In a May memorandum, GSA announced that beginning June 8, the agency would start collecting information for new contracts of all sizes — including “micropurchases” — from software offerers and contractors. That information would attest to government-specified secure software development practices.

Nick Mistry, the chief information security officer for Lineaje, a software supply chain security management company, said in an interview with FedScoop that he believes GSA’s June 8 start for the new guidance is “a really good thing for both the industry and government.”

The self-attestation requirements “will obviously add another step in the process, but it’s a very necessary step,” Mistry said. “Will there be a period of confusion where people don’t know exactly what’s required, both on the government side as well as industry side? But I think those things will just shake out over time. I think the net benefit is all positive.”

A GSA spokesperson said in an email to FedScoop that the agency “held multiple industry listening sessions before crafting our implementation of OMB memos M-22-18 and M-23-16. GSA took feedback from these sessions into consideration while also ensuring we met the deadlines in the OMB memoranda.”

The spokesperson noted that the agency “met the deadline for implementation to best support our customer agencies” and integrated the self-attestation form into its existing IT standards process to make attesting “as frictionless as possible” for the GSA’s vendors. 

The GSA  is encouraging software vendors to create an account on the Cybersecurity and Infrastructure Security Agency’s repository website, the spokesperson added.

In March, CISA released the Secure Software Development Attestation Form, which required the companies that manufacture software used by the federal government to “attest to the adoption of secure development practices.” That form could either be submitted to a repository or emailed to the relevant agency. 

GSA noted in its May memorandum that while the agency already had a requirement for its IT department to “approve software before it could be acquired and used,” the OMB memo mandated the department to update “how it collects, reviews, retains and monitors industry attestation information.”

The post For GSA, a new step to secure the software acquisition process begins appeared first on FedScoop.

The congressional watchdog noted in its release that the VA has implemented six of its 29 open priority recommendations, including the deployment of an automated data tool used to improve acquisition workforce records and taking steps to modernize the agency’s performance management system across the Veterans Health Administration. 

Assessing software licenses, however, is something that the VA needs to address, per the watchdog. In January, the GAO issued a report on software licenses throughout the federal government,  noting that the VA had neglected to regularly compare software license inventories that are currently used with purchase records. 

In the new priority recommendations, GAO noted that the federal government spends more than $100 billion yearly on cyber and IT-related investments. 

“Until VA implements this priority recommendation and consistently tracks and compares its inventories of software licenses to with known purchases, it is likely to miss opportunities to reduce costs on duplicative or unnecessary licenses,” the report states. 

Other high-risk governmentwide areas that could impact the VA, according to the GAO, are “improving the management of IT acquisitions and operations” and “ensuring the cybersecurity of the nation.”

Charles Worthington, the VA’s chief AI and technology officer, said in a recent interview with FedScoop that he believes the VA’s technical infrastructure “is actually on pretty good footing,” pointing to the agency’s migration to the cloud and using commercial products in the software-as-a-service model, “where it makes sense.”

Other priority recommendations from the GAO cover the VA’s electronic health records (EHR) modernization program, including one that directs the agency to implement “leading practices for change management.” The other nine involve evaluating whether the system is “operationally suitable and effective” to ensure that the system satisfies customer needs, establishing “user satisfaction targets” to protect patients’ health and safety from unnecessary risks, and validating that future systems are not deployed too early. 

“Implementing these … recommendations would also help solve existing problems with the system,” the GAO stated.

The post VA software license assessments called out in GAO recommendations appeared first on FedScoop.

Mangala Kuppa, who took over as DOL’s chief AI officer this week after previously serving as its deputy CAIO, believes the agency has even more to be confident about when it comes to its work on the technology, possessing a “leg up” on scaling AI quickly.

In an interview with FedScoop, Kuppa pointed to DOL’s previous efforts to modernize internal operations and customer-facing services as part of the department’s journey to implement emerging technologies like AI. Having foundational building blocks and existing infrastructure, along with existing AI applications, has made it “easier” for the agency to scale up, she said. 

“It’s not a ‘big bang’ approach,” said Kuppa, who also serves as DOL’s chief technology officer. “Another aspect that we take very seriously in modernizing is [to] take this opportunity to not just update the technology, but also take this opportunity to re-engineer the business process to help the public.” 

