Scott Flanders, who will assume the permanent CIO position Sunday, is charged with managing and employing technology to enhance “information access and strengthen agency performance,” the NRC’s release states. Additionally, Flanders’s office is also charged with overseeing cyber and information security, data management, artificial intelligence and more.

Flanders “has risen through the ranks at the NRC over many years and has been an outstanding member of the senior executive service since 2004,” Raymond Furstenau, NRC’s acting executive director for operations, said in the release. “His experience with the government’s use of information technology and his deep understanding of the NRC mission will help the agency navigate the challenges of the future.”

As deputy CIO, Flanders “planned, directed and oversaw resources” to ensure IT and information management systems’ delivery to support the agency’s goals and priorities, the NRC said. 

Flanders joined the NRC in 1991 as a reactor engineer intern, and later served in the agency’s Office of Nuclear Material Safety and Safeguards’ Division of Site Safety and Environmental Analysis and in the Office of New Reactors as the director, according to CIO.gov. Additionally, he served as the deputy director of the Division of Waste Management and Environment Review in the ONMSS.

Flanders takes over as NRC’s permanent IT chief  amid an internal push on artificial intelligence. A staff letter sent earlier this month recommended the agency follow an AI framework that outlines AI governance, hiring new talent, upskilling existing workers, maturing the commission’s data management program and allocating resources to support AI integration into IT infrastructure.

The post Nuclear Regulatory Commission names permanent CIO appeared first on FedScoop.

In the report, NRC staff recommended an AI framework for the agency to follow, which outlines approaches for AI governance, hiring new talent, upskilling existing workers, maturing the commission’s data management program and allocating resources to support AI integration into IT infrastructure. 

Additionally, NRC staff recommended that the agency invest in “foundational tools” by acquiring gen AI-based services and integrating AI in the NRC’s system for document access and management’s cognitive search technology.

“To effectively implement AI solutions, the NRC will need to develop a framework to deploy AI at the agency,” the report states. “As part of this effort, the NRC will continue to strengthen its many partnerships to stay current with the evolving state of AI. To achieve the promise of AI, leadership engagement will be essential.”

The report pushed for a collaborative approach to furthering the NRC’s use of the technology, pointing to the Chief AI Officers Council, the Responsible AI Officers Council, and other individual agency partnerships as being “essential to the agency’s response to the rapidly changing AI landscape.”

The NRC’s AI team — designated to lead this review by the agency’s executive director for operations — reported working closely with internal data scientists and subject matter experts to consider possible AI uses. Staff reviewed 61 AI use cases and identified 36 that align with tools that have AI capabilities, while the other 25 could “be addressed using non-AI solutions.”

The nuclear industry currently uses AI to “change its approach to some nonregulated activities and has expressed interest in using AI for NRC-regulated activities,” per the report, adding that the NRC is investing in AI research to identify where AI could build foundational knowledge across the agency, while still meeting its mission. 

Staff reported that the broad approach to AI research is “preparing the agency to use AI to increase staff knowledge and experience for future regulatory reviews and oversight.”

The NRC’s congressional budget justification for fiscal year 2025 carved out over $4 million for AI-related funds.

Correction: This story was updated May 13, 2024, to indicate that the nuclear industry, not the NRC, is using AI to alter its approach on some nonregulated activities.

The post Nuclear Regulatory Commission staff recommends AI framework, identifies potential use cases appeared first on FedScoop.

In its congressional budget justification for FY 2025, the NRC said it is looking to develop an AI regulatory framework for the nuclear industry, in addition to facilitating the responsible adoption of AI, which includes generative AI. 

Dave McIntyre, an NRC public affairs officer, shared in an email with FedScoop that agency staffers are “preparing a status update to send the Commission this spring outlining next steps to integrate AI across the agency, invest in the necessary IT infrastructure and recruit and train staff in AI skills.”

A different agency spokesperson confirmed in an interview with FedScoop that the NRC has conducted “some limited risk assessments” of generative AI tools that are publicly available to “help us develop our policy statement.” The spokesperson said that the agency plans to continue working with the Cybersecurity and Infrastructure Security Agency and others on risk management, in addition to working on security controls and risk mitigation as NRC implements internal AI tools.

