Whistleblower worries, FEMA's personnel data and DARPA's cyber competition

Grassley, Warner again press DOD on former comptroller case

Sens. Charles Grassley (R-Iowa) and Mark Warner (D-Va.) have sent a second letter to Defense Secretary Ashton Carter expressing concern about the treatment of former Defense Information Systems Agency Comptroller Jimaye Sones.

The two senators have traded letters with the Pentagon about Sones, who has alleged he was demoted to progressively lower positions after reporting suspect accounting practices at the agency in 2012. Sones served as DISA comptroller from 2005 to 2013.

The Pentagon responded to the senators' initial letter by saying that Sones had not been demoted because of his actions, but the latest Grassley-Warner missive, dated July 10, said there was no evidence to support that claim.

"We ask for an explanation as to why Mr. Sones has been assigned to three positions of decreasing responsibility since June 2013," the senators wrote. "If no reasonable explanation can be given for those moves, then Mr. Sones should be returned to a position commensurate with his senior executive rank."

The letter states that an investigation by the Defense Department's Office of Inspector General concluded that Sones' allegations that DISA Director Lt. Gen. Ronnie Hawkins "attempted to cover up financial irregularities with an illegal billing policy are not substantiated. However, the OIG did not address Mr. Sones' allegations of reprisal for reporting those irregularities."

FCW requested a copy of the report, but IG spokeswoman Bridget Serchak would not confirm that an investigation had taken place, citing privacy policy. Any such request for an investigative report would have to go through the Freedom of Information Act process, she added.

DISA spokeswoman Cindy Your has also declined to comment on the case.

GAO: FEMA can do more with personnel data

The Federal Emergency Management Agency needs to get a better handle on some of its personnel management data to better coordinate the thousands of temporary and permanent workers it uses to respond to natural disasters, according to the Government Accountability Office.

GAO auditors concluded that the FEMA Corps and the Department of Homeland Security Surge Capacity Force are difficult to staff properly because FEMA lacks the data to effectively track costs and employee performance. FEMA Corps relies on temporary support from participants in AmeriCorps' National Civilian Community Corps, and the Surge Capacity Force is staffed by employees of DHS components who volunteer to deploy with FEMA in the event of a disaster.

GAO said FEMA does not collect full information on the costs of background investigations on FEMA Corps participants or on the salaries and benefits of Surge Capacity Force volunteers, who are paid by DHS components while they are deployed.

"Collecting this information would help provide a more accurate accounting of the cost of conducting both programs," GAO's report states, adding that FEMA Corps also lacks performance data and does not have an automated system for comparing performance against its goals.

Jim Crumpacker, director of DHS' GAO-OIG Liaison Office, told GAO that FEMA officials concurred with the findings and are working on building better data-driven performance management systems.

DARPA announces next round of cyber challenge competitors

The Defense Advanced Research Projects Agency has winnowed down the competitors in its Cyber Grand Challenge (CGC) from 28 to seven.

According to DARPA, the competition is a first-of-its-kind tournament designed to speed development of automated security systems that can defend against cyberattacks as fast as they are launched. The narrowed pool of competitors will continue in a head-to-head competition next year for nearly $4 million in prizes.

CGC seeks to automate the cyber defense process to identify weaknesses instantly and counter attacks in real time.

Just over 100 teams registered in 2014, and 28 made it through two DARPA-sponsored dry runs and into last month's qualifying event. In that contest, teams tested the high-performance computers they had built and programmed to play a round of "capture the flag." The game required competitors to reverse engineer software created by contest organizers and locate and heal its hidden weaknesses in networked competition.

The final event will take place in Las Vegas in August 2016, in conjunction with DEF CON, which hosts the longest-running annual "capture the flag" competition for experts.

The competitors are:

• CodeJitsu, a team affiliated with the University of California, Berkeley.
• ForAllSecure, a startup founded by a team of computer security researchers at Carnegie Mellon University.
• TECHx, software analysis experts from the University of Virginia and GrammaTech, a developer of software assurance tools and advanced cybersecurity solutions.
• CSDS, a partnership between a professor and a post-doctoral researcher at the University of Idaho.
• DeepRed, a team of engineers from Raytheon.
• disekt, a team of four people who work at a technology incubator.
• Shellphish, a group of computer science graduate students at the University of California, Santa Barbara.