Lewis, speaking on a panel at Scoop News Group’s CyberTalks event Thursday, said “the way in which agencies make risk-based decisions has a significant impact on how cybersecurity work can be done.” 

Specifically, she pointed to the tendency among agencies to approach risk and security by making and updating a list of “bad guys” and thinking that as long as the list is checked when allowing access to a system, it’s safe.

“Obviously we know this is not how threat analysis works,” Lewis said. “And to be effective in an ever-evolving landscape, especially as AI-based tools help our attackers develop more sophisticated ways of breaking in, we need to think about … how to evolve from a list of bad guys to, this is an ongoing threat landscape, it’s going to be constantly changing, and we need to invest in it at all levels.”

Lewis said it could be an opportunity for decision-makers and cyber professionals at agencies to work more closely with their legal offices on adapting guidance. 

The default way of making decisions in government involves looking at the rules and what agencies can and can’t do, and turning that into a risk-based decision framework, Lewis said. But that doesn’t set agencies up for success “when we think about cybersecurity preparedness overall,” she said.

Improving cybersecurity has been a priority for the Biden administration. A 2021 executive order outlined specific steps agencies were to take to improve security and the March 2023 release of a national cybersecurity strategy built upon the order. Earlier on Thursday, the Office of Management and Budget’s Chris DeRusha teased a follow-up to that implementation plan.

Lewis also noted that what services agencies choose to use can impact cybersecurity.

The way funding and decision-making are distributed across government unintentionally creates silos, she said, which leads to “a lot of little one-off implementations that perhaps should be using common solutions, shared services, off-the-shelf tools.”

One example of that is authentication tools, she said. “Every single agency has hundreds and hundreds of custom authentication implementations and nobody should be writing that code in this day and age.”

Lewis pointed to Login.gov, which was developed by the GSA’s 18F and U.S. Digital Service, as an available service that already has security hardening built into it. 

Implementation of Login.gov and other shared services can “​​significantly reduce the attack surface area because you have fewer custom one-off implementations that have a tendency to proliferate organically,” she said.

The post Agency lists of ‘bad guys’ should evolve to address more sophisticated cyber threats, GSA official says appeared first on FedScoop.

GSA’s Technology Transformation Services will roll out a “proven facial matching technology” the relies on “best-in-class facial matching algorithms” in 2024 that follows the National Institute of Standards and Technology’s 800-63-3 Identity Assurance Level 2 (IAL2) guidelines, according to a GSA blog post.

Every Cabinet-level federal agency now uses Login.gov for secure sign-in and identity verification services in some way, according to GSA.

The addition of facial recognition is one of three new options that participating agencies can use beginning next year to verify the identity of citizens. GSA is also adding an in-person option through which users can verify their identity at a local Post Office. And, the agency will add another digital option that doesn’t use facial recognition “such as a live video chat with a trained identity verification professional,” the blog post says.

All three additional forms will be IAL2-compliant, GSA wrote.

The agency found itself in hot water earlier this year after its inspector general issued a report alleging that it misled customers by billing agencies for IAL2-compliant services, even though Login.gov did not meet those standards.

At the same time, there’s been broader controversy around the efficacy of facial recognition technologies and how the technology commonly produces biased results against minorities. Because of that, GSA in early 2022 determined it wouldn’t use facial recognition in Login.gov until it felt it could confidently do so in a responsible and equitable manner.

Earlier this month, Sonny Hashmi, commissioner of GSA’s Federal Acquisition Service, which houses TTS, told FedScoop how an ongoing equity study on remote identity proofing would ultimately inform the evolution of Login.gov, as well as other programs across government.

“Our hope is that as we do the study, in participation with Americans across all demographics, we get valuable data that all agencies can use to make better choices in terms of how to enable these remote biometric and digital technologies so that if there are inherent challenges for certain demographics or populations, that we can proactively address them and continue to make that access more prolific and more easy to use for all Americans,” Hashmi said on an episode of the Daily Scoop Podcast.