The NRC issued an internal policy on generative AI to its employees last July, but that policy has not been made public, the spokesperson added, noting that the agency is considering whether the technology can be used “as a testbed or sandbox for tools.”

“We are talking about starting with testing use cases without enabling for the entire agency,” they said. “And we would leverage our development and test environments as we develop solutions.”

Basia Sall, deputy director of the NRC’s IT services development and operations division within the agency’s Office of the Chief Information Officer, said in an interview that the agency remains in the early stages of its gen AI experimentation. 

“We see potential for these tools to be more powerful time savers to help make our regulatory reviews more efficient,” she said.

The post Nuclear Regulatory Commission has AI integration in mind with new budget request appeared first on FedScoop.

The new government website evaluation tool, which is called “gov metadata,” was created by Luke Fretwell and his son, Elias, as part of the Civic Hacking Agency, a project focused on technology for the public good. The system works by scanning government websites and then analyzing the presence of metatags, which can help search engines and other portions of the web to interpret aspects of an online page. A metatag might be a reference to a title or help boost a page’s presence on social media; based on the number of metatags present, the project gives a “score” to each website. 

The point of the project, Fretwell told FedScoop, was to show how well the government was performing on certain important aspects of web page operations. “When it comes to AI, and metadata and data, and customer experience and digital service — these three elements of it — there’s some fundamental things,” he said. (Editor’s note: Fretwell helped establish FedScoop’s digital and editorial operations in its early years, but he is not a current employee of Scoop News Group). 

The stakes can be high, notes Beau Woods, the founder and CEO of the cybersecurity company Stratigos Security. “If a website doesn’t set [metadata tags] up, or doesn’t set them up correctly, it can leave citizens wondering what the site is about [and] which one is the legitimate site,” he said. “It leaves room for other unofficial websites to go to the top of search rankings, and to be the first stop for the citizens when they’re browsing.” 

The U.S. government appears to be on par with other organizations, like academic institutions and nonprofits, that have limited budgets for IT and competing priorities, Woods added.  Importantly, the project wasn’t able to grade websites that its systems couldn’t properly scan.

According to the gov metadata tracker, federal agencies vary widely in how well they’re performing on metatags. Notably, a digital changelog established by the project shows that some government webpages were incorporating new metadata amid FedScoop’s reporting. 

An Office of Management and Budget spokesperson told FedScoop that the agency is working with implementation partners and relevant interagency bodies to expand “best practices on search engine optimization and the use of metadata.” 

“The use of metadata and other related search engine optimization practices plays an important role in ensuring that members of the public can easily discover government information and services via third-party search engines,” the spokesperson said. ”OMB acknowledges the opportunity for agencies to more consistently use metadata as they continually optimize their websites and web content for search. OMB, alongside key implementation partners, continues to support agencies in this and other related efforts to improve digital experiences.” 

Still, Fretwell says the initiative raises the question of what requirements exist around this aspect of federal website upkeep. “What’s the standard that the government is going to adopt for using metadata and actually using it [and] using those things?” Fretwell said in an interview with FedScoop. “Because it’s so varied.”

FedScoop was unable to identify specific metadata tag requirements for federal websites, but the topic has certainly been referenced before. Older government documents, including a 2016 memo focused on federal agency websites and digital services and a 2015 memo for .gov domains, have generally emphasized the importance of search engine optimization or metatags. Digital.gov mentions that standard metadata should be tagged and Search.gov, a government search engine, has metadata recommendations, too.

A memo issued by the Office of the Federal Chief Information Officer last fall — which provided further guidance for following the 21st Century Integrated Digital Experience Act and improving government websites — points to metadata several times. The memo says that agencies should use “rich, descriptive metadata” and use “descriptive metadata in commonly parsed fields” like “meta element tags.” It also states that agencies should use metadata tags to correctly note the timeliness of a page. The OMB spokesperson pointed to this memo and its emphasis on search optimization.

Though the scanner run by the Civic Hacking Agency appears to have a broader scope, a website scanning tool run by the General Services Administration designed to measure performance of federal websites picks up some aspects of website metadata. (The GSA explains in its GitHub documentation that it focuses on collecting data that is helpful to specific stakeholders). 

