysis and Enhanced Coordination

The Government Accountability Office (GAO) report highlights the challenges and opportunities faced by federal agencies in regulating emerging technologies like drones, AI-enabled medical devices, and others. The Department of Transportation (DOT), Federal Communications Commission (FCC), and Food and Drug Administration (FDA) reported using various practices to address these challenges. However, the FDA indicated the need for updated authorities to better regulate AI-enabled medical devices. The report emphasizes the importance of interagency collaboration and knowledge-building efforts, noting that foreign regulators have more extensive outreach, especially with industry and academia. The GAO made three recommendations to improve ongoing efforts, including documenting potential legislative changes, providing public information on collaborative efforts, and publicizing industry-facing initiatives.

* Regulatory Challenges: Federal agencies face challenges in regulating rapidly evolving technologies and require varied approaches, including strategic foresight tools and interagency collaboration. * FDA's Need for Updated Authorities: The FDA seeks specific legislative changes to better oversee AI/ML-enabled medical devices, highlighting the need for clear communication with Congress. * Interagency Collaboration and Outreach: Agencies like the DOT and FAA are recommended to enhance public communication about their efforts and establish clearer channels for industry engagement. * GAO Recommendations: The GAO suggests actionable steps for the FDA, DOT, and FAA to improve regulation and oversight of emerging technologies, ensuring public interests are protected while fostering innovation.

Sen. Ernst leads bills seeking higher standard for federal small business contracting goals

The Ranking Member of the Senate Small Business Committee, Joni Ernst (R-Iowa), has introduced legislation to raise standards for federal small business contracting goals. The bill would require agencies to only include women-owned small businesses (WOSBs) and service-disabled veteran-owned small businesses (SDVOSBs) certified by the Small Business Administration in their governmentwide contracting targets.

* While agencies have consistently met or exceeded SDVOSB goals, they have only met WOSB goals in fiscal years 2019 and 2015. Under one of the bills introduced by Ernst, agencies that fail to meet their WOSB goals would be required to testify before the House and Senate small business committees. * Another bill, the Accountability in Women-Owned Small Business Contracting Act, would only count prime and subcontract awards to SBA-certified WOSBs towards a governmentwide goal of 5% of federal contracting dollars going to WOSBs. * Additionally, the Stop Stolen Valor for Service-Disabled Veteran-Owned Small Business Contractors Act would prevent self-certified SDVOSBs from being included in the count towards a governmentwide goal of 3% of federal contracting dollars going to SDVOSBs.

Sen. Ernst to agencies: No more ‘easy As’ on the SBA scorecard

Senator Joni Ernst recently criticized federal agencies for consistently receiving high grades on the Small Business Administration's annual small business procurement scorecard despite missing statutory contracting goals. Ernst argued agencies should not be earning "easy As" when they are failing to meet their goals for small business contracting dollars. She said agencies need to do more to remove barriers to entry and actively contract with small firms.

* Ernst suggested the SBA reconsider how grades are calculated to better reflect agencies' actual small business utilization. * For example, the Department of Defense received an "A" on the latest scorecard despite awarding only 26.5% of contracts to small businesses. * Senator Ernst pushed for more accountability, calling out the Department of Energy and the General Services Administration for also underperforming small business goals while maintaining high grades. She urged incorporating scorecard results into officials’ evaluations.

Senate Bill to Streamline Federal Procurement Process for Agencies, Contractors

The Senate has introduced bipartisan legislation, known as the Federal Improvement in Technology Procurement Act, aimed at streamlining the federal procurement process for government agencies and contractors. Spearheaded by Senators Gary Peters (D-Mich.) and Ted Cruz (R-Texas), the bill seeks to update procurement rules by eliminating outdated requirements, simplifying the bidding process, and expanding the use of advanced procurement methods. This initiative is designed to ensure that the most innovative businesses, including new and small ones, can compete for federal contracts, thereby keeping the federal government at the forefront of technology and innovation.

