The University of South Florida (USF) recently opened a new lab aimed at providing quick, innovative solutions to the different challenges facing the Department of Defense. The new Rapid Experimentation Lab (REL) hopes to provide a unique, collaborative space to rapidly test concepts. To learn more, Federal News Network’s Eric White spoke with Taylor Johnston on The Federal Drive with Tom Temin , COO of USF’s Institute of Applied Engineering, which is managing the lab.

Interview Transcript:  

Eric White Absolutely. So why don’t we start from the beginning? How did this all come together? How did you find yourself in business with the Department of Defense? Trying to solve some of their always complex problems.

Taylor Johnston Thanks for the question. I am actually a 21 year Air Force veteran, so I’m a buyer by trade. I flew the C-21 C-130 and KC-135 in the Air Force. And while I was in the Air Force, I got to community and help a unit called Contingency Response Units. Contingency response units are challenged with setting up an air base anywhere in the world at a moment’s notice. And this is back in the mid to 2015-2016 timeframe, where essentially the problems we got were, hey, you’ve got two planes coming tonight. Figure what you can put on board and go. At that time we were dealing with antiquated generators and some other old equipment where that really got my innovation green and innovation meter ideas going, and we started looking at new ways to do power generation, new ways to use communications. And this is also at the start of AFWERX and some of the DIUs at the Defense Innovation Unit. And I got to be at the ground floor of that as an active duty member. Following my tours and the contingency response units, I ended up as the Director of Innovation for the six day Refueling Wing, which is MacDill Air Force Base. After retirement, one of the universities that I dealt with at the time was the University of South Florida. Now, the University of South Florida has this interesting arm that is a 500 1C3 nonprofit that connects those academics to federal money via contracts basis. So that’s kind of how I got involved in it. And what we do for the DoD writ large is try to solve and bring those academics to solve those tough problems for the DoD. So it’s not from a business where a 501c3 attached to the university. It’s more providing that PhD lift of  talent to the top problems of the DoD.

Eric White So before we get into the lab itself, we say complex problems. Why don’t we put a label on that? What kind of problems are you looking towards. And obviously they’re complex. So don’t feel the need to get too into the nitty gritty. But overall, what are you all going to be looking at?

Taylor Johnston Well, the Institute of Applied Engineering started in 2019 as a primarily an engineering solutions program to solve everything from a rapid mechanical design problem or some software solutions for some unattended ground sensors. What we figured out over the course of the last five years is you don’t just need that unattended ground sensor that talks to the tech network, that talks across the spectrum. You need a holistic approach to some of these new designs and new solutions. Because if I’m building anything on a mechanical thing, it’s obviously going to have some sort of electrical component, which is going to involve a chip. Where does that chip come from? How do I look at this from a business case example to an engineering solution? And then what are the policy implications of that incident solution. So we’re able to bridge the entire university to come to a solution for the DoD that actually is able to attack those wicked problems.

Eric White Gotcha. All right. So let’s get into the facility itself. You had mentioned some experience that you had with AFWERX and DIU. What lessons did you take from those agencies when modeling this lab? Did you take anything of, Oh, they do it real well over there. Let’s make sure to implement it here.

Taylor Johnston Well, one of the things that I noticed both from AFWERX, and the beautiful thing about AFWERX is there’s no real innovation, what we call Air Force specialty code. They take an airman that could be a maintainer, could be a medic, could be a troop, could be a flier like myself. And they bring them into a room with a whole bunch of different experiences. Let them ideate, let them try to solve the problem and think about different solutions, because those different perspectives usually bring about a better solution than a stovepipe kind of answer, solely by the troops or solely by the maintainers. That’s what we try to do at the lab is create a space where I have mechanical engineers, electrical engineers, RF engineers, physicists, medical folks all in the same room, and all with that collaboration space that they’re able to go from the whiteboard to a 3D printer to a welder, to an RF chamber, an anechoic chamber, and able to bring an idea to a solution, interdisciplinary wise.

Eric White We’re speaking with Taylor Johnston. He’s the chief operating officer of the Institute of Applied Engineering at the University of South Florida. So an 8,000 square foot facility is what you have, and you want to let your engineers cook in there. What sorts of new tools and innovative technologies are you bringing in there to make sure that these engineers, they’re not going to be there forever, obviously, and they’re in high demand, I’m sure once they graduate, what do they get out of this?

Taylor Johnston Well, we do have everything from our student interns to graduate assistants to professional staff. So I have 21 engineers on my staff that are permanent members of the institute, and we’re able to actually bring in university professors to the lab. The beautiful thing about the lab is that there are seven different types of additive manufacturing machines. There’s also soldering and welding equipment in there. There’s also printed circuit machines in there, sort of print circuit boards. And there’s also RF and anechoic chambers in there too, and also everything from drill presses to laser engravers to CNC machines. Basically, everything you need to make a product that we all know is not just fabricating a product that is also incorporated in electronics in the product.

Eric White Yeah. And I want to go back to this concept of you just kind of letting the engineers do their thing. What space do they have to also conduct some experiments where it may not all work out, but tinkering is how a lot of things are discovered. What can you tell me about that aspect of things?

Taylor Johnston I’ll go back to a little bit of the fact that we are primarily a task driven organization. So the DoD comes to us with that, Hey, I need a solution to this. And we’ll go out and either do an analysis of alternatives, or we’ll go out and try and prove what they’re trying to do and actually build what they want to have built. Part of that also, as you intimated towards, allows our engineers to figure out things that they may or may not be useful in applications towards the DoD, but they are something like using the iridium satellite network for communications versus the new Starlink. What’s capable of this? Some of the things that are out there that may or may not be useful today. And how are we able to parse things and do edge computing for things that may or may not be done on the cloud? So a lot of the things today are cloud computing and cloud infrastructure. But when you start to talk about the Department of Defense’s needs for able to be computed on edge on device in a remote environment, you start to see some different types of problems there than usual businesses face.

Eric White What can you tell me about where this facility stands as far as setting apart other opportunities at other universities? Is this a unique opportunity for University of South Florida students, or are there facilities like this at other universities, and if so, what makes this one different from those?

Taylor Johnston There are seeing these around the nation. There are 13, I believe, university affiliated research center. So those are dedicated sponsored activities from the DoD at specific universities around the nation. The University of South Florida is more of a startup in an established ecosystem. So there’s the behemoths out there, like Johns Hopkins Applied Physics Lab and Georgia Tech Research Institute. We do a lot of research for the DoD. Those are both. The University of South Florida is well positioned just because of its geographical location, next to two combatant commands, which know where the university can really offer next to CENTCOM and SOCOM, and able to be basically a young, scrappy startup that’s able to do things a little bit outside of the box, that these older institutions may or may not have the capacity to do.

Eric White And of course, the weather’s not too bad.

Taylor Johnston The weather is absolutely perfect. Today it’s about 76 degrees and I do not see a cloud the day.

Eric White Can’t beat that. All right. Anything else that we didn’t touch on that you think is important for the conversation?

Taylor Johnston One of the important things here to note, when you think of universities, you usually think of what we call 6.1 or 6.2  basic and fundamental research dollars. It’s usually grant based. The institute is primarily designed around doing things these contract based and federal acquisition regulations and agreements with researchers, which is rare, and the ability to do things at both the controlled, unclassified level and also up to the top secret, secure compartmentalized information level so it allow researchers to do things on contract, which means that you actually do get something at the end, on time and on the schedule, versus a researcher doing things that a researcher may or may not want to do, that may or may not have applicability with the DoD. You get something that’s on time, on schedule, and it is able to be at the classification of the customer.

The post DoD gets partner from academia to help tackle complex problems first appeared on Federal News Network.

It is an old story, but new versions keep happening. A high-level military official negotiates with a contractor. He seeks employment, leaves the government, and joins the contractor. He may not have a conflict of interest, but if it looks like he does, that’s trouble. The Federal Drive with Tom Temin discusses this potential problem with Zach Prince, a procurement attorney with Haynes and Boone, LLP.

Interview Transcript:  

Tom Temin Zach, tell us about the most recent decision resulted from protest, but a company was left out of a competition because of that appearance. What happened? Yeah.

Zach Prince So this is a procurement involving, dual band decoy system, which is intended to be, mitigation system for radar guided missiles that are targeting military aircraft and specifically the F-18. So right now, that you’ve got missiles that use two bands of radar to track aircraft, it’s very challenging to have effective countermeasures for them. So, the Navy is trying to develop and then implement a replacement for their current solution. So, they had two rounds of this and they’re going to have multiple iterations of the program. The first was a technical demonstration type portion that started a few years ago and followed on with an engineering, manufacturing and design phase and phase. Now, ultimately, it’ll go into, you know, low rate and full rate production. BAE and Raytheon were both recipients of the contract for the demonstration of the existing technologies. As part of this, at some point between that portion and the next portion, Raytheon started discussing employment with a Navy employee, longtime mathematician and technical expert with the Navy, with Navy Air, specifically who was running this program. And he left and joined Raytheon and then began representing Raytheon back to the government as a concern. This program had something to do with their response to the Navy’s request for information for the second round, some disputed amount of involvement for the submission of the proposal for the second round. And at some point the Navy realized, hey, this at least has a bad smell to it, and started doing a pretty thorough investigation.

Tom Temin Right? So, this fellow VK had participated in all of the work on the Navy’s behalf for the first phase of this long-term program, and while he was negotiating and dealing with Raytheon, he was also trying to get a job there, basically, and got the job. And now they’re into the dealing with the Navy for the follow on.

Zach Prince Yeah, to be fair, it wasn’t as egregious as I think. We all remember the tanker case from back in the early 2000 with the Air Force and Boeing. This guy VK was not actually negotiating for the government. He was doing some very technical work making recommendations on the technical implementation of the program. He wasn’t deciding solutions, but he did have access to proprietary information. And he had signed an NDA with the Navy expressly saying that he wouldn’t work for anybody who was part of this program.

Tom Temin Okay, so if it’s a very wide gray area, he was at one edge of it, let’s say, and a contracting officer decided to pull on that thread.

Zach Prince Yeah, he did. And somebody from the government raised the issue internally. The Navy did exactly what they’re supposed to do. They did a very thorough, extensive, monthslong investigation where they spoke to a number of people in the Navy. They gave Raytheon multiple opportunities to offer, comment and respond. And ultimately, they concluded that the appearance of impropriety here, they didn’t say there was necessarily impropriety, although it was really close, but at least the appearance was enough that they felt they had to exclude Raytheon from the competition.

Tom Temin And therefore I imagine Raytheon said, nope, we protest.

Zach Prince That’s right. I mean, it’s an important program. And the initial award, the MD phase, I think it was maybe $50 million. So, it’s not huge. But I think long term this is going to be multiple hundreds of millions of dollars not to get into full rate production or more. So, this is an important project for them. They protested to GAO and lost. Because the agency has a lot of discretion in these types of determinations. And then they filed that on to the court.

Tom Temin Right. And what happened at the court level?

Zach Prince They lost again, they had some pretty extensive briefing, some interesting arguments raised about why the mere appearance of impropriety without real hard facts that taint the procurement is not enough. But ultimately, their arguments tried to sideline some pretty clear Federal Circuit case law and the consistent decisions of the Court of Federal Claims, which really uphold the decisions of the contracting officer on this issue. In fact, Judge Sampson, who wrote this decision, said he did a survey of all the cases that have been decided by the court on this issue, at least since a federal Circuit decision that sort of set the precedent in the early 2000s. And not once has the court overturned the government’s decision on this.

Tom Temin Yeah. You wonder what the motivation of the company, or at least the judgment of the company was. I mean, you can see from an employee standpoint, the industry beckons with compensation packages, you know, in a cushy type of situation. But the company institutionally knows these shoals, especially long serving old line company like Raytheon. I mean, we can only speculate. So right now, then they’re out. Period. The end.