That GSA initiative also shows varied performance — for example, whether an agency is using a viewport tag, which helps resize pages so they’re more easily viewable on mobile devices. 

“GSA continues to prioritize SEO and accessibility best practices when curating and improving metadata,” an agency spokesperson said in a statement. In reference to the 2023 OMB memo, the spokesperson noted that GSA “continues to work with its web teams to optimize our content for findability and discoverability” and “focuses on metadata as well as things like improved on-site search, information architecture, user experience design, cross references, etc.” 

“Search.gov recommends metadata that supports foundational SEO techniques as well as our metadata-driven search filtering feature,” the GSA spokesperson added. 

In response to questions, the Federal Chief Data Officers Council said that while it had explored implications of metadata through its data inventory working group, the group hadn’t “targeted federal website metadata specifically.” The CDO Council added that it has yet to review the Civic Hacking Agency’s report. 

Agencies respond 

In response to FedScoop questions, several Chief Financial Officers Act agencies said they’ve investigated or will take steps to improve their metadata practices. A State Department spokesperson said the agency was “pleased” with some of its primary page grades but would also review the findings from the project, while the Environmental Protection Agency said that, after reviewing its score, it fixed all of the metadata issues identified.  The Nuclear Regulatory Commission also added its missing metatags to its site templates after FedScoop reached out.

Similarly, a spokesperson for the National Science Foundation said that it would meet metatag requirements “in the near future,” that missing tags will be tracked and incorporated into upcoming releases, and that the agency was assessing its compliance with Dublin Core and Open Graph standards, two specific types of metatags. 

The Agriculture Department said it would research whether its metadata were being pulled correctly. The agency also said it was updating its metadata creation process, including evaluating the accuracy of automatically generated tokens and updating its page creation workflow to emphasize page metadata. 

“We’re considering a cyclical review process for existing content to ensure metadata stays current with page updates. These changes will be passed down to all USDA website owners who manage their own content and we will coordinate with them to ensure the correct processes are in place,” an agency spokesperson told FedScoop. “The nature of our content management system is to not use XML content formats which impedes metadata from being included for each page. We are working to repair this process.” 

Some agencies pushed back on the findings. Terrence Hayes, press secretary at the  Department of Veterans Affairs, said it wasn’t apparent why certain metatags were chosen by the project, or which of the agency’s thousands of pages were being scanned, but added that the department was “reviewing the findings from the referenced report to better understand where gaps may exist.” 

Similarly, the Social Security Administration — which initially received an F — said some of the metatag issues identified were unnecessary but would implement changes to improve its score and meet Search.gov guidelines. (After a new scan by the site, the agency now has an A.)

Darren Lutz, press secretary for the agency, said that it instituted a new content management system for Social Security’s primary customer-facing pages and that each “new section or page that we launch features meticulously crafted metatags that summarize the content in clear, accessible language, ensuring optimization for search engines.”

“All new content will convey the noted metadata improvements,” Lutz added. “In the past year, we have launched four major new site sections, redirecting significant percentages of public web traffic from our legacy implementation to these modern and optimized web pages on our new platform.”

The Education Department — which has several websites managed by different entities — said that Civic Hacking Agency’s scores for its Ed.gov and G5 domains don’t reflect work being done on those sites, but also pushed back on how the tool evaluated its StudentAid.gov site, pointing to, for example, the description and robots field. While the Education Department acknowledged that some tags should be added to its NationsReportCard.gov page, a spokesperson said the tool was picking up archival pages and “content tagging isn’t feasible” for certain types of applications on that site. 

The Education Department plans to launch a new Ed.gov this coming summer, an agency spokesperson added. Meanwhile, its G5 domain for grant management “will be upgraded to significantly improve its usability, analytics and reporting, using machine-readable metadata and searchable content,” the spokesperson said. 

Several agencies, including the Departments of Commerce and Transportation, did not respond to requests for comment. Meanwhile, some agencies, like NASA, celebrated the scores they received. Notably, the space agency last year launched two new major websites: nasa.gov and science.nasa.gov. The agency has also been engaged in a multi-year web modernization project. 

