The legislation, among other things, would establish pilot programs to try out “more flexible, competitive purchasing practices” and require that government contracts for AI “to include safety and security terms for data ownership, civil rights, civil liberties and privacy, adverse incident reporting and other key areas,” according to a release.

“Artificial intelligence has the power to reshape how the federal government provides services to the American people for the better, but if left unchecked, it can pose serious risks,” Sen. Gary Peters, D-Mich., who sponsors the bill with Sen. Thom Tillis, R-N.C., said in a statement. “These guardrails will help guide federal agencies’ responsible adoption and use of AI tools, and ensure that systems paid for by taxpayers are being used safely and securely.”

According to the release, the Promoting Responsible Evaluation and Procurement to Advance Readiness for Enterprise-wide Deployment (PREPARED) for AI Act builds on a law passed in 2022 that required agencies to protect privacy and civil rights when purchasing AI. That legislation was also sponsored by Peters. President Joe Biden cited that law in a section of his executive order on AI that directed the Office of Management and Budget to take action on addressing federal AI acquisition. 

The OMB in March asked for input on AI procurement, including how the administration can promote competition and protect the government’s rights to access its data in those contracts. The administration has said it plans to take action on AI procurement later this year.

“As the role of artificial intelligence in the public and private sectors continues to grow, it is crucial federal agencies have a robust framework for procuring and implementing AI safely and effectively,” Tillis said in the release. 

A Senate Homeland Security and Governmental Affairs Committee aide told FedScoop that Peters, who chairs the panel, plans a markup for the bill this summer. Once it’s passed by the panel, the aide said Peters “will keep all options on the table and pursue any path forward, whether that’s advancing the bill as a standalone or as part of a larger vehicle.” 

The bill has the support of Center for Democracy and Technology, Transparency Coalition, the AI Procurement Lab, and the Institute of Electrical and Electronics Engineers (IEEE), according to the release.

The post Bipartisan Senate bill would establish federal AI acquisition guardrails appeared first on FedScoop.

In announcing its digital service fellows program, USDA DS noted that it is seeking “diverse,  talented senior technologists and strategists” from “different walks of life” to further Agriculture’s “wide-ranging missions.”

“The fellows program will allow us to act as firefighters and assign our best people to the hottest problems within USDA,” Gary Washington, the agency’s chief information officer, said in a statement. “It will give us the opportunity to have subject matter experts on hand without waiting for the hiring or contracting process, which means we can start right away in solving the challenge and continuing to provide outstanding customer service to those we serve.” 

The fellows program, which is set to launch this month, will follow a “tour-of-service model,” with selected participants on a two-year minimum employment track. The positions will be full-time, with the potential option to serve a maximum of four years, and will be located either remotely or in Washington, D.C.

Fellows chosen for the digital service delivery and procurement strategy roles will report into the OCIO Digital Service team, while customer experience strategy fellows will be brought into the Officer of Customer Experience. 

Interested parties can apply via USAJobs.gov or through the USDA DS website. 

The post USDA launches fellows program for customer experience, digital service delivery jobs appeared first on FedScoop.

Hashmi’s last day will be Dec. 29, the GSA said in a statement. Upon his exit, FAS Deputy Commissioner Tom Howder, who has been with GSA for 36 years, will serve as acting commissioner, the statement said. The agency didn’t disclose where Hashmi was headed, but GSA Administrator Robin Carnahan said the agency wishes “him all the best in the future.”

“Sonny’s thoughtful and intentional leadership has helped GSA make history,” Carnahan said in a statement included in GSA’s release. “This past year alone, FAS helped federal agencies buy more than $100 billion in mission-enabling products and services, an increase of 36 percent over the last three years. Importantly, more than one-third of that went to small businesses, and nearly half of GSA’s own investment dollars were awarded to small businesses.”

Hashmi has been the top official at the GSA acquisition arm since January 2021. He has overseen the delivery of roughly $90 billion in acquisition and procurement across federal agencies, according to his GSA biography page. That biography also described Hashmi as “a cloud computing thought leader in the emerging technology industry.”

