Jacob Toukhy —  who had worked for USAID for more than two decades and was described by local media as an Arab Muslim who volunteered with the Israeli ambulance service — was shot during a traffic dispute by an off-duty Israeli police officer, who has since been arrested, according to reports. The killing in Jaffa, a city along Israel’s central coast, was caught on video.

USAID’s response to the incident raises questions about policies regarding devices obtained by foreign police forces and governments, particularly during criminal investigations, and in times of heightened tensions and during war. USAID policy states that devices with sensitive information that are no longer in organizational control should be sanitized, but FedScoop was unable to identify a specific policy for situations in which another country’s law enforcement comes to possess a U.S. government device. 

A former USAID employee told FedScoop that the known protocol at the agency is to immediately report lost devices, and that these devices are most likely wiped. The agency did not comment on its protocol for interactions with law enforcement in other countries. Notably, a chapter on Information Systems Security in the USAID Automated Directives System — a guide for the agency’s operations and programs — includes details on USAID’s “electronic media sanitization standards,” which state that any information system storage media containing sensitive information must be “sanitize[d]” prior to “release out of organizational control.”  It’s not clear under what category this situation would have fallen or if any portion of the ADS would have applied. 

The emails viewed by FedScoop indicate that, as part of the ongoing investigation, both Toukhy’s personal and official phones were with the Israeli police. The document also suggests that the State Department’s Regional Security Office was involved in the investigation. 

“We are devastated by the death of our colleague and friend Jacob Toukhy, who was fatally shot and killed in Jaffa by an off-duty police officer,” a spokesperson for USAID said in a statement to FedScoop. “The U.S. Embassy in Israel and USAID have long-established relationships with Israeli law enforcement and are in contact with them regarding their investigation into his death. Due to the ongoing investigation, we cannot comment on specifics.”

USAID did not answer a series of questions from FedScoop about the procedure for these kinds of situations. The State Department did not respond to FedScoop’s questions. A request for comment sent to a fundraiser to honor Toukhy’s life did not receive a response. 

Dolev Ben Shetrit, a spokesperson for Israel’s Department of Internal Police Investigations, told FedScoop that the DIPI did not have Toukhy’s device, but did not clarify if another component of Israeli law enforcement did or if DIPI previously had Toukhy’s iPhone. 

“The investigation in question has been concluded,” Shetrit said. “Therefore, in the upcoming days, the Department of Internal Police Investigations in the Office of the State Attorney will review the findings of the investigation in order to decide if there is sufficient evidence to file an indictment against the police officer in question. The mobile phone or any other digital possesions [sic] of the late Jacob Toukhy are not in possession of the Internal Police Investigations.”

In April, the U.S. Embassy in Jerusalem said in a statement that it was “heartbroken to report that one of our own, Jacob Toukhy, was tragically killed last night in Jaffa,” adding that “Jacob was a valued member of our embassy community for over two decades.” A video honoring him was also shared by the embassy. Jack Lew, the American ambassador to Israel, said that Toukhy “was known by his colleagues as someone who was infinitely kind and compassionate, wholeheartedly dedicated to making the world a better place.”

Local media reported that there was a protest focused on delays by Israeli police in moving Toukhy’s body, citing Muslim burial practices.

The post USAID requested delay on wiping device of agency employee killed in Israel by off-duty cop appeared first on FedScoop.

According to a consumer data breach notice filed with the Maine attorney general’s office, the attack was described as an “external system breach” and “hacking” that impacted more than 6,000 people. The alert came after the company discovered “anomalous activity in its email environment” on July 12, 2021, also according to a filing with New Hampshire’s attorney general. 

That notice said that either an “unauthorized” actor or actors obtained access to company email accounts between March 2 and July 13 of that year — though Chemonics couldn’t identify the specific emails that were impacted, the company said in the disclosure. “The investigation also found no conclusive evidence of data exfiltration, and we have no evidence of actual or attempted misuse of personal information,” the notice stated.

The extent to which different types of information were released is unclear. The Maine notification said that driver’s license numbers and non-driver identification card numbers were released. The New Hampshire notice said that emails with individuals’ names and social security numbers were revealed in the breach — though “financial account information without corresponding access codes” was also included in some emails. The legal website JD Supra wrote that “access credential information” was also accessed, but the author did not respond to FedScoop’s request regarding the source of that information. 

Chemonics isn’t answering questions about what steps it’s taken to address the potential impact of the event on USAID, which the company works with in myriad partner countries. Nor did the company address whether it reported the incident to the Cybersecurity and Infrastructure Security Agency, the type of information impacted, or whether it has suffered any other breaches. 