Kuppa pointed to an internal shared services initiative that designated the agency’s Office of the Chief Information Officer to be a “shared services provider for all Departmental IT services.”  That process, Kuppa said, has allowed the department to keep an inventory of all systems and technologies and understand where the legacy systems or opportunities for improvement might exist.

“Using that methodology, we’ve been looking at all high-risk systems, because maybe the technology is very legacy and outdated,” Kuppa said. “We’ve been using that methodology to start those modernization initiatives.”

By considering the age of the technology, the operations burden, security vulnerabilities, regulation compliance and other parameters, DOL came up with a methodology that scores each mission system to determine if it is a candidate for modernization. The agency then looks at the scores on a consistent basis and revises based on new information that becomes available.

These systems can be major: the DOL’s Employment and Training Administration, for example, which provides labor certifications when a company files for hiring an immigrant workforce, was scored for modernization.

“Being an immigrant, I wasn’t aware DOL had a hand in my immigration journey there,” Kuppa said. 

The Technology Modernization Fund has played an “instrumental” role in the department “finding the resources to modernize,” Kuppa said.

She gave the example of using TMF funds to expedite temporary visa applications, which is expected to save 45 days of cycle time for processing labor certification applications.

According to a case study on the TMF site, that project contributed to $1.9 million in annual cost savings, and a key part of the innovation allowed the application forms to auto-populate with the previous year’s information.

“Usually all immigrants eventually start filing for permanent visa applications,” Kuppa said. “Again, you have to repeat the process of labor certification, and so we had two different systems not communicating with each other.”

For Kuppa, modernization is ultimately an exercise in reimagining where new technologies can ultimately be most helpful.

“We have great partnership, we work very closely with our programs and then we have these dialogues every day, in terms of the system’s development lifecycle,” she said. “And that’s how we approach modernization.”

The post Labor Department has ‘a leg up’ on artificial intelligence, new CAIO says appeared first on FedScoop.

In an interview with FedScoop, Charles Worthington, the VA’s CAIO and CTO, said the agency is engaged in targeted hiring for AI experts while also sustaining its existing modernization efforts. “I wish we could do more,” he said.

While Worthington wrestles with the proposed fiscal year 2025 funding reductions, the VA’s Office of Information and Technology also finds itself in the legislative crosshairs over modernization system upgrades, a supposed lack of AI disclosures and inadequate tech contractor sanctions and ongoing scrutiny over its electronic health record modernization initiative with Oracle Cerner. 

Worthington spoke to FedScoop about the VA’s embrace of AI, the status of its modernization push, how it is handling budget uncertainty and more.

Editor’s note: The transcript has been edited for clarity and length. 

FedScoop: I know that you’ve started your role as the chief AI officer at the Department of Veterans Affairs. And I wanted to circle back on some stuff that we’ve seen the VA engaged with this past year. The Office of Information and Technology has appeared before Congress, where legislators have voiced their concerns for AI disclosures, inadequate contractor sanctions, budgetary pitfalls in the fiscal year 2025 budget for VA OIT and the supply chain system upgrade. What is your response to them?

Charles Worthington: I think AI represents a really big opportunity for the VA and for every agency, because it really changes what our computing systems are going to be capable of. So I think we’re all going to have to work through what that means for our existing systems over the coming years, but I think really there’s hardly any part of VA’s software infrastructure that’s going to be untouched by this change in how computer systems work and what they’re capable of. So I think it’s obviously gonna be a big focus for us and for Congress over the next couple of years. 

FS: I want to take a step back and focus on the foundational infrastructure challenges that the VA has been facing. Do you attribute that to the emerging technologies’ need for more advanced computing power? What does that look like?

CW: I think overall, VA’s technical infrastructure is actually on a pretty good footing. We’ve spent a lot of time in the past 10 years with the migration to the cloud and with really leaning into using a lot of leading commercial products in the software-as-a-service model where that makes sense. So, by and large, I think we’ve done a good job of bringing our systems up to standard. I think it’s always a challenge in the VA and in government to balance the priorities of modernization and taking advantage of new capabilities with the priorities of running everything that you already have.

One of the unique challenges of this moment in time is that almost every aspect of the VA’s operations depends on technology in some way. There’s just a lot of stuff to maintain; I think we have nearly a thousand systems in operations. And then obviously, with something like AI, there’s a lot of new ideas about how we could do even more [to] use technology and even more ways to further our mission. 