“One of the driving goals of this major effort has been to improve the findability and search engine authority of these core sites through strong metadata tooling and training, and we believe this contributed to our report card score,” said Jennifer Dooren, the deputy news chief at NASA headquarters. 

Overall, the project appears to provide further incentive to improve site metadata. Several agencies, including the Environmental Protection Agency and the Department of Labor, noted the importance of the Civic Hacking Agency’s tool. 

“The feedback from the ‘gov metadata’ scoring system is invaluable to us as it helps gauge our performance in implementing basic metadata principles,” said Ryan Honick, a public affairs specialist at the Department of Labor. “It acts as a catalyst for ongoing improvement, driving us to refine our strategies for making our websites as accessible and user-friendly as possible.” 

The post On some basic metadata practices, US government gets an ‘F,’ per new online tracker appeared first on FedScoop.

While many of these actions are still preliminary, growing focus on the technology signals that federal officials expect to not only govern but eventually use generative AI. 

A majority of the civilian federal agencies that fall under the Chief Financial Officers Act have either created guidance, implemented a policy, or temporarily blocked the technology, according to a FedScoop analysis based on public records requests and inquiries to officials. The approaches vary, highlighting that different sectors of the federal government face unique risks — and unique opportunities — when it comes to generative AI. 

As of now, several agencies, including the Social Security Administration, the Department of Energy, and Veterans Affairs, have taken steps to block the technology on their systems. Some, including NASA, have or are working on establishing secure testing environments to evaluate generative AI systems. The Agriculture Department has even set up a board to review potential generative AI use cases within the agency. 

Some agencies, including the U.S. Agency for International Development, have discouraged employees from inputting private information into generative AI systems. Meanwhile, several agencies, including Energy and the Department of Homeland Security, are working on generative AI projects. 

The Departments of Commerce, Housing and Urban Development, Transportation, and Treasury did not respond to requests for comment, so their approach to the technology remains unclear. Other agencies, including the Small Business Administration, referenced their work on AI but did not specifically address FedScoop’s questions about guidance, while the Office of Personnel Management said it was still working on guidance. The Department of Labor didn’t respond to FedScoop’s questions about generative AI. FedScoop obtained details about the policies of Agriculture, USAID, and Interior through public records requests. 

The Biden administration’s recent executive order on artificial intelligence discourages agencies from outright banning the technology. Instead, agencies are encouraged to limit access to the tools as necessary and create guidelines for various use cases. Federal agencies are also supposed to focus on developing “appropriate terms of service with vendors,” protecting data, and “deploying other measures to prevent misuse of Federal Government information in generative AI.”

Agency policies on generative AI differ

The post How risky is ChatGPT? Depends which federal agency you ask appeared first on FedScoop.

The latest round of grading awarded one A, 10 Bs, 10 Cs, and three Ds to federal agencies, Rep. Gerry Connolly, D-Va., announced at a roundtable discussion on Capitol Hill. While the grades were generally a decline from the last iteration of the scorecard, Connolly said that starting at a “lower base” was expected with the addition of a new category. “The object here is to move up.”

Carol Harris, director of the Government Accountability Office’s IT and Cybersecurity team, who was also at the roundtable, similarly attributed the decline to the cloud category.

“A large part of this decrease in the grades was driven by the cloud computing category, because it is brand new, and it’s something that we’ve not had a focus on relative to the scorecard,” Harris said.

The FITARA scorecard is a measure of agency progress in meeting requirements of the 2024 Federal IT Acquisition Reform Act that has over time added other technology priorities for agencies. In addition to cloud, the new scorecard also changed existing metrics related to a 2017 law, added a new category grading IT risk assessment progress, and installed a progress tracker.

“I think it’s important the scorecard be a dynamic scorecard,” Connolly said in an interview with FedScoop after the roundtable. He added: “The goal isn’t, let’s have brand new, shiny IT. It’s to make sure that our functions and operations are better serving the American people and that they’re protected.”

Harris also underscored the accomplishments of the scorecard, citing $4.7 billion in savings as a result of closing roughly 4,000 data centers and $27.2 billion in savings as the result of eliminating duplicative systems across government.

