Nihal Krishan Archives | FedScoop https://fedscoop.com/author/nkrishan/ FedScoop delivers up-to-the-minute breaking government tech news and is the government IT community's platform for education and collaboration through news, events, radio and TV. FedScoop engages top leaders from the White House, federal agencies, academia and the tech industry both online and in person to discuss ways technology can improve government, and to exchange best practices and identify how to achieve common goals. Mon, 23 Jan 2023 09:20:32 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://fedscoop.com/wp-content/uploads/sites/5/2023/01/cropped-fs_favicon-3.png?w=32 Nihal Krishan Archives | FedScoop https://fedscoop.com/author/nkrishan/ 32 32 NTIA launches probe into discriminatory data practices and civil rights https://fedscoop.com/ntia-launches-probe-into-discriminatory-data-practices-and-civil-rights/ Fri, 20 Jan 2023 02:32:10 +0000 https://fedscoop.com/ntia-launches-probe-into-discriminatory-data-practices-and-civil-rights/ The inquiry will focus on analyzing the outsized consequences data practices can have on marginalized communities and make specific recommendations on solutions.

The post NTIA launches probe into discriminatory data practices and civil rights appeared first on FedScoop.

]]>
The National Telecommunications and Information Administration Wednesday said it would probe how companies’ data practices may impose outsized harm on marginalized or underserved communities.

Alan Davidson—the assistant secretary of Commerce for Communications and Information and the NTIA administrator—said the agency had issued a request for comment “on how we can increase our vigilance at the intersection of privacy and civil rights,” during an event hosted by the Georgetown Law school.

The National Telecommunications and Information Administration (NTIA), which is President Biden’s principal advisory body on tech and telecom policy issues, will focus its inquiry on discriminatory data practices related to: online job discrimination based on demographic characteristics; apps that collect and sell location data about user movement, particularly dating and religious apps; and the heightened cost of data breaches on low-income communities.

“Our inquiry will help us analyze the outsized consequences that data practices can have on marginalized communities, and make specific recommendations on solutions,” Davidson said. “We know that addressing the disproportionate harms borne by these communities will take more than just privacy reforms. But increased protections are an important step toward that goal.”

The NTIA’s initiative is meant to bolster the Biden Administration’s six ‘Principles for Enhancing Competition and Tech Platform Accountability’ announced last September. The Big Tech reform rules were emphasized in Biden’s recent Wall Street Journal op-ed, call for “robust federal protections for Americans’ privacy” and an end to “discriminatory algorithmic decision-making.”

Building on the previously announced six principles, Davidson said the need for a federal privacy framework “is especially acute when we consider the impact on disadvantaged groups.” 

Davidson added that data privacy invasions can be felt more starkly by marginalized communities due to the difficulty for facial recognition tools to accurately identify people of color and the problematic ways in which phone apps can collect and store sensitive information related to users’ sexual orientation or religion. 

“Data collection and sharing creates the risk of new digital discrimination replicating previous forms of profiling, redlining and exclusion,” said Davidson. “We are concerned about how these practices can hinder economic and social opportunities, from housing and jobs to health and safety.”

Federal contractors providing government departments with HR services are already held accountable for computer-based tools that discriminate against potential employees with disabilities under a joint initiative launched in May by the Department of Justice and the Equal Employment Opportunities Commission.

The NTIA data privacy request for comment builds on the work conducted by the agency during three listening sessions. Comments will be due 45 days from publication in the Federal Register.

The post NTIA launches probe into discriminatory data practices and civil rights appeared first on FedScoop.

]]>
64028
2022 in review: FedRAMP reform enacted, SAMOSA Act progresses https://fedscoop.com/2022-in-review-fedramp-reform-enacted-samosa-act-progresses/ Sat, 31 Dec 2022 19:15:25 +0000 https://fedscoop.com/2022-in-review-fedramp-reform-enacted-samosa-act-progresses/ FedScoop looks back at some of the most consequential developments in federal IT policy over the past year.

The post 2022 in review: FedRAMP reform enacted, SAMOSA Act progresses appeared first on FedScoop.

]]>
Over the course of 2022, Congress progressed several bills that represent a major step forward for federal IT policy across areas including software licensing, cybersecurity in the cloud and semiconductor development.

The executive branch also issued a foundational document intended to guide the use and regulation of artificial intelligence technology, and federal government agencies launched initiatives to acquire IT and cybersecurity talent.

Some of the most consequential policymaking this year included: the SAMOSA Act software transparency bill, the AI Bill of Rights, the $280 billion CHIPS and Science Act, the FedRAMP reform bill, and Biden administration’s cyber job creation sprints.

FedRAMP cybersecurity certification reform

New legislation that will significantly reform the FedRAMP cybersecurity authorization program for cloud vendors by allowing FedRAMP-authorized tools to be used in any federal agency without additional oversight or verification became law earlier this month.

FedRAMP is a crucial cybersecurity certification that cloud service providers must obtain prior to working with U.S. government data.

One of the most consequential aspects of the FedRamp reform language is a “presumption of adequacy” clause, which would allow FedRAMP-authorized tools to be used by any federal agency without further checks.

The latest iteration of the Federal Risk and Authorization Management Program (FedRAMP) bill became law in late December as part of the NDAA after an uphill battle for almost six years led by Rep. Gerry Connolly, D-Va and Sen. Gary Peters, D-Mich.