“We are continually adapting and updating our cybersecurity policies and procedures to ensure we are current with the ever-evolving cyber threat landscape that impacts us all,” a Chemonics spokesperson said in response to a series of questions from FedScoop. “While we cannot comment on any specific cybersecurity incident, we are committed to safeguarding all data entrusted to us.” 

The spokesperson continued: “It is our practice to work transparently and proactively with our staff, clients, and partner organizations who may be affected by any potential incident, including complying with applicable laws. Cybersecurity continues to be a priority focus for Chemonics as we seek to achieve meaningful development impact in complex contexts around the world.”

Turke & Strauss, a law firm specializing in data breaches, states on its website that it’s investigating the company over the incident. The firm declined to discuss their work on the topic.

Notably, Chemonics appears to have had three chief information security officers in the past three years, though the company did not answer FedScoop’s question about whether anyone held the position before October 2021, when an individual on LinkedIn said that they started the position. The data breach notifications written in 2021 came from Pete Souza, who was described at the time as the director of cybersecurity, infrastructure, and system administration at Chemonics.

Those impacted were provided identity theft protection from the company, as well as active credit monitoring, per the disclosures. Notices for residents of states including Vermont, Montana, Massachusetts, and other states are available online. 

In regard to the incident, CISA referred FedScoop to Chemonics. So did a USAID spokesperson, who only added the following: “USAID takes the security and confidentiality of all our partners very seriously. Strong cybersecurity practices and policies are critical to the success of USAID and its partners. “

Back in May 2021, the Russian-backed group Midnight Blizzard, which was previously called Nobelium, orchestrated a cyberattack by impersonating USAID through its Constant Contact email marketing service to send “malicious links” to organizations that worked with the agency. Chemonics did not address whether this breach was related to Midnight Blizzard or that particular incident. 

The post A major USAID contractor said it was hacked in 2021. It’s still not sharing details appeared first on FedScoop.

While many of these actions are still preliminary, growing focus on the technology signals that federal officials expect to not only govern but eventually use generative AI. 

A majority of the civilian federal agencies that fall under the Chief Financial Officers Act have either created guidance, implemented a policy, or temporarily blocked the technology, according to a FedScoop analysis based on public records requests and inquiries to officials. The approaches vary, highlighting that different sectors of the federal government face unique risks — and unique opportunities — when it comes to generative AI. 

As of now, several agencies, including the Social Security Administration, the Department of Energy, and Veterans Affairs, have taken steps to block the technology on their systems. Some, including NASA, have or are working on establishing secure testing environments to evaluate generative AI systems. The Agriculture Department has even set up a board to review potential generative AI use cases within the agency. 

Some agencies, including the U.S. Agency for International Development, have discouraged employees from inputting private information into generative AI systems. Meanwhile, several agencies, including Energy and the Department of Homeland Security, are working on generative AI projects. 

The Departments of Commerce, Housing and Urban Development, Transportation, and Treasury did not respond to requests for comment, so their approach to the technology remains unclear. Other agencies, including the Small Business Administration, referenced their work on AI but did not specifically address FedScoop’s questions about guidance, while the Office of Personnel Management said it was still working on guidance. The Department of Labor didn’t respond to FedScoop’s questions about generative AI. FedScoop obtained details about the policies of Agriculture, USAID, and Interior through public records requests. 

The Biden administration’s recent executive order on artificial intelligence discourages agencies from outright banning the technology. Instead, agencies are encouraged to limit access to the tools as necessary and create guidelines for various use cases. Federal agencies are also supposed to focus on developing “appropriate terms of service with vendors,” protecting data, and “deploying other measures to prevent misuse of Federal Government information in generative AI.”

Agency policies on generative AI differ

The post How risky is ChatGPT? Depends which federal agency you ask appeared first on FedScoop.

Federal agencies have started crafting and solidifying their strategies for generative AI. Still, their approaches have varied. The Social Security Administration has temporarily banned the technology on its devices, while the Agriculture Department determined that ChatGPT’s risk was “high” and established a board to review potential generative AI use cases. NASA, which is using a version of OpenAI software provided through the Microsoft Azure cloud system, has set up a secure testing environment to study the technology.

Notably, the White House’s recent executive order on artificial intelligence discouraged agencies from outright forbidding the technology. 

The USAID memo, which FedScoop obtained through a public records request, was sent by an official within the agency’s Office of the Chief Information Officer and titled “Usage of ChatGPT and Large Language Models (LLMs).” Its approach appears to mirror that of the General Services Administration, as well as some other agencies, in avoiding an outright ban, though it’s not clear if the agency has made any updates since last year. USAID did not respond to a request for comment.