That study is ongoing and GSA aims to recruit as many as 4,000 participants across as many demographics as possible, he said.

“We have a responsibility as public servants to get this right. Now, ‘get this right’ means that we have to continue to increase the fidelity of the capability that we need to make available through programs such as Login.gov, to make sure that agencies can leverage and access the best-of-breed technologies when they’re looking to verify identities when they’re looking to prevent fraud in their administration of grant programs and other such programs,” Hashmi said.

He continued: “However, we need to do it thoughtfully because we don’t have the luxury of leaving parts of the population behind. We have to do it in a way that addresses, that serves all Americans equally. And that is our commitment that we have to stand by. And that requires thoughtful assessments, thoughtful analysis, and deliberate decision-making, that we can stand behind.”

The post GSA to add facial recognition option to Login.gov in 2024 appeared first on FedScoop.

Language included in the Fiscal Responsibility Act of 2023 would cut unobligated funds made available to the Federal Citizen Services Fund at the General Services Administration through the Coronavirus Aid, Relief, and Economic Security Act of 2020. It would also claw back unobligated funds appropriated for the Office of the Chief Information officer at the Department of Justice through the same emergency legislation.

In addition, the debt ceiling agreement would rescind any unobligated funds from the $650 million allocated to the Cybersecurity and Infrastructure Security Agency through the American Rescue Plan.

GSA in the CARES Act received $18.7 million for the Federal Citizens Services Fund, which provides funding to support technology projects that improve pubic access and engagement with the government. The FCSF also provides funding to the agency’s Technology Transformation Services division. The CARES Act also appropriated $2 million in funds for the Justice Information Sharing Technology initiative at the DOJ.

CISA through the American Rescue Plan, which became law in March 2021, received $650 million to boost cybersecurity measures across the federal government, including through the use of intrusion detection systems such as its EINSTEIN continuous monitoring program.

Precise figures for the amount of funds at each agency set to be rescinded were not immediately available.

Commenting on the cuts, former Senate Homeland Security and Government Affairs Committee Senior Adviser Matt Cornelius said: “These short-sighted decisions to GSA and CISA will almost surely have long-term impacts that degrade the ability of federal agencies to provide high-functioning digital services and protect taxpayer information.”

“Raising the debt ceiling while lowering the ability of agencies to deploy effective, secure digital services that taxpayers deserve is simply myopic and unhelpful,” Cornelius said.

President and Founding Principal of Hettinger Strategy Group Mike Hettinger, said: “The provisions rescinding unobligated funding from the CARES Act for GSA’s federal citizen services fund and from the American Rescue Plan for CISA are potentially impactful but without knowing how much of the funding remains unobligated, it’s difficult to assess the full impact.”

He added: “That said, from my perspective, given the challenges we currently face we can never spend too much money on cybersecurity, IT modernization and citizen experience and to the extent these rescissions represent cuts to these types critical initiatives, that is disappointing.”

Leaders on both sides of the aisle must now sell the debt ceiling agreement to their respective colleagues. Rules in the House of Representatives require that lawmakers have 72 hours to read the bill, meaning that Wednesday is the earliest a vote can be taken.

The House of Representatives Rules Committee is due to consider the 99-page bill at 3 p.m on Tuesday.

Editor’s note, 5/30/23: This story was updated to clarify that the proposed cuts would affect funds appropriated for agencies through the American Rescue Plan and the CARES Act.

The post Debt ceiling agreement seeks to claw back IT funds from GSA, CISA  appeared first on FedScoop.

At the U.S. General Services Administration, which I lead, our Technology Transformation Services (TTS) works across government to help federal agencies meet that expectation. This work represents an essential component of what has always been GSA’s core mission: helping government deliver efficiently and cost-effectively for the American people. In other words, providing a strong digital infrastructure that gives the public what they need is a natural evolution of GSA’s long-standing work to deliver value through federal acquisitions and real estate.