SAMOSA Act

Congress introduced bipartisan legislation earlier this year that would mandate the consolidation of federal agency software licenses and force agencies to take a more transparent approach to software purchasing.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSA), ​​which was first reported by FedScoop, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

The legislation was introduced in the Senate in September by Sens. Gary Peters, D-MI, and Bill Cassidy, R-LA, and by Rep. Matt Cartwright, D-PA in the House.

The SAMOSA Act passed the Senate Homeland Security and Governmental Affairs Committee (HSGAC) committee in September and is expected to get a full Senate vote in the coming months. 

CHIPS and Science Act

Bipartisan legislation known as the “CHIPS and Science Act,” pumped approximately $280 billion of new funding intended to boost domestic semiconductor manufacturing and help the U.S. compete with China in the development of cutting edge technologies.

The bill which became law in August includes approximately $52 billion in government subsidies for U.S. semiconductor production. It also includes $24 billion in investment tax credits for chip plants and other funding to spur innovation and research of other key U.S. technologies.

The IT industry and those that rely on it are expected to benefit significantly from the bill thanks to the increased investments and future growth. For example, IT giants and major federal government contractors like IBM are anticipating using funds from the legislation to boost growth in the sector from semiconductors.

The $1.7 trillion omnibus government spending package signed by President Joe Biden on Thursday ​​fell short of providing the maximum funding authorized under the CHIPS Act but nevertheless authorized large funding increases for NIST, the National Science Foundation (NSF), and the Department of Energy’s (DOE) Office of Science.

AI ‘Bill of Rights

The Biden administration in October issued a long-awaited blueprint document that is intended to provide guardrails for the use of artificial intelligence technology within the federal government.

The AI Bill of Rights consists of five key principles for the regulation of the technology: safe and effective systems, algorithmic discrimination protections, data privacy, notice and explanation and human alternatives, consideration and fallback.

It was created by the Office of Science and Technology Policy and is intended to address concerns that unfettered use of AI in certain scenarios may cause discrimination against minority groups and further systemic inequality.

Cyber job creation sprint

A 120-day cybersecurity apprenticeship sprint coordinated by the White House and the Department of Labor created 194 new registered programs, the Biden administration announced in November.

In total, the sprint resulted in more than 7,000 cyber apprentices getting hired, of which over one-third were female and 42% were people of color. Out of the cyber apprentices hired, 1,000 were from the private sector.

The sprint was launched in July in a bid to alleviate a shortage in cyber employees. There have been massive challenges in hiring cybersecurity employees within the government due to a tight labor market and a severe shortage of skilled cyber engineers and analysts and the problem continues to get worse. 

CyberSeek, a recruiting website for cybersecurity jobs in the U.S., funded by the Commerce Department, says that in the public sector or the government, there are 47,114 vacant cyber jobs and 72,599 cybersecurity experts currently employed.

The post 2022 in review: FedRAMP reform enacted, SAMOSA Act progresses appeared first on FedScoop.

]]>
63710
Big boosts to cybersecurity and tech funding in $1.7T omnibus bill signed by Biden https://fedscoop.com/big-boosts-to-cybersecurity-and-tech-funding-in-1-7t-omnibus-bill-signed-by-biden/ Fri, 30 Dec 2022 19:08:46 +0000 https://fedscoop.com/big-boosts-to-cybersecurity-and-tech-funding-in-1-7t-omnibus-bill-signed-by-biden/ The bipartisan omnibus spending agreement for fiscal year 2023 includes $2.9 billion for the Cybersecurity and Infrastructure Security Agency.

The post Big boosts to cybersecurity and tech funding in $1.7T omnibus bill signed by Biden appeared first on FedScoop.

]]>
The $1.7 trillion omnibus government spending package signed by President Joe Biden on Thursday includes significant boosts in federal government funding for cybersecurity as well as science and technology programs.

The bipartisan fiscal 2023 omnibus spending agreement includes $2.9 billion for the Cybersecurity and Infrastructure Security Agency (CISA), a $313 million increase over its current budget as well as $1.6 billion for the National Institute of Standards and Technology (NIST), an increase of $397 million for the agency.

Cybersecurity

The spending package includes $1.3 billion for CISA’s cybersecurity programs, which represents a year-on-year increase of $230 million, although the bill also includes unusual language that would fine the agency $50,000 for every day it is delayed on quarterly congressional briefings.

CISA is a year late submitting its organizational planning, staffing and budgeting document to Congress, known as a “force structure assessment.”

If Congress doesn’t have the document to evaluate budgeting for CISA soon, Rep. Jim Langevin, D-R.I. told CyberScoop earlier this month that it could impact the agency’s funding.

The omnibus also includes $200 million for the Department of Energy’s Cybersecurity, Energy Security, and Emergency Response (CESER) office and will allocate $100 million in funding for the Treasury Department’s Cybersecurity Enhancement Account, $20 million more than last year.

The spending package also targets cybercrime from foreign adversaries in particular by allocating $50 million to tackle cybersecurity threats emanating from Russia and other adversaries as well as $422 million for the Office of Personnel Management (OPM) to address cybersecurity and hiring initiatives. The bill includes a provision requiring the Federal Trade Commission (FTC) to collect and report on international cyberattacks committed by foreign actors, with a specific focus on those from China, Iran, North Korea and Russia, according to a Senate Republican summary of the bill.

