News in Brief

Whistleblower worries, FEMA's personnel data and DARPA's cyber competition

Grassley, Warner again press DOD on former comptroller case

Sens. Charles Grassley (R-Iowa) and Mark Warner (D-Va.) have sent a second letter to Defense Secretary Ashton Carter expressing concern about the treatment of former Defense Information Systems Agency Comptroller Jimaye Sones.

The two senators have traded letters with the Pentagon about Sones, who has alleged he was demoted to progressively lower positions after reporting suspect accounting practices at the agency in 2012. Sones served as DISA comptroller from 2005 to 2013.

The Pentagon responded to the senators' initial letter by saying that Sones had not been demoted because of his actions, but the latest Grassley-Warner missive, dated July 10, said there was no evidence to support that claim.

"We ask for an explanation as to why Mr. Sones has been assigned to three positions of decreasing responsibility since June 2013," the senators wrote. "If no reasonable explanation can be given for those moves, then Mr. Sones should be returned to a position commensurate with his senior executive rank."

The letter states that an investigation by the Defense Department's Office of Inspector General concluded that Sones' allegations that DISA Director Lt. Gen. Ronnie Hawkins "attempted to cover up financial irregularities with an illegal billing policy are not substantiated. However, the OIG did not address Mr. Sones' allegations of reprisal for reporting those irregularities."

FCW requested a copy of the report, but IG spokeswoman Bridget Serchak would not confirm that an investigation had taken place, citing privacy policy. Any such request for an investigative report would have to go through the Freedom of Information Act process, she added.

DISA spokeswoman Cindy Your has also declined to comment on the case.

GAO: FEMA can do more with personnel data

The Federal Emergency Management Agency needs to get a better handle on some of its personnel management data to better coordinate the thousands of temporary and permanent workers it uses to respond to natural disasters, according to the Government Accountability Office.

GAO auditors concluded that the FEMA Corps and the Department of Homeland Security Surge Capacity Force are difficult to staff properly because FEMA lacks the data to effectively track costs and employee performance. FEMA Corps relies on temporary support from participants in AmeriCorps' National Civilian Community Corps, and the Surge Capacity Force is staffed by employees of DHS components who volunteer to deploy with FEMA in the event of a disaster.

GAO said FEMA does not collect full information on the costs of background investigations on FEMA Corps participants or on the salaries and benefits of Surge Capacity Force volunteers, who are paid by DHS components while they are deployed.

"Collecting this information would help provide a more accurate accounting of the cost of conducting both programs," GAO's report states, adding that FEMA Corps also lacks performance data and does not have an automated system for comparing performance against its goals.

Jim Crumpacker, director of DHS' GAO-OIG Liaison Office, told GAO that FEMA officials concurred with the findings and are working on building better data-driven performance management systems.

DARPA announces next round of cyber challenge competitors

The Defense Advanced Research Projects Agency has winnowed down the competitors in its Cyber Grand Challenge (CGC) from 28 to seven.

According to DARPA, the competition is a first-of-its-kind tournament designed to speed development of automated security systems that can defend against cyberattacks as fast as they are launched. The narrowed pool of competitors will continue in a head-to-head competition next year for nearly $4 million in prizes.

CGC seeks to automate the cyber defense process to identify weaknesses instantly and counter attacks in real time.

Just over 100 teams registered in 2014, and 28 made it through two DARPA-sponsored dry runs and into last month's qualifying event. In that contest, teams tested the high-performance computers they had built and programmed to play a round of "capture the flag." The game required competitors to reverse engineer software created by contest organizers and locate and heal its hidden weaknesses in networked competition.

The final event will take place in Las Vegas in August 2016, in conjunction with DEF CON, which hosts the longest-running annual "capture the flag" competition for experts.

The competitors are:

  • CodeJitsu, a team affiliated with the University of California, Berkeley.
  • ForAllSecure, a startup founded by a team of computer security researchers at Carnegie Mellon University.
  • TECHx, software analysis experts from the University of Virginia and GrammaTech, a developer of software assurance tools and advanced cybersecurity solutions.
  • CSDS, a partnership between a professor and a post-doctoral researcher at the University of Idaho.
  • DeepRed, a team of engineers from Raytheon.
  • disekt, a team of four people who work at a technology incubator.
  • Shellphish, a group of computer science graduate students at the University of California, Santa Barbara.

About the Author

Connect with the FCW staff on Twitter @FCWnow.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.