Zach Prince Yeah. That’s right. And my impression from reading these cases, I don’t think Raytheon really knew at all how much in-depth involvement this guy had with the program, and they knew that he was a fairly senior, very technically skilled individual from the Navy office that they have dealings with. And I think the level of expertise in electronic warfare countermeasures, particularly that this guy had, are really unique. So, Raytheon wanted to hire him on. He didn’t tell them that he had involvement with this program. And in fact, he called HR, the record shows like two days after he started with Raytheon and said that his involvement was very, very light in this program. He didn’t tell his ethics people that in the government, when he got his ethics letter, it was pretty clear that he was obfuscating his involvement because he did want to go to the private sector.

Tom Temin Right. So, one of the lessons is you don’t have to be part of the source selection board to get the government and your future employer into trouble.

Zach Prince Yeah. That’s right. If you’re a contractor, don’t let your contracting officer counterparts be blindsided by stuff like this if you possibly can. And maybe they couldn’t have. Here, make sure that you’re coming up with some mitigation strategy as early as you can. And Raytheon, as much as I just said, yeah, they probably didn’t know his full involvement. The record also shows it, BAE sent a letter to Raytheon not long after this guy started saying, hey, we know that you’ve got this guy. We think that there are some major issues with you having had this guy, because he had major exposure to our technical solutions and IP, you know, make sure to be following those government employment restrictions. They didn’t really.

Tom Temin Yeah. It’s almost what happened with the Defense Department more recently with the cloud contract, the Jedi contract that ultimately got sank. And one of the reasons involved there was that someone had worked in the government and ended up at the cloud company, or had been at the cloud company, then at the government, whatever. Not a source selection person necessarily, but an influencer, an adviser deep in there. And somebody ferreted that out and that ultimately helped sink that whole program, which they’ve now replaced with the joint warfare cloud capability. And that one is going and its multiple vendors. So, any other lessons that companies ought to take from this?

Zach Prince Yeah. It’s always such a challenging balancing act because on the one hand, as a company doing business with DoD, you want to have people who understand the inner workings of DoD. On the other hand, there are many situations were hiring just those types of people can create at least the appearance of conflicts, and that’s enough to taint the procurement. If the government is not convinced that there are mitigation mechanisms in place. So, you do want a firewall. People like this off from their former programs as much as possible, set up some ways in advance that you’ve documented for avoiding the appearance of impropriety, because otherwise you could end up in this type of situation precluded from doing work in a major program.

Tom Temin Yeah, sometimes the revolving door leads to a brick wall, you might say.

Zach Prince Good way to frame it.

The post When the door from government-to-industry leads to a brick wall first appeared on Federal News Network.

• The Navy has a new strategy for science and technology. Navy leaders have branded it a “call to service” for scientists and engineers from across the country to help solve military problems. The focus areas include autonomy and artificial intelligence, power and energy, manufacturing, and a host of other issues. The plan does not spell out how the Navy will make progress on those objectives, but Navy Secretary Carlos del Toro said the new work will involve partnerships with the Office of Naval Research, the Naval Postgraduate School, the U.S Naval Academy and the Naval War College.
  (SECNAV Delivers Keynote at Sea Air Space Luncheon - U.S. Navy)
• An Air Force legislative proposal to transfer National Guard space units to the Space Force is sparking a backlash among state governors. The National Governors Association has called for the immediate withdrawal of the proposed legislation to eliminate governors’ authority over their National Guard units. Utah Gov. Spencer Cox and Colorado Gov. Jared Polis said reducing governors’ authority over their National Guard personnel will affect military readiness, recruitment, retention and the National Guard infrastructure across the country. Air Force officials proposed legislation to bypass governors in seven states and move 14 Guard units with space missions to the Space Force.
  (Air Force’s proposal to move Guard units causes backlash - National Governors Association)
• Two agencies have obtained extra money for IT modernization projects. NASA won its first award from the Technology Modernization Fund. The Labor Department garnered its sixth in almost six years. These are the fourth and fifth awards the board has made since January 1 and continues its focus on cybersecurity and application modernization. The space agency is receiving $5.8 million to accelerate cybersecurity and operational upgrades to its network. Labor is getting $42 million for the Office of Workers’ Compensation Programs to replace its outdated Integrated Federal Employee Compensation System. The TMF board now has invested in 43 projects since receiving the $1 billion appropriation in the American Rescue Plan Act in 2021.
  (NASA, Labor receive extra funding for IT modernization - Federal News Network)
• U.S. Cyber Command (CYBERCOM) is considering the best way to build its forces in the future, by conducting a study on future force generation models. The command has typically relied on the military services to train and equip its digital warriors. But leaders have pushed to embrace a more independent U.S. Special Operations Command-type model in recent years. And others have called for the Defense Department to establish an independent cyber service. CYBERCOM is slated to brief Pentagon leadership on the results of the study this summer.
  (CYBERCOM considers options for future force generation model - Federal News Network)
• Chandra Donelson is the Department of the Air Force's new acting chief data and artificial intelligence officer. In her new role, Donelson will be responsible for implementing the department’s data management and analytics, as well as AI strategy and policies. Donelson previously served as the space data and artificial intelligence officer for the Space Force, a role she will continue to hold. Her fiscal 2024 goals include integrating data and AI ethics into the department’s mission systems and programs.
  (Air Force appoints acting chief data and artificial intelligence officer - USAF)
• The Postal Service is looking to raise prices on its monopoly mail products for the sixth time since 2020, when it gets approval from its regulator to set mail prices higher than the rate of inflation. USPS is planning to raise the price of a first-class Forever stamp from 68 to 73 cents. If approved by the regulator, these new USPS prices would go into effect on July 14. A recent study warned that USPS price increases are driving away more customers than the agency anticipated. But USPS said the data behind the study is “deeply flawed.”
  (USPS Recommends New Prices for July 2024 - Postal Service)
• The Department of Veterans Affairs is reviewing more than 4,000 positions that are at risk of a downgrade in their respective pay scales. The six VA positions under review include a mix of white-collar General Schedule (GS) and blue-collar Wage Grade (WG) positions. They include housekeeping aides, file clerks and boiler-plant operators. The VA expects to complete its review of these positions by the end of May. The American Federation of Government Employees said affected employees have received notices in the mail. But, the union said, it has not received notice from the VA about any imminent downgrades.
  (VA reviewing 4,000 employee positions at risk of downgrade in pay scale - Federal News Network)
• With cyber attacks on the rise, incident response is a big part of managing security risks. Now the National Institute of Standards and Technology is seeking feedback on new recommendations for cyber incident response. The draft guidance is tied to NIST’s recently issued Cybersecurity Framework 2.0. The revised publication layout is a new, more integrated model for organizations responding to a cyber attack or other network security incident. Comments on the draft publication are due to NIST by May 20.
  (Incident response recommendations and considerations for cybersecurity risk management: a CSF 2.0 community profile - NIST)

The post Navy unveils new strategy for science, technology first appeared on Federal News Network.

The Pentagon proposed a fiscal 2025 budget of $849.8 billion, about 1% higher than this year’s budget request. The top line figure aligns with the Fiscal Responsibility Act passed last year, which sets limits on defense and non-defense discretionary spending. Defense officials said the 1% increase would not be enough to cover inflation.

“Overall, [fiscal 2024] was a good budget. As we pivot toward this year, I think it’s a much more difficult budget, we’re gonna see some very difficult trade-offs. I’m not sure if we’re going to see as positive outcomes as all communities might want see,” Matt Borron, the Association of Defense Communities executive director, said during the Defense Communities National Summit on Tuesday.

2024 being an election year adds complexity to negotiating and passing the 2025 defense budget. Members of Congress will go back to their districts in July and return sometime in the fall to pass a continuing resolution to temporarily fund the federal government. After that, they won’t be back until after the presidential election.

“I think every year we seem to find new ways to make this hard. And yet, we generally still manage to get it across the line. But this year does feel particularly difficult. And election years can play either way. You can have folks willing to make a deal to get things done before they go home and try to keep their jobs. But it doesn’t feel that way right now. So I think it is going to be rough,” Jeanine Womble, the House Armed Services Committee staff lead, said. 

Passing the 2025 NDAA

Borron said while there were some contentious issues during the 2024 National Defense Authorization Act negotiations, they weren’t “as contentious as they might have come across in some of the debates.”

“That’s why I think you got a relatively quick passage of the NDAA certainly, as compared to the appropriations bill,” said Borron.

The same social issues, such as the Diversity, Equity and Inclusion spending, will most likely come up during this year’s NDAA negotiations. But the resolution of those contentious issues will hinge on the results of this year’s election.

“I think you’re gonna see those same social issues come up for discussion. I don’t see necessarily a different outcome this year,” said Borron.

“All of that is really dependent on the election. I think they can resolve many of those issues, but the more contentious ones are going to have to wait until we know who’s in charge of the White House, who’s running the Senate, who’s running the House. I think in general, there’s a desire to make members as happy as possible. But I don’t think those contentious issues have really changed. The needle hasn’t shifted. We’ll see a rehash of it. And the outcome will be dependent on the elections.”

Womble believes that despite the contentious issues that will come up during this year’s round of debates, the NDAA will ultimately pass.

“I can’t give you a certain date when it will pass, but I believe it will,” said Womble.

“Maybe not quite before October 1, but in the neighborhood. I truly believe that Rep. Mike Rogers, R-Ala., chairman of the House Armed Services Committee, Rep. Adam Smith (D-Wash.) and the members of [the House Armed Services Committee] very much want to get it done every year. There are contentious issues every year, there are things that go to the very end. In a bipartisan way, the committee finds a way.”

The post Passing 2025 defense spending bill will be ‘particularly difficult’ first appeared on Federal News Network.

Gen. Timothy Haugh, in his first public remarks since taking over as head of CYBERCOM and the National Security Agency in early February, said the force generation study is due to the secretary of defense this summer.

CYBERCOM has traditionally relied on the military services to train cyber warriors for the Cyber Mission Force. With that leading to readiness issues, officials have also looked to adopt more of a U.S. Special Operations-command type model. And some have called on the Defense Department to establish an independent cyber force.

“We’re doing a study right now that will evaluate, and we brought in an outside think tank to help us look at this, what are the spectrum of options?” Haugh said at the CYBERCOM Legal Conference today. “There are also a number of things in between there that we should consider, and also whether or not any of that menu should be applied together. So we’re evaluating that.”

Last year, Congress tasked CYBERCOM with evaluating the readiness of the military services in their ability to provide forces to the command. Haugh said the study identified five specific things the services could improve upon.

“Most of those things were areas that had previously been tackled by SOCOM, as it looks at how the Special Operations Forces are managed,” Haugh said. “And it was around personnel policies. It was in how the services leverage tools that Congress had given for retention to each of the services, and it was about assignment policies.”

In the year since that study, Haugh said each of the services have taken individual actions to improve readiness. He pointed to the Army’s new incentive pay for cyber personnel; the Air Force’s new tech track pilot for extending an individual’s service in the cyber field; and the Navy’s new cyber rating, as well the Marine Corps’ new eight-year initial enrollment for a cyber officer.

“Those are all really good examples of something each service has done,” Haugh said. “We would like to see them all raise that floor farther.”

Retired Gen. Paul Nakasone, the former head of CYBERCOM and the NSA, said he wanted to see a “bold move forward” with what’s been dubbed CYBERCOM 2.0

The command is better positioned to control its future thanks to a new provision in law. The fiscal 2024 appropriations bill passed by Congress last month gave CYBERCOM new programming and budgeting authorities. Referred to as “enhanced budget control” by Haugh, the authorities gives the head of CYBERCOM direct control over the planning, programming, budgeting and execution of resources for the Cyber Mission Force.