FS: In light of these voiced concerns from legislators, as you progress into your role of chief AI officer, how do you anticipate the agency will be able to use emerging technologies like AI to its fullest extent?

CW: I think there’s really two priorities that we have with AI right now. One is, this represents an enormous opportunity to deliver services more effectively and provide great technology services to the VA staff, because these systems are so powerful and can do so many new things. One priority is to take advantage of these technologies, really to make sure that our operations are running as effectively as possible. 

On the other hand, I think this is such a new technology category that a lot of the existing processes we have around technology governance in government don’t apply in exactly the same ways to artificial intelligence. So in a lot of ways, there are novel concerns that AI brings. … With an AI system that is, instead, taking those inputs and then generating a best guess or generating some piece of content, the way that we need to make sure that those systems are working effectively, those are still being developed. At the same time, as we’re trying to take advantage of these new capabilities, we’re also trying to build a framework that will allow us to safely use and deploy these solutions to make sure that we’re upholding the trust that veterans put in us to manage their data securely. 

FS: In what ways is the agency prioritizing AI requirements, especially from the artificial intelligence executive order that we saw last October, and maintaining a competitive edge with the knowledge that the fiscal year 2025 budget has seen a significant clawback of funds?

CW: We are investing a lot in standing up, I would say, the AI operations and governance. We have four main priorities that we’re focused on right now. One is setting up that policy framework and the governance framework for how we’re going to manage these. We have already convened our first AI governance council meeting — we’ve actually had two of them — where we’re starting to discuss how the agency is going to approach managing our inventory of AI use cases and the policies that we’ll use. 

The second priority is really focused on our workforce. We need to make sure that our VA staff have the knowledge and the skills they need to be able to use these solutions effectively and understand what they’re capable of and also their limitations. We need to be able to bring in the right sort of talent to be able to buy and build these sorts of solutions. 

Third, we’re working on our infrastructure [to] make sure that we have the technical infrastructure in place for VA to actually either build or, in some cases, just buy and run AI solutions. 

Then, finally, we have a set of high-priority use cases that we’re really leaning into. This was one of the things that was specifically called out to the VA in the executive order, which was basically to run a couple of pilots — we call them tech sprints — on AI.

FS: I would definitely love to hear some insights from you personally about some challenges you’re anticipating with artificial intelligence, especially as you’ve referenced that the VA has already been using AI.

CW: I think one of the challenges right now is that most of the AI use cases are built in a very separate way from the rest of our computing systems. So if you take a predictive model, it maybe takes a set of inputs and then generates a prediction, which is typically a number. But how do you actually integrate that prediction into a system that somebody’s already using is a challenge that we see, I think, with most of these systems.

In my opinion, integrating AI with more traditional types of software is going to be one of the biggest challenges of the next 10 years. VA has got over a thousand systems and to really leverage these tools effectively, you’d ideally like to see these capabilities integrated tightly with those systems so that it’s all kind of one workflow, and it appears naturally as a way that can assist the person with the task they’re trying to achieve, as opposed to something that’s in a different window that they’ve got to flip back and forth between. 

I feel like right now, we’re in that awkward stage where most of these tools are a different window … where there’s a lot of flipping back and forth between tools and figuring out how best to integrate those AI tools with the more traditional systems. I think that’s just kind of a relatively unfigured-out problem. Especially, if you think of a place like VA, where we have a lot of legacy systems, things that have been built over the past number of decades, oftentimes updating those is not the easiest thing. So I think it really speaks to the importance of modernizing our software systems to make them easier to change, more flexible, so that we can add things like AI or just other enhancements.

The post VA’s technical infrastructure is ‘on pretty good footing,’ CAIO and CTO says appeared first on FedScoop.

In a Thursday posting in the Federal Register, the Office of Science and Technology Policy said it is seeking information for the development of the Federal Evidence Agenda on Disability Equity. OSTP’s questions to the public pertain to informing data collection and public access, describing disparities as well as privacy, security and civil rights. 

Specific questions include the type of framework for “defining and measuring disability” or other considerations of which the Disability Data Interagency Working Group (DDIWG) within OSTP’s National Science and Technology Council Subcommittee on Equitable Data (SED) should be aware. The office also seeks to understand “what disparities faced by individuals with disabilities are not well-understood through existing federal statistics and data collection,” according to the posting. 

