The Analytics Team, known until April 2021 as the Internet Covert Operations Program (iCOP), occasionally used open-source intelligence tools beyond the Postal Inspection Service’s legal authorities, and its record-keeping about some of that activity was inadequate, according to the March 25 report by the Office of the Inspector General for the USPS.

As part of their work assisting postal inspectors, the analysts conducted “proactive searches” for publicly available information online that could help root out postal crimes, the report says, but in some cases they used keywords that did not have a “postal nexus” — that is, “an identified connection to the mail, postal crimes, or the security of Postal Service facilities or personnel.”

Postal inspectors told the IG’s office that the keywords — such as “attack” or “destroy” — were meant to provide broad searches that could then be narrowed to a postal nexus. The IG report says the Postal Service’s Office of Counsel should have been more involved in vetting those search terms. Yahoo News first reported on the existence of iCOP in April 2021.

The IG office said it looked at a sampling of cases in early 2021 to reach its conclusions about the keywords. For other areas, it reviewed information available from October 2018 through June 2021. The report says it reviewed 434 instances where postal inspectors asked for analytical support from the team. Most of those — 72 percent — had a postal nexus.

The IG’s office also said postal inspectors should do more to document the process for requests made of the Analytics Team.

Leaders of the Postal Inspection Service said they “strongly disagree” with the specifics of the report, pointing to examples in federal case law that support its use of the Analytics Team and broadly authorize the kinds of activities cited by the IG’s office.

The IG’s office, in turn, noted that postal inspectors have agreed to many of the report’s recommendations for how the inspector-in-charge for analytics and the Inspection Service’s chief counsel can clarify the process for usage of open-source intelligence and bolster the record-keeping for those tasks.

“Therefore, the OIG considers management’s comments generally responsive to the recommendations in the report,” the IG’s office said.

The report lists several contracts that postal inspectors have with providers of open-source intelligence tools, but redacts the names of specific companies. Those activities include:

• Cryptocurrency blockchain analysis.
• Tools for gathering information about internet protocol (IP) addresses.
• Facial recognition tools.
• Monitoring social media for certain keywords.
• Searching social media for information about individuals.

As the IG’s report notes, the Analytics Team is part of the Postal Inspection Service’s Analytics and Cybercrime Program, which “provides investigative, forensic, and analytical support to field divisions and headquarters.”

Postal inspectors are sometimes involved in high-profile cybercrime cases, such as takedowns of dark web markets where customers pay in cryptocurrency for illicit goods that are then shipped through the mail.

The post Postal inspectors’ digital intelligence team sometimes acted outside of legal authorities, report says appeared first on FedScoop.

The census “undercounted the Black or African American population, the American Indian or Alaska Native population living on a reservation, the Hispanic or Latino population, and people who reported being of Some Other Race,” the Census Bureau said Thursday. “On the other hand, the 2020 Census overcounted the Non-Hispanic White population and the Asian population.”

The 2020 count — labeled by officials as the first “online census” — faced numerous stresses on its IT infrastructure, in addition to the challenges that came with a global pandemic, natural disasters and hangups within the Trump administration, including efforts to add a citizenship question and stop the count earlier than planned. Among the new technology was an iPhone app that enumerators used when trying to count the homeless population.

The count of Black or African American population had an undercount of about 3.3%; the shortfall for the Hispanic or Latino population was nearly 5%, and the American Indian or Alaska Native population living on reservations had an undercount of about 5.6%, the bureau said.

Meanwhile, there was an overcount of the non-Hispanic White population of more than 1.6% and an overcount of the Asian population of about 2.6%. “The Native Hawaiian or Other Pacific Islander population was neither overcounted nor undercounted according to the findings,” the bureau said.

The reviews were the Post-Enumeration Survey, which “estimates the population using a sample survey,” and the Demographic Analysis, which “estimates the population using vital records and other data.”

The census counted “323.2 million people who were living in housing units on April 1, 2020,” the bureau said.

The bureau will release more detailed information about the 2020 count later this year, including detailed breakdowns by state.

The post Reviews of 2020 census data show undercounts of some demographic groups, overcounts of others appeared first on FedScoop.

The awards are specifically for projects on preventing forgery and counterfeiting of certificates and licenses. The department’s Silicon Valley Innovation Program (SVIP) issued the solicitation earlier this year as a followup to a five-year other transaction solicitation (OTS) first presented in 2018.

DHS says the contracts will support the missions of U.S. Customs and Border Protection (CBP), U.S. Citizenship and Immigration Services (USCIS) and the DHS Privacy Office.

