All posts by : Shamima A

The Department of Defense has selected 98 historically black colleges and universities and minority-serving institutions to receive a total of $50.1 million in grants for the purchase of research and scientific equipment.

The DOD said Monday researchers from 21 HBCUs and 49 MIs, including one tribal college, across 26 states and the District of Colombia will benefit from grants worth up to $800,000 each.

The initiative is part of the DOD HBCU/MI Research and Education Program, which aims to boost transformative research in crucial defense technology areas.

The competition, managed by the Army Research Office with input from the Office of the Under Secretary of Defense for Research and Engineering, received 152 proposals totaling $82 million. The ARO, alongside the Office of Naval Research and the Air Force Office of Scientific Research, evaluated the proposals and selected the 98 awardees.

Evelyn Kent, director of the DOD HBCU/MI Program and Outreach, said, “Equipping universities with relevant instrumentation and other equipment is imperative for advancing novel research aligned with defense science and technology priorities while fostering innovation at the institutions. These awards help enrich the curricula offered to scholars pursuing science, technology, engineering and mathematics degrees and support the training of the next-generation workforce.”

The Department of Defense has made its Cloud Financial Operations Strategy publicly available.

The purpose of the DOD Cloud FinOps strategy is to provide the agency a framework to better manage and optimize cloud costs to, in turn, improve architectural, budgetary and investment decision-making, Leslie Beavers, acting DOD chief information officer and 2024 Wash100 Award winner, said in a memorandum.

“It establishes a way ahead that will allow the Department to be a better user and buyer of cloud services,” Beavers added.

The strategy says that the DOD needs to improve its acquisition of cloud services, because cloud adoption is a fundamental component of modernization, and modernization is made necessary by the increasing digitalization of warfare.

Improving acquisition is also necessary because of rising cloud costs and tightening military budgets.

To help with this effort, the strategy “describes a desired outcome, provides a DoD-tailored FinOps framework, and identifies strategic imperatives and associated actions to enable an enterprise understanding of cloud cost and impact.”

Its implementation will be overseen by the Enterprise Cloud Management Board.

An online hub for Americans to access benefits and services across the federal government is giving its users a new option to sign on.

The General Services Administration will begin offering facial recognition technology as an option for users of Login.gov, a one-stop for government-provided public services, to verify their identities.

GSA’s Technology Transformation Services announced Wednesday it will allow Login.gov users to verify their identity online through facial technology that meets standards set by the National Institute of Standards and Technology’s 800-63-3 Identity Assurance Level 2 (IAL2) guidelines.

Login.gov will allow its users to match a “selfie” with the photo on a government ID, such as a driver’s license.

GSA said the facial recognition technology used by Login.gov does not rely on “one-to-many facial identification,” and does not use these images for any purpose other than verifying a user’s identity.

The facial recognition option builds on Login.gov’s existing identity verification process, which requires validation of a government-issued ID and a phone number or address.

GSA Administrator Robin Carnahan said in a statement that the facial recognition option is “another milestone in ensuring agencies have a wide variety of strong identity verification options.”

“Proving your identity is a critical step in receiving many government benefits and services, and we want to ensure we are making that as easy and secure as possible for members of the public, while protecting against identity theft and fraud,” Carnahan said.

GSA began testing a facial recognition option for Login.gov in May.

The agency previewed the rollout of IAL2-compliant facial recognition tools in a blog post last October.

GSA said it’s been working with other agencies to “evaluate the effectiveness of the Login.gov product across demographic groups, monitor for algorithmic bias in identity verification, and to evaluate additional pathways to verify identities at the IAL2 level, such as compensating controls.”

Login.gov Director Hanna Kim said in a statement that GSA will “continue to uphold our values of equity, privacy, and transparency by incorporating best-in-class technology and learning from academic and user research.”

“Login.gov heard from our agency partners with higher-risk use cases that it was important that we offer a version of our strong identity verification service that is IAL2 certified,” Kim said. “We’re glad that we’ve been able to do this while ensuring that users continue to have multiple secure pathways to verify their identity, whether that is in-person or remote.”

Login.gov users are also able to verify their identity in person at over 18,000 post offices across the country, if they are unable to do so online.

More than 99% of the U.S. population lives within 10 miles of a post office.

Since its launch in 2017, Login.gov now serves more than 50 federal and state agencies, and supports 300 million annual sign-ins.

GSA’s rollout of facial recognition technology on Login.gov comes a year after its inspector general’s office found it misled agency customers and the Technology Modernization Fund board about meeting NIST’s IAL2 standard for remote identity proofing.

The IG report found that, rather than conducting physical or biometric comparisons, such as through facial recognition or fingerprints, as required by NIST, Login.gov was instead using a third party to compare identification cards to information contained in LexisNexis.

“Login.gov has never met the technical requirements for identity proofing and authentication of NIST Special Publication 800-63-3 for Identity Assurance Level 2 (IAL2). At multiple points starting in 2019, Login.gov officials should have notified customer agencies that Login.gov did not comply with IAL2 requirements in SP 800-63-3. However, Login.gov did not notify their customer agencies until Feb. 3, 2022, after a Wired article reported that Login.gov used selfies for verification,” the March 2023 report states. “Before then, Login.gov not only portrayed publicly that it was compliant with IAL2 requirements, but also misinformed customer agencies through interagency agreements stating that they met and/or were consistent with the IAL2 requirements.”

GSA said it notified its inspector general’s office in February 2022 of the misrepresentations and initiated the audit.

