The Department of Commerce’s NIST was among multiple agencies on Monday that announced actions they’ve taken that correspond with the October order at the 180-day mark since its issuance. The actions were largely focused on mitigating the risks of AI and included several actions specifically focused on generative AI.

“The announcements we are making today show our commitment to transparency and feedback from all stakeholders and the tremendous progress we have made in a short amount of time,” Commerce Secretary Gina Raimondo said in a statement. “With these resources and the previous work on AI from the Department, we are continuing to support responsible innovation in AI and America’s technological leadership.”

Among the four documents released by NIST on Monday was a draft version of a publication aimed at helping identify generative AI risks and strategy for using the technology. That document will serve as a companion to its already-published AI risk management framework, as outlined in the order, and was developed with input from a public working group with more than 2,500 members, according to a release from the agency.

The agency also released a draft of a companion resource to its Secure Software Development Framework that outlines software development practices for generative AI tools and dual-use foundation models. The EO defined dual-use foundation models as those that are “trained on broad data,” are “applicable across a wide range of contexts,” and “exhibits, or could be easily modified to exhibit, high levels of performance at tasks that pose a serious risk to security, national economic security, national public health or safety, or any combination of those matters,” among other things. 

“For all its potentially transformative benefits, generative AI also brings risks that are significantly different from those we see with traditional software. These guidance documents will not only inform software creators about these unique risks, but also help them develop ways to mitigate the risks while supporting innovation,” Laurie E. Locascio, NIST director and undersecretary of commerce for standards and technology, said in a statement.

NIST also released draft documents on reducing risks of synthetic content — that which was AI-created or altered — and a plan for developing global AI standards. All four documents have a comment period that ends June 2, according to the Commerce release.

Notably, the agency also announced its “NIST GenAI” program for evaluating generative AI technologies. According to the release, that will “help inform the work of the U.S. AI Safety Institute at NIST.” Registration for a pilot of those evaluations opens in May.

The program will evaluate generative AI with a series of “challenge problems” that will test the capabilities of the tools and use that information “promote information integrity and guide the safe and responsible use of digital content,” the release said. “One of the program’s goals is to help people determine whether a human or an AI produced a given text, image, video or audio recording.”

The release and focus on generative AI comes as other agencies similarly took action Monday on federal use of such tools. The Office of Personnel Management released its guidance for federal workers’ use of generative AI tools and the General Services Administration released a resource guide for federal acquisition of generative AI tools. 

The post NIST launches GenAI evaluation program, releases draft publications on AI risks and standards appeared first on FedScoop.

Top cyber executives from CrowdStrike, CGI Federal, Armis and Intrusion said there would be “major impacts and delays” to key government cyber projects if the government is unable to pass annual appropriations bills or reach a continuing resolution, resulting in a shutdown, which is a realistic possibility according to some political experts. 

“Having done this for many years I’ve lived through a couple of government shutdowns and the impacts I think really day-to-day operationally are ones of continuity and resource availability,” Stephen Zakowicz, vice president of CGI Federal, said during a House Homeland Security Cybersecurity and Infrastructure Protection Subcommittee hearing. “So what are we able to do and make progress on? And ultimately what trade-offs are cyber agencies making when they’re facing questions of what resources they have left and how are they going to keep the doors open?”

Another cyber executive testifying Tuesday, Brian Gumbel, president of cyber intelligence platform company Armis, said that “this shutdown will obviously cause delays and some cyber projects will come to a halt. The longer we delay the longer our adversaries will have a chance to get in front of us. So delays are just terrible for this nation and it’s going to cause some major impact.”

While a continuing resolution would keep the government open and operating, some cybersecurity executives highlighted that without the full funding of annual appropriations, the government would be unable to move forward with new, innovative government cybersecurity programs, leaving big gaps in the government’s defense systems. 

“The thing that hits you the hardest is the new initiatives just get stopped completely and we need a lot of innovation in cyberspace. So y’all need a way to fund during a CR especially new programs and reactive reach responses and that’s sadly lacking across the table,” said Joe Head, the chief technology officer at cybersecurity company Intrusion.

“You can’t start a new effort under a CR but you can continue an old one. And this is all new, it’s new every day with a new breach, a new zero-day, a new attack,” Head added.

During the hearing, Rep. Rob Menendez, D-N.J., asked the cyber executives about the potential negative effects and ramifications on the ability of CISA to innovate and match the current threat environment if a year-long CR that locks in last year’s spending limits is passed.