Prior to taking on his most recent role at GSA, Hashmi was managing director of global government at Box, where he focused on cloud for the public sector, according to his LinkedIn profile. Before that, he served as chief information officer and chief technology officer at GSA between 2011 and 2015. There, he led the agency’s IT modernization strategy as it moved to cloud computing.

In a statement included in the release, Hashmi called his time at FAS “a true honor.”

“I’m confident that FAS is better prepared than ever to meet the needs of both its federal partners, who require innovative products and services, as well as the Americans who depend on their government to deliver,” Hashmi said.

The post Top GSA Federal Acquisition Service official, Sonny Hashmi, to depart appeared first on FedScoop.

The tools, which launched earlier this spring, are intended to help agencies find businesses that are new to the federal marketplace, identify qualified vendors, and track agency progress toward equity in procurement goals.

They are intended to help achieve the Biden Administration’s federal contract spend goal for small disadvantaged businesses that has been increased to 15% by 2025 while the Office of Management and Budget (OMB) set a target that 12% of contracting dollars in fiscal 2023 go to small disadvantaged businesses.

“These two tools are going to help agencies make more connections with the diverse array of businesses offering their products in the federal marketplace,” said GSA Administrator Robin Carnahan. “By providing our federal partners with more information when they make procurement decisions, we’re better able to set ourselves up to achieve our contracting goals and create more equity in the marketplace for everyone.”

The tools, some of which will require government accounts, will support achieving equity goal by improving access to procurement opportunities for Small Disadvantaged Businesses (SDBs), Women-Owned Small Businesses (WOSBs), Service-Disabled Veteran-Owned Small Businesses (SDVOSBs), and Historically Underutilized Business Zone (HUBZone) Small Businesses.

​​“We’re committed to helping the acquisition workforce strengthen stewardship and efficiency in the federal procurement process while simultaneously advancing equity,” said OMB’s Associate Administrator of the Office of Federal Procurement Policy Mathew Blum. “We can maximize the power of procurement as a catalyst to help address our nation’s top priorities.”

The Government-wide Procurement Equity Tool uses dynamic data from SAM.gov and the Federal Procurement Data System to support market research that focuses on SDBs.

The Supplier Base Dashboard tracks the total number of entities that have done business with an agency; their size and socio-economic status; and the number of new, recent, and established vendors in the supplier base and in market categories and subcategories of interest.

The new procurement tools are helping implement executive orders passed by Biden in his first day in office, directing the federal government to use its power and dollars to advance racial equity and support underserved minorities.

The post White House and GSA launch platforms to improve equity in federal procurement appeared first on FedScoop.

Language included in the draft Strengthening Agency Management and Oversight of Software Assets Act bill (SAMOSAA) has prompted fears that the proposed legislation could make it harder for agencies to switch away from software systems sold by some of the biggest incumbent players.

In its current form, SAMOSAA mandates agencies to negotiate better prices from tech companies through collective bargaining, and to purchase unlimited software licenses from a single software provider where possible.

Greater monopoly power within the federal government software space would likely increase cybersecurity risks and stymy innovation, software procurement experts told FedScoop.

Speaking with FedScoop, one acquisition expert who has worked on software contracts for GSA and other agencies said: “If you grant unlimited enterprise licenses to Microsoft, Oracle and other big players, then it makes it much harder for non-dominant players to get a foothold in the market. If an entire agency buys its software from a big player for some years then how will it ever decide to buy from a smaller player in the future?”

Software procurement scholar and former Director of the UC Berkeley Center for Long-Term Cybersecurity Steve Weber also cautioned that while the legislative proposals may help the government achieve better value for money, the push to consolidate contracts could give each federal agency fewer options.

He said: “The bulk discount for the government from the SAMOSA Act is great but I’m worried about large sections of the government using the one [piece of] software and a monopoly occurring.”