Former Federal Acquisition Service Commissioner Sonny Hashmi told reporters last year that the “misrepresentations about Login.gov’s compliance with the NIST IAL2 standard, starting in 2018, were completely unacceptable.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

• In the wake of Hurricane Helene’s devastation, a top Republican on the House Homeland Security Committee is asking questions about the Federal Emergency Management Agency’s advanced forecasting models. New York Congressman Anthony D’Esposito, chairman of the emergency management subcommittee, said many communities caught in the path of Hurricane Helene weren’t aware of the potential for destructive flooding. D’Esposito is asking FEMA to provide data on its advanced forecasting models and prepositioning of resources. He’s also asking FEMA whether the agency has adjusted its rainfall modeling after Hurricane Helene.
• The largest federal employee union is endorsing a bill to prevent suicide among federal corrections officers. The Officer Blake Schwarz Suicide Prevention Act would expand access to mental health care services for law enforcement officers working at the Bureau of Prisons. The American Federation of Government Employees supports the bill. AFGE said many federal correctional officers are veterans who are already at a higher suicide risk than the general population.
• As Hurricane Milton is approaching the Florida coastline, there are military bases securing equipment, relocating personnel and preparing for possible disaster response efforts. Officials at MacDill Air Force Base in Tampa ordered widespread evacuations on Monday. The Navy is also relocating its assets ahead of the storm. Maj. Gen. Pat Ryder, the Pentagon’s top spokesperson, said the Defense Department is tracking the storm’s path and thinking through the potential contingencies. On Tuesday, the National Guard Bureau mobilized about 500 Guardsmen to support the Federal Emergency Management Agency later in the week.
• The Office of Personnel Management retirement backlog saw a decline in claims received and processed in September. OPM received more than 5,600 claims and processed just over 6,300 claims in last month. That is over 1,400 less than in August. The inventory backlog dropped to just under 15,000 cases, but that’s not enough to meet the steady state goal of 13,000 cases. OPM says September cases completed in less than 60 days on average took 41 days to process, while cases that took more than 60 days on average took 115 days to fully process.
• House lawmakers want to know how the National Institute of Standards and Technology is approaching the thorny issue of facial recognition. Leaders on the House Science, Space and Technology Committee want to know how NIST’s updated digital identity guidelines address longstanding concerns about facial recognition. In a letter to NIST Director Laura Locasio this week, lawmakers asked NIST to share the findings of its digital identity and face recognition technology work. NIST published the updated digital identity guidelines last month. They serve as standards for how federal agencies use digital identity technologies, including facial recognition.
• Cyber operators across the federal government can take a range of new courses from DC3 Cyber Training Academy’. In its schedule for November, DC3 is offering classes around cryptocurrency activities, cybersecurity analyst, log analysis and Linux essentials. The academy has also released its 2025 course catalog — it will offer courses for entry-level, intermediate and advanced-level professionals. Courses are taught on-site at the DC3 Cyber Training Academy in Maryland, in residence at off-site locations and online. Students interested in enrolling can request additional information through the cyber training academy registrar.
• The Biden administration is giving agencies more capacity to oversee more infrastructure projects. The Federal Permitting Council is investing $15 million in a new contracting tool to help agencies deal with a surge in environmental reviews and other permitting work under the Bipartisan Infrastructure Law and the Inflation Reduction Act. Permitting Council Executive Director Eric Beightel said, “We are developing a contract solution to enable agencies to quickly leverage surge support to enable reviews and other permitting work to be completed effectively and on schedule.”
• The Partnership for Public Service is urging both Vice President Kamala Harris and former President Donald Trump to use resources from the General Services Administration and kickstart presidential transition planning. Getting transition plans underway now is critical, Partnership officials said, regardless of who wins the November election. But so far, both presidential campaigns are still behind on their transition planning efforts. The Harris campaign signed an initial agreement with GSA to access transition resources, like office space and connections with agencies. But less than a month out from Election Day, the Trump campaign has yet to do the same.
• The Social Security Administration is turning the ship around on employee engagement. For the first time in years, SSA is seeing positive trends in employees’ feedback on engagement, satisfaction and agency leadership. That’s according to SSA’ results in the 2024 Federal Employee Viewpoint Survey. The positive trends in the 2024 FEVS come after years of declining scores for the agency. But SSA leaders said there’s still more work ahead to continue the upward trajectory — most notably by addressing what many employees say are unreasonable workloads.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Various industries are still dealing with the consequences of the July 2024 technology outage which led to a “blue screen of death (BSOD)” and extreme disruptions. A defective update from CrowdStrike caused this issue, knocking critical systems offline, bringing the airline industry, medical practices and financial institutions to a grinding halt. It also forced those impacted to lean on call tree procedures, ensuring that communications were maintained using out-of-band methods.

This outage even impacted the government. The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency worked with federal, state, local and critical infrastructure partners to assess and address all essential outages. The outage not only sparked conversations about patch management practices and system update testing approaches but also highlighted the potential cybersecurity ramifications of pervasive outages.

To prevent future outages, it’s crucial to prioritize strategies for driver testing and patch management systems planning. Emphasizing rigorous testing, particularly for kernel mode applications, is essential. Patch management processes must evolve, focusing on iterative rollouts with finer-grained controls within products to minimize the impact of kernel-mode application updates. By enhancing the testing, deployment and overall management of updates, these strategies will support the continuity of operations.

Despite the initial chaos, comprehensive response, communication and mitigation plans helped some organizations to address what appeared to be a massive, unknown cyber event of unparalleled magnitude. There are numerous opportunities for technical and organizational improvement that will help stop, mitigate or recover from similar events. If followed appropriately, these precautions can also prevent cyberattacks that target software.

