FCW Insider: Oct. 10

If a new oversight report is to be believed, the Pentagon's computerized weapons systems are easy prey for hackers. While the Government Accountability Office report didn't offer details on the kinds of weapons systems it probed for weaknesses, auditors found guessable default passwords, unencrypted data and network vulnerabilities as part of their probe. While the Department of Defense has been charged by Congress to improve weapons systems cybersecurity, efforts are still in the early stages. Derek B. Johnson has the story.

A Microsoft announcement hinted at the company's intent to compete for the closely watched $10 billion DOD cloud buy known as JEDI. Bids on the Joint Enterprise Defense Infrastructure procurement are due this week, and the winning vendor will have to guarantee the ability to provision DOD with systems accredited for secret and top secret data. Microsoft announced Oct. 9 that its Azure cloud would be launching a secret region in the first quarter of 2019 with top secret capacity to follow. Mark Rockwell explains that the classified cloud rollout is in keeping with the JEDI schedule.

The Army is sweetening opportunities for new cyber entrants by offering colonel rank and pay to qualified individuals who sign up for a tour of duty, Lauren C. Williams reports.

 The federal government often gets a bad rap for cybersecurity, but its fast and consistent adoption of email security protocols is worthy of praise, writes Philip Reitinger in an FCW commentary. Reitinger, a former Homeland Security official and current president and CEO of the Global Cyber Alliance, writes that the implementation of Domain-Based Message Authentication, Reporting and Conformance tools sends the message that government "will take bold steps to act quickly and protect federal workers and citizens."

Quick Hits

*** Rep. Ro Khanna (D-Calif.) said he's eyeing the lame duck session to push a bill to give federal websites a facelift. The bipartisan 21st Century Integrated Digital Experience Act tasks agency CIOs or CTOs with making agency websites more user friendly and operations more digital. It aims to  consolidate web pages, give public-facing sites a consistent look, make information searchable, ensure a secure connection and augment  the use of data and web analytics.

"I'm quite hopeful it will become law in the lame duck session when we get back,” Khanna said on the sidelines of an Oct. 9 customer experience event hosted by GovExec.

The bill and its companion on the Senate side, co-sponsored by Sens. Rob Portman (R-Ohio) and Claire McCaskill (D-Mo.), have passed out of their respective committees, but both await a full floor vote.

*** Robin Thottungal, formerly chief data scientist at the Environmental Protection Agency, has moved to a new role as CTO at the National Gallery of Art, FCW has learned. While at the EPA, Thottungal oversaw the agency's data analysis efforts, which included bringing in more web-based tools, a greater focus on the cloud and using application programming interfaces to collect regulatory data. He had been at the EPA since September 2015. EPA did not respond to inquiries about who will be taking over the data science role.

The National Gallery's recent budget request for 2019 outlined more than $14 million in funding for IT, an increase of over $2 million. Its plans included system modernization and new initiatives like a digital media imaging program, upgrades to the building automation and the continued implementation of a human resources management system.

*** The Performance.gov website hosted by the Office of Management and Budget is updated quarterly,  mostly with .pdf files documenting progress on agency and governmentwide performance goals. Now, the people who run the site are saying it could be better. As part of the President’s Management Agenda focus on customer experience, OMB plans make more frequent updates to the data sharing hub.

Amira Boland, who’s on the customer experience cross-agency priority (CAP) goal team at OMB as a detailee from the General Services Administration, said the goal is to have highest impact customer-facing government websites "share their data, and then that data is then published publicly on performance.gov" as a model for others.

As far as what that governmentwide  customer experience looks like, "that's sort of what the customer experience CAP goal team is working on this fiscal year, and so I think it’s evolving," she said at the GovExec event. "But we definitely want to have a central place that’s easy and intuitive to go see how do agencies of like services compare, how are agencies doing overall."

*** GSA is leaning on government website administrators to enable two-factor authentication for domain managers to tighten up security. Individuals with accounts allowing them privileged access to the dot-gov registry will have to link their registered mobile devices to their accounts using Google Authenticator. For GSA-owned domains, the process is rolling out right now and is expected to be completed by the end of the month. Other federal agency domain managers will have to switch to two-factor authentication by Nov. 7. Tribal, state and local users – any service with a dot-gov URL – will also have to make the switch. Full implementation is expected by Feb. 13, 2019.