“So, tremendous accomplishments all coming out of FITARA and the implementation of FITARA,” she said.

The Thursday roundtable featured agency representatives from the Office of Personnel Management, the Nuclear Regulatory Commission, the Department of Housing and Urban Development, and the U.S. Agency for International Development. USAID was the only agency to get an A.

Updated scorecard

Among the changes, the new scorecard updated the existing category for Modernizing Government Technology to reflect whether agencies have an account dedicated to IT that “satisfies the spirit of” the Modernizing Government Technology Act, which became law in 2017.

Under that metric, each agency must have a dedicated funding stream for government IT that’s controlled by the CIO and provides at least three years of flexible spending, Connolly said at the roundtable.

The transparency and risk management category has also evolved into a new CIO investment evaluation category, Connolly said in written remarks ahead of the roundtable. That category will grade how recently each agency’s IT Dashboard “CIO Evaluation History” data feed reflects new risk assessments for major IT investments, he said.

The 17th scorecard also added a progress tracker, which Connolly said Democrats on the House Subcommittee on Cybersecurity, Information Technology, and Government Innovation worked on with the GAO to create. Connolly is the ranking member of that subcommittee.

“This section will provide transparency into metrics that aren’t being regularly updated or do not lend themselves to grading across agencies,” Connolly said, adding the data “still merits congressional attention, and we want to capture it with this tool.”

The progress tracker also allows stakeholders to keep tabs on categories the subcommittee has retired for the scorecard.

The release of a new scorecard has in the past been a hearing, but Connolly indicated the Republican majority declined to take the issue up. 

At the start of the meeting, Connolly said he was “disappointed” that “some of the Republican majority had turned their backs on FITARA.” He later noted that by “the difference of two votes, this would be called a hearing instead of a meeting.”

FITARA scorecard grades in September were also announced with a roundtable and not a hearing.

“FITARA is a law concerning federal IT management and acquisition,” a House Committee on Oversight and Accountability spokesperson said in a statement to FedScoop. South Carolina Republican Rep. Nancy Mace’s “subcommittee has held a dozen hearings in the past year concerning not only federal information technology management and acquisition, but also pressing issues surrounding artificial intelligence, and cybersecurity. These hearings have been a critical vehicle for substantive oversight and the development of significant legislation.”

This story was updated Feb. 2, 2024, with comments from a House Committee on Oversight and Accountability spokesperson.

The post FITARA scorecard adds cloud metric, prompts expected grade declines appeared first on FedScoop.

In an email to FedScoop, the NRC spokesperson said Nelson will be leaving the agency effective Jan. 26. Taking his place as acting chief AI officer and CIO is Scott Flanders, the commission’s current deputy CIO. 

Nelson was appointed as the regulatory agency’s CIO in 2016, leaving his previous position as CIO and director of the Office of Enterprise Information for the Centers for Medicare and Medicaid Services. 

Nelson was recently appointed as the NRC’s CAIO, in light of a long-awaited executive order on AI from President Joe Biden. While the order did not include the NRC as an agency that will be required to eventually name a CAIO, the commission told FedScoop previously that it was “assessing whether and how it applies.”

Additionally, the NRC spokesperson confirmed that Victor Hall, the deputy director of the Division of Systems Analysis in the Office of Nuclear Regulatory Research, serves as the responsible AI official under Executive Order 13960, issued by the Trump administration. The NRC was also exempted from that requirement as an independent regulatory agency.

The post Nuclear Regulatory Commission CIO David Nelson set to retire appeared first on FedScoop.

He takes up the post after previously serving as CIO of the Farm Service Agency at the Department of Agriculture.

Ash steps into the top IT leadership role at the Interior Department (DOI) following the departure of Bill Vajda earlier this year, who left to become chief information officer of Wyoming. Deborah Hartley had been serving in the role in an acting capacity since then.

A spokesperson for DOI confirmed Ash’s arrival to FedScoop and said he starts in the new role today.

Ash has previously held a range of technology leadership roles across government, including as chief information officer of the Nuclear Regulatory Commission between 2007 and 2016.