Weber added: “A narrow set of software options exacerbates the single cloud and single software security vulnerability issues the government is already facing.”

Staff working for the bill’s sponsor, Sen. Peters, D-Mich., disagree with this view. They say the bill will help to save taxpayer dollars and encourage innovation in government by reducing duplicative software purchases.

FedScoop exclusively obtained details of SAMOSAA earlier this month from the Senate Homeland Security and Governmental Affairs Committee, that if passed into law, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

SAMOSAA passed the Senate HSGAC committee last week and is expected to get a full Senate vote in the coming months. 

In sum, IT acquisition experts speaking with FedScoop gave a varied picture of the benefits and potential challenges for federal agency technology leaders posed by the legislation. Here are some of the principle strengths and weaknesses of the bill they described:

Strengths 

SAMOSAA would build upon the Megabyte Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using and saved taxpayers more than $450 million since being signed into law.

The legislation instructs the chief information officer of each federal agency to conduct an “inventory of the agency, including software entitlements, contracts and other agreements or arrangements of the agency, and a list of the largest software entitlements separated by vendor,” the bill says in its current form.

Multiple experts told FedScoop the bill could improve cost savings by forcing agencies to conduct more comprehensive independent reviews and audits that ensure they have a clearer understanding of agency software licenses by cost and volume.

It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements, the IT acquisition specialists added.

In particular, section four of the proposed legislation directs the chief information officer of each agency “to develop a plan … to improve the performance of, or reduce unnecessary costs to, the agency, adopt enterprise license agreements across the agency.”

According to software procurement scholar Steve Weber, the bill would likely lead to short term harm of enterprise software providers like Amazon, Microsoft, Oracle and others because the federal government would no longer be buying software it doesn’t need. However, Weber added that this short term decline in profits would greatly benefit the health of the software ecosystem in the long run for both tech companies and the government.

Weaknesses

Speaking with FedScoop, the acquisition expert who has procured software for GSA and other agencies said the legislation could be tweaked to avoid giving big software providers an advantage.

“The SAMOSA Act is a good start but we need more meat on the parts of the bill that encourage interoperability so that it’s easier for the government to switch providers in the future.” he added.

Weber added also that he was concerned that the consolidation of government agency software contracts could lead to a “mono-culture of narrowing software options that could exacerbate the single cloud single software security and vulnerability issues that exist currently.”

He said: “Interoperability is also good for the country, its citizens and technology. Locked in customers like the federal government are good for the bottom line of some companies but bad for tech, innovation and customers in long run.”

He said that Congress could add more strength and accountability to the interoperability elements of the bill to force software companies to compete on price performance, security and features, rather than choosing a software because it is too expensive or difficult to switch to an alternative provider. 

Section three of SAMOSAA would require chief information officers to audit the interoperability of each piece of software purchased by their agency as well as their agency’s efforts to improve interoperability of software assets.

“The government shouldn’t just take the easier path of more consolidation and cheaper prices right now with more problems and complications later on,” added Weber. 

An aide for Sen. Peters pushed back on criticism of the bill, saying it has received bipartisan support for the primary goals of the bill which are to save taxpayer dollars and encourage innovation in government by reducing wasteful software purchases.

The aide added that the bill is likely to improve the state of cybersecurity within federal agencies by increasing the visibility that federal Chief Information Officers have in their software purchases to ensure agencies are buying and appropriately updating the most secure software.

The post SAMOSA Act could increase large software providers’ monopoly powers say acquisition experts appeared first on FedScoop.

While the White House document calls for the development and deployment of safe and effective AI systems that mitigate bias and privacy risks, those risks are identified through impact assessments NIST hasn’t finalized guidance on.

NIST continues to finalize its AI Risk Management Framework (AI RMF) expected in January 2023, which advises organizations to conduct impact assessments early and often in the development life cycle and mitigate the risks they find. But often multiple companies are involved in an AI system’s development, which requires clarity on who’s responsible for the impact assessment and mitigation at each stage.