“We now have the budget responsibility for equipping the offensive and defensive cyberspace force for the Department of Defense, that force that we operate,” Haugh said. “So now we have the ability to be able to validate a requirement under our authorities that we’ve been given. We can allocate the resources against whatever that need is. And then we will be able to acquire that under our own authorities, either inside U.S. Cyber Command or in partnership with the services, where we drive the requirement, we have the resources, and now we’re going to be able to produce the capability that we need for our forces. That’s a pretty radical change from where we started.”

Integral to the conversations around the future of CYBERCOM is a new assistant secretary of defense for cyber policy position announced by DoD last month. The job serves as the secretary of defense’s top advisor on matters related to military cyber force and activities.

Secretary of Defense Lloyd Austin nominated the Army’s principal cyber advisor, Michael Sulmeyer, to serve in the new role. While he awaits confirmation, Ashley Manning is serving as acting ASD for cyber policy.

Manning and Haugh are set to testify before the House Armed Services Committee’s cyber, information technology and innovation subcommittee on Wednesday.

“It’ll be our opportunity to talk about what we see this looking like,” Haugh said of the new partnership.

The post CYBERCOM considers options for future force generation model first appeared on Federal News Network.

Defense installations often have mutually beneficial relationships with the communities that surround them. Communities can be both social and economic. They have even got their own group: The Association of Defense Communities. To ask about the top issues facing these communities,  the Federal Drive with Tom Temin spoke with the association’s Executive Director, Matt Borron.

Interview Transcript: 

Tom Temin I confess, this is the first time I’ve known about this association, and I thought I knew all the ones in Washington, but there’s plenty out there. What does this association do? What’s what is the goal here?

Matt Borron ADC has been around for about 50 years. We actually got our start back in the day when DoD started closing bases. And this was really before they even had to ask Congress for permission so they could literally padlock the gate and throw the community the key and say, good luck. And they did that, as you know. And even then, when Congress got involved with the Base Realignment and Closure around the 90s and the last 1 in 2005. But, when they first started this some 50 years ago, some communities where this had happened, where they’d lost their base, they got together and they said, really, what do we do now? How do we recover from losing x thousand amount of jobs kind of overnight? And so for probably the first half of our existence, that’s who we were. We were these communities grappling with economic redevelopment and environmental clean up and reuse and redevelopment issues, kind of all of that awful stuff. But if you fast forward to today, our membership is almost entirely consistent of communities that host active military bases. And it’s organizational base membership. So sometimes it’s a city, sometimes it’s a county. A lot of times it could be a chamber of commerce or a standalone defense alliance. But really, it’s whichever organization they’re at the local level that has come to take the lead when it comes to installation, military advocacy and partnership work.

Tom Temin It seems like local acquisition is important because so much of defense acquisition is done centrally or by the big commands for the local installations, and things gets shipped out through various means. But there’s also, I guess, important local contracting that can happen for a base that members try to encourage.

Matt Borron Absolutely. At the end of the day, our members look at their installation through an economic development lens. In most cases, it’s the largest economic engine they’re, thousands of workers. And the kind of the waterfall effects of where they live and service members and their families live off base. 70% or so. It really is through that lens and our members, do everything we can to prop up the defense sector. So whether it’s land use or encroachment mitigation, that’s a lot of workforce development. It’s a lot of infrastructure, roads, utilities all these things that the base relies on. More recently it’s been quality of life.

Tom Temin What are the top quality of life issues for military members? I mean housing comes up, but that’s a localized issue. What are some of them.

Matt Borron And that’s that’s really kind of the the meat of it, is all of these quality of life issues are local and they are all kind of different. Housing, child care, spouse employment is a huge one. Military spouses have some of the highest unemployment in the country. And it’s related to moves and constantly having to find new employers. But you see a lot of things, military child education now. And so, like you said, housing on the list kind of seems to grow every day.

Tom Temin Yes. So can members of the association, the local counties or the states or whoever, again, is surrounding that community? It seems one of the issues that comes up is just simply recognizing a licensed trade from one area and honoring that when the spouse moves with the service member to another state or local.

Matt Borron Licensure and reciprocity is has been a huge issue. And you’re absolutely right. If I’m a teacher, can I have a teacher’s license in one state? Does it apply to the other state? And it goes down. It can be beauticians. It can be, lawyers and nurses, you kind of name it. And states have really tried to address that, but it hasn’t been easy. All of these different professions kind of have their own licensure silos, if you will, within their states. So it’s been a lot of coordination. And we have something we call the State Advisors Council. Most states now have an organization at the state level that is responsible for military affairs for work. And so by coordinating that, you’ve seen a lot of states now passed legislation kind of providing that blanket, reciprocity for these.

Tom Temin We’re speaking with Matt Borron. He is executive director of the Association of Defense Communities. And you also have a conference annually. And what kinds of things get discussed there. And looks like you have a pretty good lineup of congressional members speaking.

Matt Borron It’s amazing how connected our communities can be to their congressional delegations. Again, installations and military issues are one of the things that could bring us together still in a lot of cases in a bipartisan way. So we do have a good robust caucus on the House and the Senate side. And our national summit next week is really our event and our opportunity to bring all of our communities together and really kind of press Congress and DoD and talk about the issues that are important to us.

Tom Temin Now, [Base Realignment and Closure (BRAC)] as a process seems to be a thing of the past, even though it’s statutorily there in the toolbox. But Congress just never actually gets started anymore. So what do you expect in terms of the line up in the population of bases and installations in the future?

Matt Borron BRAC is a four letter word, and I think it only comes up when you’re talking to a lobbyist. But I don’t foresee a BRAC round anytime in the near future. If anything, our communities aren’t worried about losing their bases any more. They’re worried about growing. How do they attract the next F-35 mission? Or how do they get a piece of Space Force? How can they grow their defense sector at the local level? So the issues that we’ll talk about are creating new authorities by which communities and bases can partner on a full range of issues, whether it’s infrastructure or quality of life. We’ve been very successful in getting some of those programs created within DoD.

Tom Temin And what about the civilian workforce that is in all of these installations? That’s a group of people that tend to stay put relative to the service members on active duty that come and go and the rotation in and out there is probably a whole different set of people every two years or so. What are some of the issues connected to the civilian workforce, which is a little bit more permanent, if you will, in a given spot?

Matt Borron Well, honestly, a lot of times the civilian workforce is that that continuity. So these partnerships that are created when, like you said, a base commander comes and goes every 2 or 3 years, who maintains the inter-governmental support agreements, or the sharing of services and facility maintenance costs. And often that’s the civilian workforce. But a lot of times they have kind of specialized needs as well. And communities are really looking at how do they grow with that workforce. What are the types of workforce development programs can they put in place, not just for adults, but even at the high school level? The state of Arkansas has done some really interesting program at the high school there where they partnered with the base, and they now have a two semester long cybersecurity and coding course. They teach at the high school, and it’s taught by uniformed personnel. And these are just the types of programs that, whether you’re in uniform or not, can really help drive partnership at the local level.

Tom Temin Sounds like there’s a lot of idea sharing among members from all over the country.

Matt Borron And that’s really the goal of ADC. At the end of the day, our mission is education and connection.

The post Examining the ecosystem that supports military installations first appeared on Federal News Network.

A newly proposed rule by the Cybersecurity and Infrastructure Security Agency, tasks those operating in critical infrastructure sectors to report cyber incidents within 72 hours and to report ransom payments within 24 hours of making a payment. These new requirements would significantly lengthen the To-Do List of these entities. For analysis on what the impact could be, Federal News Network’s Eric White spoke to Beth Waller on the Federal Drive with Tom Temin, Principal at the law firm Woods Rogers Vandeventer Black.

Interview Transcript: 

Eric White So 1,000 foot view. What are the major changes here and what is going to be the impact on these critical sector entities?

Beth Waller I think 40,000 foot view. Everyone was expecting the director of CISA to come out with these proposed rules. The big earth shattering component of it is really the definition of covered entity who falls within the orbit of needing to report. And so really, the proposed rule really kind of breaks it into two different sections. We have really those who have to report based on their size, how large they are, and those that have to report based on their sector. I think most folks who are watching for this proposed rule were really expecting the sector side of the house. We weren’t really expecting the size side of the house. And so from a 40,000 foot view, I would say that most businesses and entities might be surprised to find out that they are covered by these new reporting requirements as proposed.

Eric White Yeah. Is there anything in place to notify a company that, hey, by the way, this new rule, it applies to you.

Beth Waller I really think that CISA is going to need to do a good job of educating the public to let them know that, hey, you may fall within this, because again, when we look at the proposed definition of covered entity, for example, when it talks about size, it refers to an entity that exceeds the small business size standards specified by the applicable North American Industry Classification System Code and the US Small Business Administration Small Business Size regulations.

Eric White I read those yesterday.

Beth Waller That’s right. So if you look at those, as I think many of us did, went with bated breath to see, well, wait a minute. What does this mean? We start to see that, well, it really means anybody who has more than 500 employees and certain sectors, and with average annual receipts, over 7.5 million would qualify as somebody who would be needing to report. Now, there are certain exceptions by industry under the SBA regulations. But I think that really what is surprising for me, as somebody who really focuses in on critical infrastructure incident response, says, now we’re going to be really looking those SBA requirements and doing that math in the midst of an incident. And what I can’t really emphasize enough is the fact that we need to remember that this isn’t sitting at home twiddling your thumbs or the quiet of a Tuesday morning or whatever the case may be. You’re in the midst of a ransomware incident and your organization is down and you’ve been essentially taken hostage. And what you’re trying to do is within those first 72 hours, do this math and start figuring out, do I qualify, do I need to report? And so the proposed rule really focuses in on that size. Are we big enough to have to report and then the sector. And then of course sector, size doesn’t matter. It really is whether you fall within these different buckets. And the buckets are what you would somewhat expect. Nuclear reactors, energy, things like that. But then there are some areas that you might not expect, for example, in the health care and public health sector, for example, the proposed rules says that those that operate a hospital with 100 or more beds or are critical access hospitals. Well guess what, you’re dragged into that dragnet. So if I’m a small hospital in a rural location, I might not have 100 beds, but I might be considered critical access, and I would therefore be obligated to report a ransomware incident within 72 hours of finding it out.

Beth Waller Similarly, you have information technology, any entity that provides IT software, hardware, system or services to the federal government. So if you’re a teeny tiny software company, but you provide or have a contract with the federal government, well guess what, you’re grabbed into this. Similarly, if you are considered an original equipment manufacturer or a vendor or integrator of OT hardware, that’s operational technology, hardware or software, or those that perform functions related to DNS operations, guess what? You’re grabbed in. So again, you have some things that are kind of what you would expect chemical facilities, water, wastewater treatment systems, transportation systems. But then you have some unusual things including communications. So for example, wire radio communication services. So if FNN had an incident, you’d be doing that kind of analysis as to whether or not you needed to report within 72 hours as well. The other little tidbit I would say is that it’s not cut and dry the way the proposed rule is set up. I really think of it like it’s going to be a flow chart or a choose your own adventure type situation, because even with water and wastewater systems, for example, it breaks it down to say, is it a community water system? Publicly owned treatment works that serve more than 3,300 people? Well, that’s a random number to be trying to remember in the middle of an incident response do I qualify? Do I not qualify? Similarly with education. You’re looking at populations of 50,000 or more. We’re in the education sector. More than a thousand students. Or any institute of higher education that receives funding under title nine. And then finally, folks like the defense industrial based sector. Many of those folks, again, many of my clients in that space are very used to doing reporting to the DoD. Well guess what, that doesn’t necessarily get us out of jail free. We may also be having to do the same kind of report to CISA. And so those are the big kind of surprises in some ways, is that the sector really start getting into a lot of nuance and detail. And then of course, that size component. And again, if you qualify under one bucket, you’re just in. So if you got more than 500 employees and you’re manufacturing space, it doesn’t matter that you’re in the defense industrial base sector, you’re going to be in regardless. And so I think that a lot of folks are going to be gobbled up by this, because CISA wants as much information as possible to start really looking at these trends nationally of the types of incidents so that we as a nation are facing.