The omnibus also provides $22 million for the White House Office of the National Cyber Director, the first time the new office will receive resources through an appropriations bill. The office is expected to issue a new national cyber strategy in 2023, as well as a cybersecurity workforce, training and education plan.

Science and Technology

Congress passed the Creating Helpful Incentives to Produce Semiconductors (CHIPS) and Science Act in August to boost domestic semiconductor manufacturing and help the U.S. compete with China in the development of cutting edge technologies.

The omnibus spending package ​​fell short of providing the maximum funding authorized under the CHIPS Act but nevertheless authorized large funding increases for NIST, the National Science Foundation (NSF), and the Department of Energy’s (DOE) Office of Science.

NIST’s $1.6 billion allocated includes $953 million for scientific and technical research and up to $462 million for the construction of new research facilities. 

NIST’s Manufacturing Extension Partnership Program was also allocated $175 million, an increase of $17 million, while an additional $4 million has been set aside to establish a NIST center of excellence to develop standards for measuring climate change and its effects on the country.

The post Big boosts to cybersecurity and tech funding in $1.7T omnibus bill signed by Biden appeared first on FedScoop.

]]>
63708
FedRAMP reform measures enacted as Biden signs NDAA into law https://fedscoop.com/fedramp-reform-measures-enacted-as-biden-signs-ndaa-into-law/ Fri, 23 Dec 2022 23:49:03 +0000 https://fedscoop.com/fedramp-reform-measures-enacted-as-biden-signs-ndaa-into-law/ Language from the FedRAMP Authorization Act was included in the National Defense Authorization Act enacted Friday.

The post FedRAMP reform measures enacted as Biden signs NDAA into law appeared first on FedScoop.

]]>
President Joe Biden has signed legislation that will reform the FedRAMP cybersecurity authorization program for cloud vendors by allowing FedRAMP-authorized tools to be used in any federal agency without additional oversight or verification.

Language from the FedRAMP Authorization Act was included in the National Defense Authorization Act (NDAA) enacted Friday after the FedRAMP bill was hotlined in the Senate earlier this year as part of an effort led by Sen. Gary Peters, D-Mich.

One of the most consequential aspects of the FedRamp reform language is a “presumption of adequacy” clause, which would allow FedRAMP-authorized tools to be used by any federal agency without further checks.

FedRAMP is a crucial cybersecurity certification that cloud service providers must obtain prior to working with U.S. government data.

The latest iteration of the Federal Risk and Authorization Management Program (FedRAMP) bill passed the House in September after an uphill battle for almost six years led by Rep. Gerry Connolly, D-Va.

In a statement to FedScoop, Chairman of the Senate Homeland Security and Governmental Affairs Committee Sen. Gary Peters said the legislation would make it easier for agencies to quickly acquire cloud states and also protect the tremendous amount of sensitive data held by departments from cyberattacks.

“By helping federal agencies quickly and securely adopt cloud-based systems, this program will also create good-paying jobs, and incentivize cloud companies to create more effective products,” Peters said.

Pressure to update FedRAMP has mounted amid the federal government’s broad, sweeping migration to the cloud. The certification program was first established in 2011 to provide a standardized governmentwide approach to cloud computing services authorization and security assessments.  

Federal government IT specialists who helped create and build FedRAMP when it was first formed in 2011 cheered the changes made in the reform bill.

“I remember sitting in a room with the Federal CIO at the time,” Salesforce Principal Solutions Engineer and former FedRAMP Director at GSA Matt Goodrich wrote in a post on LinkedIn.

Goodrich recalled discussions in which then-Federal CIO Vivek Kundra asked how security of cloud services could be certified, and senior NIST computer scientist Peter Mell suggested having the Department of Defense, the Department of Homeland Security and the General Services Administration jointly authorize them.

“[T]hat was how FedRAMP started … very organic at how do we solve a simple problem,” Goodrich noted on the social networking site.

The FedRAMP Authorization Act bill will ensure FedRAMP has a board to enhance and speed up the program. It would also create a separate cloud advisory committee consisting of five representatives from cloud services companies, two of which must come from small cloud vendors.

In addition, the 15-strong advisory committee would also contain one representative each from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology. Two serving chief information officers from federal government agencies would also sit on the committee.

Commenting on the enactment of the legislation, Hettinger Strategy Group founder and former Staff Director of the House Oversight Government Operations Subcommittee Mike Hettinger said: “This is a significant victory for the broader federal cloud computing community and I am really glad to see it get done this year. Major congratulations go to Rep. Connolly, Sen. Peters and their teams for never giving up the fight to enact this important and meaningful cybersecurity reform legislation.”

He added: “Most bills that hang around for 5 years and hit the sorts of roadblocks that this bill hit, eventually just die on the vine. Somehow, we were able to get this one across the line.”  

The post FedRAMP reform measures enacted as Biden signs NDAA into law appeared first on FedScoop.

]]>
63687
Insiders worry CISA is too distracted from critical cyber mission https://fedscoop.com/insiders-worry-cisa-is-too-distracted-from-critical-cyber-mission/ Fri, 23 Dec 2022 01:23:21 +0000 https://fedscoop.com/insiders-worry-cisa-is-too-distracted-from-critical-cyber-mission/ The agency appears to be struggling with internal divisions, morale problems and growing concerns about leadership priorities.

The post Insiders worry CISA is too distracted from critical cyber mission appeared first on FedScoop.