“From the enterprise software perspective that we represent, if there’s a weakness in that system at any point — and discrimination or unintended bias comes out as a result — that’s going to slow the uptake of what’s a really important technology,” Aaron Cooper, vice president of global policy at trade group The Software Alliance, told FedScoop.

The Biden administration recognizes the importance of ensuring trustworthy AI systems because rapid adoption of the technology is critical to its goal of becoming the global leader in the space, Cooper added.

NIST staff leading the AI RMF effort were present alongside Cabinet members for the White House’s blueprint announcement Tuesday, underscoring the “all-of-government” approach to the issue, Alex Givens, president and CEO of the Center for Democracy & Technology, told FedScoop. 

The blueprint further mentions the AI RMF as an example of federal leadership, given NIST’s focus on implementation — unlike policy-making agencies. As an advisory body the White House Office of Science and Technology Policy is limited in its authority, hence the reason for the AI Bill of Rights’ blueprint format.

“There’s a lot more the agencies can do,” Givens said. “So this is kind of the beginning of a process, an indication of interest and commitment by the White House to make this a cross-administration priority.”

That 12 agencies are mentioned in the White House fact sheet outlining early agency commitments — like the Department of Health and Human Services’ proposed rule prohibiting algorithmic discrimination by certain health programs and the Department of Labor’s increased enforcement of worker surveillance reporting — is a “clear signal” to industry of how serious the Biden administration is, she added.

Givens said she expects more interagency coordination and efforts addressing specific instances of algorithmic discrimination moving forward, and agencies need to regulate both industry’s and their own use of AI.

The Software Alliance’s recommendation that the White House ask the agencies responsible for enforcing civil rights laws what updates are needed to AI rules across sectors wasn’t incorporated into its blueprint.

“That would be helpful in assessing where there are gaps and then making recommendations to Congress or through rule changes to make sure those gaps are filled,” Cooper said.

Still agencies like the Consumer Financial Protection Bureau are considering how they can better enforce laws already on the books — like one requiring creditors to clearly state why they’re rejecting an applicant — to prohibit the use of discriminatory algorithms.

CFPB also administers a “core” law on consumer data, the Fair Credit Reporting Act, said Director Rohit Chopra, during the White House blueprint announcement.

“There is an underworld of data on all of us that is making decisions in employment background screening, in tenant screening,” Chopra said. “And every single day people are essentially being falsely accused by an algorithm of having a criminal conviction or some sort of court filing because they happen to have a common last name.”

Regulating meaningful AI audits is “low-hanging fruit” for agencies, as is procurement reform, Givens said.

“That’s where the government can put these principles into action,” she said. “And show what it is to lead a thoughtful procurement process that will improve government processes but also set a model for private industry as well.”

The post AI ‘Bill of Rights’ must be accompanied by NIST risk management framework say experts appeared first on FedScoop.

FedScoop exclusively obtained draft legislation earlier this month from the Senate Homeland Security and Governmental Affairs Committee, that if passed into law, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSAA) will be marked up on Wednesday and is expected to pass the committee with broad bipartisan support, two sources familiar with the bill told FedScoop.

In its current form, SAMOSAA includes language to develop a governmentwide strategy to leverage procurement policies and practices to increase the interoperability of software acquired and deployed by agencies.

The bill was formally introduced last week by HSGAC committee chairman Sen. Gary Peters, D-Mich., and Republican Sen. Bill Cassidy of Louisiana.  

Major federal government software and cloud service providers like Microsoft, Amazon Web Services (AWS), Google, Oracle and Adobe are expected to be affected significantly by the legislation. 

IT contracting sources speaking with FedScoop said Microsoft is most likely to be most affected by the bill. According to one estimate, Microsoft holds about 85% of market share for federal government productivity and collaboration software.

The bill would build upon the Megabyte Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using.

The bill is intended to improve the federal agency software procurement process and save money by forcing agencies to conduct independent reviews to ensure they have a clearer understanding of agency software licenses by cost and volume.