* The legislation is bipartisan, introduced by Senators Gary Peters and Ted Cruz. * It aims to streamline the federal procurement process by updating rules and removing obsolete requirements. * The bill focuses on simplifying the bidding process for contractors and expanding the use of advanced procurement methods. * It seeks to enable more businesses, especially new and small ones, to compete for federal contracts, promoting innovation and efficiency.

Six steps to safeguarding government software amid rising threats

This outlines six steps federal agencies should take to better secure their software in light of escalating cyber threats. Software security needs to become a higher priority baked into development from the start.

* The first recommendation is prioritizing application security (AppSec) by hiring experts and conducting more robust testing. * Second is implementing DevSecOps to integrate security earlier in IT delivery pipelines. * Third is increased use of automated scans and testing tools to find vulnerabilities proactively. * Fourth is adopting a zero trust approach that assumes breach and limits damage. * Fifth is training developers more on secure coding practices. * Finally, rigorous pre-deployment testing should become standard. Implementing these six steps will bolster the government's ability to defend against sophisticated nation-state and criminal hackers trying to infiltrate agencies’ systems and data.

Small business government contracting hits record high of $163B, SBA says

The Small Business Administration announced that in fiscal year 2022, the federal government awarded $162.9 billion in contracts with small businesses. This surpasses the government's goal and sets a new record. Compared to the previous fiscal year, there was a 5.6% increase in small business contract awards, totaling $154.2 billion in fiscal year 2021.

* A notable achievement is that 26.5% of federal government contract dollars were awarded to small businesses, exceeding the Biden administration's goal of 23%. * The SBA gave the federal government an "A" on its scorecard for work with small businesses, with ten federal agencies receiving an "A+" for their efforts. * NASA was specifically recognized for working closely with small businesses and received an "A" for fiscal year 2022.

Small Business Works 2023: Navigating Equity in Procurement

The Small Business Works 2023 event was a training and matchmaking opportunity for small businesses interested in federal contracting opportunities and doing business with GSA. This hybrid event offered valuable resources and information to assist small businesses in navigating and succeeding in the federal government marketplace. Additionally, small businesses had the chance to expand their network and interact with industry experts through matchmaking sessions.

Small tech companies ask Congress for changes to make acquisition easier to navigate

Small technology companies recently asked Congress to implement changes to make government acquisition more navigable for new vendors. In a letter, founders of younger tech firms argued current acquisition practices favor larger, traditional government contractors and create barriers for new entrants. They cited issues like overly complex proposal requirements, restrictive classification rules, and lack of transparency around needs.

* The founders urged Congress to mandate more modular contracting, force agencies to work with new suppliers, and invest more in acquisition workforce training. * Other recommendations included providing incentives to incumbent contractors that partner with innovative startups and subsidizing pilot contracts for new solutions. * The technologists said that reforming acquisition is vital to tapping into emerging technologies from commercial companies and keeping up with innovations used by adversaries. * Opening government procurement to new players will also increase competition and reduce costs.

Software license purchases need better agency tracking, GAO says

The Government Accountability Office (GAO) report highlights inefficiencies in federal agencies' management of software licenses, leading to missed cost-saving opportunities and duplicative purchases. Despite an annual expenditure exceeding $100 billion on IT products, agencies lack consistent tracking of software licenses, particularly for the five most widely used ones. The GAO's study, focusing on 24 Chief Financial Officers Act agencies, found that 10 vendors, led by Microsoft, Adobe, and Salesforce, dominate the market. However, the precise usage of products under these licenses remains unclear due to inconsistent and incomplete data. The GAO recommends improved inventory tracking and price comparison efforts to prevent redundant purchases and leverage cost-saving opportunities. While most agencies concurred with the recommendations, the Department of Housing and Urban Development did not explicitly agree or disagree. The report underscores the need for better data and management practices to optimize federal software license procurement.

* Federal agencies are not efficiently tracking software licenses, leading to missed cost-saving opportunities and redundant purchases in IT and cyber-related investments. * The GAO report reveals that 10 vendors, predominantly Microsoft, Adobe, and Salesforce, account for the majority of the most widely used software licenses among 24 Chief Financial Officers Act agencies. * Agencies lack detailed data on the usage of individual products within software licenses, resulting in uncertainties about the actual number of licenses needed. * The GAO recommends better inventory tracking and price comparison to prevent duplicative purchases and maximize cost savings, though not all agencies explicitly agreed with these recommendations.