]]>
When Congress was still trying to understand the full extent of Russia’s 2016 election meddling and growing increasingly anxious about possible cyberattacks on other U.S. targets, lawmakers rallied behind an idea to shore up the nation’s digital defenses.

In the fall of 2018, they passed legislation establishing an agency inside the Department of Homeland Security to streamline federal cybersecurity efforts, encourage industry to improve vulnerable systems and help safeguard critical infrastructure from determined nation-state hackers.

Republicans and Democrats praised the new Cybersecurity and Infrastructure Security Agency, which replaced the National Protection and Programs Directorate inside DHS. Rep. Michael McCaul, R-Tex., said it would “strengthen the security of federal networks and our nation’s critical infrastructure.” Rep. Jim Langevin, D-R.I., was another early booster of the new agency — and has been one of its most vocal champions.

But four years in, CISA appears to be struggling with internal divisions over the direction of the agency, morale problems and growing concerns about leadership priorities. CyberScoop and FedScoop spoke with 14 current and former CISA employees and 18 additional people familiar with CISA’s internal operations. Most described an agency that lacks a clearly defined strategic direction and often seems more focused on its public image than working on the nation’s thorniest cybersecurity problems.

Even Langevin, who is retiring from Congress next month after spending years promoting cybersecurity legislation, is frustrated. “There are a lot of things that the agency can and should do better,” Langevin told this publication, pointing out that CISA is a year late submitting its organizational planning, staffing and budgeting document to Congress.

If Congress doesn’t have the document — known as a “force structure assessment” — to evaluate budgeting for CISA soon, Langevin suggested it could impact the agency’s funding.

“I’m disappointed that it wasn’t completed before the end of my final term,” he said. Others in Congress appear to be fed up by delays from CISA, too: The pending omnibus government funding bill includes unusual language that would fine the agency $50,000 for every day it’s late on quarterly congressional briefings.

An organization struggling to find its way

People inside the organization, and those who recently left, complain that leadership hasn’t articulated priorities and often seems insulated from staff, leaving many to hear about agency initiatives via Twitter instead of from managers.

“Front-line employees would benefit from having a consistent directional strategy,” said Beau Woods, a noted cybersecurity researcher who left CISA in November after two years as a senior adviser. He said that what’s absent from agency brass is direction on “clear outcomes or a clear understanding of what good looks like.” Without that, he said, employees can have “the perception that every new email will be just the flavor of the week and next week they’ll be on to something different.”

A current senior U.S. cyber official was more direct. “I don’t know what the CISA vision and agenda is internally from leadership,” the official said. “I think they do far more external communication than internal communication.”

The official highlighted that one of the agency’s key challenges lies in its inability to hire the right cyber talent, which has had significant negative downstream effects on other problems it faces. “Their hiring challenges significantly hurt their ability to execute their mission,” the official said.

Still, CISA’s employee base has grown. Federal numbers show that between September 2021 and June 2022, CISA grew from 2,392 to 2,626 employees. However, multiple sources said the hiring pace has been slower than it should be and that CISA has particularly struggled to hire highly skilled technical talent. A CISA blog post from June said the agency had nearly 150 open cybersecurity positions it sought to fill.

Many of the people who spoke with CyberScoop and FedScoop did so on the condition of anonymity due to concerns that they could jeopardize current or future relationships with CISA. Nearly all of those interviewed acknowledged the agency has plenty of existential challenges such as a vast DHS bureaucracy and a difficult mission due to the sheer number of U.S. entities needing cybersecurity assistance.

Still, many said there’s a growing perception inside — and outside — CISA that an over emphasis on carefully managing and promoting Director Jen Easterly’s brand is taking precedence over more critical matters. Easterly is a staple at industry gatherings such as the RSA ConferenceDEF CON and CYBERWARCON as well as at corporate speaking events such as the Mandiant mWise conference, a recent Google panel and another on the floor of the New York Stock Exchange.

Easterly also maintains an active social media presence and was the subject of a recent “60 Minutes” feature. She often appears in videoson the CISA Instagram page promoting cybersecurity messages.

“The day-to-day effect of Jen’s branding push is that it hurts the work and mission execution,” a former CISA official said. “It’s not what the staff want … They want the focus to be about the work, not about one person.”

Nominated by President Biden to run the agency in April 2021, Easterly arrived with impeccable credentials. She most recently worked as a cybersecurity executive at Morgan Stanley where she defended the firm against global cybersecurity threats. Before that, she helped stand up U.S. Cyber Command and served in the Obama White House and the National Security Agency as a senior counterterrorism official. She’s an Army veteran, West Point graduate and Rhodes Scholar. She is known for starting her workday early and usually arrives at CISA headquarters no later than 7 a.m.

Easterly defended her focus on external relations in a statement to this publication.

“CISA is fundamentally a partnership agency; our ability to effectively protect and defend the critical infrastructure Americans rely on every day — much of which is owned by the private sector — is dependent on our ability to develop trust with our partners,” the statement said. “People don’t trust institutions; they trust people.”

A leader who has become a lightning rod

Easterly succeeded Chris Krebs, who spent time at Microsoft as director of cybersecurity policy. Krebs also worked in several leadership roles in DHS and headed up the directorate that preceded CISA. He too became a high-profile figure during his tenure, especially as Washington became more concerned about election security and online disinformation. And then, in 2020, President Trump famously fired him via Twitter for disputing claims of election fraud, giving him a whole new level of notoriety.