Eric White We’re speaking with Beth Waller, who is a cybersecurity attorney at Woods Rogers Vandeventer Black. And so it’s the people on that one end of the spectrum that the smaller entities that you mentioned. How big of a burden is this actually going to be on them? I imagine that for the bigger folks that are used to this, they’ve got maybe a whole team that’s assigned just to making sure they’re compliant. But there are probably some folks in rural hospitals who have never even heard of this process.

Beth Waller That’s right. And I really think that for those of us, again, I’m a cybersecurity data privacy attorney. And what I do is respond to these types of incidents and get signed in to these types of incidents. I think it’s going to really fall a lot on the legal profession to try to educate folks. Those of us that are called in to do breach response work, number one. But I would also say, I would argue that it’s not just onerous on the small businesses. It’s going to be really a huge task for the big businesses. And I would say that because the report itself is very detailed, it’s more detailed than the report that I would be giving, for example, if I was just in the defense industrial sector under the DFARS 7012,  filing on the DIDNet, those types of things. We’re used to doing that in this space. The report to CISA requires us to identify the covered entity. So the entity making the report. But in order to do that, what CISA is proposing is that I need to know the state of incorporation, trade names, legal names, the DUN number, tax ID, the EPA numbers, all this kind of stuff. Again, I go back to, think about what we’re in the midst of. We’re in the midst of a ransomware incident, highly unlikely that I have access to my work device. And so those first 72 hours, I can guarantee you you’re not getting access to a device that’s from your company. So you’re going to need to be able to pull this information together rapidly. It’s one thing if I’m a smaller defense contractor or a smaller contractor, to be able to know my state of incorporation. It’s another thing if I’m a mega corporation and I’ve made up a bunch of different LLCs or a bunch of different entities, or I have trade names, those types of issues. Pulling that kind of information together can be very challenging. And so I would argue that it’s going to be a burden to almost any entity that is going to be reporting to try to pull these things together.

Beth Waller In addition to that, the type of information about the incident that CISA is requesting, again, from somebody who has experienced an incident response, what they want to know within the first 72 hours is pretty broad. So, for example, they want a description of the covered incident with identification of affected information systems, including the physical locations of the impacted systems, networks and or devices. If I am a mega company, for example, and I have, 50,000 employees across the United States talking about the physical location of those impacted systems or networks. If I’m a manufacturer, it could be quite challenging in the midst of that first 72 hours, keeping in mind that the people who are needing to answer this are also potentially two people trying to come back online, getting things together, managing the incident response team. In addition to that, they want to know things like IOCs, which in the industry is indicators of compromise. They want to know the bad guys. What’s the telephone number, the IP address that they called from. They want to copy the malicious code and they want to know, for example, if you’re paying the ransom, which is another separate reporting requirement, they want to know exactly what your instructions were for payment of the ransom and things like that. I will say the good news is, thankfully there’s going to be a dropdown box for unknown at this time type answers given that this is the first 72 hours, but there is a requirement for supplemental reporting, and that supplemental reporting requires a report to be given every time there’s substantially new or different information becoming available. Again, if I’m in the midst of this incident, that is a very hefty burden to be thinking about.

Eric White Yeah, obviously this would be a substantial task order for, as you mentioned, somebody going through a cyber incident like this. But coming from CISA’s standpoint, this is pretty important information. A lot of people’s lives rely on these companies and obviously the critical infrastructure sector that runs the country basically. So, coming from them, why is this information so critical for an agency like CISA in the fight in ensuring that a lot of our big companies and critical infrastructure sectors are cyber secure.

Beth Waller Well, I think that what it does, it does create this dragnet of information to be able to really look at our adversaries and to be able to say, okay. Because a lot of times in the ransomware world, they have almost nonsense names. You’ve got Lockbit, Alphv/BackCat. You’ve got all royal, you’ve got, you know, all the different types of ransomware that are out there. And I tell folks, it’s kind of like their gangs, like off of The Sopranos or The Godfather movies. They’re just cyber gangs. And so being able to track the information of being able to say, okay, well, this is associated with this nation state or it’s not is really incredibly important to CISA. And again, as someone who is a federal partner in the midst of these incidents, because I do critical infrastructure incident reporting. So again, when you’re representing a state agency or a local government, you are already acting as a partner to your federal partners and providing information. So I think that there are big benefits to working with CISA and currently reporting to CISA as we do. But I think that with regards to the kind of nuances that are being asked for in this reporting, it’s going to create a lot of headaches. And keep in mind, many of these businesses are folks that are operating under multiple regimes. So for example, the financial sector is one of these that is considered critical infrastructure here. Well, if you’re already a bank, you’re reporting to the office of the Comptroller of the Treasury at the same time or reporting to CISA. If you are, for example, a manufacturer that is global, as many of our manufacturing Fortune 500 may be, you are also dealing with the laws in Europe. So GPR related laws, you’re also probably publicly traded. And so now you have the new Securities Exchange Commission rules and regulations about getting a notice out to your shareholders within four days of determining materiality. It’s really a very complex arena that CISA is coming into already from a regulatory standpoint.

Beth Waller I will say that the proposed rule says if CISA has an information sharing agreement in place with one of these other agencies that was receiving the report, that is potentially a get out of jail for a duplicate report filing, but it’s unclear at this time where CISA has that information sharing already. And I think that puts a lot of burden on the victim to try to figure that out. So hopefully Department of Defense, for example, creates an information sharing system with CISA where if you’re already again reporting to the DIDNet and going through that side of the process, you wouldn’t have to necessarily do it again here. Again, those clocks also start not on a Tuesday morning at 9:00 a.m. they often start at 1:00 am on Saturday morning whenever that network engineer figures us out. So a lot of times the folks that would be filling this out are not necessarily aware of it until, let’s say, 36 hours into an incident, depending on how large the organization is. So my argument would be to many businesses, look at your incident response plan. If these proposed rules come in to a final rule in the same manner that they’re currently looking at like right now, we’re going to want to make sure your incident response plan has a lot of this information gathered already, because, for example, maybe you could create something off line that says, this is our state of incorporation,  those types of things, so you’ve got that at the ready. Because again, keep in mind, most the time we’re dealing with something like ransomware where the entire network is encrypted. So how are we going to get at this information even if we wanted to, unless you just know it?

The post Facing cyber attacks, critical infrastructure gets new reporting requirements first appeared on Federal News Network.

It seems like long ago. Thousands of active duty service members applied for religious exemptions from COVID vaccines. Now we know how well the armed services did in processing the exemptions and the discharges of service members from the armed services. For details, the Federal Drive with Tom Temin talked to Project Manager Marie Godwin in the Defense Department’s Office of Inspector General.

Interview Transcript: 

Marie Godwin We wanted to ensure that service members were treated fairly, and that their exemption requests and discharges were processed in accordance with the law and DoD regulations. And we also received a number of hotline complaints alleging that the military services were improperly processing religious accommodation requests. So we wanted to review that process and determine if those allegations had any merit. So specifically, the complaints were alleging that the military services were processing the requests too quickly and not performing individualized review of the requests as required by the law and DoD policy. But in the end, we found the allegations did not jibe with our findings, and our report confirms that those allegations were, in fact, unfounded.

Tom Temin All right. Do the requirements on the DoD specify a timeline or a period of time in which they have to decide these? Usually the problem is the government gets backlogs of things. In this case they were processing them. It sounds like efficiently.

Marie Godwin Yes, the DoD does establish time requirements, and the time requirement depends on if the service requires a waiver of policy for that religious accommodation request or not. So for the Army, Marine Corps and Navy, they had 90 days to process the requests. The Air Force had 30 days to process the requests because they had decentralized decision process that did not require a waiver of policy.

Tom Temin You didn’t look then at whether the discharges or the exemptions were correct or not. It was just simply looking at whether they were processed in a way that was in accordance with their policy for processing them.

Marie Godwin That’s correct.

Tom Temin All right. Let’s go into that a little bit further. You said the Army, Navy, Marine Corps had a 90 day policy and the Air Force 30 days, maybe a little bit more detail on why that was the case, that variance.

Marie Godwin Sure. That’s just an overarching DoD policy that establishes the time requirements. And the DoD policy says that if the religious accommodation request requires a waiver of department policy, then it can be processed within 90 days. And I think the thought behind that is that it takes longer to process that through a central decision authority. If the request does not require a waiver of policy, as is the case with the Air Force, then the time requirement for that processing is only 30 days.

Tom Temin In what’s involved in processing that even takes 30 days?

Marie Godwin Sure. There’s a number of things that happen in the process, and it differs by military service. But generally, the service member submits a request. They have recommendations from their chain of command. They meet with a military chaplain to discuss their request. There’s also medical subject matter expert recommendations, and all these are processed up through the decision authority to consider.

Tom Temin Right. And just to clarify once more. You didn’t look at the quality of the decisions versus, yeah, you can stay or you’re discharged. But again, just whether they were processed in the proper manner.

Marie Godwin Right. So we looked at did they have all of the required recommendations? And was the proper decision authority deciding on their request?

Tom Temin We’re speaking with Marie Godwin. She’s a project manager in the Inspector General’s Office at the Defense Department. So generally, everything went according to each armed service’s policy for getting those things processed. Any exceptions or any outlying issues that you discovered?

Marie Godwin So for religious accommodation requests, we found that the Army and Air Force were taking much longer to process the exemptions than the DoD time requirements. So the Army, as we said before, had 90 days to process those requests, and they were averaging about 192 days to process the requests. The Air Force had 30 days to process those requests, and they were averaging about 168 days.

Tom Temin Yikes. And do we know why it took so long to do those?

Marie Godwin Well, we spoke with the military personnel involved in processing religious accommodation requests, and they told us that in a typical year, they only receive 3 or 4 requests for religious accommodation. So they were just overwhelmed by the sheer number of the requests.

Tom Temin  And could be that the religious exemption has maybe more subtle decision making that’s required. It’s hard to tell, that sounds like a tough one. Maybe they’re afraid to make the call in some cases.

Marie Godwin Well, I think they just wanted to take the time to make the correct decision and make sure that it was an informed decision.

Tom Temin All right. So what recommendations do you have then? Sounds like they would be centering around the religious exemption request because that’s what caused the outlying cases.

Marie Godwin So we had three recommendations. We had one for religious accommodation requests, one for medical and administrative exemptions and one for discharges. So for religious accommodation requests, we recommended that the DoD issued new guidance for periods of high volume request to decrease processing times. Military personnel told us that they only receive a few requests per year, and under those conditions, the existing policies were sufficient, but not in periods of high volume requests. So this recommendation aims to improve the processing time so that service members are not significantly impacted while they’re awaiting a decision.

Tom Temin All right. And what about for the medical and administrative? Recommendations there?

Marie Godwin Sure. We recommended that the DoD require personnel to document exemption approvals in service members personnel records. We had found that they weren’t always being documented in their records, so we anticipate that requirement will reduce the risk of errors and ensure that the service members vaccination status is accurate in the medical readiness systems.

Tom Temin And for the discharge petitions. That means that people want to be released from the military rather than have the vaccine. That’s what that particular application is.

Marie Godwin Correct. So we recommended that the DoD require uniform discharge types and reentry codes for all service members who were discharged for vaccination refusal. And we made that recommendation because of the DoD does not issue uniform discharge types and reentry codes, then service members will experience different impacts to their educational benefits and eligibility to re-enlist.

Tom Temin I was going to say reentry codes. Does that mean that there’s like a revolving door over vaccinations? You can be discharged and then come back?

Marie Godwin Well, when a service member leaves military service, they’re issued a certificate of release from active duty service. And that lists your discharge type and your reentry code. And the reentry code just indicates a service members eligibility to re-enlist in the service later. So we found that some service members received reentry codes that required them to obtain a waiver to re-enlist, while other service members receive codes that banned re-enlistment altogether.