The notice also states: “Though previous work by the SED has identified how privacy, confidentiality and civil rights practices apply to other marginalized groups, OSTP seeks input on privacy, confidentiality and civil rights considerations that are unique to the disability community and/or are experienced differently by individuals with disabilities.”

OSTP’s RFI follows the Biden administration’s 2023 executive order on advancing racial equity and support for underserved communities through the federal government, which directed SED to “coordinate implementation of recommendations” from the Equitable Data Working Group. 

OSTP did not immediately respond to a request for comment.

The post OSTP requests information for data-focused agenda on disability equity appeared first on FedScoop.

Scott Flanders, who will assume the permanent CIO position Sunday, is charged with managing and employing technology to enhance “information access and strengthen agency performance,” the NRC’s release states. Additionally, Flanders’s office is also charged with overseeing cyber and information security, data management, artificial intelligence and more.

Flanders “has risen through the ranks at the NRC over many years and has been an outstanding member of the senior executive service since 2004,” Raymond Furstenau, NRC’s acting executive director for operations, said in the release. “His experience with the government’s use of information technology and his deep understanding of the NRC mission will help the agency navigate the challenges of the future.”

As deputy CIO, Flanders “planned, directed and oversaw resources” to ensure IT and information management systems’ delivery to support the agency’s goals and priorities, the NRC said. 

Flanders joined the NRC in 1991 as a reactor engineer intern, and later served in the agency’s Office of Nuclear Material Safety and Safeguards’ Division of Site Safety and Environmental Analysis and in the Office of New Reactors as the director, according to CIO.gov. Additionally, he served as the deputy director of the Division of Waste Management and Environment Review in the ONMSS.

Flanders takes over as NRC’s permanent IT chief  amid an internal push on artificial intelligence. A staff letter sent earlier this month recommended the agency follow an AI framework that outlines AI governance, hiring new talent, upskilling existing workers, maturing the commission’s data management program and allocating resources to support AI integration into IT infrastructure.

The post Nuclear Regulatory Commission names permanent CIO appeared first on FedScoop.

In the letter, shared exclusively with FedScoop, Sen. Mark Warner, D-Va., urged the LOC’s copyright office to expand an existing “good-faith security research exemption” to include research that exists outside of traditional security concerns, such as bias, arguing that it would be the best path for ensuring a “robust security ecosystem” for tools such as generative AI. 

The letter from Warner, co-chair of the Senate Cybersecurity Caucus, is in response to a petition from Jonathan Weiss, founder of the IT consulting firm Chinnu Inc., that asked the LOC to establish a new exemption to address security research on generative AI models and systems. 

A spokesperson for Warner said in an email that an expansion to the exemption rather than an entirely new exemption “is the best way to extend the existing protections that have enabled a robust cybersecurity research ecosystem to the emerging issues surrounding safe AI.”

Warner’s letter mirrors a Department of Justice response to the same petition last month. The Computer Crime and Intellectual Property Section of the DOJ’s Criminal Division wrote that “good faith research on potentially harmful outputs of AI and similar algorithmic systems should be similarly exempted from the DMCA’s circumvention provisions.”

Said Warner: “It is crucial that we allow researchers to test systems in ways that demonstrate how malfunctions, misuse and misoperation may lead to an increased risk of physical or psychological harm.”

The Virginia Democrat, who has introduced bipartisan legislation on artificial intelligence security and emerging tech standards, pointed to the National Institute of Standards and Technology’s AI Risk Management Framework to acknowledge that AI’s risks “differ from traditional software risks in key ways,” opening the door for not only security vulnerabilities but also dangerous and biased outputs. 

The use of generative AI for fraud and non-consensual image generation are among the deceptive practices Warner noted as reasons for consumer protections, such as watermarks and content credentials. Additionally, the lawmaker asked the LOC to ensure that the potential expanded exemption “does not immunize” research that would intentionally undermine protective measures. 

“Absent very clear indicia of good faith, efforts that undermine provenance technology should not be entitled to the expanded exemption,” Warner said. 

The senator also asked the LOC to include security and safety vulnerabilities, especially involving bias and additional harmful outputs, in its expanded good-faith security research definition.

In response to Warner’s letter, Weiss said in an email to FedScoop that he doesn’t “care whether the existing exemption is expanded to include research on AI bias/harmful output, or whether an entirely new exemption is created. Our main concern is to secure protections for good faith research on these emerging intelligent systems, whose inner workings even the brightest minds in the world cannot currently explain.”