During his tenure at NRC, Ash worked with trade group ACT-IAC to issue a set of recommendations to help agencies implement the Federal Information Technology Acquisition Reform Act.

Prior to that, he was associate CIO and deputy associate CIO at the Department of Transportation, and earlier in his career worked as a program analyst at the Department of Treasury.

The Interior Department is currently developing a cloud contract that would offer a single public cloud service provider up to $1 billion to help move the department’s various agencies to a streamlined hybrid cloud environment. 

Interior’s U.S. Geological Survey in May issued a draft solicitation for its departmentwide Cloud Hosting Services III contract. 

Details of Ash’s new job were first reported by Federal News Network.

The post Interior Department hires Darren Ash as chief information officer appeared first on FedScoop.

Vendors, including educational institutions, may respond to NRC‘s sources sought synopsis asking them to first evaluate technologies and approaches for analyzing nuclear plants’ cybersecurity states.

NRC plans to regulate ML and AI tools, but first it needs to know if the technologies can identify abnormal activity resulting from cyberattacks on increasingly complex plant systems.

“The vendor must provide and use an existing experimental infrastructure (e.g. personnel, equipment, facilities) to conduct research and implement a test case,” reads the notice issued Feb. 2. “The research conducted by the vendor is expected to produce data that evaluates the impacts of AI/ML concepts, technologies and applications on nuclear power cybersecurity outcomes and programs — especially those outcomes and programs that may be relevant to new and advanced reactor designs.”

NRC intends to select one vendor that will, in turn, choose a single technology to evaluate for accuracy and reliability, need and availability of ML training data, utility, and risks. The vendor will then produce a technical report with the test case results.

The ideal vendor will be able to simulate nuclear plant systems, including how they integrate with operational technology (OT); measure the consequences of cyberattacks on them; develop ML and AI tools for catching system anomalies due to such attacks; and do so within 16 months of a contract award.

The selected vendor must also provide all necessary research personnel who understand how nuclear plants operate, have expertise in plant cybersecurity, can create simulations, and are familiar with ML and AI and how they apply to IT and OT.

Vendors whose staff lack all the required experience may submit plans for how they intend to acquire it for the contract. Interested vendors have until 4 p.m. EST on Feb. 17, 2022, to respond to NRC’s sources sought.

The post Nuclear energy regulator wants to use AI to detect cyberattacks on power plants appeared first on FedScoop.

A success story among midsize agencies, the NRC received an A grade on the Federal IT Acquisition Reform Act (FITARA) 12.0 scorecard for exceeding 50% completion on its transition to the telecommunications and IT modernization contract and is, in fact, 98.9% done.

NRC’s network modernization goal is to reduce aging technology while embracing newer multiprotocol label switching, unified communications and wireless technologies, and Chief Information Officer David Nelson attributes his agency’s success to close collaboration with contractors.

“We have held weekly transition calls with the primes and worked closely to scrub our inventory as best we could to minimize transitioning assets and services that were no longer needed,” Nelson told FedScoop by email.

GSA gave agencies until Sept. 30, 2019, to award all EIS task orders and 142, or 68.3%, of all expected ones have been. Three of those are NRC’s.

The first was for telecommunications, audio conferencing, unified communications and network services and was awarded to Verizon. The second went to AT&T for managed trusted Internet Protocol services. And Verizon won the third for dark fiber.

“The NRC has issued all task orders it intends to issue at this time,” Nelson said. “The NRC competed all three task orders among the EIS primes and made awards to the responsible quoters whose quotations conformed with the solicitations and were most advantageous to NRC, evaluated cost, price and other factors considered.”

As of the General Services Administration‘s last EIS Transition Progress Tracking Report, only two midsize agencies are fully transitioned off the Networx, Washington Interagency Telecommunications System (WITS) 3 and GSA Regional Local Service (RLS) contracts expiring May 31, 2023. Those two are the Executive Office of the President and the Federal Deposit Insurance Corporation.

The next step for the NRC is to transition its remaining local service agreements under EIS.

“The NRC anticipates another A grade on the next FITARA scorecard,” Nelson said.

The post Nuclear Regulatory Commission on track to complete EIS transition by year end appeared first on FedScoop.