Tom Temin Got it. And so the recommendation there was or did you have any for that particular class of application.

Marie Godwin So we recommended that they have uniform discharge types and uniform reentry codes.

Tom Temin Got it. And did the department say yeah we agree.

Marie Godwin They actually did not agree with that recommendation. But they provided another plan to address the recommendation. So once they provide that plan to us, we’ll reevaluate the recommendation.

Tom Temin This is more than history then. Because should another type of pandemic happen in the country, or we have another one of these situations where mass vaccinations become the general mode of the land, this could come up again.

Marie Godwin You’re absolutely right. And so DoD allows service members to request medical or administrative exemptions from any vaccination, not just COVID 19.

Tom Temin It could be measles, mumps or polio for that matter.

Marie Godwin Right. The military services have a list of ten or so required vaccinations for all service members.

The post Pentagon report card for dealing with vaccine refuseniks first appeared on Federal News Network.

• Service members are apparently not getting enough sleep each night to properly do their jobs. A watchdog organization found that service members are consistently getting less than 6 hours of sleep. Military personnel say they fall asleep on the job, which Government Accountability Offce said creates serious safety concerns. The GAO wants the Pentagon to conduct an assessment of DoD's oversight structure for fatigue-related efforts. And the Defense Department recommended that troops get seven hours of sleep each night.
  (Service members don’t get enough sleep, putting their lives at risk - GAO)
• Attention vendors, who provide grants services to the government, this RFI's for you. The Grants Quality Service Management Office (QSMO) is ready to expand its marketplace of service providers. But first, it is taking the pulse of the vendor community to gauge the capabilities of the sector. The QSMO's new Request for Information (RFI) is asking vendors for details about their grants management system, including whether it is set up as a software-as-a-service, whether it integrates with SAM.gov and login.gov and whether it is highly configurable and does not require code changes. Responses to the RFI are due by April 30.
  (Grants shared services office kicks off marketplace expansion - General Services Administration)
• Agencies have likely escaped budget cuts due to sequestration for another year. The Congressional Budget Office (CBO) analyzed the fiscal 2024 spending bills and estimated that the discretionary budget authority for defense and non-defense agencies falls under the caps established in the Fiscal Responsibility Act of 2023. CBO, however, said the final decision about whether cuts are needed under sequestration will come from the Office of Management and Budget (OMB), based on its own estimates of federal spending. OMB told Congress in August it did not think sequestration cuts would be necessary based on current estimates, but it will send another letter to Congress later this year with the final decision.
  (CBO estimates sequestrations cuts not necessary for fiscal 2024 - Congressional Budget Office)
• There is a new artificial intelligence chief at the top U.S. spy agency. John Beieler has been named the chief AI officer at the Office of the Director of National Intelligence. He also serves as the top science and technology adviser to Director of National Intelligence Avril Haines. Beieler now leads a council of chief AI officers across the 18 components of the intelligence community. One of the first tasks for that group is developing an AI directive for the IC. Beieler said it will cover everything from data standards to civil liberties and privacy protections.
  (Intelligence community gets a chief AI officer - Federal News Network)
• The Postal Service may soon ask for a sixth rate increase, since November 2020, that would go into effect this summer. But the Postal Regulatory Commission is taking a closer look at whether this new pricing model is actually helping USPS improve its long-term finances. The regulator is asking for public feedback on whether the current pricing model is working for USPS and its customers — and if not, what modifications to the ratemaking system should be made, or what alternative system should be adopted? The regulator will accept comments through July 9.
  (Postal Regulatory Commission seeks feedback on USPS pricing model - Federal News Network)
• The Cybersecurity and Infrastructure Security Agency (CISA) is preparing to host its biggest biannual cybersecurity exercise. Dubbed “Cyber Storm,” the event will kick off this month with more than 2,000 participants from government and industry. The weeklong exercise simulates the response to a cyber attack on multiple critical infrastructure sectors. This year’s Cyber Storm comes as CISA rewrites the national plan for responding to major cyber incidents. CISA expects to release the updated plan by the end of 2024.
  (CISA’s ‘Cyber Storm’ will help it update National Cyber Incident Response Plan - Federal News Network)
• The IRS is looking to take the next steps in its most ambitious project under the Inflation Reduction Act. The IRS is letting taxpayers in 12 states test out its “Direct File” platform this filing season, as it gets feedback from earlier users, in the hopes of scaling up the pilot program. In a roundtable discussion with Direct File users, the IRS said all participants said they would recommend Direct File to eligible friends and family. Roundtable participants included college students, military veterans, as well as nonprofit and government employees.
  (IRS' direct file platform receives positive initial feedback - Treasury Department)
• The Air Force wants to bypass governors in seven states and transfer the National Guard space units to the Space Force. Air Force officials are calling for legislation to bypass existing law requiring them to obtain a governor’s consent before making changes to a National Guard unit. It would allow the service to transfer 14 Air National Guard space units located in New York, Florida, Hawaii, Colorado, Alaska, California and Ohio and make them part of the Space Force. Not surprisingly, the idea is facing criticism from governors.
  (Air Force wants to override law in 7 states, transfer Guard units to Space Force - Federal News Network)

The post Feds in fatigues, too fatigued to properly do their jobs, GAO says first appeared on Federal News Network.

A few years ago, the Defense Department drafted a legislative proposal to get rid of principal cyber advisor positions across all services.

While this idea didn’t make it out of the Pentagon, three-plus years later, Chris Cleary, the former principal cyber advisor for the Department of the Navy, said that was a good thing.

Cleary, who left government recently and joined ManTech as its vice president of its global cyber practice, said the impact of the principal cyber advisor in the Navy is clear and lasting.

“This is challenging because all the services in the very, very beginning wanted to get rid of the principal cyber advisors. There was a legislative proposition that was trying to be submitted and Congress came over the top and said, ‘No, you’re going to do this,” Cleary said during an “exit” interview on Ask the CIO. “So year one in the job, I make the joke, I was just trying to avoid getting smothered by a pillow because no one wanted this position especially after we just stood up the re-empowered CIO office so what’s a PCA? And what’s this person going to do for the organization? I was very attuned to that and ready that if the decision is to push back on this creation, and maybe do away with the PCA job, I was just going to go back to being a chief information security officer. I was being a good sailor and focused on whatever are the best needs of the Navy. I was prepared to do that.”

The move to get rid of the principal cyber advisors never came to fruition and, instead, the Navy, and likely other military services, now see the value in the position.

Cyber advisor wields budget influence

Cleary said one way the principal cyber advisor continues to provide value is around budgeting for cybersecurity. He said each year his office submits a letter on the “budget adequacy” to the Defense Department’s planning process, called the Program Objective Memorandum (POM).

“I found that the PCA office really became the champion for advocating and supporting programs like More Situational Awareness for Industrial Control Systems (MOSAICS), which was a thing we were doing for operational technology systems ashore, and another product called Situational Awareness, Boundary Enforcement and Response (SABER), which was its cousin and for OT stuff afloat,” he said. “What you found is both of those programs are being championed by hardworking, honest Navy employees that just couldn’t break squelch to get a properly resourced or funded or programmed for. The PCA was able to champion these things within the E-Ring of the Pentagon. Things like MOSAICS, as an example, I am very proud of, we worked very closely with the Assistant Secretary of the Navy for Energy, Installations and Environment, Meredith Berger. She very quickly recognized the problem, most of this fell kind of within her sphere of influence as the person responsible for resourcing all of the Navy’s infrastructure. She very quickly embraced it, adopted it and hired an individual within the organization to look at this specifically.”

Cleary said over the course of the next few years, he worked with Berger’s team as well as other cyber experts in the Navy and across DoD to do deep dives into how to secure OT.

When the Defense Department rolled out its zero trust strategy in November 2022, the services faced more challenges around operational technology than typical IT. Cleary said the PCA helped the Navy better understand the OT stack was more complex and the tools used for IT wouldn’t necessarily work.

“The further you get down closer to an actual device or controller you can’t just roll a firewall out against that,” he said. “They have their own vulnerabilities and risks associated with them. But they’re things that we haven’t traditionally looked at when you when I’m talking about OT, like weapon systems, defense, critical infrastructure, these massive foundation of things that not only enable what we do from an enterprise IT standpoint,  but we’ve got to keep the lights on and the water flowing, and the Aegis weapon system has lots of computers with it, but that isn’t an enterprise IT system so who’s looking at those, who’s resourcing those, it’s only been the last decade or so that we’ve seen a lot of these is legitimate target areas.”

Champion of attention, resources

Cleary said his office helped get the Navy to spend more money and resources on protecting operational technology because it wasn’t always a top priority.

The OT example, Cleary said, is exactly why Congress created the PCA.

“We didn’t do any of the work to create these things. We just champion them appropriately and ensure they got the attention they deserved. And then ultimately, the resourcing required so they can be successful,” he said.

Cleary said it was clear that after three-plus years as the principal cyber advisor for the Navy, the benefits outweighed any concerns.

He said with the cyber world becoming more convoluted and complex, the position helps connect dots that were previously difficult to bring together.

“I think Congress would come and ask a question and they would get 10 different answers from 10 different people. I’m not saying we got there. But the idea of the PCA was to get those 10 different answers from 10 different people and then try to consolidate that answer into something that made sense that we could agree upon and present that answer back to Congress,” he said. “I’m not going to say we fully succeeded there because there are a lot of ways around the PCA and the PCA offices, but I think as the offices get more and more established, organizations like Fleet Cyber Command for the Navy, the Naval Information Forces and others were seeing the benefit of the PCA’s job to be the middleman and deal with the back and forth.”

Continue to create trust

Cleary said toward the end of his tenure, these and other offices, including the Marines cyber office, started to work even more closely with his office on these wide-ranging cyber challenges. He said the principal cyber advisor was slowly, but surely becoming the trusted cyber advisor initially imagined.

“I use the analogy of a fishing line, when you start pulling out a fishing line and you’re not sure what the weight of the fishing line is, but if you break the line, it’s over. So the trick was to pull on it with just the right amount of tension without risking or breaking it,” he said. “I knew the PCA office was something new and if the relationships with those organizations became tenuous, or were cut off because of the PCA coming in and say, ‘Hey, you shall do this or that,’ it wasn’t going to work. The way I envisioned the role of PCA was not to tell anybody inside the organization how to operationalize their own environments. My whole job was to go to them and understand what it is they needed, based on their experience and their expertise, and then get them that. The more that I could be seen as a value and not here to check their homework and poke them in the eye about their readiness, the more successful I’d be.”

Cleary said for the principal cyber advisor to continue to be successful, they have to continue to establish trust, understand their role is personality driven and focus on getting the commands the money and resources they need to continue to improve their cyber readiness.

The post Why the principal cyber advisor ended up being a good thing first appeared on Federal News Network.

The Air Force seeks to override governors’ authority over their National Guard personnel in some states and move Air National Guard units with space missions to the Space Force.

Air Force officials are proposing legislation to bypass existing law requiring them to obtain a governor’s consent before making changes to a National Guard unit and to transfer 14 Air National Guard space units across seven states into the Space Force.

The draft legislation titled “Transfer to The Space Force of covered space functions of the Air National Guard of the United States,” which was reviewed by Federal News Network, would allow the Air Force Secretary to take one of three courses of action if National Guard space units end up being removed from their states:

• change the status of the unit so that it’s a Space Force unit rather than an Air National Guard unit;
• deactivate the unit after revoking its federal recognition;
• or assign the unit a new federal mission.

If passed, the legislation would waive section 104(c) of Title 32, which says that “no change in the branch, organization or allotment of a unit located entirely within a state may be made without the approval of its governor;” and section 18238 of Title 10 of the U.S. Code, which states that “a unit of the Army National Guard or the Air National Guard may not be relocated or withdrawn under this chapter without the consent of the governor of the state.