Technology Modernization Fund seeking proposals for Artificial Intelligence projects

The Technology Modernization Fund (TMF) has announced a call for project proposals focusing on the implementation of Artificial Intelligence (AI) within federal agencies, in alignment with President Biden's Executive Order on the safe, secure, and trustworthy development and use of AI in the federal government. This initiative aims to support AI implementation across agencies to improve operational efficiency, enhance coordination between programs, and modernize legacy systems. Proposals seeking up to $6 million in funding and with project timelines not exceeding 1.5 years will benefit from an expedited review process. The goal is to enable rapid deployment of AI technologies to automate processes, deliver assistive technology, improve customer experience, and reduce administrative burdens.

* The TMF is seeking AI project proposals from federal agencies to align with President Biden’s Executive Order. * Projects with budgets up to $6 million and timelines within 1.5 years will receive expedited reviews. * The initiative emphasizes the responsible exploration of AI to enhance government service delivery. * Proposals must include plans for user testing, risk mitigation, evaluation metrics, and senior executive support. * The TMF aims to transform government technology use, ensuring equitable, secure, and user-centric delivery.

The four-step migration roadmap that smooths the path to classified cloud

Outlines a four-step roadmap for organizations to smoothly transition to a classified cloud environment. The first step involves understanding data and security requirements. The second step focuses on selecting the right cloud service provider. The third step is about planning and executing the migration, ensuring minimal disruption. The final step emphasizes the importance of continuous monitoring and adaptation to maintain security and compliance. This roadmap is designed to assist federal agencies in effectively leveraging cloud technology while adhering to stringent security standards.

* Four-step roadmap creates structured path to classified cloud. * Requires classifying data and applications to inform migration priorities. * Executing with security best practices as well as ongoing verification. * Following structured process unlocks full benefits of classified cloud.

The rising stakes of the federal digital user experience

There is an increasing importance on providing a seamless digital experience for citizens interacting with federal government services online. The COVID-19 pandemic dramatically accelerated adoption of digital services across agencies. As a result, agencies must now optimize online platforms for mobile-friendliness, accessibility, and ease of finding information. Improving user experience not only boosts citizen satisfaction but also enhances trust in government. Focus has been on understanding user needs, iterative design, plain language content, and inclusive accessibility. With digital channels becoming the predominant way citizens connect with government, delivering an excellent user experience is crucial for agency missions.

* Pandemic sped up adoption of digital government services. * Agencies must now optimize online platforms for seamless user experience. * Enhancing user experience builds citizen satisfaction and trust. * Excellent user experience crucial as digital becomes main public interaction.

The secret sauce to winning more government contracts

Artificial Intelligence (AI) is reshaping the dynamic business landscape, drawing attention from tech giants, governmental bodies, and the business community for its potential to boost productivity and necessitate regulatory oversight. In the government contracting (GovCon) sector, AI is emerging as a pivotal force, enabling companies to gain a competitive edge through enhanced efficiency and effectiveness. This sector, responsible for a significant portion of federal spending, is leading the tech transformation, with more than 60% of business owners believing in AI's potential to increase productivity. The adoption of AI in GovCon emphasizes the need for transparency and trust, especially when handling sensitive information, to maintain accountability and regulatory compliance. As AI technology evolves, it promises to revolutionize procurement processes, democratize opportunities for businesses of all sizes, and require government contractors to adapt swiftly to remain competitive.

* The GovCon sector is at the forefront of AI adoption, aiming to enhance efficiency and secure more business. * Transparency and trust are critical in the adoption of AI within GovCon, given the handling of sensitive information. * AI promises to revolutionize procurement processes, offering competitive advantages to early adopters. * Government contractors are encouraged to leverage AI for innovation, efficiency, and enhanced market competitiveness.

There’s a lot to be done’: Federal groups push for greater SES diversity

A coalition of federal affinity groups is advocating for greater diversity within the Senior Executive Service (SES) ranks across government. In letters to the Office of Management and Budget and Office of Personnel Management, the groups argue the SES lacks representation and inclusion, especially for women and people of color. They say enhancing SES diversity will improve decision making and service delivery.