As we do this work, we’re guided by some fundamental principles. We believe government websites should work for all Americans, including vulnerable communities. We believe government technology should be developed for the public benefit, not private gain, and that individuals – not corporations – should control access to their own sensitive information. 

Above all, we believe that accessible, equitable, and secure digital infrastructure – developed for the public by an accountable government – is vital to delivering the services Americans need, when they need them. 

Our commitment to accountability also means owning up to mistakes and taking responsibility when we fail to meet the high standards taxpayers expect and deserve. 

For example, over a year ago, GSA leadership found out that Login.gov, a secure sign-on service operated out of TTS, had been representing that it was compliant with a technology standard when, in fact, it wasn’t.

Misrepresentations like that are unacceptable, and we spent the last year working to bolster trust and transparency with Login.gov customers, to strengthen oversight and management controls, and to take other steps to prevent something like that from happening again. This included alerting the Inspector General, putting in place new leadership, and improving the Login.gov product offering. As a result, Login.gov is now stronger than ever — offering enhanced anti-fraud controls, 24×7 bilingual customer support, and in-person identity verification at over 18,000 U.S. Postal Service Post Office locations nationwide.

We know there is still work to be done to restore trust with our customers and the public, and I’m committed to seeing that work through and to delivering secure, effective, and accessible digital services to the millions of people we serve. 

The ability of the American people to securely and equitably interact with their government online is critically important, and we are committed to making sure government technology works for everyone, including those who need it the most.

That’s why we’re working in a comprehensive way to strengthen and expand our technology programs so they can deliver even more effectively for the American people.

We established a new Technology Law Division within the Office of the General Counsel to support programs like Login.gov. We’re strengthening the leadership team TTS-wide, hiring a new TTS director in December and, this month, a new deputy director and a new senior adviser for operations. And we’re ramping up our efforts to deliver impactful, lasting solutions that save money for taxpayers and help agency partners deliver excellent customer experiences for the American people — from veterans seeking healthcare to seniors accessing Social Security benefits to farmers and ranchers needing consistent and streamlined information. 

After all, technological advances in areas like artificial intelligence make it more important than ever that our government recruits talented, dedicated technologists to thoughtfully and responsibly buy, build, and oversee government technology in ways that are consistent with our values and serve the public interest.

Turning away from that responsibility is not an option, and this administration will continue to scale up its commitment to technology modernization as we prepare for the future. 

Robin Carnahan currently serves as Administrator of the U.S. General Services Administration.

The post Americans deserve government tech that delivers appeared first on FedScoop.

Mukunda Penugonde joined TTS in the role on April 10, joining from the private sector where most recently he was director for technical program management at Disney Streaming and before that served as director of business technology and operations at Hulu.

In the new role will focus on strategic initiatives, direction setting, operational frameworks and product delivery, FedScoop understands.

GSA has also named Mehul Parekh as senior adviser for operations at TTS, and he moves into the role after serving as deputy chief financial officer of the agency. He will be tasked with strengthening TTS’s internal controls and started work April 10.

Prior to joining GSA, Parekh served in senior financial roles within the National Labor Relations Board and the Department of Homeland Security.

The appointments follow strong criticism of GSA and TTS in recent months over major failures with the division’s Login.gov identity authentication platform program. GSA has sought to bring in new staff within its TTS division, including Dan Lopez, who in September joined the agency as director of Login.gov.

GSA’s Technology Transformation Services branch was launched in 2016 to help agencies across the federal government modernize IT systems and to build, buy and share emerging technology solutions. It also houses 18F, the Presidential Innovation Fellows, the Office of Solutions and the U.S. Digital Corps.

The post GSA names new Technology Transformation Services deputy director appeared first on FedScoop.

Leaders in data science, digital design, artificial intelligence and biomedical research are among those picked for the year-long placement program.