Upon the transfer, the Space Force end strength would increase by that number of personnel billets and the Air National Guard end strength would decrease by the same amount. There are approximately 1,000 Air Guard space professionals serving full- and part-time in New York, Florida, Hawaii, Colorado, Alaska, California and Ohio, according to the National Guard Association of the United States (NGAUS). 

The proposed legislation is already facing criticism from state governors and advocate groups. 

In a letter to Defense Secretary Lloyd Austin, Colorado Gov. Jared Polis wrote, “I oppose this legislation in the strongest possible terms.”

“Each servicemember signed a contract to serve in the Colorado Air National Guard and swore an oath to serve both the United States of America and the State of Colorado. As their Commander-in-Chief, I cannot stand idly by as the servicemembers I am charged with leading are faced with the decision to either leave military service or serve in a manner that they did not originally agree to. We know that a significant majority of Air National Guard space operators will not transfer to the U.S. Space Force, putting both their military career and national security at risk,” Gov. Polis wrote.

Removing the requirement to obtain a governor’s consent before making changes to the unit structure would also set a “dangerous precedent.” 

“It’s a terrible precedent. If they do this now and they are successful — what’s next? They’re going to be taking a C-130 wing out of a state and putting it into the active component or they are going to be taking a brigade combat team out of the Army and putting that into the active components. This is a very, very dangerous precedent,” Retired Maj. Gen. Frank McGinn, NGAUS president, told Federal News Network.

As of now, Guardians doesn’t have an option to serve part-time. As part of the 2024 defense bill, the Space Force Personnel Management Act, however, will allow the Air Force to have a system where Air Force reservists and Guardians can choose to serve part- or full-time in some instances. But the Act doesn’t apply to the Air Force National Guard personnel issue. 

According to NGAUS, surveys show that over 90% of airmen have said they don’t want to leave the National Guard.

“If it goes through in an attempt to take the Air National Guard space units and personnel, most of them are not going to go. So It’s going to create a huge void and capability at a time when we really can’t afford to do that,” said McGinn.

“It would take about nine years to rebuild that infrastructure in that capacity. You’d also be losing decades of experience from our citizen guardsmen, which is almost irreplaceable.”

The Air Force didn’t comment on the proposed legislation.

Creating a Space National Guard

At the same time, some lawmakers are making another push to create a national guard component for the Space Force — an effort that has been in limbo for several years now. 

Marco Rubio (R-Fla.) and a bipartisan group of 11 senators reintroduced the Space National Guard Establishment Act of 2024 on Jan. 31. The bill was first introduced in 2022, but the passing of Sen. Dianne Feinstein (D-Calif.) delayed the effort. 

The 2024 defense bill requires the Pentagon to assess the feasibility and advisability of transferring all Air National Guard space functions to the Space Force. 

“For me personally, I’ve been very clear in my congressional testimony when asked for my best military advice. I believe the establishment of the Space National Guard is the best use of our folks that have been doing this mission in many cases for over 25 years,” Gen. Daniel Hokanson, the chief of the National Guard Bureau, told reporters in February.

The White House and much of Congress have opposed the idea of a separate Space Guard, citing that the move would create unnecessary bureaucracy and have a high price tag.

NGAUS, however, estimated that it would only cost $250,000 to create a Space National Guard.

The post Air Force seeks to override existing law, move Guard units to Space Force first appeared on Federal News Network.

For the first time in its nearly 250 year history, the Navy has a woman as Chief of Naval Operations (CNO). Adm. Lisa Franchetti, in a recent Navy Times article, credited an earlier CNO (Elmo Zumwalt), for enabling women to advance in the Navy. CNOs, in fact, have exerted a lot of influence. Now the Naval History and Heritage Command has released — in hard copy — a 2015 volume detailing the activities of a century of chiefs of Naval operations. For more,  the Federal Drive Host Tom Temin spoke with historian and co-author Curtis Utz.

Interview Transcript: 

Curtis Utz Well, the position of Chief of Naval Operations again is legally established in 1915. But we do go back and look into the late 19th and early 20th century as to why did this position develop the greater professionalization of the Navy, the need to have better control. Because prior to this, the secretaries of the Navy are directly commanding the squadron commanders. And if you go back far enough, even individual ships. And the Navy realized that while they’d been able to succeed with this during the war with Spain, if you were going to start considering conflicts with larger naval powers, you have to be a bigger force, you have to get together, you have to be orchestrated and led by a uniformed officer that has a better understanding of what’s going on.

Tom Temin Almost like the British model where you have a politician, but you also have a professional that are close in rank, even though the politician may outrank, but really directing ships and saying, left rudder, right rudder fuel here. You need somebody that knows the ocean.

Curtis Utz Right. Well, one of the great controversies in creating this office was that secretaries of the Navy did not want to cede civilian control, which is required by the Constitution and by law for them to have. And the naval officers who were involved with this early on, they also understood that, but they were just very concerned that they didn’t have, necessarily, you would get a secretary with a good understanding of the professional and technical requirements of the early 20th century Navy.

Tom Temin Yes, there was a big shift to more mechanization. Aircraft were beginning to learn how to land on shift. It was getting complicated.

Curtis Utz Oh, yes. Very, very highly complicated. And when you look at some of the things that are in the early office of Chief of Naval Operations, they actually have the organization that oversees naval communications. You know, the development of radio, more advanced technology. Aviation is also under the organization, but they also have the people who oversee engineering and gunnery competitions, which doesn’t sound like much, but this is really advanced training. We are trying to encourage people to get better with these very sophisticated systems, because in the case of gunnery, you’re starting developed by 1910, 1912 period, where you’re throwing shells 12 or 15 miles and a pretty good physics problem to figure out if it’s going to be able to hit something. It is roughly two lengths of a football field.

Tom Temin Why did the Navy not call it the chief of staff like the other armed services?

Curtis Utz One of the things that several of the secretaries of the Navy had been worried about, and the term that a couple of them used was they were afraid of the Prussianization of the Navy because, the Prussian General Staff was very well known, and the Navy wanted to make it clear that this is more about operations. Because beyond this staff within the CNO’s office, there was the shore establishment that reported to the Secretary of the Navy, Bureau of Navigation, Bureau of Ordnance, Bureau of Construction and Repair, Bureau of Supplies and Accounts, Bureau of Medicine and Surgery, who provided a lot of the support. This organization was primarily focused on how do we go and operate.

Tom Temin Interesting. And now we have the Chief of Research in the Navy. That’s one of the ones that would be not reporting then, in this day, to the CNO.

Curtis Utz Well, at that time, I mean, [Naval Research Laboratory (NRL)] hasn’t even really gotten off the ground yet. And they are doing work by the 20s and 30s where, yeah, the chief of Naval Research is one of the guys who reports to the secretaries, because the bureau chiefs continued to report to the secretary. They did not report to the CNO, and that caused a bit of friction over time, as you can imagine.

Tom Temin I can imagine we’re speaking with Curtis Utz. He’s an Austrian with the Naval History and Heritage Command. And looking at the CNO from 1915 to 2015. Do they have influence on the Navy or as just people who operate? And they’re there for a couple of years come and go. I think I know where you’re headed on this answer.

Curtis Utz They have tremendous influence, but the types of influence vary over time. The one goal that all CNOs have had is make the U.S. Navy, the institution a better organization than you found it when you took the job. And part of their primary mission, again, throughout this entire period is how do you man train and equip the Navy? And that’s one of their primary responsibilities. Now, the one thing that does change a lot over time is, while they’re originally designed as an operational oversight, with the establishment of the Department of Defense and various reforms, since then, more and more of the operational authority of the CNO went away. First, under the 58 Reorganization Act, under the Eisenhower administration, and then, basically taking the service chiefs, not just the CNO out with Goldwater-Nichols to where operational control is out with the combatant commanders.

Tom Temin And let’s talk about some of the people involved, though. Zumwalt, we mentioned at the top is, I think, widely recognized as a transformational CNO who in the hundred years that you studied, who were some of the standouts and why?

Curtis Utz Well, Zumwalt obviously stands out because he’s quite young. He’s very much aware of the issues going on in the late 60s and in the 70s. He had commanded him Vietnam, and he realized there was a huge amount of transition going on that the Navy had to figure out a way to deal with, particularly as a transition to an all volunteer force first, having draftees. I think one of the admirals that came in to after him was Admiral Hayward. Admiral Hayward had been in command in the Pacific before becoming CNO, and he was really the first officer in the post Vietnam era that saw that the Navy didn’t have to just be defensive, because one of the big pushes was defend the sea lanes to Europe or, if necessary, Asia. And he’s like, no, we need to be able to project power ashore. And what he comes up with for the Pacific, he keeps pushing that when he CNO. And then essentially what he comes up with is co-opted by John Layman as the maritime strategy, which completely changes the outlook and direction of the Navy for the rest of the Cold War.

Tom Temin So then the CNO really can have a lot of influence, and then that devolves into what they buy, how they acquire the force structure and so on.

Curtis Utz Yes. The CNO still have the ability to influence these things. And they’re also the CNO is a member of the Joint Chiefs of Staff. They have to interact with the other joint chiefs and the chairman trying to figure out how are we going to meet the national level mission. And one of the other things the CNO has had to worry about most of the time is how do we pay for it?

Tom Temin Yes, that’s always a question. Anything federally connected? And I had a technological question because,  just before Zumwalt, in those years, there was a convergence nuclear power for subs. But earlier than that, and I think within the span of this book, going back to 1915, steam conversion to more modern propulsion methods, it sounds like just an arcane thing down on the bottom of the ship, but that really affected range and logistics and a lot of other operational aspects that matter.

Curtis Utz Steam power had been around since the middle of the 19th century, but as you come up with better engineering plans, you have a conversion from coal to oil power. You come up with better design, more efficient systems. But when you do start transitioning to nuclear power plants, initially with submarines, then with aircraft carriers and even some cruisers starting in the 50s, essentially, instead of using an oil burner, you’re using a nuclear power plant to generate steam. You’re still using essentially a steam system. But the thing is with nuclear power, essentially, you’re range is unlimited, as far as that. You still have to have other supplies. You have to maintain your sailors.

Tom Temin You need stake and lettuce aboard.

Curtis Utz You know, stake, lettuce, ammunition, medical supplies, all those sorts of things. And arguably, you don’t really get true submarines. You get advanced submersibles until you get nuclear power.

Tom Temin Any new CNO that would come in in the future, what will they get out of this book, do you think?

Curtis Utz I think what the CNOs and the OPNAVs staff will get, and this was one of our goals, is here are the challenges your predecessors have faced in the past. And here is how they’ve looked at going about dealing with them. And some of them had to be exceedingly creative in how do you deal with situations? And hopefully this would get them to start thinking about what are your options. Don’t get stuck in a rut of the tradition that you’ve worked with, because sometimes you have to get out of that. But of course, there are limits on that. There are limits from the political specter. And of course, also, again, the financial perspective of how do you pay for this?

Tom Temin Maybe that’s the real naval tradition, is that you’re always changing tradition.

Curtis Utz You’re changing how you operate, you’re changing how you’re organized. But you still have the same in many ways. Basic mission of you have to go to see you’re often forward deployed, protecting the national interest. And I think that’s one of the things that the vast majority of people do not understand is the Navy is always on the job. The Navy is always serving in defense of the nation far forward. And it’s a huge challenge.

Tom Temin And briefly tell us about yourself. You’re not a veteran of the ocean, but you’ve been with the Navy a long time and I’m told you know where the bodies are buried.

Curtis Utz Yes. I first joined what was then known as the Naval Historical Center in 1992. I had done my graduate work at the University of Maryland, College Park, and had written on naval history, and served with the old Naval Historical Center for a couple of years. Went to another part of DoD, was a historian there for nine years, and then came back to the Naval Historical Center to run the Naval Aviation History Office. Then I ran the Naval Archives, and then they let me go back to just being a writing historian, which is good.

Tom Temin Have you been able to get aboard a couple of vessels?