Interest in providing blockchain technology to governments continues to grow as agencies sort through the hype and size up available technologies. Blockchains store digital information in a distributed way that allows for full transparency about changes. The idea is that if blockchain technology can support the security of a digital currency like bitcoin, it also can serve as the backbone for a system of licenses or certificates.

The selected companies will receive $50,000 to $200,000 for Phase 1, proof-of-concept demonstrations of the requested technologies:

• MATTR Limited, a startup based in Auckland, New Zealand, was awarded $200,000 to “help USCIS develop a capability to digitally issue and validate essential work and task licenses. The COVID-19 pandemic has amplified the need for this capability,” SVIP says.
  Mesur IO, Inc., based in Chapel Hill, North Carolina, was awarded $193,612 to develop a capability to enhance CBP’s visibility of food supply chains.
• Spherity GmbH, a Dortmund, Germany based startup, received $145,000 to develop a capability “to enhance CBP’s supply chain traceability of direct-to-consumer e-commerce shipments,” SVIP says.
• SecureKey Technologies, a business based in Toronto, Canada, was awarded $193,000 to develop “an alternative identifier to the Social Security Number” to support the Privacy Office’s SSN Collection and Use Reduction initiative.
• Mavennet Systems, Inc., also of Toronto, received $86,100 to support CBP by “improving the traceability of natural gas. Mavennet proposes to enhance their Neoflow platform to digitally trace natural gas supply chains between Canada and the U.S.,” SVIP says.

“The selected start-ups proposed innovative solutions to the problems, demonstrated a firm commitment to technical interoperability using global standards from the World Wide Web Consortium (W3C), and provided concrete plans to commercialize their final solutions,” said Anil John, the SVIP’s technical director, in a news release Oct. 9. “With this, we are demonstrating the clear intersection of DHS priorities, industry needs, and public interest.”

The department’s Science and Technology Directorate (S&T) runs the SVIP, which was founded in 2015.

The post DHS’s innovation program brings in 5 more blockchain startups appeared first on FedScoop.

Greg Crabb, the chief information security officer for the U.S. Postal Service, says the pandemic has given him fresh perspective on what he calls the “four Cs” of innovation: compete, collaborate, control and create. The competition, this time, was about staying ahead of cybersecurity threats, not necessarily competing with other businesses, he says. Collaboration lessons were direct, too: The USPS had to rethink its relationships with other supply chain companies like Amazon and FedEx.

The lessons in the “control” and “create” areas were tied directly to the workforce, Crabb says.

“We moved literally tens of thousands of employees off the workroom floor, into their homes in order to be able to support the frontline workers,” Crabb said Wednesday during IBM‘s ThinkGov digital event, produced by FedScoop. “And for those frontline workers we had to create new ways of interacting,” and the net result is that Americans didn’t really see any drop-off in service.

NASA Chief Human Capital Officer Jane Datta says the coronavirus shutdowns caused the space agency to reconsider what kinds of people it needs for jobs, and where they do those jobs.

“We are really going to leverage what we’ve learned over these last months, in remote work,” Datta said during the IBM event. “Because the more you can have flexibility on geography, and people working from where they are, the greater access to talent we have … as well as plugging people we already have working for NASA into work, wherever that work might be.”

The Postal Service made a few early decisions that spotlighted tech talent as the organization shifted to mass telework, Crabb said. One was creating a “COVID command” for the entire agency, with the CIO Kristin Seaver in charge. Within his own group of about 600 cybersecurity workers, Crabb said he formed a “tiger team” to focus on information security.

“I put some of my up-and-comers on that team, so that they could shine,” he said. “That’s extremely important: finding somebody that can really handle a situation under pressure.”

Going forward, organizations will need to define the “new normal,” Crabb said. Every company will have to decide if it still needs employees working side-by-side.

“We’ve learned a lot of lessons” at the Postal Service, he said. “And the first lesson is that we need to keep our employees safe.”

The post Telework shift presented durable lessons about workforce, USPS and NASA officials say appeared first on FedScoop.

Swalwell’s legislation would only apply to a few activities in the House. Members would be able to participate in committee hearings without having to be in the room, and the measure would “mandate the development of a secure remote voting system” for use only on the noncontroversial legislation that the House does under its “suspension of the rules” calendar.

The Members Operating to Be Innovative and Link Everyone (MOBILE) Resolution, as Swalwell filed it during the previous Congress, has Republican Rep. Rick Crawford of Arkansas as its top co-sponsor. There is no companion bill for the Senate.

“Modern technology belongs in Congress and my resolution would allow Members to not only spend more time with their constituents and their families, but would prove useful for a number of situations, including the public health crisis in which we currently find ourselves,” Swalwell said in a news release.