The general notice stated that “USAID has neither approved nor banned the use of ChatGPT or any LLMs for Agency Use.” For that reason, the memo explained, only information that is already public should be entered in these tools — and any content created with their help should be “referenced as output” from a large language model. 

“Artificial Intelligence (AI) and LLMs are powerful tools with enormous value, but the Agency should exercise a degree of caution in their use as their reliability, accuracy and trustworthiness are not proven,” the memo stated. “Additionally, LLMs have not demonstrated their compliance with Federal and USAID security requirements, provided transparency around the data collected, and addressed the resulting Privacy and Records Management implications.” 

USAID has released an action plan related to artificial intelligence, and the agency’s responsible AI official appears to have spoken about how generative AI tools can be used by the government. 

Still, a data governance page for the agency notes that “emerging technologies such as generative AI raise new questions around data ownership, the ethical use of data, and intellectual property rights, among others,” and USAID’s public list of AI use cases does not appear to include any generative AI applications. 

Madison Alder contributed to this article. 

The post USAID warned employees not to share private data on ChatGPT, memo shows appeared first on FedScoop.

The Department of Agriculture, the National Science Foundation and the Small Business Administration all hit OMB’s August 2023 deadline to reach advanced (tier 3) status for logging, meaning the agencies are fully compliant with requirements for implementation, centralized access and log categories.

Agriculture and SBA officials told GAO that they were able to meet the logging due date thanks to internal efforts that preceded OMB’s August 2021 memo. An NSF official, meanwhile, credited “close coordination and enhanced licensing with its security incident and event management provider” for its timely compliance.

While Agriculture, NSF and SBA are outliers, the GAO report noted that all CFO Act agencies have made progress on the incident response requirements. Still, it’s critical that the 20 agencies that haven’t yet reached advanced levels do so quickly, the report emphasizes.

“Until the agencies implement all event logging requirements, the federal government’s ability to fully detect, investigate, and remediate cyber threats will be constrained,” the GAO report stated.

As of August 2023, the GAO reported that none of the remaining agencies were at intermediate (tier 2) levels on logging, while three — the General Services Administration, the Social Security Administration and USAID — had achieved basic (tier 1) status. USAID said in an email to FedScoop that it has since reached intermediate status, and told the GAO that it should be fully compliant by the end of this year. One unnamed agency is on the same timeline as USAID, while another said it would complete its requirements sometime in fiscal 2024.

Of the remaining 17 agencies in the not effective (0) logging tier, seven said they would reach advanced logging status within the fiscal 2024-2026 timeframe, and 10 did not share an updated timeline for completing the requirements.

GAO reported three primary impediments cited by agencies who have so far fallen short of the ability to “fully prepare to respond to cybersecurity incidents”: lack of staff, event logging technical challenges and limitations in cyber threat information sharing.

“Federal entities have ongoing efforts that can assist in addressing these challenges,” the GAO report said. “These efforts include onsite cyber incident response assistance from [the Cybersecurity and Infrastructure Security Agency], event logging workshops and guidance, and enhancements to a cyber threat information sharing platform.”

Federal IT officials have also cited a lack of funding as a barrier to fully meeting logging benchmarks. Paul Blahusch, the Department of Labor’s chief information security officer, said during Scoop News Group’s CyberTalks event last month that addressing enhanced logging standards had been challenging due to the fact that it was “potentially going to cost us quite a bit of money” and the agency hadn’t received any additional appropriations for the work. 

GAO noted two long-term efforts tied to the logging issue that should be rolled out in fiscal 2024: the implementation of the National Workforce and Education Strategy and a new threat intelligence platform from CISA. 

The watchdog also delivered 20 recommendations to 19 agencies, 16 of which agreed with the new instructions.

“Until agencies implement all event logging requirements outlined in OMB guidance, there is increased risk that they will not have complete information on their efforts to detect, investigate, and remediate cyber threats,” GAO said. “Moreover, the federal government as a whole may lack critical information and insights for identifying potentially significant cyber threats.”

This story was updated Dec. 8 with new information on USAID’s logging progress.

The post Only 3 agencies have hit deadline for cyber event logging standards, GAO finds appeared first on FedScoop.

Testifying before the House Oversight Subcommittee on Government Operations and the Federal Workforce, the agency officials touted increased rates of in-person work while also pushing for sustained telework flexibility to ensure continuity of services.

“Regardless of where our employees are located, they are working,” said Oren “Hank” McKnelly, executive counselor at the Social Security Administration. “Telework is not one size fits all.”