Curtis Utz Yes. When I was first with the command, I went to see during the period where we were transitioning from, there’s no more Soviet Union. What do we do with power projection ashore? And I went out and participated in a multi-day exercise. It was on both Mount Whitney and the old Guadalcanal, which was one of the old big deck. And I got to see a little bit more of how things operate. I’ve also been on naval aircraft. I’ve been to any number of naval stations. The first time you get to sea and you’re out there for any length of time, you get a better understanding of what’s going on.

The post How the Navy has been shaped by its operations chiefs first appeared on Federal News Network.

The Coast Guard may be the most active federal agency in the aftermath of the Baltimore bridge that was knocked over by a container ship. For a summary of what it’s had to do so far and the resources it’s deployed, the Federal Drive Host Tom Temin  spoke to Baltimore District Commander Col. Estee Pinchasin.

Interview Transcript: 

Estee Pinchasin We’re about a week and a day in to the operation. The first day you remember was search and rescue and then recovery. We shifted to recovery operations, and it’s very hard decision to then go into salvage, because at that point we realized it was just too dangerous. The wreckage was so unstable that we didn’t want to put the divers in a in a dangerous situation. So we shifted to salvage operations. And in the meantime, we’ve marshaled the most incredible team resources, equipment to be able to tackle this. And you’ve got three efforts. You’ve got the channel, the 50 foot shipping channel that needs to be cleared and opened. You’ve got the vessel that needs to be refloated. And in the area outside the channel, there’s the bridge wreckage that needs to be removed. So that will rebuild the Francis Scott Key Bridge, as the governor describes. You need to know that while you’ve got these three efforts, they are being coordinated in an overarching manner through the Unified Command the U.S. Army Corps of Engineers has brought on the supervisor of salvage from the United States Navy. Those are our nation’s top salvage experts reaching into the salvage community. So we’ve got the right team here. And it’s not just about the wreckage. It’s not just about the engineering to get the wreckage out. We know that recovery of those four unaccounted personnel is a part of this. So when we see the salvage operations that are going to be taking place in earnest, need to know that this is going to be an iterative process with every layer of wreckage that we pull up, we have to go back in and scan and survey and inspect to make sure that the load reacted the way we believed it would, that it’s as stable as it needs to be, so that the next iteration can be done safely. But they’re also going to be looking for any signs of the missing personnel or any areas that need further inspection that they could possibly be found. We all recognize that’s a very integral part of this operation. We’re not forgetting that it’s a part of every step.

Eric White  I don’t know if you have exact numbers or anything like that, ballpark is perfectly fine. As far as those resources from the Army Corps of Engineers itself. Can you just kind of tell me the sort of equipment and personnel that your agency is deploying to the situation?

Estee Pinchasin So right off the bat, the Corps started deploying its emergency response personnel. We brought in structural engineers from within the Baltimore district, but also from our structural center of expertise. Over in Philadelphia district, we launched survey operators and vessels from Philly as well to join up with the Baltimore district teammates. We brought in emergency managers and experts from areas around the corps. I don’t know how much people know about the Corps of Engineers, but we’re 38,000 people strong that literally build our country. We are engineering that our vision is engineering solutions to our nation’s challenges. And this is exactly what that is. But we bring in other partners as well. And that’s where the Navy and tying in with the Coast Guard in this unified command, all our state and federal partners, it’s a very powerful partnership. Another thing to remember is that this community and this the Baltimore community, we work together in this port on these channels all the time. The Baltimore District of the Corps of Engineers clears, navigational hazards and maintains the depth of these channels all the time, whether people realize it or not. When they’re ordering things on Amazon, that’s why that’s happening for our port. So the team that was able to spring together had the preexisting human infrastructure of relationships to come together quickly. There wasn’t a learning curve in figuring out who’s who. So that that made this response very quick and efficient.

Eric White Yeah, I wanted to touch on that. This is a good segue into, this is such a heavy undertaking. How are you maintaining the standard operations that your district already does, the important work that your district is already responsible for, while also contributing to this recovery and rebuilding effort?

Estee Pinchasin We are not doing this alone. When I mentioned that unified command, the Coast Guard, who is responsible for the overall waterway and their sector commander, Captain Dave O’Connell, he is the captain of the port. So he’s here with a massive amount of personal experience and expertise to put together this unified command, along with the state, along with the military, with the Maryland State Police, all the state agencies, federal partners supporting and helping. We also have the responsible individual that represents the shipping company who is responsible for removing and refloating the vessel. So this is not done alone with the Corps. The Corps doesn’t do anything alone. We are very reliant on our partners and especially our partners in industry.

Eric White And apart from the government agencies that you’re working with, what sorts of contractors have you all been working with in order to get this thing underway? I imagine somebody’s got to have those cranes. Somebody is the shipping company.

Estee Pinchasin Like I mentioned, we’ve got these three lines of effort we have, and I’m talking from a salvage operations. The governor put out our priorities. We know the top priority is recovering those families, that recovering the missing from our families that are still here in Baltimore. When I step down and do just the salvage operation, we’ve got three efforts here. We’ve got restoring the 50 foot federal channel, the shipping channel. We’ve got refloating the vessel. And then we also have to restore the overall waterway so we can rebuild the bridge. We have three salvage then that are working, that are salvage experts, that are working to restore all the conditions in the channel. And they’re working together. They’re sharing information. They’re sharing coordinated under the unified command through the Corps. But with the help of our partners in United States Navy, the sup sal, or supervisor of salvage operations for the Navy, and they come in with salvage expertise that can’t be matched. And it’s humbling to see, it’s inspiring to me as an engineer to see them duking it out and figuring out the best way to get after these things. There’s such passion here. And I think that for a lot of folks, any construction project, any dredging project, any major operation that’s taking place usually have these big, major pieces of equipment moving. And that’s when you think things are happening. But behind every one of those lists is a tremendous amount of engineering analysis that has to take place for them to figure out where to cut, how to cut, how to rig it, how to lift it. I’m learning so much about salvage operations through here that to understand that sometimes rigging a particular load, if we’re going to lift something that’s near 1,000 pounds, because that’s what we’ve got here, we’ve got a 1,000 ton crane that can lift a load that much of the Chesapeake 1,000. You might hear it being referred to on the radio as a chassis. If that’s going to lift 1,000 pounds, you’re going to have a lot of stabilization that’s taking place. You might have additional cranes that are stabilizing other parts of the spans that are being cut and then lifted. Behind every one of those lifts, someone is designing how to cut it, how they’re going to rig it, how they’re going to lift it. And they’re planning to do that not just to get it up. They’re planning on how they’re going to lift it so that the load underneath will react a certain way, so as to not endanger the crane operator and not to make the conditions more dangerous or complicated later. They’re looking long term out.

Eric White Are there any sorts of timelines that have been established yet, or is it just still so early?

Estee Pinchasin No, it’s so early. And I mean, honestly, we’re focused right now on clearing the channel and hopefully recovering our missing personnel. From my vantage point that’s our top priority, giving closure to those families that just celebrated Easter in an unthinkable way and trying to find a way to work as close as we can safely and as quickly as possible to get as much traffic as we can back going through to the Port of Baltimore. We’ve got 8,000 workers from that port. It had to make a mortgage payment two days ago. I think about that. That’s what’s motivating me, because I know the Corps serves our country, but we’re serving our people. And I know people can say, that sounds cheesy, but that’s exactly what that is. That’s always serving.

Eric White And can you tell me just about how you heard about when it happened? It happened overnight. Living here in Maryland myself, all my social media feeds were ablaze when this occurred. Can you just kind of take me through how you were alerted that such an event had occurred?

Estee Pinchasin So it’s interesting how it happened. My mother in law was the first person to call my husband’s phone. And as he hands me the phone and he tells me this, I pick up the phone and my phone starts going crazy. I mean, thank God for her. She’s up early. She’s incredible. She was the one that made the first call. Maybe we have to hire her into our emergency operations section, but, yeah, that was my first call. If anybody really wants to know on the record. And then I started getting calls while I’m on the phone with her internal to my organization. So from that, I call immediately to, captain O’Connell with the Coast Guard. And, we’ve been here together ever since. But you need to know that we know that this is a long road. We are getting our team together every day. We’re already looking at further out who’s going to come and replace our folks and everything that we’re working on for these intermediate milestones before we get the port completely open. And I think that’s the right answer. You don’t want to sprint and then die. You want to make sure that you can go in it for the long term, so that you’re fresh and sharp and thinking as clearly as you can bring in the assets that you need. So, that’s our plan. We have a good battle rhythm going, lots of good decision making and analysis. So I’m very proud of team. Can’t say enough about them.

Eric White One last question here. I know you’re busy, so I’ll let you go, but you’ve been here a while now. I’ve lived in Maryland all my life. Can you just talk a little bit about the uniqueness of these bridges? We’ve got the Bay bridge, and then we have also the Key Bridge. Just these long bridges over a big stretch of body of water that is so important in shipping, important shipping lanes. Where does that factor in of as far as just the amount of material that is required to build these bridges and now are in the body of water themselves? And what that means.

Estee Pinchasin It’s really complex. I think when you look on the horizon right now and your heart sinks when you see it from far away, that gorgeous bridge that you would see in the distance that’s now broken up in the water. I have to tell you, it can be a little misleading, because when you’re looking at it from a distance, you see these spans that are sticking out of the water. And you look at it looks like there’s some structural integrity there. They might they look like they’re kind of intact. As you start to get below the water and into the mud line, especially further down, we’re seeing through 3D side scan sonar. We’re getting a much better picture of the extent of the damage, and it is far more than we thought. When you look at it, your imagination will take you down and you almost think like that span is just going straight down. But as you start to get deeper and deeper, that is 50ft down, and that 50 foot channel is mangled and cantilevered, and there are portions of it that are completely crushed. They’re completely collapsed. So when we talk about cutting out these spans into bite sized pieces, and those bite sized pieces are hundreds of tons and being lifted up. You can envision it. It’s not easy when you see the imagery of the person on the truss and you know that he’s got three stories of building above him and three stories of building below him, and he’s cutting. You start to see the magnitude of this, but you can still envision I’m going to cut through. We’re going to have these pieces being taken off. As you start to get into the water, and you start to see the mangled mess that is displaying with the 3-D imagery. You start to realize that it’s much more complex, and being able to pull that out is going to require a lot of ingenuity, and they’re going to use different types of equipment for that. They’re going to they have cranes, heavy cranes that you might see. You might have heard about the Chessie 1000 being here, but you’re going to see they’re going to have to have grabbers and salvage buckets that are going to pull out wreckage. So it’s going to be an amazing feat. And I have no doubt we have the right team. 100% we have the right team. And Baltimore is going to come back from this. I hear the mayor, I hear the governor, our team. And a part of that is also just making sure that we give closure to the families that are part of this, too.

The post The Coast Guard is working overtime on the Baltimore bridge that was knocked into the harbor first appeared on Federal News Network.

The agency has also completed the contracting process to support the Coast Guard’s efforts to strengthen its networks.

“We just completed the contracting effort to get underway with the Coast Guard work. There are some site surveys and things that need to be done, but that will be additive work on top of the planned work,” Brian Hermann, DISA’s director of the cybersecurity and analytics directorate, told Federal News Network. 

The Southern Command, the European Command, and the Africa Command are also considering working with the service provider. This will help the commands get off of the legacy Joint Regional Security Stacks, a widely criticized program that once promised to improve the Pentagon’s network security posture. The Pentagon is rushing to sunset JRSS by 2027 as it’s working to achieve the target level of zero trust by the same year. 

The agency plans to bring the Thunderdome zero trust architecture to 14 more sites in the coming year. 

Hermann said the agency will first focus on organizations that are already part of DoDNet, which currently supports users from DISA, the Defense Technical Information Center and the Defense POW/MIA Accounting Agency and the Defense Technical Information Center on the unclassified and classified sides. The goal is to get those sites up to the required zero trust standards. 