It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements.

The post Bill to consolidate federal agency software contracts expected to progress in Senate appeared first on FedScoop.

Unlike warheads on detectable rockets for ballistic missiles used in previous conflicts, when in-the-making and ultramodern missiles reach and maneuver at hypersonic speeds — or more than 5 times faster than the speed of sound — they become almost impossible to track or deter. America has attempted to master hypersonic flight in fits and starts over the last few decades, but recently sharpened its focus and started massively boosting investments to enable associated assets, largely in response to its competitors’ ambitious programs pushing rapid development. 

The SASC’s proposed defense policy bill for fiscal 2023 continues that upward trend in investing in hypersonics, with provisions that would mandate significant funding for the Defense Department’s hypersonics-aligned initiatives. But notably, the lawmakers behind it also revealed they are uneasy about the government’s capacity to assess such sophisticated capabilities and bring them into full fruition. 

China, on the other hand, last year shocked the Pentagon and the world with the first reported successful test of a nuclear-capable hypersonic missile, which lawmakers and national security leaders considered a “wake up call” for the U.S. 

“The committee notes the [DOD’s] overdue investment in fielding hypersonic defensive and offensive capabilities. The committee encourages additional funding for defensive and offensive capability to enable the department to not just pace, but leap ahead of peer competitors,” members of that committee wrote in a report accompanying their passed version of the National Defense Authorization Act for fiscal 2023.

The added: “However, one of the greatest concerns of the committee is the ability to test hypersonic systems, which requires extensive range space and sophisticated testing capabilities.”

To that end, the congressional cadre called for the defense secretary to provide a briefing to congressional defense committees by March 31, 2023 ”on the capabilities and shortfalls of existing and planned DOD, academia, and industry testing facilities to ensure the on-time development and fielding of these critical hypersonic systems.”

Facilities for this sophisticated type of testing essentially simulate the unique conditions of hypersonic flight, like speed and pressure. China reportedly has the world’s first operational wind tunnel that can assess a full-scale hypersonic missile through the key stages of flight.

SASC’s version of the NDAA for the next fiscal year incorporates a number of hypersonic-related funding proposals — including almost $300 million for the Pentagon’s glide-phase interceptor initiative to combat such capabilities, which is in its early stages and being steered by the Missile Defense Agency. 

Separately, while the department’s budget request included $2 million in a specific line for Navy weapons industrial facilities, the committee instead recommended an increase of $25 million for that line, specifically for a hypersonic test facility.

“The committee believes that further investment in hypersonic test infrastructure is vital to the rapid fielding of emerging hypersonic weapons technologies,” the senators wrote in their accompanying report. 

They also recommended an increase of $30 million for major range and test facility base improvements. 

In their report, the committee members wrote that they understand “that the test and training range in the eastern Gulf of Mexico has aging infrastructure and inadequate instrumented airspace to test the newest generation of weapons and munitions.” They also noted concerns “that open-air test ranges of the major range and test facility base are not capable of supporting the full spectrum of development testing required for current and next generation technologies, including hypersonic and autonomous systems.”

Further, the lawmakers encouraged DOD’s Test Resource Management Center (TRMC) to accelerate the making of launch and down range tracking facilities to support robust testing of both offensive and defensive hypersonic weapons. Alaska, in their view, is one unique geographical location where hypersonic testing could be conducted with “unrestricted flexibility” to meet mission objectives.

This overarching issue is top of mind now, but DOD has been grappling with its deteriorating hypersonics research infrastructure for years. 

In a 2014 study, the Institute for Defense Analyses warned that “no current U.S. facility can provide full-scale, time-dependent, coupled aerodynamic and thermal-loading environments for flight durations necessary to evaluate these characteristics above Mach 8.” The nation’s facilities and areas for experimentation have evolved since then, but more recent federal evaluations of the department’s assets to mature these capabilities have not been released to the public. 