The Presidential Innovation Fellowship program is run by Technology Transformation Services at the General Services Administration and works to fast-track innovation into federal agencies by pairing technologists and innovators with agency leaders.

During the program, awardees work to help modernize how the government engages with citizens, which has been a key focus of the Biden administration. A full list of the technologists selected to join the program can be found here.

Commenting on the selection of the cohort, GSA Administrator Robin Carnahan said: “The PIF program is grounded in collaboration and we’re excited to see how these innovators put their skills to work for the public good and help agencies deliver services for the American people in their moments of need.” 

The Advanced Research Projects Agency for Health (ARPA-H) will host three of the fellows. 

ARPA-H Director Renee Wegrzyn said: “Our current PIFs have been foundational members of the team from the beginning, bringing a strategic lens and building from the ground up. Together, we have successfully led major initiatives from engaging with the cancer community to finding new ways to optimize for efficiency and scale. I look forward to working with our class of 2023 ARPA-H fellows and continuing this great partnership.”

Since the program launched in 2012, the PIF program has recruited more than 250 fellows who have worked at more than 50 agencies to advance government innovation and deliver stronger public services — and many have stayed on in federal service after. It was founded by the White House Office of Science and Technology (OSTP) in 2012 and has been housed by GSA since 2013.

The post GSA announces Presidential Innovation Fellows for 2023  appeared first on FedScoop.

She joins from the private sector, where she was most recently chief technology officer at business advisory firm Next Street and before that was chief technology officer at public policy advocacy group MoveOn.

Lewis takes over leadership of Technology Transformation Services at GSA following the departure of Dave Zvenyach in August. Since then, acting Deputy Director Lauren Bracey Scheidt led the unit on an interim basis.

In addition to the appointment of Lewis, Antonia Tucker has joined GSA as scheduler in the agency’s Office of the Administrator and Amelia Cohen-Levy as speechwriter in the Office of Strategic Communications.

Tucker joins the agency from the U.S. Space Force, where she supported the chief technology officer and chief information officer. Cohen-Levy also joins from the Pentagon, where most recently she was executive communications and speechwriting lead for the undersecretary of defense for intelligence and security.

GSA’s Technology Transformation Services branch was launched in 2016 to help agencies across the federal government modernize their IT systems and to build, buy and share emerging technology solutions.

The TTS team houses the federal government’s IT Modernization Centers of Excellence, which focus on helping agencies to accelerate technology modernization and providing access to best private sector practices.

TTS also houses 18F, the Presidential Innovation Fellows, the Office of Solutions and the U.S. Digital Corps.

The post Biden administration names Ann Lewis director of GSA’s Technology Transformation Services appeared first on FedScoop.

According to three people familiar with the matter, he is set to step down from his role as director of GSA’s Technology Transformation Services branch in the coming weeks.

It is understood that Sept. 9 will be Zvenyach’s last day at the agency and that following his departure, current acting Deputy Director Lauren Bracey Scheidt will take over as director on an interim basis.

He has led the Technology Transformation Services division at GSA since January 2021. In a prior stint with the agency during the Obama administration, he held several other senior IT leadership roles, including as director of 18F and a senior technical adviser.

Zvenyach has held other high profile public service roles including as general counsel of the District of Columbia. He is also an adjunct professor at the George Washington University Law School.

No further details were immediately available on Zvenyach’s next destination.

Commenting on his departure, GSA Administrator Robin Carnahan said: “Since rejoining GSA last year, Dave Z has made invaluable contributions to GSA’s mission and to the governmentwide effort to make the public’s interactions with government simpler and more secure.”

She added: “Today, thanks to his efforts, agencies across the federal government are able to more effectively and efficiently deliver for the taxpayers we serve. I look forward to seeing TTS continue to build on this progress in prioritizing customer experience and developing digital solutions that deliver.”

GSA’s Technology Transformation Services branch was launched in 2016 to help agencies across federal government modernize their IT systems and to build, buy and share emerging technology solutions.