The Weiss petition and letters from DOJ and Warner were prompted by the LOC Copyright Office’s ninth triennial rulemaking proceeding, which accepts public input for new exemptions to the DMCA.

The post Senate Democrat pushes for expansion to copyright act to include generative AI research appeared first on FedScoop.

During a House Oversight and Accountability Committee hearing Wednesday, Office of Personnel Management Director Rob Shriver responded to mostly Republican concerns about federal telework policies by citing the practice’s usefulness with the cybersecurity workforce in advancing agency missions. 

“If we were to require cybersecurity professionals to come into the office five days a week, I think we wouldn’t be able to recruit the kind of workforce that we need,” Shriver said. “I think agencies need to keep working here to make sure they’re getting it right, that those arrangements are driving good performance.”

Shriver’s comments come weeks after Sens. Mitt Romney, R-Utah, and Joe Manchin, D-W.Va., introduced legislation that would require federal workers to spend 60% of their time in their offices. And a bill introduced last month from Sens. Gary Peters, D-Mich., and Joni Ernst, R-Iowa, would call on agencies to collect telework data and boost monitoring of how the practice impacts performance metrics. 

In his witness statement, Shriver pointed to OPM’s efforts to assist and support agencies in retaining and attracting cyber talent within the federal government. He also shared that the agency supports the Tech to Gov initiative and “is helping to connect aspiring tech talent with federal employment opportunities to bolster agency cyber and emerging tech programs.”

Those efforts follow White House moves to relax education requirements for some cybersecurity contracting jobs, shift to skill-based hiring and diversify the cybersecurity workforce.

Matt Bracken contributed to this story.

The post Federal cyber workforce needs telework flexibilities, OPM director says appeared first on FedScoop.

The NSF AI Education Act of 2024, introduced Thursday by Sens. Jerry Moran, R-Kan., and Maria Cantwell, D-Wash., supports investments in science, technology, engineering and mathematics education, part of an effort to “help make certain the U.S. is an AI leader in the next century,” Moran said in a press release. 

The legislation would not only authorize NSF to grant fellowships and scholarships within AI and quantum education — along with awarding fellowships for professional development — but would also allow the agency to conduct an outreach campaign throughout the nation that increases awareness of its educational opportunities. The campaign would prioritize outreach to “rural and underserved areas,” per the bill summary.

“Demand for AI expertise is already high and will continue to grow,” Cantwell said in the release. “This bill will open doors to AI for students at all levels and upskill our workforce to drive American tech innovation entrepreneurship and progress in solving the toughest global challenges.”

The bill would also direct NSF to create publicly available playbooks about introducing AI into classrooms for pre-K through 12th-grade students, with “consideration for rural and economically depressed areas.”

NSF would also be granted authorization to hold a grand challenge for AI education and training that would include strategies for upskilling 1 million workers in the United States. in AI-related areas by 2028. Bipartisan Senate legislation released earlier this month also charges NSF with administering a grand challenge, with $1 million prizes awarded for innovations in AI.   

The bill from Moran and Cantwell also calls for related frameworks that “promote increasing the number of women who receive AI education and training” and ensure that “rural areas of the United States are able to benefit from artificial intelligence education and training.”

“Artificial intelligence has tremendous potential, but it will require a skilled and capable workforce to unlock its capabilities,” Moran said. “If we want to fully understand AI and remain globally competitive, we must invest in the future workforce today.”

The post Bipartisan Senate bill calls on NSF to boost AI and quantum education appeared first on FedScoop.

During the Workday Federal Forum, GSA Administrator Robin Carnahan teased that the agency is working on an open-source tool called “Gov CX Analyzer,” which uses artificial intelligence features to see how individuals are interacting with government websites.

“This is a way to go from a few thousand people filling out a survey, to actually knowing and seeing how people are interacting with your site,” Carnahan said. “It just completely unlocks the potential to know how you can better serve your customers, where the friction points are and how you can improve it.” 

Carnahan pointed to the U.S. Web Design System — an open-source tool that is free for agencies to use — as a shared system and tool that “makes a huge difference.” 

Similar efforts include an announcement from the Office of Management and Budget last year that detailed an analytics tool to track customer experience performance across agency sites. OMB reported leveraging the GSA’s site scanner program to use performance indicators in the tracking of agencies’ site developments.

The post GSA teases new open-source customer experience tool appeared first on FedScoop.