Balancing proper testing with frequency of updates

Programs that support driver testing, like Microsoft’s Windows Hardware Quality Labs (WHQL) certification process, ensure the compatibility and reliability of products that operate with kernel-level privileges. Hardware drivers and some software applications operating in kernel mode require a higher degree of testing to reduce the likelihood of system disruptions.

Regular software that runs without administrative or elevated privileges is less likely to cause severe system disruptions — but an application or driver running at the kernel level can cause major problems if not tested.

In the CrowdStrike incident, the core kernel-level application is WHQL certified and stable, but the regular detection and response content updates to that product are not individually certified due to the frequency of release. These content updates are needed frequently, as the endpoint detection platform requires rapid change in response to emerging threats.

Given that these content updates are released too frequently for each update to be WHQL certified, a certain level of trust is placed on vendors to conduct thorough testing. This tension between rigorous testing and the velocity of deploying updates to address the rapidly changing threat landscape is core to the recent incident. Current vendor practices and testing tactics need to be reevaluated to mitigate future issues.

Software checks to avoid outages

Modifications to software testing and deployment procedures will be essential to reduce the impact and likelihood of another massive outage. Pre-deployment extended compatibility testing, performed by a software vendor and customers, would reduce the risk of incidents.

The only expense is a delay before security updates are in effect — a small price to pay for a safer approach.

Some endpoint defense systems allow customers to set rolling deployments, allowing for monitoring and quick rollback if issues arise. Utilizing pilot groups to deploy initial updates to a small, controlled group of users or systems, and then monitoring the performance and stability before wider deployment, is another strategy to prevent severe outages.

These approaches are bolstered when deployed during low-traffic periods, such as after work hours or over weekends, because they minimize disruption and allow for immediate intervention if issues occur.

Automation and enhanced patch management practices

Stronger patch management practices are another tactic to defend against outages. These include extended compatibility testing and checks, and the use of artificial intelligence and machine learning for monitoring and rollback.

Increasing the scope of testing across a wider range of hardware and software configurations will identify potential issues before release. This can be used within the pilot groups — a smaller number of users across various configurations. Also, testing patches against a replicated lab or simulated production environment will ensure that updates are compatible with supported hardware and software configurations. This includes testing on different versions of the operating system and with various third-party applications.

AI/ML can play a major role via heartbeat monitoring. Since a BSOD-causing error may not allow a system to operate enough to send an error alert, using heartbeats and related up/down monitoring techniques can identify inoperable hosts. Using indirect techniques, like AI/ML, to detect a problem state (BSOD loops) and link it to a recent patch deployment activity would rapidly identify the problem.

Furthermore, when a group of hosts is in this loop state, they are unable to send normal heartbeat messages, but an automated, AI-driven monitoring solution can both identify the anomaly and link it to patch deployment logs. If a customer’s environment is designed to stagger updates, and multiple hosts stop communicating with a heartbeat server, there is likely either a network issue blocking communications or a host-based problem commonality.

When combined with a staggered or phased rollout approach, early AI-driven detection could reduce the impact of a future BSOD event caused by updates. These automated monitoring tools can quickly identify issues post-deployment and enable rapid rollback if necessary.

AI provides predictive analytics too, reviewing historical data and usage patterns to identify potential issues. This enables adaptive testing and phased rollouts, where updates are deployed gradually and monitored closely for any signs of trouble. This approach will reduce the impact of an event by many orders of magnitude.

Integrating AI as a means to augment the testing regimen into the WHQL certification process or adopting AI/ML-driven monitoring solutions can significantly enhance the reliability, efficiency, and speed of testing, identification, and remediation — ultimately preventing or reducing the impact of BSOD problems.

Enhancing the WHQL testing program, optimizing patch deployment timing and settings, and adopting robust patch management practices can significantly reduce the risk of issues like the CrowdStrike BSOD problem. IT operations and security operations teams have also taken onboard their own lessons learned during the recent outage regarding how to operate when their own devices are inoperable, and are adding resilience to their collaboration processes during the incident troubleshooting activities.

Industry stands to improve its support of the government mission by taking these collective measures regarding readiness, resilience and ensuring that updates are thoroughly tested, carefully deployed, and effectively managed.

Peter O’Donoghue is chief technology officer for Tyto Athene.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Over 5,000 Florida National Guard members have been mobilized ahead of Hurricane Milton’s imminent landfall on Florida’s west coast, as thousands of Guardsmen are supporting recovery operations in communities impacted by Hurricane Helene.

Florida Gov. Ron DeSantis said Tuesday evening the number of National Guard personnel activated to respond to the hurricane will soon increase to 8,000.

The response includes 450 tactical vehicles, including 140 high water vehicles and aerial, water, and ground National Guard search and rescue teams.

“This is probably the largest National Guard mobilization in advance of a storm in Florida history,” said DeSantis.

The Florida State Guard’s response will also include three high water UTVs, four drone teams, ten maritime crews, two amphibious rescue crews, 15 cut and toss crews, and two UH-60 Black Hawks. 

Additionally, the U.S. Army North has moved its personnel and equipment from its contingency command post to Fort Moore in Georgia to assist requests from the Federal Emergency Management Agency and state leadership,  including high-water vehicles and helicopters for search and rescue operations and medium-lift helicopters to move personnel and equipment.

“There are personnel to help with logistics support and additional search and rescue operations. The National Guard is doing things to be in place and to be ready to support almost immediately,” Deputy Pentagon Press Secretary Sabrina Singh told reporters Tuesday.