Krebs told this publication that Easterly’s focus on the speaking circuit makes sense given the “almost exclusively voluntary nature of [CISA’s] engagement with the private sector as well as state and local governments.”

He said that when he held Easterly’s role, he frequently made speaking appearances, usually in small towns. “The future of CISA is in the field — reverse engineer that and it means it’s not sitting at a desk in Washington, D.C., all day, every day,” he said. But many of the sources CyberScoop and FedScoop spoke with said Krebs remained more plugged into agency specifics than Easterly.

“I don’t think that they’ve done enough to execute their mission at CISA,” said a former senior CISA official who now works with the agency frequently on behalf of industry. “Leadership is still in that mindset of let’s market this thing so we can create it. You’ve gotta stop chasing tweets and start actually doing things … They’re going to have Congress down their throat soon, the train is coming full speed in their direction.”

When appearing in public, Easterly often cuts a different figure than a typical government official. She’s known to swap the standard-issue government suit for a T-shirt and jeans and often signs Rubik’s Cubes, which have become something of a calling card. For an agency that’s not well known outside the beltway and needs to form partnerships with private sector organizations, that PR work is an essential part of her job, Easterly’s defenders argue.

To be sure, women in power are often attacked and marginalized for being strong leaders and taking on highly visible public roles. Nonetheless, many of the people CyberScoop and FedScoop spoke with said their criticism of Easterly’s speaking engagements isn’t personal and instead reflects serious concern over the challenges CISA confronts and the need for more leadership from the top.

Complaints about Easterly’s public persona don’t surprise Jim Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies. But that doesn’t make it fair either, he said.

“The technical community is always unhappy because they feel like the spotlight should be on them,” he said. “They’re the true guardians of cybersecurity … . She’s actually got a good technical background. So, to say there’s a complaint from the technical community it’s like, ‘So what else is new?’ You’re never going to be happy because the person they want doesn’t exist. They want someone who has executive experience and a great public persona, but also happens to be an uber-geek and uber-geeks don’t come with great leadership skills and great public skills.”

Many CISA employees said they wouldn’t take issue with Easterly’s PR focus if there was less discontent inside the agency. For example, the mood at CISA virtual town halls is such a concern that questions are typically limited ahead of time. As a result, some staffers have taken to asking Easterly hostile questions left anonymously in the town hall Zoom chat. After Easterly told CISA staff they would be held accountable for their work in one such virtual meeting, an employee went to the chat to ask how leadership is being held accountable. Easterly told the anonymous staffer, “If you don’t like it here, you can leave,” according to someone in the meeting.

A senior CISA official said Easterly has devoted town halls to workplace issues such as mental health, burnout prevention and inclusion and diversity. She also makes herself available to staff through weekly one-on-one office hours. The official noted that CISA’s Federal Employee Viewpoint Survey scores are higher than the average for government agencies.

A tense relationship with DHS

Easterly’s style also has led to tensions with Alejandro Mayorkas, Homeland Security secretary, two people familiar with the relationship told this publication.

Mayorkas and his team were incensed after they learned Easterly lobbied Congressional Republicans on the Cyber Incident Reporting for Critical Infrastructure Act that passed in September, two sources said. Easterly did so without getting sign off from Mayorkas or his top advisers first, according to the federal cyber official and an external CISA partner. The official said the incident hurt Easterly’s relationship with Mayorkas because the secretary and his top advisers at DHS determine the department’s political priorities.

Other interviewees said DHS bears some responsibility for CISA’s struggles. One prominent Washington cybersecurity expert defended Easterly, saying she has had “scant support” from DHS leadership.

“If the secretary’s team had come in and said, ‘Yeah, it’s important to get cyber right, we’re gonna support Jen to get this organization — which is still in its infancy — reworked,’ I think she might have had a chance to show more progress than she has,” the expert said.

A DHS spokesperson declined to comment on the incident with Congressional Republicans but provided this publication with a statement that Mayorkas is “incredibly proud” of the work done by CISA and that he believes Easterly’s “leadership and vision have been and will continue to be instrumental.” A senior CISA official sent a similar statement about Mayorkas.

Easterly did inherit plenty of problems. She is charged with running an agency that needs more in-house technical talent and therefore relies on a significant number of contractors. A former senior CISA official who now works with the agency on behalf of industry said contractors are often left struggling to understand what CISA wants. “It’s almost impossible to work for them and everyone in the industry knows it,” the person said. “Our biggest frustration is that they don’t communicate with contractors. Congress is throwing [money] at them and it’s not clear what they’re doing with it.”

Beyond that, CISA is fighting to manage major structural challenges caused by a slow-moving DHS and the control it exercises over many hiring and technology acquisitions, former CISA employees and outside cyber experts said. In fact, Rep. Langevin told CyberScoop he sees the benefit of CISA gaining more independence from DHS and said he would like Congress to study the issue.

“It seems to me to make sense that if CISA had its own hiring authority, as well as ability to purchase equipment, it would give them greater agility and flexibility to move more quickly,” Langevin said. He added that he believes CISA is headed in the right direction and that he supports Easterly.

Technical shortcomings take a toll

There are other challenges, too. Almost everyone interviewed for this story said the agency is hampered by the fact that CISA is divided across six divisions and between the field staff and headquarters. The split structure and CISA’s constrained ability to acquire technology limits the deployment of new software across the entire enterprise, according to a source with direct knowledge of the agency’s technology operations.