Once more agencies migrate to DoDNet, they will have the Thunderdome zero trust architecture in place to enhance security of their networks.

“Over time, as they come on board to DoDNet, they will get the Thunderdome architecture as a basic part of their commodity IT. That’s helpful for them and it’s helpful for the department because then we know that those organizations will have achieved certain elements of zero trust target state, which we’re all required to achieve by the end of fiscal 2027. So we expect there will be more organizations that come on board Thunderdome,” said Hermann.

Key components of Thunderdome

The Thunderdome project comprises four key components, including customer security stacks and software-defined wide area networking — those were combined into one function that sits at the edge of the network enclave. 

Thunderdome also provides secure access service edge capability, which replaces traditional virtual private networks. And the final component the agency deploys under Thunderdome is application security stacks to provide protections and segmentation functions and prevent unauthorized movement.

“That’s a complicated effort for the department because we have at least four different commercial cloud providers that work with the department — Google, Amazon, Microsoft and Oracle. And then we have legacy on-prem data centers, which include some elements of cloud even in those areas. It was really important to us that we looked and found a way to secure applications in those spaces that didn’t have to be different for every cloud environment that we find ourselves in,” said Hermann.

Before rolling out the program to 15 sites last year, the agency tested out those capabilities at three sites. It then brought in the Joint Interoperability Test Command to evaluate whether the technologies were meeting zero trust goals. 

“Once that was proven out, that’s when we embarked on the 15 deployments and now expanding,” said Hermann. 

Hermann said the agency uses the Thunderdome moniker for all things related to zero trust, including identity, credential and access management (ICAM) capabilities, and capabilities the DoD has received as part of its Microsoft 365 E5 licensing, such as Microsoft Defender.

Security orchestration to provide automation

As the agency rolls out the Thunderdome architecture, the service provider is honing in on a key part of the effort — making sure the cybersecurity tools are linked up so they can share information rather than being stovepiped and adding automation to help operators manage large volumes of security data.

“We know that the proliferation of multiple tools and mountains of data make work hard for them. And so part of this is where that AI kind of capability plays in. Let’s take a look at those mundane activities that we know how to respond to and if that solves for 75% or 80% of their workload, then we can have those same people using their minds on the higher end fight. This is really important to us to get after that automation, and AI definitely plays a part in what we’re doing,” said Hermann. 

To get after automation, the agency is evaluating a capability called Perceptor, an AI/ML platform operated by the Chief Digital and Artificial Intelligence Office, that will be part of the Thunderdome architecture.

“We are working that in the background between our Thunderdome team and our analytics and data team in cybersecurity in the program executive office for cybersecurity here at DISA. We’re actually doing that now. It’s live. It hasn’t necessarily become yet the standard way that our defensive cyber operators work. That’s partly because we need to prove it out. And we need to have the tools to build the rules so that we can automate those things and be confident that we’re getting what we need out of that,” said Hermann. “There is ongoing work there. It has been implemented, we’re doing it in secure commercial cloud.”

The post DISA to deploy Thunderdome to 60 sites, plus Coast Guard first appeared on Federal News Network.

The storied Fort Knox has a different mission than it historically did. That’s because of the work the Base Realignment and Closure Commission did in the early 2000s. Fort Knox still houses gold and has a human resources function. For details, the Federal Drive Host Tom Temin talked with Jim Iacocca, the President of the Knox Regional Development Alliance.

Interview Transcript: 

Tom Temin Well, tell us about Fort Knox. I mean, everybody knows the gold bullion is stored there, but it’s much more than that. But it’s different than the missions it had in the 30s, 40s, 50, 60. So what goes on there?

Jim Iacocca You know. Absolutely. And I’m happy to share that. Interesting note. The gold bullion is actually not on Fort Knox. It’s right next to Fort Knox in the federal depository that shares space. So it’s run by the Treasury and not Fort Knox itself.

Tom Temin But it’s on the grounds.

Jim Iacocca Next to the grounds.

Tom Temin Next to the grass. So it’s not within the 109,000 acres.

Jim Iacocca It is not. No, sir. Not part of the 109,000 acres in Fort Knox.

Tom Temin Probably held in 1948. And everyone forgot. Right?

Jim Iacocca That’s probably a true statement. Yeah. So Fort Knox has really changed when it used to be the home of the Armor Center. It was important to the Army as it trained all armor forces in the army that since moved to Fort More, formerly Fort Benning down in Georgia, as you mentioned, under BRAC. And so while that was an emotional change for the community, the strategic importance of Fort Knox has grown quite considerably since BRAC. So at that time, it was the armor Center. You had one two star general that commanded the installation. Now there are 17 or 18 general officers on the installation. Nine general officer commands, one three star, soon going to two three stars, multiple two stars and one star. So what Fort Knox does for the Army is quite incredible. So Fifth Corps headquarters is at Fort Knox, one of four headquarters in the Army, and they are commanding, controlling all Army forces in Europe. That’s fifth Corps. Then you have recruiting command. No soldier comes in the Army anywhere in the world without being influenced by Fort Knox and Recruiting command. Cadet command. 75% of the officer corps that comes in the Army comes in through ROTC and cadet command commands, all ROTC formations and in human resources command global responsibility for the entire soldier life cycle. Then there’s first Theater Sustainment Command logistics support to the entire Middle East region, not just for the Army, but for all forces. And then first Army Division East, which certifies guard and reserve units for their wartime missions, for those guard and reserve units east of the Mississippi. And then there’s three reserve units Army Reserve Aviation Command commands, Army Reserve Aviation nationwide out of Fort Knox. Then there’s the 100th Division, which is reserved professional development nationwide, and the 84th Training Division, which does unit training on a regional basis. So there’s nine general officer commands right now where before there was one general officer command.

Tom Temin And will that change or get may be more important as the Army moves back to the division structure that it had before the war on terror, when it went to a brigade kind of emphasis.

Jim Iacocca I think, based on the organizations that are at Knox, that the mission at Knox won’t change, the support that they provide to the Army won’t change. And, you know, I don’t think any units are going to leave Fort Knox anytime soon. Now, there will be changes to our friends at Fort Campbell just down the road as division structure changes and potentially am not getting ahead of anything here. I don’t think potentially, depending on what kind of changes they make at Fort Campbell. Some of that growth might impact Fort Knox because Fort Knox still has capacity for growth.

Tom Temin Sure. And let’s talk about the alliance. The Knox Regional Development Alliance, I guess bases continue to be important economically to the areas that surround them. I don’t think they all have an alliance. What does the alliance do? How does it benefit Fort Knox and how does it benefit the area where you are in Kentucky?

Jim Iacocca Sure. So I think most military communities that are serious about their military community and their bases or posts have a military alliance. And we’re all part of an umbrella organization called the Association of Defense Communities. But the Knox Regional Development Alliance was actually created decades ago, and it was called the Core Committee when a group of businessmen and women realized the economic importance of Fort Knox to their region and to the economy and their livelihood. So they created this organization. It was a part time organization then. And then in 2017, they decided, you know, we need to get serious about this. And they created a full time organization. They named it the Knox Regional Development Alliance. And I was very privileged to be hired as the first full time president and CEO of the organization. The organization founded on four main goals, and that is to protect existing missions at Fort Knox right now and advocate for growth at Fort Knox that make sense for Fort Knox. Increased defense contractor spending in the region create opportunities for the community to partner with the installation and vice versa. And then to do everything we can to take care of soldiers and families as they come in to Fort Knox while they’re at Fort Knox. And then as they transition from Fort Knox.

Tom Temin We’re speaking with Jim Iacocca, president of the Knox Regional Development Alliance. Yeah, that’s an important point. You mentioned the interaction with the local community, because when you have a military base in an area, you don’t want it to be as if there’s a federal prison in the area. The only thing they have in common, maybe, is a fence or a wall around it. But really, I would think it’s healthy for both sides to have a porous kind of relationship where events interaction, it becomes a normalized part of the community, just like the big box store.

Jim Iacocca You know, I mentioned earlier all those units that are there. What’s really interesting about Fort Knox, about 22,000 people that work there, almost half of that workforce is a civilian workforce that lives off the installation. And so people are going on and off the installation all the time to work. They pay taxes in the community where before, you know, soldiers tend not to pay tax in the state that they’re working in unless they happen to be residents there. And so what’s nice about Fort Knox is, you know, since 911, all the posts were closed, but they have a really robust visitor’s program that you can go get registered. You can register for a year, and then you go on and off the post to use the golf course to use some of the other facilities that are on the installation. So they really do encourage people to come visit the installation. You know, the installation leadership talks about this all the time, that it’s your post, you’re tax payer. You live in the community, it’s your Fort Knox. Come visit it. And so they encourage people to come on the installation.

Tom Temin Yeah. On a big one like that’s probably just a great place to bicycle through or hike through, I imagine.

Jim Iacocca So there are some great trails on the installation and right off the installation, as a matter of fact. And then there’s places to bike. They’ve started to open more of the road to biking on the weekends. It’s easier on the weekends when there’s not so much activity in some of those ranges.

Tom Temin And getting to the contracting and economic development side, how do you encourage contracting and what types of goods and services are generally needed? You know, an arsenal might need something different from a base, and depending on the mission, you may have aircraft, you may have armor, artillery. Different types of things engender different types of contracting.

Jim Iacocca Sure. So when you look at Fort Knox, obviously it’s got its traditional brass cutting contracts, base maintenance contracts, janitorial contracts. And I think that’s common to everybody. But what’s a little bit different, based on the missions at Fort Knox now before Fifth Corps, it was almost all IT based or a lot of it contracts. And you know, now as we’re looking at more AI and more bot ability to do some things that bring some more a IT contracts into the region. And so there’s a lot of IT contractors and signalers that work there. And then with Fifth Corps did bring in a different piece because of the strategic communication requirements and some of the other things, but really it’s mostly database and it focused on Fort Knox.

Tom Temin And do you have local offices of national types of corporations nearby? Sometimes you see that a lot around bases.

Jim Iacocca The pandemic change things a little bit. Just about all the big folks that you could name had local offices. Now it seems that most of them are remote, but they all have local partners that have local offices. We have one contractor that has grown from 70 to over 200 employees in the region, their local contractor, but they partner with all the big ones. And so that kind of gives us big ones reach. We typically meet from Canada, we meet with the big contractors, and when they talk about coming in to compete for contracts at Fort Knox, they’ll often meet with us and talk with us. And, you know, at the right time, we’ll help connect them with the folks on the installation.

Tom Temin So someone could have a or a company could have a Silicon Valley body of knowledge, but have a really great Kentucky lifestyle if they wanted.

Jim Iacocca And so it at one point, there was a lot of that going on pre-pandemic. And then when that went away, and you probably know better than I did when that happened, hey, we can really hire employees from anywhere as long as they have connectivity. And that kind of did away with that. But there were a couple of organizations from the northeast that were looking at establishing an office, basically a data office here, based on the fact that we are relatively safe from climate impacts. And we have a very stable electrical grid here. And, you know, they were getting walloped in the Virginia Beach area and they’re like, let’s look for some other places. So they came to work for us. And, you know, we’re having conversation for them in the late 19th and early 20s. And then, as you know, the world changed, you know, like, hey, we can still hire Kentucky folks and we don’t have to pay for office space. Yeah.

Tom Temin Yeah, that sounds like a good plan. And you yourself are former Army.

Jim Iacocca I am.  I retired out of Fort Knox in 2017.

Tom Temin And you stuck around.

Jim Iacocca It’s a wonderful area, you know is around Fort Knox and even up in Louisville and just where you can be and where Kentucky is located. I mean, Kentucky is a nice central location. We can be just about anywhere within a day’s drive.

Tom Temin Plus, the hunting and fishing is pretty good.

Jim Iacocca The hunting and fishing is actually very nice here. Yes.

The post Fort Knox has its own booster club first appeared on Federal News Network.