“We need to obviously match what CISA is doing in order to progress some of the changes in the systems that we’re looking to put forth, so I think it’s a big concern,” said Gumbel from Armis.

The post Government shutdown would cause ‘terrible’ disruptions to federal cyber defenses, industry leaders say appeared first on FedScoop.

As part of the inquiry, the agency will study the equity of certain remote identity-proofing technologies that the American public may use when accessing federal benefits. GSA plans to release a report with the results from the study in a peer-reviewed publication in 2024.

The study comes after major concerns over equity were one of several concerns raised by a May watchdog report highlighting failures in the development of GSA’s Login.gov facial recognition platform. According to that report, the concerns were a key reason for delaying the system rollout to certain government customers.    

In a note on LinkedIn announcing the study, Commissioner of the Federal Acquisition Service at GSA Sonny Hashmi said: “This is an important study and initiative to test and validate facial recognition and matching algorithms and technology to identify barriers across demographic lines.” 

“The results will not only inform government strategy moving forward, but will also lower barriers for more Americans when they interact with their government digitally,” he added.

In recent years, government watchdogs and independent nonprofits have long raised concerns about the potential for facial recognition technology used by federal agencies to encode racial bias. In 2019, the GAO called on law enforcement agencies to further study the impact of facial recognition technology on equity.

A study by the National Institute of Standards and Technology, which was published in late 2019, found that facial recognition systems falsely identified African-American and Asian faces 10 times to 100 times more than Caucasian faces. According to that study, among a database of photos used by law enforcement agencies in the U.S., the highest error rates came in identifying Native Americans.

GSA is seeking prospective study participants, and anyone who takes part in the study will receive a $25 gift card. 

The post GSA undertaking study to examine racial bias in facial recognition tech appeared first on FedScoop.

Ragsdale moves into the role Aug. 14 from technology company Two Six Technologies, where most recently he was vice president for Department of Defense strategy.

Prior to working at Two Six Technologies, he held senior cybersecurity and cyber operations roles at the Department of Defense, including as acting director of defense research and engineering for modernization, where he was responsible for driving DOD-wide innovation.

In the new post, he will focus on leading work to strengthen the cyber workforce across the United States, including through measures announced as part of the White House’s National Cyber and Workforce Strategy, which was announced on July 31.

That document called for collaboration across government, industry and civil society groups to work together to increase the number of cybersecurity workers and urged an overhaul of the U.S. immigration system. The strategy also petitioned Congress to introduce new legislative measures to ensure foreign-born cyber workers that have been trained in America are able to stay in the country.

Commenting on Ragsdale’s appointment, former ONCD Director Chris Inglis said: “Dan is a national treasure whose innumerable contributions to the cybersecurity profession over the course of three decades have inspired my work and thousands of others fortunate to have been mentored by him. His skills, experience, and leadership abilities will be an invaluable resource for the ONCD mission, in particular for the Technology and Ecosystem Line of Effort.”

According to the Department of Commerce-backed cybersecurity labor market tracking website CyberSeek, there are currently more than 663,000 cybersecurity jobs open across the country. 

The post ONCD names Daniel Ragsdale as cyber workforce and education leader appeared first on FedScoop.

The mobile and web-based application known as System for Entry Review and Import Operation, or SERIO, replaces a decades-old system and has contributed to a 10% increase in the number of products evaluated and a 9% increase in compliance actions taken, the FDA told FedScoop. 

Investigations of imports are a cornerstone of the FDA’s regulatory responsibility to ensure food and drug products brought into the country compliant with U.S. requirements. The program is essential for preventing harmful products from reaching American consumers.

A key part of SERIO is that the investigators can use it in the field, John Verbeten, deputy director for import operations enforcement in the FDA Office of Regulatory Affairs, said in an interview with FedScoop.

“The system that we had before couldn’t be supported on the mobile devices,” Verbeten said. “And so you’re still stuck with having to go back to the office with all of your information, and then record the work that you did.”

He added: “Now, you’re doing this stuff real-time.”

Most entries into the U.S. are processed and admitted into the country through an existing system called PREDICT, but Verbeten estimated roughly a quarter of the more than 50 million lines of FDA-regulated product imported last year still need human intervention. That’s where investigators come in to assess compliance, including evaluations in the field.

The SERIO application, which the agency is developing with contractor REI Systems, allows those investigators to do things like upload a photo or reference information about an appropriate sample size while in the field using a tablet or laptop. Previously, Verbeten said, investigators had to add photos later or bring reference information along with them. 

“It provides for more contemporaneous a collection of information or evidence and just helps speed along that process,” Verbeten said.