“What often happens is that individual teams manage their own infrastructure,” the source said. “That’s a [spending] problem, but it’s also a security problem because it means there is no central place for oversight to happen.”

CISA officials acknowledge the issue: One of four key objectives in the strategic plan released in September is “agency unification” so that CISA business operations will be “mutually supportive across all divisions” and “governance [and] management” functions will be integrated.

In one example of how this lack of cohesion plays out, each of the six divisions relies on different databases for analysis of critical infrastructure cyber trends, incidents and vulnerabilities without the ability to work in an agency-wide database, according to a former senior CISA employee and a current employee at the agency.

“Think about how much analysis we could get done if we weren’t trying to access six different repositories and rationalize the data and cut and paste from PDFs,” the current employee said.

Other CISA staff and observers said the agency sometimes prematurely stands up or rebrands existing initiatives. CISA’s Joint Cyber Defense Collaborative (JCDC) is a good example of an initiative the agency rebranded with mixed results, according to multiple sources, including two who partner with JCDC.

A CISA spokesperson sent CyberScoop and FedScoop a blog post Easterly wrote about the JCDC in September. The post highlights CISA’s work on Log4Shell, noting that the DHS-led Cyber Safety Review Board report on the incident credited JCDC as an “important catalyst for information sharing to address the threat.” The post said that JCDC members provided 17 threat analyses and that a related vulnerability guidance web page garnered more than 300,000 page views in its first three weeks.

Still, two of JCDC’s technical partners and a top cybersecurity expert in Washington said industry government affairs’ employees and lawyers are heavily involved in the center’s work, something they view as a problem. “None of us share anything anymore,” one of the JCDC technical partners said. “It turned out that we were just broadcasting to a channel of lawyers.”

The JCDC technical partner also said that security researchers, industry and others collaborate on an “operational” Slack platform that does not currently have much traffic. The general channel populated by more than 500 people had just 12 posts from Dec. 1 through this Tuesday and multiple other smaller single-subject channels where operational work happens were similarly quiet, the JCDC partner said. (A senior CISA official said the agency is “pleased with the subject matter expertise and level of engagement that our industry partners have provided.”)

“When it comes to operational collaboration, as opposed to indicators and warning, I think there’s still a need to evolve the JCDC,” said Megan Stifel, a former cybersecurity director at the National Security Council and currently the chief strategy officer at the Institute for Security and Technology. Still, she said, CISA is making good progress overall.

In general, many critics say CISA is focusing too much energy on building alliances with major industry players and large corporate partners. The relationships are often one-sided, said Bryson Bort, CEO of SCYTHE and a former adviser to Easterly’s predecessor Krebs.Ultimately, he said, these types of organizations have well-resourced cybersecurity teams to defend their interests, and often aren’t sharing significant information with CISA about current threats.

“Meanwhile, there’s a $1 billion asset community bank somewhere getting completely f—ed and CISA doesn’t know they exist, and they don’t know that CISA exists,” Bort said. “That’s the challenge.”

Christian Vasquez contributed reporting.

Corrected Dec 22, 2022: This story was updated to correct the name of the information-sharing initiative CISA runs to collaborate with the private sector. It’s called the Joint Cyber Defense Collaborative.

The original story also incorrectly reported how CISA deploys Microsoft 365. It is deployed across the entire agency and centrally managed.

The post Insiders worry CISA is too distracted from critical cyber mission appeared first on FedScoop.

]]>
63702
NIST signs new research agreement for photonic chips https://fedscoop.com/nist-signs-new-semiconductor-rd-agreement-with-aim-photonics/ Tue, 20 Dec 2022 23:23:22 +0000 https://fedscoop.com/nist-signs-new-semiconductor-rd-agreement-with-aim-photonics/ The type of semiconductor uses both optical and electrical signals to transmit information faster and is a key component in fiber-optic networks and high-performance computing facilities.

The post NIST signs new research agreement for photonic chips appeared first on FedScoop.

]]>
The National Institute of Standards and Technology (NIST) announced Tuesday a partnership with semiconductor manufacturer AIM Photonics that will give developers a critical new tool for designing faster chips that are key to laser-guided missiles, medical sensors and other advanced technologies. 

This newly improved designs for photonic chips will result in chip speeds of up to 110 gigahertz (GHz), which represents a more than four-fold increase from the 25 GHz speed at which most photonic chips currently operate.

The new chips, called integrated photonic circuits, will use both optical and electrical signals to transmit information faster and are key components in fiber-optic networks and high-performance computing facilities.

“This effort will leverage NIST’s expertise in chip measurements, calibration and integrated device modeling,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie Locascio. “This shows how government and industry can work together to drive innovation and restore U.S. global leadership in semiconductor manufacturing,” Locascio said in a statement.

The new partnership aligns with the CHIPS and Science Act that President Joe Biden signed into law earlier this year, authorizing new policies and billions in funding to advance research and development and help fortify American technology manufacturing and supply chains particularly related to semiconductor chips.

AIM Photonics is one of nine manufacturing innovation institutes established and managed by the Department of Defense to participate in the development of advanced silicon photonics as a critical technology for the U.S. ‘s defense. ​ The company is a public-private partnership that accelerates the commercialization of new technologies for manufacturing photonic chips.

The New York-based institute provides small and medium-sized businesses and academic and government researchers access to experts and fabrication facilities during all phases of the photonics development cycle, from design to fabrication and packaging.