* The groups made several recommendations including setting diversity goals, expanding mentorship and career development programs, and improving exit survey data collection to identify gaps. * They also highlighted the need for more diverse SES selection panels and interview questions targeting critical competencies. * The letters underscore ongoing efforts to ensure the federal leadership that shapes policies and programs reflects the diversity of America.

Tired of Monotonous Tasks? Federal Agencies Turn to Automation

Many federal agencies are increasingly looking to intelligent automation to handle repetitive, low-value tasks and enable employees to focus on higher-value work. RPA software can replicate human actions to complete routine processes like data entry. The General Services Administration has bots handling numerous workflows, while the IRS is automating document processing. Other use cases include automated FOIA request handling and automated security operations center functions. Agencies cite benefits like improved efficiency, accuracy, and employee satisfaction. However, they also emphasize the importance of governance and thoughtful implementation. As automation becomes more integral to federal IT, agencies will need strategies for maximizing value while managing change and mitigating risks.

* Federal agencies adopting intelligent RPA for repetitive, low-value tasks. * Enables employees to focus on higher-value work and provides efficiency/accuracy gains. * Use cases include data entry, document processing, FOIA handling, security operations. * Governance and thoughtful implementation key to maximize value and manage risks.

Transparency in numbers: Federal contractors must be held accountable for their diversity efforts

Companies awarded federal government contracts, regardless of size, must ensure equal opportunity in hiring and advancement. This is to align with America's demographics. The numbers are not confidential and do not impact our competitive advantage. The federal government has a responsibility to mandate that contracted companies submit their reports and enforce this requirement.

* In every government contract, there should be incentives for annual report submission. This will require changing processes and establishing a culture that values diversity and equity. * For non-compliant companies, contracts may be suspended. * While diversifying the talent pool is crucial for narrowing the wealth gap and getting more people into tech jobs, it is also important for government services to be reflective of the constituents they support. * Access to these services will improve as the talent pool becomes more diverse.

U.S. government discloses more than 700 AI use cases as Biden administration promises regulation

The Biden administration recently disclosed more than 700 examples of how federal agencies are using artificial intelligence as part of its commitment to transparency around AI adoption. The use cases span various departments and highlight AI applications like predictive analytics at Veterans Affairs, automated document processing at Labor, and object identification for aerospace images at NASA. While showing the broad utility of AI across government, the disclosures also aim to build public trust by demonstrating that agencies are deploying AI responsibly and ethically. This revelation of AI use comes as the White House develops guidance to regulate AI development and usage. The administration says new rules are needed to manage AI risks related to privacy, security, bias and safety. Though many advocates welcome oversight, some industry groups argue excessive regulation could stifle AI innovation. The disclosed use cases indicate the U.S. government will continue expanding its AI capabilities while trying to strike a balance between progress and prudence.

* U.S. government disclosed 700+ examples of AI use at federal agencies. * Use cases highlight role of AI in data analytics, document processing, image analysis. * Disclosure aims to build public trust in responsible AI adoption. * Comes as Biden administration develops guidance to regulate AI systems.

US signs on to international principles for 6G

The White House, along with governments from Australia, Canada, the Czech Republic, Finland, France, Japan, the Republic of Korea, Sweden, and the United Kingdom, issued a joint statement on new shared principles for 6G spectrum research and development. These principles are aimed at securing global telecommunications infrastructure, with a focus on national security, privacy, international standards, interoperability, affordability, and sustainable global connectivity. The initiative is seen as crucial for developing and deploying secure 6G technologies, leveraging advancements in AI, software-defined networking, and virtualization. The principles are intended to guide future policy and foster international cooperation in the development of 6G technology.

* International Cooperation: A unified approach among multiple nations to secure future telecommunications. * Focus on Security and Privacy: Emphasis on protecting national security and individual communications. * Inclusive and Sustainable Connectivity: A commitment to affordable and sustainable global connectivity through 6G. * Advancement in Technology: Leveraging AI and other emergent technologies for enhanced security and interoperability.