While many Democrats on the subcommittee made the case that operating under the specter of a government shutdown is an actual hindrance to agency outputs, several Republicans used their time to question whether telework compromised worker productivity. 

Rep. Byron Donalds, R-Fla., zeroed in on increased SSA processing and response times, which McKnelly attributed in part to “historic” attrition levels during the pandemic. 

Rep. Lauren Boebert, R-Colo., meanwhile, prodded McKnelly on “unsatisfactory” services from “delinquent” SSA employees allowed to “sit on their sofas” and work from home. 

McKnelly responded that application and processing backlogs are due in part to underfunding, and the fact that SSA saw an “increase of over 8 million beneficiaries over the last 10 years. At the same time, we experienced the lowest work staffing levels at the end of FY22,” he said. “That’s a math problem.”

Other Republicans were slightly less bearish on telework among federal employees. Rep. Clay Higgins, R-La., mused that while remote work “certainly has its place” in the federal government, “as we approach the quantum era, you’re one step away from being replaced by AI.” 

Rep. Chuck Edwards, R-N.C., said he “could be convinced” on telework’s benefits but that he wants “to make the case to the American taxpayer. It’s real easy to talk hypothetically and say we’ll be able to spend less money to get people into D.C., but that really doesn’t mean a whole lot unless we can quantify that.”

Jeremy Pelter, deputy assistant secretary for administration at the Commerce Department, pointed to a decrease in transit costs — particularly with regard to subsidized public transportation benefits for Washington-area workers — as one calculable cost-saving measure. And McKnelly noted that on SSA property alone, $60 million has been saved in lease cost avoidance over the past decade, with another $35 million projected over the next four years.

“I believe the hybrid work environment does allow us to optimize space,” he said. “And in certain cases, we can redirect those savings into serving more people.” 

USAID is better equipped to serve its global mission thanks to telework, according to Kathryn Stevens, the agency’s acting chief human capital officer. The international development agency has people working across time zones in 80 countries, she said. 

At the Department of Health and Human Services, meanwhile, the time it takes to hire new staff has decreased by 22 percent over the past year, noted Bob Leavitt, the agency’s deputy assistant secretary of human resources and chief human capital officer. Remote work has also enabled the agency to boost its hiring of military spouses by 39 percent.

“Even if their family moves to another duty station, we are able to sustain and retain that employee,” Leavitt said. “That is one way we are helping save military families and also employing and working with folks across the country where the talent is.” 

Chair Pete Sessions, R-Texas, said that subcommittee staff will send a letter to the four agency representatives in the next few days, asking for additional data and information on telework policies as requested by members. The agencies must respond within 15 days. 

In closing, Sessions said he’s in agreement with ranking member Kweisi Mfume, D-Md., that “the overwhelming view of effectiveness and efficiency should be how we’re looking at what the agencies are trying to do” when it comes to telework.

The post Federal officials state their case for continued telework during House Oversight hearing appeared first on FedScoop.

According to principles outlined in the strategy, the goal is to use geospatial data and tools to support decision-making, promote innovation, advance USAID’s global leadership and promote equity. The strategy’s objectives also include increasing access to geospatial tools and systems within the agency and integrating them into its practices and policies. 

“We have seen the power of geospatial technology to make USAID’s humanitarian and development assistance more effective — from creating interactive maps and dashboards to inform disaster response to using satellite imagery to analyze climate impacts,” USAID Administrator Samantha Power said in a statement. “Analysis of geospatial data allows us to uncover insights about local needs, make more informed decisions, and better target life-saving assistance.”

The agency currently uses three main forms of geospatial data: activity location data, geographically disaggregated indicator data and thematic data.

The strategy notes that the use of geospatial data can come with challenges, including privacy risks, the potential to exclude already marginalized groups, the perpetuation of bias and the spread of misinformation in open mapping systems. 

The post USAID unveils geospatial strategy to expand agency’s use of data and tools appeared first on FedScoop.

“These will aid the Office of the Prosecutor General to document the more than 115,000 instances of destroyed civilian infrastructure, and evidence of human rights abuses on frontline communities and liberated territories,” USAID said in a written statement.

The drones were donated by a U.S. manufacturer Skydio and delivered to Ukraine by USAID to support accountability and documentation of war crimes, the agency said. Each drone is equipped with 4K cameras used to take photos and video. 

The donation is one of several ongoing USAID initiatives to assist Ukraine. 

The agency has been a part of joint war crimes documentation visits with Ukraine’s Office of the Ombudsman for Human Rights and supported two Ukrainian human rights coalitions that “have documented more than 40,000 incidents of Russia’s war crimes since February 24, 2022,” the USAID said.