Industry recently took notice of the project when the team responsible for the implementation of the new system was recently recognized by AFCEA Bethesda, a nonprofit civilian chapter of an organization focused on technology in government, as “IT Modernization Innovation Leader of the Year.”

The efficiency of evaluations has become increasingly important amid rising number of imports, including food, drugs, devices, and cosmetics. Over the last decade, the volume of total lines of product imported into the country has risen by about 84%, according to FDA data. 

The investigations portion of SERIO is part of a broader effort to replace functionalities of system the agency has been using since the late 90s called the Operational and Administrative System for Import Support (OASIS), according to Gregory Parcover, director of division of imports systems solutions in the Office of Information Systems Management at ORA.

That older system “is built on aging technology,” Parcover said in an emailed statement.

“Building a new system on more modern technology allows us to enhance the system in ways that can improve the user experience as well as improving efficiency by making the system quicker and more intuitive to use,” Parcover said.

The FDA began developing SERIO in fiscal year 2017, and while the investigations part of the system is in use now, other aspects are forthcoming. A system for the regulatory affairs office’s compliance team, for example, is still in the works.

Verbeten called the system a “great tool” for the investigators in his office who he said are “out there every day promoting and protecting the public health, doing all sorts of things that people generally don’t know about and don’t see to keep our country safe.”

The post FDA finds early success with a new system to track its import evaluations appeared first on FedScoop.

The initiative was first announced as part of Treasury’s Financial Services Sector’s Adoption of Cloud Services report released in February and the new group aims to address difficulties associated with the increasing trend of cloud adoption identified in the report.

“This unprecedented collaboration among financial regulators and the private sector will bring thoughtful and lasting solutions to the cloud-based opportunities and challenges Treasury has identified,” said Deputy Treasury Secretary Wally Adeyemo in a statement. “American consumers and financial institutions will benefit from these cloud adoption efforts for years to come.”

The CESG will report to the Financial Stability Oversight Council (FSOC), Financial and Banking Information Infrastructure Committee (FBIIC), and the Financial Services Sector Coordinating Council (FSSCC).

The Co-Chairs of CESG are: Treasury Assistant Secretary for Financial Institutions, Graham Steele; Acting Comptroller of the Currency, Michael Hsu; Director of Consumer Financial Protection Bureau (CPFB), Rohit Chopra; Chief Executive Officer of PNC Financial Services, Bill Demchak; and Chair of Financial Services Sector Coordinating Council and Chief Security Officer of Mastercard, Ron Green.

The key objectives of the CESG include: documenting effective practices for cloud third-party risk; developing a “best practices” document for institutions considering “all in” or hybrid cloud adoption strategies; improving transparency and monitoring of cloud services for better “Security by Design,” establishing a common set of terms and definitions that can be used by financial institutions and regulators and determining if existing authorities for cloud service provider oversight are sufficient and account for systemic risks.

The Treasury Department will provide regular updates to the FSOC and FBIIC senior leaders in the coming months to ensure alignment in cloud adoption across the financial regulatory community. 

Treasury will also issue public updates on this effort on a rolling basis as updates are available on the multiple projects.

The post Treasury holds first meeting of steering group for financial sector cloud adoption appeared first on FedScoop.

The wireless communications contract is part of the agency’s enterprise mobile devices and services program issued by the VA.

As part of the contract, Verizon will provide the department with the delivery of voice, text and data services as well as tools, materials, labor, management support and equipment. 

Verizon will also through the contract support wider VA network objectives including the adoption of mobile edge computing and software-defined, wide-area network technology.

Details of the contract come after Verizon was last month awarded a $2 billion contract to build and operate a next-generation communications platform to support the agency’s critical missions applications across the National Airspace System.

In October, the State Department also awarded Verizon a $1.6 billion task order to upgrade technology and network infrastructure at about 260 embassies, consulates and other diplomatic facilities around the globe.

That task order includes the implementation and management of network solutions for the department’s overseas footprint, including across Asia, Africa, the Middle East and South America.

Correction, 5/16/23: This story was updated to clarify that the award was not made through the Enterprise Infrastructure Solutions contract.

The post VA awards Verizon $448M critical communications contract appeared first on FedScoop.

In an internal memo to staff, Network Director Laura E. Ruzick said the decision to push back the rollout of the system was taken by VA leadership following an ongoing “assess and address” period and a readiness assessment. The network was previously scheduled to deploy the IT system in June.