Using AI to Write Contract Requirements Highlights from a Government Roundtable, hosted by ATARC, May 2023

The Advanced Technology Academic Research Center (ATARC) recently hosted a roundtable titled "Using AI to Write Contract Requirements." The discussion focused on the use of Artificial Intelligence (AI) to improve the federal acquisition process. Both federal leaders and industry experts acknowledge the significant potential of AI in enhancing and expediting all aspects of federal acquisition, particularly contract writing. Contract writing is an essential yet time-consuming task that requires specific skills to efficiently procure government services and products. As commercial AI tools like ChatGPT become more prevalent, it is crucial for government agencies to understand how AI can be applied to routine technical work such as contract writing.

* During the roundtable, industry experts and federal procurement leaders gathered to discuss the numerous potential benefits of AI in federal procurement. * They also addressed the foreseeable challenges that agencies may face in terms of privacy, security, and the rapid advancement of technology. * The experts explored the potential applications of AI in federal acquisition and procurement processes. They highlighted that with sufficient information, AI could significantly assist in crafting acquisition strategies for various portfolios, including IT, facilities, and professional services. * Furthermore, AI has the potential to expedite processes by providing effective evaluation factors for solicitations and identifying possible contract modifications.

VA Launches New Team to Advance Equity in Benefits

The Department of Veterans Affairs (VA) has formed a team called the I*DEA (inclusion, diversity, equity, and access) Council. This team aims to promote equity in benefits for all veterans, regardless of their characteristics. The Council will focus on improving outcomes for underserved veterans and eliminating disparities in VA healthcare and benefits. They will develop and implement an Equity Action Plan and report directly to the VA deputy secretary.

* Senior leaders from various parts of the VA will be part of the council, including the Veterans Health Administration, Veterans Benefits Administration (VBA), National Cemetery Administration, Center for Women Veterans, and Center for Minority Veterans. * Additionally, the VA has established an Equity Assurance Office within the VBA to ensure fair delivery of earned benefits to veterans, led by Laurine Carson, reporting to the Office of the Under Secretary for Benefits.

Watchdog finds ‘sufficient’ cyber threat sharing at agencies, but barriers remain

The Intelligence Community Inspector General's biennial update on cybersecurity information sharing indicates progress in the last two years, but also identifies persistent challenges. The report evaluates the implementation of the Cybersecurity Information Sharing Act of 2015, involving input from various departments and the Office of the Director of National Intelligence (ODNI). While policies, procedures, and guidelines for sharing cyber threat indicators are deemed sufficient, issues such as reluctance to share outside the federal collection, over-classification of information, and resource constraints hinder effective information sharing. Departments like Commerce prefer to share only within the federal collection, and private companies hesitate due to potential legal and competitive concerns. Over-classification and the effort required to declassify information delay its use, and transferring information from classified to unclassified systems poses difficulties. Additionally, resource constraints affect the review of incoming information, and concerns about the quality of cyber information and the functionality of tools like CISA's Automated Indicator Sharing capability further complicate the sharing process.

* **Progress in Cyber Threat Information Sharing:** The report acknowledges improvements in cyber threat information sharing within the government over the last two years. * **Challenges in Sharing Outside Federal Collection:** Some departments, like Commerce, are reluctant to share outside the federal collection, and private companies are hesitant due to legal and competitive concerns. * **Over-Classification and Declassification Issues:** Concerns about over-classification hinder information sharing, and the process of declassifying information is seen as a significant delay. * **Resource Constraints:** Agencies face challenges due to a lack of personnel to review incoming information, affecting the effectiveness of information sharing.

What Are The Top Cybersecurity Threats Facing Federal Agencies?

Federal agencies currently continue to face numerous major cybersecurity threats. Ransomware is a top concern, with recent attacks crippling critical systems and disrupting operations. Insider threats from malicious employees are also a risk as they can exploit access to sensitive data and networks.