State authorities have helped evacuate 300 healthcare facilities located in the potential path of the storm.

And state veteran nursing homes that are in areas at risk of being impacted by Milton are allowing family members of their residents to shelter with them, as these nursing homes are built to endure Category 5 hurricane winds.

Officials at MacDill Air Force Base, a major military installation in Tampa, Fla., ordered a widespread evacuation on Monday — just two weeks after Hurricane Helene, one of the deadliest storms in recent history, flooded parts of the base.

Navy officials said Monday the service is moving its assets ahead of the storm.

Hurricane Milton, which is currently a Category 4 storm, is expected to make landfall Wednesday night or early Thursday, according to the National Hurricane Center. The storm is predicted to be the first most destructive hurricane to hit the Tampa Bay area since 1921.  DeSantis declared a state of emergency for 51 out of 67 state counties.

“The No. 1 message, as it has been for several days now, is that you need to prepare, do whatever you need to do, and then get out of the evacuation zones,” Tampa Mayor Jane Castor said Monday.

“Helene was a wake-up call. This is literally catastrophic, and I can say without any dramatization whatsoever — If you choose to stay in one of those evacuation areas, you’re going to die.”

Hurricane Helene hit Florida less than two weeks ago and moved into several southeast states — more than 6,700 Army and Air National Guard members from 16 states have been already deployed to assist emergency workers with recovery operations in communities impacted by the devastating storm.  The Defense Department has deployed over 1,500 active-duty soldiers to help with debris clearing,  search and rescue operations and delivery of food and water supplies to communities in North Carolina. 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

The Federal Emergency Management Agency has surged 1,200 search and rescue personnel to Florida ahead of Hurricane Milton’s landfall.

FEMA Administrator Deanne Criswell said more than 1,000 personnel are already in Florida. Many were already in the state helping with the recovery from Hurricane Helene and other previous storms.

“We have sent as many resources as we can into that area to support the efforts that the state has already pre-positioned into the area,” Criswell said.

In a fact sheet released today, the White House said 1,400 search and rescue personnel had been pre-staged to support Milton response efforts. Additionally, the Coast Guard has 1,300 personnel in Florida to assist with operations.

Meanwhile, Florida has mobilized more than 5,000 members of the National Guard to respond to the hurricane. 

Milton is currently a Category 4 storm. The National Hurricane Center projects it will make landfall along the west-central coast of Florida on Wednesday night as an “extremely dangerous major hurricane.”

The storm is bearing down on Florida as federal personnel continue to assist with Helene response and recovery operations across six states.  More than 8,000 federal personnel are deployed across the southeast, including Florida, to help with the Helene recovery and prepare for Milton’s arrival.

A daily operations briefing released by FEMA today shows just 8% of the agency’s incident management workforce is categorized as “available” ahead of Milton’s landfall. FEMA has struggled in recent years to maintain a workforce large enough to respond to a growing number of natural disasters.

But Criswell pointed to the agency’s “layered approach” to staffing disasters. In addition to its dedicated disaster response staff, FEMA will also call on employees from its headquarters and across different regions to “pitch in and help out when we need additional support.”

“We’ve done this before. We are prepared for this,” Criswell said. “We will certainly have challenges along the way as we move people around, but this is what we’re good at. This is what we plan for.”

Criswell said FEMA’s response to Milton will not detract from its Helene efforts.

“Let me be clear: these resource movements are not taking away from the ongoing, complicated response and recovery we are still working in the aftermath of Helene,” she said. “I want the people to hear it from me directly: FEMA is ready.”

Homeland Security Secretary Alejandro Mayorkas last month also activated the Surge Capacity Force. It provides FEMA with a roster of volunteer employees from across federal agencies.

FEMA’s daily operations briefing shows more than 7,800 people are rostered on the Surge Capacity Force, with 190 of those currently deployed.

FEMA funding

Criswell said FEMA’s Disaster Relief Fund had $11 billion in its coffers as of Tuesday morning. Out of the $20 billion in the fiscal 2025 continuing resolution, Criswell said FEMA has already spent between $7-8 billion on obligations for disaster recovery projects that were previously paused due to a shortage of funding.

The rest has been spent on the ongoing response to Helene and Milton.

Earlier this year, FEMA sent Congress a $9 billion supplemental disaster funding request.  Criswell said that request “still stands,” but added that FEMA is also evaluating whether it will need a bigger supplemental funding boost after Helene and Milton.

“As we have continued to have an increase in the number of events, and these two back-to-back, really catastrophic events that are going to cost a lot of money, we are evaluating right now how much more we are going to have to go back and ask Congress for,” Criswell said.

FEMA is currently supporting 111 major disasters and 17 emergency declarations, according to the daily operations briefing.

Criswell said it’s the most ongoing disaster responses she’s seen while at FEMA.

“We had an incredibly busy tornado season earlier this year,” Criswell said. “We had severe weather that had catastrophic and historic levels of flooding across many states this spring as well. We’ve had wildfires across much of the west. This increase in the number of severe weather events we’re seeing, as well as the complexity of many of these events, because of the amount of damage that they’re doing, is increasing the number of open disasters, because the recovery is more complex and it takes longer to help reimburse these communities as they rebuild from the weather events that they have experienced.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Tom Temin And we’ve enjoyed a lot of interviews over the years on something that people may not realize about the Academy, is that it undertakes reports chartered by Congress to look at really problematic issues. And you’ve overseen some really blockbusters.