Several members of Congress have opted to self-quarantine as the U.S., in general, prepares for an increase in cases of the COVID-19 illness caused by a novel coronavirus first identified in China.

The legislation does not specify any particular technology for achieving its goals.

“The ability for Members of Congress to vote remotely if need be has been technologically feasible for decades,” Crawford said in the news release. “The ongoing Coronavirus outbreak underscores the need for Congress to embrace what the 21st Century has to offer.”

Although mobile voting systems for general elections have faced skepticism from cybersecurity experts and some lawmakers, remote votes from just a few hundred lawmakers presumably would be easier to track and validate.

Witnesses for House hearings also would be able to use the remote-participation technology.

The proposal also comes as the House has increased its attention on modernizing the technology it uses to do business. On Tuesday the House passed a resolution to implement the recommendations of the Select Committee on the Modernization of Congress. The newly created panel issued several recommendations last year, including ideas for increasing the tech expertise of members and their staffs, and making it easier for them to test out new technologies in an official capacity.

This is the fourth consecutive Congress during which Swalwell has introduced his resolution. It did not get a vote in the 2017-18 sessions. The House Rules Committee has jurisdiction over the measure.

The post Congressman reminds everyone about potential to do legislative work remotely appeared first on FedScoop.

As the Canada-based subcontractor was helping Salient Crgt, Inc. build the Enterprise Web Solutions (EWS) system from 2014 onward, the department sent the subcontractor thousands of high-level documents and gave workers remote administrative access to the system, the OIG report says. The subcontractor’s employees were “unvetted foreign nationals” who didn’t meet the contract requirements to work for the department, the OIG says.

The OIG says it briefed the department’s acting CIO in April 2019 about the data exposure, and Commerce “incident responders” did take the appropriate steps of reporting the case to the Department of Homeland Security. Commerce officials erred, however, because they didn’t consider another set of criteria that applied to the case.

The department should have considered Office of Management and Budget rules “regarding harm to foreign relations and the national economy that was posed by the release of sensitive trade and foreign relations data to unvetted foreign nationals based in a country with which the U.S. government was negotiating.” At that point, Commerce was part of the negotiations on new North American trade rules that included Canada.

EWS is based at Commerce headquarters in Washington and handles documents such as official correspondence between top officials at the department; notifications that are sent to state and congressional leaders about department grants; and the secretary of Commerce’s briefing book — a repository of resources and information, some of it related to “sensitive issues related to trade and foreign relations.”

The OIG recommendations include additional reviews of who has access to Commerce systems, and reviews of how the department responds to such data exposures in the future.

The department’s acting CIO, André Mendes, responded to the OIG report with a letter saying the Office of the Secretary “generally concurs” with the audit’s findings. The office made suggestions about the draft of the report that it saw during 2019, and those comments are reflected in the final version issued this week, the OIG says.

The briefing documents in question were all from previous Commerce Secretary Penny Pritzker, according to the report.

The post Foreign IT subcontractor had improper access to Commerce system, audit says appeared first on FedScoop.

The acquisition, expected to close by May 1, will strengthen SAIC’s ability to provide “infrastructure modernization, cloud migration, managed services, and enterprise IT-as-a-service,” or EITaaS, according to a news release.

Unisys Federal’s customer list includes more than a dozen military and civilian agencies. Recent contracts include a $76.3 million EITaaS deal with the Air Force, and a $144 million cloud migration project with the National Oceanic and Atmospheric Administration.

“With the addition of Unisys Federal, SAIC will be a leading provider of digital transformation services and solutions to the federal government. This exciting opportunity advances our strategy by building on our modernization capabilities, increasing customer access, accelerating growth and enhancing shareholder value,” said SAIC CEO Nazzic Keene.

SAIC’s federal work includes a $727 million cloud computing contract with the Air Force that recently survived a bid protest.

Based on fiscal 2018 data analyzed by Bloomberg Government, SAIC is the seventh-largest federal IT contractor, with $1.2 billion in obligations. Unisys Corp. was ranked 110th in the wider government contracting market, with $559 million in contracts over the same period.

Unisys Chairman and CEO Peter Altabef said the sale “is a tribute to the unique and attractive business that our U.S. Federal colleagues have built over many years. Under the leadership of Venkatapathi ‘PV’ Puvvada, we have become known as a true innovator in the federal market, leveraging powerful intellectual property and a world-class team. This transaction will allow us to significantly enhance our balance sheet, which will create increased operational flexibility that will ultimately position us to better serve our clients while delivering increased value to investors.”