As part of the new collaboration, NIST will design electrical “calibration structures” that can be used to measure and test the electronic performance of the chips. An updated chip process design kit with the calibration structures should be available to users in approximately one year, NIST said.

NIST earlier this year also created a new open-source chips partnership with Google that is expected to create chips that are hundreds of times cheaper for researchers and manufacturers. As part of the recent agreement, NIST will create up to 40 different circuit designs for the chips, and the initial production costs as well as the first production run will be paid for by Google.

The post NIST signs new research agreement for photonic chips appeared first on FedScoop.

]]>
63694
NASA awards $516.9M financial support services contract to Aeyon https://fedscoop.com/nasa-awards-aeyon-financial-support-services-contract-worth-up-to-516-9m/ Tue, 20 Dec 2022 01:22:10 +0000 https://fedscoop.com/nasa-awards-aeyon-financial-support-services-contract-worth-up-to-516-9m/ The contract is part of a multi-year initiative to streamline NASA’s procurement of its product service lines.

The post NASA awards $516.9M financial support services contract to Aeyon appeared first on FedScoop.

]]>
Consulting and technology services company Aeyon announced last week it was awarded a NASA Financial Support Services (NFSS) contract worth up to $516.9 million, to provide financial management consulting services in support of NASA’s missions, programs and projects.

Aeyon, which has worked as a contractor for the Defense Department and civilian agencies related to financial management and tech modernization, will work with seven of the ten NASA centers during a contract period of up to eight years.

“This milestone contract affirms that agencies continue to turn to Aeyon for our ability to unlock financial management efficiencies at scale by standardizing key processes, consolidating financial contracts and ensuring auditability,” said Sunny Singh, President and CEO of Aeyon.

The NFSS contract is part of a multi-year initiative to streamline NASA’s procurement of its product service lines.

The indefinite-delivery/indefinite-quantity (IDIQ) contract was awarded by NASA to MM Technologies, a joint venture between Aeyon company Manufacturing Technical Solutions and Virginia-based small business MDW, Aeyon said in a statement last week.

The NFSS contract will be managed out of the Marshall Space Flight Center in Huntsville, Alabama. The contract began on December 1st with a 90-day phase-in period, followed by a two-year base period, and three two-year option periods. 

The post NASA awards $516.9M financial support services contract to Aeyon appeared first on FedScoop.

]]>
63692
VA drops supply chain management IT system, hunts for new solution https://fedscoop.com/va-drops-supply-chain-management-it-system-hunts-for-new-solution/ Wed, 14 Dec 2022 04:14:56 +0000 https://fedscoop.com/va-drops-supply-chain-management-it-system-hunts-for-new-solution/ The Department of Veterans Affairs (VA) said Tuesday that it will stop using its supply chain management system after Congress and the VA’s Office of Inspector General questioned the system’s effectiveness and cost.

The post VA drops supply chain management IT system, hunts for new solution appeared first on FedScoop.

]]>
The Department of Veterans Affairs said Tuesday that it will stop using a supply chain management IT system after Congress and the VA’s Office of Inspector General questioned the system’s effectiveness and cost.

The agency will end use of the Defense Medical Logistics Standard Support (DMLSS) system, which is a local server-based application that supports internal medical logistics at military hospitals or clinics, including in war zones.

In procurement documents on SAM.gov, the department said that it will now seek a new supply chain solution that must operate in the VA’s technical production environment, either in the VA cloud or in another FedRAMP certified cloud.

 “As the largest integrated healthcare system in the country, our supply chain logistics solution must meet the needs of the 1,298 medical facilities in our network and the millions of veterans that we serve—and this transition will help us do exactly that,” said Michael D. Parrish, VA’s chief acquisition officer.

In February under pressure from lawmakers, the VA said it would take a second look at the DMLSS contract to determine if it was the right fit for the agency, and said it was considering other options. 

Pressure to drop the DMLSS contract has been building since the VA’s Office of Inspector General (OIG) released a report in November 2021 that found failures in VA’s pilot project to deploy the DMLSS system at the Captain James A. Lovell Federal Health Care Center in North Chicago, Illinois.

The OIG report found the DMLSS system did not meet 44% of the high-priority business requirements identified by Lovell hospital staff as essential to their  operations.

To create a supply chain infrastructure that improves the veteran experience, VA told reporters Tuesday that it will cancel future DMLSS deployments. The agency said it will work with the Defense Health Agency (DHA) to modify the current agreement and allow the VA to continue to fund joint operations at Lovell hospital.

The VA said it will establish the new Office of Enterprise Supply Chain Modernization in the coming months to oversee its supply chain transformation effort. The agency expects a new supply chain logistics solution contract by 2023. 

The post VA drops supply chain management IT system, hunts for new solution appeared first on FedScoop.

]]>
63676
WH announces new members of National Quantum Advisory Committee https://fedscoop.com/wh-announces-new-members-of-national-quantum-advisory-committee/ Tue, 13 Dec 2022 00:03:36 +0000 https://fedscoop.com/wh-announces-new-members-of-national-quantum-advisory-committee/ The committee was first established by executive order in August 2019 and subsequently enhanced by another executive order in May 2022.

The post WH announces new members of National Quantum Advisory Committee appeared first on FedScoop.

]]>
The White House Friday announced the appointment of 15 new members to the National Quantum Initiative Advisory Committee (NQIAC), which is tasked with coordinating how federal agencies research and deploy quantum information technologies.