Terry Gerton Well, we have. And thank you for raising that, because I think it really is important for people to understand that Congress did charter the Academy. We have a mission in law from them, which is to help government leaders at all levels really tackle the tough problems. And so Congress does direct in legislation sometimes that federal agencies engage with us to tackle some of those.

Tom Temin And what stands out in your mind as some of the really big ones? I think of the Maritime Academy.

Terry Gerton Yeah, that was a really important one. And we continue to see the impacts of that. People may not be familiar with that organization, but it is one of the nation’s service academies. It trains merchant mariners. And it’s had a long running issue with sexual assault, with discrimination. But even broader than that, with just facilities management. It’s a military academy, but it’s in the Department of Transportation. So there’s a lot of conflicts, a lot of spread attention. And so I think we were able to make a real difference. The secretary of Transportation now has a focus group that’s tackling those. They’ve gotten more money, they’ve gotten more people. They still have a long way to go.

Tom Temin But I think the value of those reports is that every government leader manager should read them.

Terry Gerton Well, that’s so true. Another one that really got a lot of headlines was our congressionally chartered report on the Office of Personnel Management back in the Trump administration when they had proposed combining OPM and GSA. Congress asked us to go in and look at OPM. And they asked three really interesting questions. One was, what is OPM doing that it’s not directed to do? What are they not doing that they are directed to do? And how much would it take to get them to be the organization that we want? And we’re just so proud of that report. But more importantly, the way that OPM embraced it and made it part of their strategic plan, made a part of their budgeting process, and continues to make progress in really building out the center of government’s personnel and talent management capacity.

Tom Temin And I think another initiative that you get credit for that was not already there at the Academy was the idea of the 12 grand challenges. And that’s been a really interesting journey too, to read about those.

Terry Gerton It really has. We started that idea in 2018 where we thought, we are the National Academy of Public Administration. We ought to create an agenda for the field. And so we did some crowdsourcing, we did some expert engagement, but we released that list of 12 in 2019. And really just kind of in November, and then in 2020, of course, we had COVID. And we thought, well, goodness, did we get it right? Did we not get it right? And I’m so proud of the brains that went into that, because they really stood the test of time. Who knew that water systems would be such an issue, and going through the pandemic truly was. Who knew that we’d be in a place where we really needed to talk about protecting democracy, and we are. And so it really has begun to be adopted by all levels of government we see, especially at changing how local governments are approaching their strategic plans, their workforce engagement, how they’re thinking about combining their efforts across multiple parts of their organization to really get systemic solutions. So I am really proud of that.

Tom Temin All right. We’re speaking with Terry Gerton. She’s president and CEO of the National Academy of Public Administration. She’ll be stepping down from that role at the end of the year. And the other thing you get credit for from the Academy is increasing the funding for it, increasing the facilities and assets that it has. And you’re not doing something like panda bear protection or rain forest or something sexy that people can get behind. National Academy of Public Administration sounds boring. How do you get people to back that type of effort? What kinds of funding have you been able to bring to it?

Terry Gerton Well, we have started a capital campaign, our first ever to build an endowment for the Academy. Congress chartered it, but doesn’t fund it. We are a nonprofit organization. We have to generate our own funds. So we’ve been very prudent in the resources that we have. But now we’re asking people to contribute to the capacity of the academy because its work is more important than ever, as we experience more political polarization, as people really are questioning the value of their government, what does it give them? The Academy is uniquely positioned to bring expertise to all levels of government, whether it’s your local government, your county government, your state government or the federal government to help government work better for the people it’s supposed to serve. And I think now more than ever, it’s an absolutely essential organization because we’re not invested in creating a profitable relationship that generates funds forever. We really are committed to good government. Kind of nerdy, but it’s really important.

Tom Temin So who invests in it?

Terry Gerton Well, right now it’s largely fellows. We do have some nonprofit partners that help us, especially in things like media relationships and funding and grant funding. And then we engage in contracts with government agencies, whether that’s, as we talked about at the top of the show, directed by Congress or whether government agencies at all levels seek us out to do that kind of work. So it’s an ongoing effort to get the word out, an ongoing effort for us to identify those challenges and bring people to the table that we can work with.

Tom Temin But it’s not something that is going to be corporately sponsored, like a lot of nonprofits.

Terry Gerton There is a space for corporations, especially those who are government adjacent. It matters that government is stable. It matters that government is predictable. And those folks have an interest in our engagement with government, making it work better so that they have a predictable environment to operate in. I’d love to leave my phone number with anybody who wants to contribute to our cause.

Tom Temin Well, we’ll post it when we put this interview online. But just a moment, getting back to those 12 grand challenges. Do you feel like they have become kind of the language, the lingua franca for people talking about public administration?

Terry Gerton I think so. In a couple of categories. Well, kind of actually all of them. One is about IT, making government AI ready. People are on that all the time. One is about climate change and climate adaptation and governance around how do we prepare our communities and our states and our institutions. We’ve just seen environmental disaster with the hurricane over the last week. How do we help government agencies prepare for that? Another group is focused around building resilient communities. That’s everything from having a strong economy where people can find meaningful work, to addressing issues of racial and economic justice. And then the other group really is protecting democracy. And it’s about free and fair elections. It’s about a public workforce that’s strong and nonpartisan and expert. So, yeah, those are really the issues that people at all levels of government are working on today.

Tom Temin You wonder on that economic area and the fact that so many areas of the country are devoid of great jobs. Manufacturing has fled whole sections of the Midwest, the Appalachian region, which was never that rich to begin with. It’s even worse off now in some ways, maybe than it was in the 1930s. And so units like the Economic Development Administration, for example, have the capacity to maybe kick start those areas.