USAID also previously delivered other donations from U.S. companies to Ukraine, including Starlink data terminals from SpaceX, and laptops and software for schools from HP Inc. and Microsoft. 

While the donated drones will be used for documentation evidence collection, drones have also been important in military operations for the war in Ukraine. 

The country, for example, launched an “Army of Drones” project to procure a fleet of unmanned reconnaissance drones for the Ukrainian military through fundraising and donations. On a webpage for the project, the nonprofit Ukrainian World Congress calls drones “vital equipment that Ukraine’s defenders need in order to fight off the Russian invasion.”

The post USAID delivers drones to Ukraine to help document war crimes appeared first on FedScoop.

According to a press release issued by the tech services and consulting firm, it will support the Office of the Chief Information Officer, within USAID’s Bureau for Management, and the contract has a 10-year performance period.

Commenting on the contract award, Accenture Federal Services Managing Director and USAID Client Lead John Roche said: “This contract award marks Accenture Federal Services’ first prime contract with USAID. We are thrilled to be tapped to lead this critical initiative for the Agency.”

“We look forward to delivering innovative, cost-effective solutions that protect the integrity, confidentiality, and accountability of the Agency’s information assets,” he added.

The award is the latest federal IT contract win for Accenture in recent months. Last month, the company was awarded, along with federal contractor Maximus, a spot on the Internal Revenue Service’s Enterprise Development, Operations Development IT modernization contract vehicle.

This came after the company in March was awarded an IT infrastructure operations and modernization contract worth $380 million by the U.S. Customs and Border Protection agency. That contract was awarded as a task order through the General Services Administration’s Alliant 2 governmentwide acquisition contract vehicle.

The post USAID awards Accenture $329M information assurance and privacy contract appeared first on FedScoop.

Speaking at an event Tuesday focused on Ukraine’s Diia application, Samantha Power said the app, which is used by about 19 million Ukrainians, helped to allay lawmakers’ concerns because of the unprecedented transparency it provides on how aid funding is spent.

Diia is a so-called “super-app,” which allows Ukrainian citizens to access services ranging from filing taxes and registering marriages to reporting damage caused by Russian missiles from their smartphones.

“One of the things Congress has given USAID since this full-scale invasion began is an unprecedented amount money in direct budget support, which sounds kind of obvious – of course we want to do that we want to stand with Ukraine – but [this kind of investment is] totally unprecedented,” Power said.

She added: “I don’t know if we could have gotten that money out of Congress, if not for Diia. What Diia allows us to do is that direct budget support goes yes to the Ukrainian government but then it goes to pay teachers, to pay health care workers, to pay first responders. And there’s a digital trail. It’s not, you know, some official deciding this or that. It is going directly into the bank accounts in a manner that would have been untraceable in a prior regime.”

Since the invasion of Ukraine in February 2022, the U.S. government has provided over $20 billion in development and humanitarian assistance to the country through USAID.

Diia, which was first established as a prototype in 2016 and launched in its current form in 2020, allows Ukrainians to access a wide array of government services from their smartphones. In addition to the digital civic services it enables, it also allows the Ukrainian government to make direct tax transfers to citizens securely.

Ukraine also expanded the app’s use cases for since the Russian invasion to include a service for reporting any recorded movements of Russian Federal tanks and troops. Diia also has a portal through which Ukrainian citizens can report damage to homes and buildings, allowing the government to provide swift reimbursement for reconstruction work.  

Officials say that such technology has helped to stamp out corruption in major sectors by disintermediating government officials where possible.

Speaking alongside Power at the launch event, Ukrainian Deputy Prime Minister and Minister for Digital Innovation Fedorov said: “[W]hat we are focused on right now – our task – is to remove the role of human agency in those services where corruption risks are the highest. What we are trying to accomplish is that information that needs to be verified and shared in the registries is done automatically without human involvement.” 

Fedorov added: “So, when an individual wants to start a construction [project[ and they file an application for a permit, registries automatically verify — one registry talks to another registry to see if there are any restrictions imposed for certain construction. So it’s impossible that there will be a subjective decision of an official to say: ‘I’m not going to allow this.’ The principle of our work is all services are launched automatically. You can always arrange it in such a way so that the human factor can be minimized.”

Editor’s note, 5/25/23: This story was updated to clarify that the U.S. government has provided more than $20 billion in support to Ukraine through USAID since February 2022.

The post USAID administrator: E-gov app played key role in securing funds for Ukraine appeared first on FedScoop.