The committee provides an independent assessment of the programs outlined in the National Quantum Initiative (NQI) Act of 2018, which gives the U.S. a plan for advancing quantum technology, particularly quantum computing.

President Trump signed the National Quantum Initiative Act into law in December 2018 with the goal of spending $1.2 billion on a framework advancing QIS technologies, and the committee will provide the program with expert evidence, data and perspectives.

The NQIAC committee was first established by executive order in August 2019 and subsequently enhanced by another executive order in May 2022, which elevated the committee to a Presidential Advisory Committee.

The committee makes recommendations for the President, Congress, the National Science and Technology Council (NSTC) Subcommittee on Quantum Information Science, and the NSTC Subcommittee on Economic and Security Implications of Quantum Science to consider when reviewing and revising the NQI Program. 

The NQIAC committee consists of leaders in the field from industry, academia, and the federal laboratories with Dr. Kathryn Ann Moler and Dr. Charles Tahan serving as co-chairs of the 15 person committee

Moler, who is Dean of Research at Stanford University, conducts research in magnetic imaging and develops tools that measure nanoscale magnetic fields to study quantum materials and devices.

Tahan is the Assistant Director for Quantum Information Science (QIS) and the Director of the National Quantum Coordination Office within the White House Office of Science and Technology Policy. He is on detail from the Laboratory for Physical Sciences, where he served as Technical Director and continues to serve as Chief Scientist and Chief of the QIS research office.

The other members of the board include: Dr. Jamil Abo-Shaeer, Dr. Fred Chong, Dr. James S. Clarke, Dr. Deborah Ann Frincke, Gilbert V. Herrera, Dr. Nadya Mason, Dr. William D. Oliver, Dr. John Preskill, Dr. Mark B. Ritter, Dr. Robert J. Schoelkopf, Dr. Krysta M. Svore, Dr. Jun Ye, and Dr. Jinliu Wang.

According to the Biden administration’s May 2022 executive order on quantum technology, the NQIAC may consist of up to 26 members. The committee is required to meet twice a year to carry out its duties.

Source: The Federal Register

The post WH announces new members of National Quantum Advisory Committee appeared first on FedScoop.

]]>
63666
VA will use Silicon Valley hiring spree to bring fresh talent into EHR program, CIO DelBene says https://fedscoop.com/va-will-use-silicon-valley-hiring-spree-to-bring-fresh-talent-into-ehr-program-cio-delbene/ Sat, 10 Dec 2022 02:37:21 +0000 https://fedscoop.com/va-will-use-silicon-valley-hiring-spree-to-bring-fresh-talent-into-ehr-program-cio-delbene/ The hiring scheme is focused on appointing employees to jobs covering transformation efforts including financial accounting management systems, supply chain and HR as well as the EHR system.

The post VA will use Silicon Valley hiring spree to bring fresh talent into EHR program, CIO DelBene says appeared first on FedScoop.

]]>
The Department of Veterans Affairs will use a recently launched Silicon Valley hiring spree to bring new technology expertise into the agency’s troubled electronic health records modernization program, according to Chief Information Officer Kurt DelBene.

Speaking Friday at a roundtable event with reporters, the agency’s CIO said it would appoint new staff as part of a wider scheme to hire 1000 new employees within its Office of Information and Technology.

The scheme will be used to hire new staff to work on technology transformation across a range of areas including the EHR program. Other areas where newly hired staff will work include financial accounting, supply chain and HR management systems.

appointing employees to jobs focused on transformation efforts including the update of financial accounting, supply chain and HR management systems, in addition to the EHR system.

He told FedScoop: “The EHR has been, as you rightly point out, a challenging project. We are already the largest Oracle Cerner customer in their EHR system. It is also a very complex environment with our medical centers and clinics across the U.S., and we are stressing Cerner in ways they had not been stressed before.”

DelBene added: “I think [the new EHR hires] will be able to focus our efforts in very clear ways, which is what product managers do great at which is here’s all the issues, here’s the underlying problems around those issues – now let’s get to a plan of attack that actually gets us the fastest possible improvement there,” he said.

New product managers brought in through the hiring scheme will be tasked with overseeing implementation of Oracle Cerner’s Millennium platform. The hiring scheme will use a new special salary rate for Technology workers, which is expected to be rolled out early next year.

“Let’s have them define a set of metrics around what great looks like that we’re going to track and we’re going to hold Oracle Cerner accountable for improving their performance as well,” DelBene added, commenting on the role of product managers.

According to DelBene, the VA will also use the lure of a remote-work environment to bring private sector talent to federal service.

The VA hopes that a new roster of product managers could help to hold Oracle Cerner accountable for IT system implementation through aggressive problem solving.

Since its initial rollout in October 2020, the Oracle Cerner EHR system has been roiled by outages and glitches that in some instances — including at a VA medical center in Spokane, Washington — have caused major harm to veterans.

In July, the VA led several federal agencies in submitting a Special Salary Rate (SSR) proposal to the Office of Personnel Management (OPM), requesting a higher pay rate for federal IT management workers that fall under OPM’s 2210 occupational series.

The Special Salary Rate for cyber hires, if approved, would mark the first major governmentwide step to address its cyber workforce shortage.

DelBene said that OPM is expected to approve the new SSR pay hike by late January 2023.

The post VA will use Silicon Valley hiring spree to bring fresh talent into EHR program, CIO DelBene says appeared first on FedScoop.

]]>
63659