News of the decision comes after the agency in February pushed back the rollout of the platform within the Ann Arbor Healthcare System until late 2023 or early 2024 due to concerns about how the health record system would interact with its medical research systems.

Saginaw Health System is a VA network that provides an array of health and support services for veterans in the central and northern regions of Michigan’s Lower Peninsula. 

In her note to staff, Ruzick wrote: “As VA leadership has promised, we will not deploy new EHR system at any facility until we are confident it is ready to deliver for veterans and VA providers.”

“We will have more updates for you in the coming weeks on the path forward. In the meantime, the training that was scheduled to begin Monday, April 11, has been postponed,” Ruzick added.

In her note to staff, the medical system leader said she was confident that when the platform is rolled out at the health system it will be a “smooth, safe and positive experience for Veterans and staff alike.”

The VA’s Oracle Cerner EHRM rollout has already faced multiple delays in the past year including in June, July and October.

Democrats in the House and Senate have introduced bills to broadly overhaul the VA’s electronic health record system while Republicans in both chambers have proposed legislation to specifically retool or outright cancel the Oracle Cerner EHR system that’s being currently rolled out.

Most VA hospitals currently still run on the Veterans Health Information Systems and Technology Architecture (VistA) while the VA has rolled out the new Oracle Cerner EHR to five VA hospitals in the past two years with more rollouts expected later this year.

The Oracle Cerner EHR has faced grave performance issues since it was rolled out to five locations in October 2020, with repeated outages that, according to agency’s watchdog, have resulted in serious harm to veterans.

The post Department of Veterans Affairs delays EHR rollout at Saginaw Health System appeared first on FedScoop.

The Government Accountability Office in a study on the Government Performance and Results Modernization Act of 2010 (GPRAMA) made five recommendations for OMB to improve on the transparency of CAP goals, including designating a goal related to IT and reporting on final progress at the end of the 4-year goal period. 

The cross-agency priorities are part of the President’s Management Agenda (PMA) which lays out the long-term vision for modernizing federal government agencies, which is then used by IT leaders and other C-suite executives at federal departments to help set key strategic priorities.

“GAO found that the administration’s designated CAP goals do not address all relevant GPRAMA requirements, and related guidance and practices,” the GAO study titled ‘Actions Needed to Improve Transparency of Cross-Agency Priority Goals’ wrote.

“As of March 2023, OMB had not designated CAP goals addressing the other two areas: information technology management and federal real property management. These areas are longstanding management challenges facing the federal government,” it wrote.

The GAO study added that it found the OMB did not consistently report quarterly progress toward achieving CAP goals as required by GPRAMA, which could provide greater transparency and allow for reporting on final progress achieved at the end of a goal period. 

The Biden administration’s OMB generally agreed with the GAO’s findings, but disagreed with most of the recommendations.

The President’s Management Agenda was introduced in 2001 by then-President George W. Bush as a way of monitoring the transformation process at federal agencies and flattening hierarchy within departments. 

The latest roadmap from OMB in September last year incorporated comments from industry and government stakeholders following publication of the Biden administration’s draft PMA in late 2021.

The post Biden OMB needs to improve reporting of cross-agency IT priority goals: watchdog appeared first on FedScoop.

McDonough set out concerns about a $345 million shortfall within the VA Office of Information Technology (OIT) and a $465 million shortfall in infrastructure and technology funding regarding major construction elements if Republican proposals to cap the budget succeed. 

“The EHRM is our 3rd biggest outlay in our office in our Office of Infrastructure and Technology, so the cut would be indiscriminate across that account,” McDonough said during a House Appropriations Committee VA budget hearing Wednesday. “Remember that the other and biggest request in that account is for cybersecurity which when we’re increasingly reliant on for telehealth so I’d be really worried about the effect on cybersecurity too.” ‘

The secretary’s comments follow a commitment by House Republicans, reiterated earlier this month, to cap the federal government budget at 2022 levels. In particular, McDonough stressed the potential negative effects of Republican proposals on telehealth reliability. 

“I’m told the office of [information] and technology would have a $345 million shortfall… which would have a significant impact on network reliability which is increasingly what we use for a 3000% increase in use of telehealth so it would have an impact there,” McDonough said.

The VA’s 2024 budget request includes $6.4 billion for the OIT for discretionary funding for continued modernization of aging infrastructure and IT services for VA employees and veterans. McDonough’s 2024 budget also requests $1.9 billion to support the EHR modernization effort.

The post VA Secretary warns budget cap could hit agency’s telehealth and cyber programs appeared first on FedScoop.