* Agencies struggle to deal with vulnerable legacy IT systems and infrastructure containing outdated software. * Cloud adoption expands the attack surface. Mobile devices introduce new entry points for cybercriminals. * There is an emphasis on the challenges of combating nation-state actors and cyber espionage. This includes the importance of cyber hygiene, network segmentation, multi-factor authentication, modernization efforts, and skilled cybersecurity staff in helping agencies improve defenses. * Ongoing vigilance and workforce education are key to mitigating persistent cyber threats.

White House and GSA launch platforms to improve equity in federal procurement

The White House and General Services Administration have introduced two platforms to enhance equity in procurement for federal agencies. These tools, launched earlier this spring, aim to assist agencies in finding new businesses for federal contracts, identifying qualified vendors, and monitoring progress towards equity goals.

* The Biden Administration has set a goal of 15% federal contract spend for small disadvantaged businesses by 2025, while the Office of Management and Budget (OMB) has set a target of 12% for fiscal 2023. * GSA Administrator Robin Carnahan emphasized that these tools will enable agencies to connect with a diverse range of businesses in the federal marketplace, promoting equity and achieving contracting goals.

White House looks to ramp up contract spending with small disadvantaged businesses

The Biden administration is looking to increase federal contract spending with small disadvantaged businesses (SDBs) up to 15% by 2025. This initiative aims to expand opportunities for SDBs through both prime and subcontracting arrangements. Steps include getting more agency commitment through new SDB contracting goals, increasing outreach to small firms, leveraging SDB set-asides, and partnering SDBs with larger contractors. The administration will also enhance oversight and accountability to ensure progress. Overall the goal is to drive more federal procurement spending towards SDBs and strengthen the diversity of the government's contractor base.

* Seeking to increase federal contract spending with SDBs to 15% by 2025. * Expanding SDB opportunities via prime and subcontracting. * Agencies establishing new SDB goals, enhanced outreach to small firms. * Leveraging set-asides, partnering SDBs with larger contractors and improving oversight to drive progress.

White House looks to scale FedRAMP with automation

The White House is looking to scale and automate FedRAMP, the government's security authorization program for cloud products and services. The goal is to accelerate agency adoption of secure cloud technologies. Through enhanced automation, the administration aims to cut review times and costs while expanding the FedRAMP marketplace. Key steps include leveraging automation to expedite authorization processes, integrating robotics process automation to reduce manual efforts, and exploring ways to automate the collection and analysis of security data from cloud platforms.

* White House seeking to scale and automate FedRAMP cloud security program. * Aims to accelerate agency adoption of secure cloud technologies. * Enhanced automation would cut review times and costs. * Steps include automating authorization processes, using RPA, analyzing security data. * Goal is to expand the FedRAMP marketplace.

White House moves to ease education requirements for federal cyber contracting jobs

National Cyber Director Harry Coker is actively working to broaden the pool of cybersecurity professionals within the federal government by advocating for reduced educational requirements for certain contracting roles. This initiative, in collaboration with OMB, is part of a broader effort by the Biden administration to address the significant shortage in the cybersecurity workforce and to promote diversity in the field. By eliminating the four-year degree requirement, the administration aims to make cybersecurity roles more accessible and inclusive, especially for women and people of color who have been historically underrepresented. Coker emphasized the importance of inclusivity in defending digital systems, a critical component of modern infrastructure. To this end, his office plans to implement hiring sprints and recruitment events, particularly targeting locations that have been overlooked by federal recruitment efforts. The urgency of these efforts is underscored by Coker's estimate of at least half a million vacant cybersecurity positions in the industry, a gap that poses a risk at a time when digital systems are increasingly under threat. The Biden administration views this push not only as a security imperative but also as a means to drive economic development and ensure equitable participation in the benefits of the digital revolution.

* **Reducing Educational Barriers:** Coker is collaborating with the Office of Management and Budget to remove the four-year degree requirement for some federal cybersecurity contracting positions. This effort aims to make cybersecurity jobs more accessible and increase diversity within the field. * **Promoting Diversity and Inclusivity:** The initiative focuses on opening pathways to cybersecurity careers for groups traditionally underrepresented in the field, such as women and people of color, by eliminating historical barriers to entry. * **Utilizing Community Colleges:** Institutions like the Community College of Baltimore County, recognized for excellence in cybersecurity education, are seen as crucial for providing affordable and accessible technical training to help fill the vast number of open positions. * **Addressing the Workforce Shortage:** With an estimated half a million open cybersecurity positions, the initiative recognizes the urgent need to secure digital systems against increasing threats and aims to rapidly fill these vacancies.

