Top stories, quick hits and more from FCW's reporters and editors.
The $10 billion Pentagon cloud procurement known as JEDI cleared an important hurdle, with the Government Accountability Office dismissing a pre-award protest against the deal brought by Oracle. An IBM protest still remains to be adjudicated, and it is likely that more protests and lawsuits will dog the deal if an award is ever made. Adam Mazmanian explains.
Lawmakers continue to worry that the $16 billion, 10-year commercial electronic health record program at the Department of Veterans Affairs is at risk of going over budget and blowing deadlines. But from the VA side, the program executive director John Windom says that agency components are marching in unison to get the job done, and that a plan to upgrade old hardware at VA sites is in place. Get more from Adam.
The GAO warned that CIOs lack visibility into IT spending four years after the passage of landmark procurement legislation FITARA. A big part of the problem is that IT spending is not even close to being fully aligned with the technology plans at agencies under review. Chase Gunter has the story.
Congress finally passed a bill to carve out a dedicated cybersecurity agency at the Department of Homeland Security. The new component , called the Cybersecurity and Infrastructure Security Agency, will be led by a senior political appointee who reports directly to the DHS chief. Mark Rockwell reports.
Quick Hits
*** The House Armed Services Committee has named tech executives to lead the National Security Commission on Artificial Intelligence. HASC Chairman Mac Thornberry (R-Texas) and Ranking Member Adam Smith (D-Wash.) appointed former Google and Alphabet chairman Eric Schmidt and Microsoft Research Labs Director Eric Horvitz as commissioners.
The AI commission was authorized by the 2019 defense spending bill to evaluate the usefulness of AI and related technologies in national security efforts, potential future applications, global use trends, data standards, ethical questions, and workplace and education incentives.
The new commission is the latest Defense Department investment into artificial intelligence. DOD also stood up JAIC, its Joint AI Center, earlier this year under CIO Dana Deasy to evaluate AI standards, tools and processes.
*** The IBM Center for The Business of Government and the Partnership for Public Service, meanwhile, are exploring AI's implications for government operations more broadly. GCN has details on a recent roundtable discussion the groups convened on that topic.
*** The contract that provides credit monitoring and identity theft coverage for victims of the Office of Personnel Management hack is set to expire in December, and the National Treasury Employees Union wants to ensure OPM has a plan to extend coverage.
In a letter to OPM acting Director Margaret Weichert, NTEU President Tony Reardon requested information about the future of the contract, currently held by ID Experts. OPM is required by law to provide coverage to the millions of individuals affected by the breach through fiscal year 2026.
The letter follows an OPM inspector general audit that found continued information security weaknesses — a finding in effect since 2007.
NTEU is also currently pursuing a renewed lawsuit against OPM over the 2015 hack.
*** Despite “deteriorating rules of engagement between state actors” and widespread uncertainty about the normative rules that govern offensive cyber operations, a new FireEye report argues an arms race among competing nations is all but inevitable at this point.
“There are people that claim nations should not do this, but in the halls of most governments around the world, officials are likely thinking their nation needs to consider offensive operations or they will be at a disadvantage,” wrote CEO Kevin Mandia.
Even as the U.S. and other leading countries seek to shape and promote international agreements around behavior in cyberspace, the report notes that “no norm has yet found significant, explicit agreement among states” apart from a general desire to limit intellectual property theft. Instead, FireEye believes such norms have a better chance of being adopted through the private sector, such as the Cybersecurity Tech Accord.
The report also notes that attempts to compromise commercial and government networks through supply chain attacks are expected to continue to rise in 2019. While the firm says it has tracked just five confirmed cases of supply chain compromises in 2018, that is “a huge increase” over what has been observed in prior years. In particular, small to mid-size suppliers that subcontract with larger are more attractive to target than larger companies that operate with more resources and higher scrutiny.
“The ‘smalls’ are the softer targets, and they comprise the supply chains for the larger organizations,” Mandia wrote.