Terry Gerton I think that’s really true. We’ve seen a lot of national investment going back into areas to rebuild manufacturing, to create new industries in certain places. But where public administration comes into that is connecting the economic development to, say, community colleges and the workforce system and recruiters even down as far as elementary school education to build a workforce in those places with the skill sets needed to sustain those industries. So public administration really is workforce development. It’s economic development. It’s community engagement.

Tom Temin We’re speaking with Terry Gerton, president and CEO of the National Academy of Public Administration. She’ll be retiring from that job at the end of the year. And you gave them quite long notice. They’ve hired Christian Blackwood, formerly of the GAO and soon to be formerly of Partnership for Public Service. But it’s kind of nice to be able to have that luxury of the time.

Terry Gerton Well, it is. In my past history in the military and in the civil service, I’ve really never held a job more than four years. And I found myself coming up on eight. And I thought, it’s really time for someone with some new ideas and some new energy to take over the organization and lead it to the future. So I knew early on what my plans were going to be that I was going to step down at the end of the year. But I also really wanted to give the board and the organization the time to do a thorough search to find a replacement, and to have a reasonable amount of transition time. So I’m just delighted with the announcement of James-Christian Blockwood. I think he’s going to be the perfect fit for the Academy for the future. He’s a fellow himself, so he knows the organization and he’s been in the public administration space all his career. And so he really comes to it with great knowledge, great connections, great energy and enthusiasm.

Tom Temin And what kind of standing staff, what are the overhead requirements for the academy? You don’t have squadrons of people that work there.

Terry Gerton We don’t. We’re a pretty small permanent staff. We have about 40 people. And those 40 people do everything from fellow engagement to research to IT. But the power of the academy is our almost a thousand fellows. And these are folks who’ve had long careers in public administration at multiple government levels, or they’re academicians who teach public administration. And we bring them together and their expertise to work directly with our client organizations. Because there’s somebody in that fellowship who’s sat in the chair of the person we’re working with, and can really bring that kind of expertise. And then our team fills in with expert research, with the writing and the documentation and really develops the recommendation. So it’s a powerful, powerful partnership. It’s objective, it’s nonpartisan. And we leave our organizations really with implementation plans, things they can check off and know that they can make improvement if they go that way.

Tom Temin And how do you maintain relations with a place like the GAO or with the inspectors general counsel? Because they do sometimes deep dive studies that are all encompassing of an agency. Usually they’re more detailed.

Terry Gerton The real difference between GAO and the IGs and the Academy is that we are not auditors, first of all. They are auditors and investigators and they’re great documenting the challenges and the problems. We do that as well. But the difference is that we do leave behind that remediation plan. We want organizations to get better. We want to leave them steps that they can take, because a lot of times leaders know they’ve got a problem, but they can’t rise up above the fray long enough to figure out what to do with it, and to develop that strategy for improvement. And I think that’s the real power in an Academy report.

Tom Temin We’re speaking with Terry Gerton, president and CEO of the National Academy of Public Administration, she’ll step down at the end of the year. And you raise a really important question. It’s easy, relatively easy to identify the issues with an agency. Usually the people inside are the most aware of them. And sometimes these external studies simply articulate what everyone kind of knows, but maybe not in entirety. But then there is the issue of changing direction and changing. I hate to use the word culture, but what in your experience, does it take to really repair an organization to be its best self?

Terry Gerton Well, it takes leadership, commitment and stability. It takes buy in of the staff. Oftentimes it takes resources. As an example, we just did a long study of the National Finance Center at the US Department of Agriculture that cuts the biweekly checks for 600,000 federal employees, and who are still working in trailers in New Orleans.

Tom Temin That’s like ten years later, right?

Terry Gerton Yeah. After Hurricane Katrina.

Tom Temin More than ten.

Terry Gerton Yeah. They need money. They need money to resolve their technical debt. They need money to build their facilities. They need money to hire more people. But managing that change across such an important organization where you can’t stop the mission, that’s a real challenge. And so that’s where I think our reports are so helpful to the leaders on the ground. In that case, we made recommendations for a couple of new positions, one specifically to be a change manager on a term basis. But someone who is day-to-day responsible for pulling all of those change threads together. It’s really challenging, but it’s the core of what good leadership can do.

Tom Temin And do you sometimes find it frustrating that the Congress argues tooth and nail over the operational budget of the government about $1.5 trillion now, and there is another 4.5 trillion in entitlements and interest on the debt that never gets debated. But beyond that, we’ve had several years of trillion dollars really since 2008. There’s been 4 or $5 trillion bills that are neither entitlements nor regular appropriations for the operation of the government. And it’s not easy to point at what they have actually bought with all that money except a lot of debt and more interest. And yet, someplace like the Bureau of Prisons can’t get its crumbling ceilings fixed.

Terry Gerton I think that is, again, the power of the Academy’s reports were able to point to specific investments that Congress could approve where it would make a specific difference. You see the change in the IRS with some additional funding, how they’ve been able to put more people on the front lines. They’ve been able to go after more tax audits. They’ve been able to improve their operations. You see what Martin O’Malley is doing with Social Security Administration, where tackling those specific issues with resources to put more people on the ground to deliver better service is having an impact. I think the most important question that Congress can consider as they’re looking at that budget is what do they want the government to do? That same OPM question. What does it take in resources to create an organization that can function the way we say we want it to? Now, at the end of the day, they may or they may not fund that. But I think that’s really the powerful question. It’s where the academies reports can help them, and it’s how our reports can help them exercise their oversight function. Because they can go back to those agencies now and say, well, you had ten steps in the Academy report or 67 steps. How are you coming on those? And it’s a great way to actually help the agencies make the progress that Congress would hope they would make.

