FCW Insider: Oct. 25
Foreign nation-state adversaries are using cyber to take what former White House cyber coordinator Rob Joyce called "free shots on goal." President Donald Trump's revised – but still classified – presidential policy directive on cyber conflict treats cyberspace like a "contested environment," Joyce said at a recent tech conference. While critics worry that a more-bellicose attitude toward reprisals in cyberspace could lead to actual war, Joyce described the policy shift as "thoughtful." Derek B. Johnson reports.
The Department of Defense made awards to three vendors as part of its bug bounty program. The revised and extended vulnerability disclosure vehicle has a spending ceiling of $34 million. HackerOne, which has been running bug bounties for DOD since the first days of "Hack the Pentagon" in 2016, was one of the awardees, along with two other firms. Derek has more.
Federal CIO Suzette Kent said artificial intelligence is key to workforce and performance improvements, and that investments in AI go hand-in-hand with the federal government's data strategy. Chase Gunter explains.
Binding federal data privacy standards are likely years off, but there are actions companies can take to prepare, according to Josh Mayfield, director of security strategy at Absolute. In this FCW commentary, Mayfield says he expects data privacy standards to follow in the path of auto safety standards – with a top-down regulatory approach coming in the future.
*** The Defense Innovation Board is launching an effort to create an ethics framework to apply to artificial intelligence in the realm of national defense. The move comes as workers at some of the country's most influential technology companies have voiced concern at working with the Department of Defense. The DIB approved the effort at its public meeting earlier this month. As the DOD is quickly adopting these technologies, it's important that there is a roadmap for ethical adoption, according to Josh Marcuse, the executive director of the DIB.
This process will lead to work with a federal advisory committee to draft a document that takes these perspectives into account. This document will then be given to the senior leadership at DOD and they will; decide what to do with them "because ultimately it must be their decision," Marcuse said in an interview with FCW.
"As we look to do that and to task organize the department around a strategy for adopting AI, we have to make sure we do it in a way that is ethical and responsible, which is what all companies have done -- Microsoft has a set of principles, Google has a set of principles," he said.
Employees at both companies have voiced concern about working with the federal government on lethal AI – software that is empowered to make deadly battlefield decisions. Google chose not to work with the DOD on an effort known as Project Maven after objections from its employees. More recently, Microsoft employees asked the company not to bid on a large cloud contract known as JEDI. Director of National Intelligence Dan Coats recently voiced criticism at the stances these employees have been taking.
The DIB's plan for the AI Principles Project is to make sure it is implemented across the agency in a way that advance the mission and save resources, but they are aware "what are the constraints and the boundaries around what we will do and what we won't do," Marcuse said.
It will be a nine-month process of looking at international humanitarian law, rule of law, rule of war, existing rules of engagement and other standards around how AI should be used within the DOD. The board plans to get input from ethicists, professors, industry leaders and the public.
"We’re not going to have a bunch of DOD lawyers lock themselves in a room and come up with a set of principles and announce them," he said.
*** The Library of Congress wants you — to help modernize its historical collection.
The world's largest library on Oct. 24 launched a crowdsourcing program to give the public first-hand access to a wide swath of its collection, allowing anyone with a computer to transcribe text in digitized images from its collection. In their current form, the documents aren’t keyword searchable, and volunteers’ efforts will help make the Library’s vast collection more searchable and readable. The open-source software-based program, crowd.loc.gov, is opening its inaugural effort, the "Letters to Lincoln Challenge," with a goal of transcribing 10,000 digital images of Abraham Lincoln’s papers by the end of 2018. The National Archives has pioneered the use of crowdsourcing to transcribe, catalog and add metatags to historical documents.
*** The Federal Risk and Authorization Management Program cloud security program has succeeded in optimizing some of its reviews, but it is looking to automation to help get through lengthy authorization documents, according to Claudio Belloli, program manager for FedRAMP Cybersecurity.
In the last year and a half, said Belloli at a Cisco-sponsored luncheon on cloud issues, the General Services Administration has been working to shorten the review period for cloud products. Programs such as FedRamp Accelerated and FedRAMP Tailored, which GSA introduced to streamline the review process, have helped to significantly reduce approval times under the assessment and authorization process for cloud computing products and services up to 75 percent, he said.
In its earlier days, FedRAMP was criticized for reviews that sometimes took over six months and added considerable costs for vendors.
The current time for approval for cloud products, he said, is around three-to-four months. "We’ve been hitting that time frame consistently," he said. On the agency side, some can be faster, some could be a little bit slower. Automating some aspects of the process for cloud service providers makes sense, he said, since it can help those providers with production and organization of their complex offerings.
*** The Government Innovation Awards celebration is two weeks from today. If you haven’t already made plans to spend the evening with 2018’s Rising Stars, Industry Innovators and Public Sector Innovation teams, you can get your tickets here.
Correction: The item on FedRAMP was updated to specify that automation will help with the preparation of authorization documents and not proposal documents as was initially reported.
Posted on Oct 25, 2018 at 11:31 AM