It’s an all-cash deal for Pennsylvania-based Unisys and SAIC.

The post SAIC adds to IT modernization portfolio with $1.2B acquisition of Unisys Federal appeared first on FedScoop.

The Greater Washington Partnership — a “civic alliance of CEOs” from the corridor that stretches from Baltimore to Richmond, Virginia — says that the backlog isn’t just a headache for companies, as they typically wait more than 200 days for a new hire to get a clearance. The delays are also a drain on the regional economy, the report says.

“Though the Capital Region has a deep and diverse digital tech workforce, the region will not reach its full economic potential if its digital tech and security clearance jobs are left unfilled,” the report says, citing 2018 statistics for job openings and the requirements listed for those positions.

The categories of “systems engineer” and “software development engineer” had the highest numbers of openings that also required a clearance, with about 2,700 each in the Capital Region, the report says.

And the employers in the region with the most openings for cleared workers in 2018 reads like a who’s who of the federal IT community: Booz Allen Hamilton (13,634 postings), ManTech (4,331), General Dynamics (4,028), Leidos (2,046) and Northrop Grumman (1,776). The federal government itself had 2,446 openings.

“Security clearances are by far the most highly requested credential for individuals working in digital tech,” the report says.

It offers succinct explanations for the backlog in background checks: “(1) there is higher demand for cleared workers and consequently more workers need clearances, and (2) there is more for background investigators to investigate because there are more second-generation Americans with family members abroad, more communication activity due to social media, and more global connectivity in general, which leads to longer investigations, as investigators track foreign contacts and any potential illegal online activity.”

The Trump administration has taken direct action on speeding up the process, transferring all background checks that had previously been done by the Office of Personnel Management to the Department of Defense. The Defense Information Systems Agency as well as the renamed agency handling the background checks — the Defense Security Service — already have started issuing contracts for improvements to its systems.

Congress has been trying to work on the issue through legislation such as the House and Senate versions of the fiscal 2020 intelligence authorization bill.

Sen. Mark Warner, D-Va., has pushed his own provisions for overhauling the process, and Rep. Will Hurd, R-Texas — a former CIA officer — said earlier this year that he thinks it should take only a few days.

On average a new hire must wait 422 days to get a Top Secret security clearance and 234 days for a Secret clearance, the director of the National Background Investigations Bureau, Charles Phalen, said this July.

The Greater Washington Partnership says it took input from federal talent acquisition officers, executives at top defense and intelligence contractors and other industry officials from the region.

The post Delays in security clearances hit IT vendors in capital region the hardest, report says appeared first on FedScoop.

As of fiscal 2018, “many federal agencies were often not adequately or effectively implementing their information security policies and practices” under the Federal Information Security Modernization Act of 2014, or FISMA, the report says.

The GAO also says the White House Office of Management and Budget (OMB) is behind on one governmentwide requirement — a report to Congress on FISMA compliance for fiscal 2019.

The report is the latest update from GAO on cybersecurity issues covered in its famous High Risk List. Individual agencies have drawn their own dedicated reports in recent months, including the Census Bureau and the Internal Revenue Service. Governmentwide, the GAO recently examined how agencies are handling legacy IT systems.

The latest study looked at 16 “randomly selected” agencies, including 12 covered by the management rules of the 1990 CFO Act and four smaller ones. Most were meeting FISMA’s goals for security training, incident response and taking remedial actions. The group was less successful in implementing periodic risk assessments; periodic testing and evaluation of controls; and preparations for continuity of operations. Only four of the 16 complied with FISMA’s call for “subordinate plans for providing security” — for example, plans for individual networks or facilities.

The GAO also called out the 24 CFO Act agencies, in general, for failing to meet FISMA’s requirement for agencywide information security programs. Only six had them.

The bright spot in the report comes from the agencies responsible for helping direct federal cybersecurity. OMB, the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) are “generally implementing” their requirements under FISMA, the report says, “including issuing guidance and implementing programs that are intended to improve agencies’ information security.”

The survey of 16 agencies examined FISMA compliance at the departments of Agriculture, Commerce, Education, Housing and Urban Development, Justice, Labor, State, and the Treasury, as well as the EPA; Federal Communications Commission; Federal Retirement Thrift Investment Board; Merit Systems Protection Board; NASA; Presidio Trust; Small Business Administration; and the Social Security Administration.

The post GAO reminds agencies of FISMA requirements, says OMB report is overdue appeared first on FedScoop.

The post Federal Acquisition Service has fixed IT pricing problems found in 2016 audit, report says appeared first on FedScoop.