Tom Temin And I think it also underscores the importance of congressional relations. And in my experience, there are many members of both parties and in both chambers that understand public administration, that care about it. The organization, the branch of government itself adds up to chaos. But the individual members are sometimes pretty talented and aware of details. Their staffs make them that way. And sometimes I think they’re really interested. And so it must be difficult to navigate from your appropriator who understands what’s going on to the larger picture and actually getting that appropriation.

Terry Gerton Well, I think that’s true. And we’ve seen it in all of the issues that we’ve addressed at Congress’ request. Typically, there’s a member or two either on the House side or the Senate side that really cares about a particular issue. We engage with their staff and their teams in the committee staff to help shape that into a report that we can tackle. As an example, we just did a report in partnership with the Federal Judicial Center on Misconduct in the Federal Judiciary and Employee Relations. That was all at the behest of members of Congress who had noticed a problem and brought us in to help tackle that. It happens in so many of the areas that we’re in. It is hard these days to get a coalition of members, a critical mass around a particular challenge. There’s so many challenges and so many issues. But you’re right, they are in tune. Their staffs are in tune. And we do work very closely with them to advance the agenda.

Tom Temin In one department that’s gotten lots of attention and always gets fairly good bipartisan support is the Veterans Affairs Department. We should point out you work 20 years of active military duty as an Army officer. How is the VA doing from your standpoint?

Terry Gerton Well, the VA has a lot of challenges. And they have three very specific and different administrations from benefits to health care to cemeteries. They have a lot of veterans to serve and a lot of challenges to overcome. And so Congress certainly gives them lots of attention.

Tom Temin But how does the customer service, from your standpoint?

Terry Gerton I worked very closely with the VBA side when I was at Department of Labor, making sure that veterans were able to use their education benefits, their employment benefits. So my husband is a recipient of veteran health care and is very satisfied.

Tom Temin All right. So you will be leaving the academy at the end of December, starting January 1, 2025. But somehow I don’t feel like you’re going to exit the scene.

Terry Gerton Well, I am careful to say that I am stepping down and not retiring, but I do hope to take a little bit of time off and then we’ll see what other opportunities are out there. These grand challenges are topics that I’m really passionate about, and so I’m going to look for a way to continue to be involved. And I’m a fellow of the Academy, so I can continue to be involved there as well. I just don’t have to be in charge of it every day.

If education and workforce training are key to developing the cybersecurity workforce then one group thinks it has the answers. The Advanced Technology Academic Research Center, or ATARC, has published a detailed plan, what it calls a workforce development pipeline and pathway strategy. Joining the Federal Drive with Tom Temin with more, California Sate University Professor Keith Clement.

Interview transcript: 

Tom Temin If education and workforce training are key to developing the cybersecurity workforce, then one group thinks it has some of the answers. The Advanced Technology Academic Research Center, ATARC, has published a detailed plan, what it calls a workforce development pipeline and pathway strategy. Joining me with some of the details, California State University professor Keith Clement. Dr. Clement, good to have you with us.

Keith Clement Good morning, Tom. Thank you for having me today.

Tom Temin And, well, what are the, I mean, we talk about this a lot, the workforce shortage, and there’s not enough cybersecurity people, not enough training going on. What is the real challenge, do you think? Put it in some terms we can come to grips with.

Keith Clement Tom, I think that we could view things as a capability gap, you know, just not having enough employees to fill out our information security teams. We could view it as a matter of those folks. Not having the skill set necessary for 2024 is advanced threat environment. And I think that thirdly, we could really look into the issues of the transition from the preparation process to actual employment process. And I think those are three key issues.

Tom Temin Yeah. So the capabilities is just sheer capacity. You mean and do we have enough bodies potentially even for this challenge globally?

Keith Clement World World Economic Forum estimates there are over 4 million cybersecurity jobs available. And in the United States, we have about 450,000 cyber jobs that are currently open. You could look at larger states that could have easily 50,000 or 60,000 job openings there. You can look at Silicon Valley or specific regions to have 20,000 or 25,000 jobs available. You could really view this in any way that you wanted to. It is a national security issue. It is a national economic security issue. And I think that one of the misnomers out there, Tom, unfortunately, is a lot of folks think that you can just go to a couple of classes over the weekend and by Monday morning, you’re the chief information security officer of a major U.S. Corporation or a federal government agency. And it’s actually a rather detailed process, right?

Tom Temin And cybersecurity jobs cover the gamut from if you are a so-so, you’re probably not sitting in the security operations center looking for alerts personally, but yet sitting in the security operations center and looking for alerts. That is a job. So it really is from the highly technical keyboard pounding to management and planning.

Keith Clement But I Tom, I think he hit the nail on the head right there that we could view cybersecurity as an entry level problem, but it is probably more of an intermediate and advanced role problem. We really have problems with burnout and keeping people in the field for long enough to be senior personnel in these respects. And on a separate but related issue, I think that the state of cybersecurity management, it is also it very much in question. We just do not have the managers nor, you know, nor the executives or the entry level folks. And it’s a problem.

Tom Temin And you mentioned there is the preparation because there are lots of schools that offer comprehensive cybersecurity training. But then the employment, there’s kind of a valley of death there, it seems like.