White House outlines plan for green government spending spared by debt ceiling cuts

The Biden administration's goals to eliminate carbon emissions from federal buildings and vehicles were not affected by the bipartisan deal to cut government spending and raise the debt ceiling. Heather Boushey, a member of the White House Council of Economists, confirmed that the environmental components of the Inflation Reduction Act were not reduced. This is positive news and reflects the ongoing conversations and concerns surrounding this issue.

* Boushey expressed concerns about substantial cuts to the IRS's modernization fund as part of the debt ceiling deal. * Federal agencies are actively exploring ways to make their buildings and vehicles more sustainable in order to achieve the administration's target of net-zero greenhouse gas emissions by 2050 and a 65% reduction by 2030.

White House tells federal agencies to bolster cybersecurity in memo

The White House has directed federal agencies to take new steps to strengthen their cybersecurity postures in the face of increasing threats. In a recently released memo, the Biden administration lays out immediate actions for agencies to protect networks, identify threats, and improve incident response.

* Agencies are instructed to encrypt data, implement multi factor authentication, and deploy endpoint detection and response tools. * They must also conduct reviews of their exposure to cyberattacks within 30 days. The memo prioritizes rapid patching of critical vulnerabilities and tackling cyber workforce gaps.\ Additionally, it orders exercises to evaluate readiness and calls for evaluating the security of third-party vendors. * According to the White House, implementing these measures will enable agencies to quickly address the most significant cyber risks and advance the nation's cybersecurity. The administration aims to lead by example in adopting cyber best practices.

White House unveils AI governance policy focused on risks, transparency

The White House has introduced a comprehensive artificial intelligence (AI) governance policy, aligning with President Joe Biden's AI executive order. This 34-page memo, crafted by the Office of Management and Budget (OMB) Director Shalanda D. Young, aims to guide federal agencies in responsibly managing and utilizing AI technologies. It builds on a draft released for public feedback in November, emphasizing risk management, transparency, and the establishment of chief AI officers (CAIOs) within agencies. The policy underscores the federal government's commitment to leading by example in AI usage, with specific measures to safeguard Americans' rights and safety. Additionally, it announces the National AI Talent Surge to recruit AI professionals into government roles and plans for federal procurement of AI, highlighting the administration's approach to modeling responsible AI governance domestically and globally.

* The policy mandates guardrails for AI applications affecting rights or safety and expands AI use case inventories. * Agencies are required to appoint CAIOs to oversee AI technology use. * The National AI Talent Surge aims to hire at least 100 AI professionals by the summer. * The policy serves as a domestic model for global AI governance, emphasizing transparency and risk mitigation.

Why Federal Pay Data Collection Is Critical to Equity

Kalpana Kotagal was confirmed as a commissioner to the EEOC on July 13, 2023. This confirmation renews the focus on EEOC priorities, one of which is the pay data collection program through the EEO-1.

* Pay data collection is crucial for achieving pay equity. It provides enforcement agencies, such as the EEOC, OFCCP, and state labor departments, with better data to enforce civil rights laws and encourages employers to analyze their pay practices and address disparities. * By collecting pay data through the EEO-1, the EEOC and OFCCP can effectively target pay discrimination and occupational segregation in specific firms, industries, and localities. * This issue briefly outlines the key aspects of pay data collection through the EEO-1 and suggests improvements for future implementation.

Zero Trust and Improving the Nation's Cybersecurity

In May 2021, the Biden Administration issued Executive Order 14028, revolutionizing U.S. federal cybersecurity with a focus on Zero Trust security. This model, based on "Never trust, always verify," mandates stringent verification for all access attempts within government networks, regardless of origin. Emphasizing a continuous, multifaceted approach, Zero Trust requires a blend of technologies and practices, marking a significant departure from traditional cybersecurity strategies towards a more secure, resilient governmental infrastructure.