Editor’s note: This story was updated to include comment from GSA.

The post Dave Zvenyach leaving the General Services Administration appeared first on FedScoop.

TTS, which was established within the General Services Administration in 2016, onboarded its first former law enforcement officer and, rather ironically, a federal talent recruitment expert among the early career technologists the fellowship placed there and 12 other agencies toward the end of June.

The purpose of the U.S. Digital Corps is to place fellows in needed data science, engineering, product management, design and cybersecurity roles at agencies with existing digital services infrastructure, but that doesn’t mean they’re novices. 

“There’s a bias or expectation that these fellows — because it’s called Digital Corps, and they’re described as early career technologists — aren’t going to be able to contribute a ton of value instantly,” Zvenyach told FedScoop in an interview. “What I’ve already seen is that they’re participating on Slack, they’re already starting to get on board, and they’re really starting to bring different perspectives and backgrounds to the conversation.”

The fellowship represents a second career for some, who may have started in state or local government, while others were in the private sector or recently earned PhDs.

TTS typically hires by looking at past experience, often in software development with JavaScript and Python, but some of the fellow have more C and C++ experience than senior employees or were working on hardware problems before applying, Zvenyach said.

Fellows were certified using the Subject Matter Expert Qualification Assessment (SMEQA) process the U.S. Digital Service and other agencies have been refining since 2019. Dozens of SMEs reviewed more than 1,000 applications and evaluated qualifications using the existing Pathways Program as a hiring model.

Among the 13 initial agencies accepting certified fellows were the General Services Administration, where TTS resides; Office of Management and Budget; Office of Personnel Management; Cybersecurity and Infrastructure Security Agency; Department of Veterans Affairs; and Centers for Medicare and Medicaid Services. Participants needed to have leadership support and the budget to keep fellows on staff after the fellowship ends, should they choose.

TTS placed fellows on its Login.gov, USA.gov, Vote.gov and 10x teams as “full-fledged members,” Zvenyach said. Login.gov is scaling to support more than 40 agencies with engineering and product management gaps on the team.

Elsewhere fellows are helping VA’s digital experience product team modernize tools veterans use to access their benefits; CMS create a behavioral health treatment locator tool; and CISA develop vulnerability, risk and resilience assessments.

“We wanted to focus on programs and teams that needed the support,” Zvenyach said.

In addition to co-creating the U.S. Digital Corps’ curriculum — including tech conferences and government-specific trainings on federal contracting, funding and the President’s Management Agenda — fellows receive guidance from a network of mentors. Fellows have one mentor irrespective of agency, while mentors may have multiple fellows.

Tracking fellows’ performance will be a “shared responsibility” between themselves, the agencies they were placed with and U.S. Digital Corps supervisors, Zvenyach said.

Whether every fellow remains in government depends on whether they’re a good fit.

“My goal is 100%; I would love for 100% of these fellows to stay in government,” Zvenyach said. “It’s too early to tell what that will realistically end up looking like, but it really is our goal to find folks who are going to make a career in public service.”

Part of that involves ensuring the technologists have the tools they need — like TTS investing in Jupyter Notebooks for its data scientists — to succeed in their work.

The U.S. Digital Corps was housed within TTS because it’s a cross-governmental initiative capable of recruiting and supporting fellows differently than agencies given its broad civic tech ecosystem, which includes the Presidential Innovation Fellows, Centers of Excellence, 18F and Data.gov team among others, Zvenyach said. While money from the American Rescue Plan Act funded the first cohort, some agencies plan to reimburse the fellowship.

TTS’s desire is for a larger second cohort, recruitment beginning in a month or two, but not at the expense of the fellow-agency matching process. Different skills and agencies may be prioritized, but it’s “too early to say” how, Zvenyach said.

Expect hiring authorities to be adjusted or new ones used for the second cohort.