Keith Clement Worse than a valley of death, at least in the valley of death. Some may end up taking hope. But at the end of the day, in this area, the level of frustration and anxiety of potential candidates getting into the field almost rivals the stress and the pressure and the skeleton crews they likely face when they actually get on the job. I mean, I think that only about two thirds of cybersecurity jobs are filled out. How good does any team do with two-thirds of a squad? Right. I mean, one or two people go out on vacation and the office is in chaos. I mean, somebody gets sick, heaven forbid. I mean, just serious problems. But I think there’s three steps of the preparation process that folks need to think through about getting into the world of cybersecurity. One, as you mentioned, is the education, the four year degrees and the master’s degrees and all that. And so the second is the reliance on industry based professional certifications that are critical in IT and in cyber and growing. And I just to put that out there. And third, I think the valley of death that you refer to is there are so few opportunities for workforce development in this area, like lacking internships, lacking apprenticeships in those opportunities, that that’s really a barrier that a lot of folks have a hard time overcoming. It’s the chicken or the egg, right? I need the job. Well, you have to have the work experience to get the job. And it is a tough cycle right there.

Tom Temin We are speaking with Dr. Keith Clement. He’s a professor of criminology at Cal State, Fresno. And by the way, how does a criminology professor get into the cybersecurity business?

Keith Clement I appreciate, Tom, that question deeply. I get it an awful lot. The first issue, of course, is the relationship between cyber crime and cyber terrorism as it relates to the world of criminology that is fast paced and rapidly changing. I think that there are a lot of malicious actors out there that think that it’s easier to conduct Internet scams and ransomware attacks than it is to put a gun in somebody’s face or on a street corner and face hard time in prison. So, the folks engaging in cyber security is a criminological component. But I think what you’re really suggesting here is something else. That is what is a criminologist doing in a technical and specialized area of cybersecurity. And I would just say that machines do is they’re told that the real problem in all of this response was were 90 to 95% of breaches and all of these other things is the human element of it. And and and not only that aspect of the human development, but it’s critical to think of education and workforce development is bringing many different silos or many different groups of folks that don’t play very well in the sandbox, as they say. And it’s really been a challenge to bring industry higher education K to 12 community based organizations, the public sector. It’s been really hard to bring all of those actors together that have to be present, sure of a career pipeline pathway.

Tom Temin And give us the top line view then of what ATARC has come up with for some solutions to the capabilities, skills and an employment gap.

Keith Clement So speaking to our federal friends and colleagues, I think that there are at least two significant contributions of that HR report that would that that should garner some attention. The first is actually related to a framework to assist K-12 and higher education institutions and technology services offices on a framework by which they can use to assist them in developing additional cyber awareness and preparedness training types of programs. On the education side, I suspect that the long dominance of a cyber or specialized degree program is probably a question mark these days. One of the key aspects of the task report is the development of a traditional or academic pathway into cybersecurity. The one that your your viewers are most familiar with, like the four year degrees and you get a handful of top tier certificates and then you get a one year apprentice somewhere and then then voila, you’re in the job of your dreams, but also a nontraditional pathway that is that, in all fairness, a highly specialized Stem degree program and in anything super technical and specialized is going to rely on calculus and significant. You know, not everybody can get a master’s or a bachelor’s degree from MIT and computer science. Right. Right. The reality of the world. And and if we’re going to rely only on degrees as a pathway into federal employment in this matter, we’re going to just have. So instead, what we need to do, as the report suggests, is the development of a nontraditional pathway that replaces, in essence, the academics with certifications and hands on skills and training and a workforce model to include either internships, paid internships or the a registered apprenticeship model through the U.S. Department of Labor, USTR. Right.

Tom Temin And that’s similar to what the Biden administration has been really pushing right in several areas is skills based hiring where appropriate and not degree based and KSA based or I guess the middle word of KSA is skills.

Keith Clement I think that one of the misnomers out there in the cyber world is the the dynamics of the new tools and knowledge and skills. I mean, if you are a information security trained individual from 15 or 20 years ago, you’d probably wonder what the heck is going on around here because it’s changed dramatically and it’ll change tomorrow. And we could just as easily talk about the impact of artificial intelligence on on these matters, the convergence of A.I. and cybersecurity, and in a broader sense, and then in a very, very narrow sense, the utilization of AI in cybersecurity, right? I mean, red team, blue team activities. So I think there’s a lot going on in this space these days. I’m sure you would agree this is a critical area. I think another area of interest to to your viewers is this idea that these traditional nontraditional models are not exclusive by any means, but in many ways are complementary and kind of intertwine amongst themselves. This is a difficult position. This is a difficult sector to break into. As they say, you know, socialization and professional networks go really far here, too.

Tom Temin All right. Lots of good ideas in that report. Dr. Keith Clement is a professor of criminology at Cal State Fresno and also principal author of the ATARC white paper. Thanks so much for joining me.

Keith Clement Tom, Thank you so much. Pleasure’s all mine. Have a great day.

Tom Temin And we’ll post this interview along with a link to the white paper at federalnewsnetwork.com/federaldrive. Hear the Federal Drive on demand. Subscribe wherever you get your podcasts.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

After making improvements for two months, the Office of Personnel Management retirement backlog saw a decline in claims received and processed claims for the month of September.

OPM received 5,618 claims in September, 1,465 less than the month of August’s claims received. OPM processed 6,302 claims in September, 1,400 less than in August.

Though OPM did not make improvements in retirement claims, the inventory backlog did shrink from 15,178 down to 14,494. This is the lowest it has been since May 2024.

The backlog is still above the steady state goal of 13,000.

OPM said September cases completed in less than 60 days on average took 41 days to process, while cases that took more than 60 days on average took 115 days to fully process.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.