SASC’s version of the NDAA also aims to require several further assessments related to this topic—including a proposal to require the Defense Secretary to “submit a report on estimated costs for conducting not fewer than one full-scale, operationally relevant, live-fire, hypersonic weapon test of the systems currently under development each year by the Air Force, the Army, and the Navy, once such systems reach initial operational capability.”

It’s not yet clear if the provisions mentioned will be included in the final version of the NDAA. The Senate has yet to vote on this version, while House lawmakers have already passed their chamber’s. The two versions will have to be reconciled in committee before the hefty bill becomes law. 

The post Senators warn of insufficiencies in US hypersonic testing infrastructure appeared first on FedScoop.

The Secure Software Development Framework (SSDF) is a conceptual document that wants software developers and providers to prove they’re in compliance using artifacts, but which threat models, log entries, source code files and vulnerability scan reports agencies require isn’t being universally stated in contracts.

While the National Institute of Standards and Technology recommended organizations “produce well-secured software with minimal security vulnerabilities” in the SSDF, that’s actually an outcome of government and industry working together to determine what’s contractually feasible.

“I don’t think it’s at the point where I, if I were still in government, would want to go write contract requirements feeling that I had enough specificity in what was there in the software framework,” Jim Richberg, field chief information security officer for public sector at Fortinet, told FedScoop.

That’s not to say industry dislikes the SSDF, rather recognizes the Office of Management and Budget‘s recent mandate agencies comply with the guidance will help CISOs and chief information officers secure their IT infrastructure and ensure its as free of vulnerabilities as possible.

But clarifying the framework will take a lot of work, especially from government, and require a flexible timeline.

“I would say that there will be a deadline, and it will have to be a soft deadline,” said Bob Stevens, area vice president of public sector at GitLab. “We’re talking about the potential change of a lot of infrastructure and a lot of transitioning for government agencies.”

The Cybersecurity Executive Order that directed NIST to develop the SSDF had three dozen action items across three competing priorities for agencies: implementing zero-trust security architectures, accelerating cloud migration and securing the software supply chain. While all three reinforce each other in some ways, Congress needs to appropriate additional money for the latter, Richberg said.

Much of the software agencies buy that industry produces is enterprise software, meaning it’s not written solely in house but with other organizations. Determining contract requirements that also reach those third-party developers and suppliers will take time.

“I’d be hard-pressed to say it’s going to happen in 18 months,” Richberg said.

The post Secure Software Development Framework not evident in federal procurement yet appeared first on FedScoop.

“Getting procurement right is actually a data problem. It’s not a paperwork problem. It’s not a workflow problem,” Hashmi said Tuesday during FedScoop’s FedTalks. “I truly believe that acquisition modern acquisition is a data challenge.”

Hashmi’s background in IT — most recently as a managing director with Box, but also as CIO of GSA before that — lends itself to the thinking that acquisition relies on data, and when combined with modern technology, that can lead to greater efficiencies in governmentwide procurement.

“Throughout the acquisition process, we’re collecting data or analyzing it every day, using that data to make decisions,” he said. “Modern procurement requires understanding how systems talk to each other, and how data plays a role in doing a better analysis.”

Hashmi said that while he doesn’t come from a career in acquisition like the typical commissioner of GSA’s Federal Acquisition Service might, “over time, my passion became this idea of solving for a streamlined way to buy goods and services that matter to the mission, or maintaining the appropriate level of quality and influencing markets along the way to make positive impacts to the country,” he said.

“We need to find the right balance in acquisition between the level of checks and balances, the validations we need to do, the compliance and security of the solutions that we buy, and balancing all those requirements against customer service mission outcomes and creating a delightful experience both for our suppliers and our buyers,” Hashmi said. “We need to find pathways through innovative technologies, new entrants to the market, new ideas, and new ways to solve for the mission to identify the right products and services at the right prices that our agency partners need and the federal government relies on, and we need to do it fast.”

The post GSA’s Sonny Hashmi: ‘Modern acquisition is a data challenge’ appeared first on FedScoop.