“We couldn’t really target people who were coming out of coding boot camps or folks who are self-taught or otherwise non-traditionally trained,” Zvenyach said. “There were certain limitations that we had.”

The post GSA’s Zvenyach: US Digital Corps technologists are already transforming government services appeared first on FedScoop.

Technology Transformation Services and the Office of IT Category, with support from the Office of Government-wide Policy, will be leaned on to deliver more trusted, accessible, user-centered technologies to federal agencies from fiscal 2022 to 2026.

The strategy is predicated on the view that GSA must help agencies rebuild public trust through digital services, after legacy systems and inequalities hindered government’s pandemic response.

“Technological advances offer unprecedented opportunities to deliver services more efficiently and effectively while saving taxpayer money,” writes GSA Administrator Robin Carnahan, in her letter of introduction. “In this moment of change, GSA is uniquely positioned to help our customer agencies deliver for the American people by providing critical tools, systems, solutions and expertise at the best value.”

TTS and OGP, together with the office of Customer Experience and GSA IT, are expected to implement equitable design practices in projects like improving vote.gov by increasing access to voting requirements and documents in many languages and formats.

GSA intends to request amendments to Federal Citizen Services Fund appropriation language so services are reimbursable and the spending cap increased for high-impact projects.

The agency is also developing a roadmap for its USA.gov redesign, which will improve users’ ability to navigate government benefits, services and programs by consolidating content like that found on Benefits.gov and Grants.gov. OCE and the internal Digital Executive Board will simultaneously improve the digital literacy of website managers, and more resources will be dedicated to the Digital Analytics Program to increase agencies’ understanding of how users’ are using their sites to access government services.

TTS will increase agencies’ use of shared technology solutions by spearheading the creation of a market development and partnerships capability featuring a market-sensing initiative, according to the strategy.

GSA plans to increase reuse of authorized cloud products, and reduce digital threats in the process, by expanding the Federal Risk and Authorization Management Program.

The agency will also increase agencies’ adoption of Login.gov and modernize federal rule-making management systems by streamlining workflows and improving data analysis.

Together TTS and OGP will employ a venture studio-esque model within the former to scale reimagined innovations governmentwide.

“This approach would help to launch innovative offerings and sustain them by providing resources and creating a clear, repeatable model for growing new ventures,” reads the strategy. “It would focus on high-impact digital transformation projects spanning multiple agencies and/or the public.”

GSA also wants to deepen the technological acumen within innovation accelerators like 18F, the Centers of Excellence, Presidential Innovation Fellows and 10x.

Elsewhere in the strategy the Federal Acquisition Service is tasked with ensuring agencies’ full adoption of the $50 billion Enterprise Infrastructure Solutions contract for telecommunications and IT modernization, which has become a moving target for government, by fiscal 2024.

Insights from GSA’s Workplace 2030 project will be used to develop new telework offerings for agencies like Home Office in a Box.

FAS and OGP will also streamline acquisition systems through the modernization of the Contract Acquisition Life-cycle Management (CALM) system, create a single experience for all GSA-assisted acquisitions by merging Assisted Services Shared Information System (ASSIST) legacy applications, automate error-detection bots, and improve the management of data on more than 50 million products and services through Catalog Management. FAS delivered $84 billion in IT governmentwide in fiscal 2021, and will work with OGP to increase agencies’ adoption of IT modernization offerings the next five years.

Polaris awards are now on hold following BD Squared’s pre-award challenge of the governmentwide acquisition contract — intended to increase agencies’ partnerships with small business IT service providers — but GSA plans to continue developing the vehicle.

The strategy directs OGP to build on the work of more than 30 Communities of Practice (CoPs), some geared toward innovation and emerging technologies, that GSA manages and six unnamed CoPs in particular.

“For FY 2022, GSA has identified six CoPs to achieve key milestones or quantitative performance outcomes,” reads the document.

The post GSA’s 5-year plan prioritizes digital government appeared first on FedScoop.