Government Executive - Tech

Surveillance authority nears historic lapse as House deadlock meets intelligence leadership fight

David DiMolfetta — Fri, 12 Jun 2026 11:49:58 -0400

The House failed to approve an extension of a powerful foreign spying authority on Thursday, putting it on course to statutorily lapse for the first time in its history, even as President Donald Trump has named his choice for a permanent spy chief in an apparent bid to defuse a fight over the intelligence community’s leadership.

Hours after the 218-198 vote on Section 702 of the Foreign Intelligence Surveillance Act — which was fraught with bipartisan objections to Bill Pulte’s appointment to serve as acting director of national intelligence — President Donald Trump said he would name Jay Clayton, the U.S. attorney for the Southern District of New York and former chairman of the Securities and Exchange Commission, to serve in the role permanently.

Section 702 lets agencies like the NSA and FBI collect communications of foreigners abroad without a warrant, but the calls, texts and phone calls of Americans communicating with foreign targets can also be gathered, a caveat that has long raised constitutional concerns with privacy advocates.

“Few people anywhere in the Legal Community are respected at the level of Jay,” Trump said in a Truth Social post Thursday. “I encourage the United States Senate to confirm Jay as soon as possible.”

An impasse between the White House and Democrats has persisted, with Democrats warning that Pulte’s role in mortgage fraud reviews last year could foreshadow an abuse of intelligence tools to target the president’s political opponents. Speaking to reporters in the Oval Office, Trump praised Clayton, and said Pulte would only be in his post “for a short while.”

It’s unclear how the appointment of Clayton, who appears to not have prior national intelligence experience, would affect the outcome of a 702 extension. After Thursday, the House is scheduled to recess until June 23, making it likely that the spying power would statutorily lapse for the first time in its existence for at least a week.

In a statement, Sen. Mark Warner, D-Va., the vice chairman of the Senate Intelligence Committee, said that he has “known and respected Jay Clayton for many years” and believes “he is a capable public servant.”

But he said the timing of the announcement is suspicious, noting that “the president could have put forward a qualified nominee from the beginning. Instead, he waited until the House of Representatives went out of town, choosing a path that raises the risk of an entirely avoidable lapse in a critical national security tool.”

Warner added that there needs to be a guarantee that Pulte will not serve as acting DNI in order for the Senate to take up a FISA extension.

“Either Director [Tulsi] Gabbard must remain in place or the administration must designate the Senate-confirmed Principal Deputy DNI as the acting head through any transition,” he said, referring to Aaron Lukaas, a number two official in that office.

“I have known Jay Clayton for decades and worked with him during his time as Chairman of the Securities Exchange Commission,” Rep. Jim Himes, D-Conn., the top Democrat on the House Intelligence Committee, said in a statement.

“During that time, he had the independence of mind and respect for the law that are necessary for any Director of National Intelligence,” added Himes. “I am hopeful that he will maintain that independence and provide apolitical high-quality intelligence to policymakers. The Senate should evaluate and confirm his nomination quickly. It is critical that we have a permanent DNI in place and move past the Bill Pulte disaster.”

Section 702 of FISA, enacted in 2008, codified parts of the once-secret Stellarwind surveillance program created under the Bush administration after the Sept. 11, 2001, attacks. In 2013, former NSA contractor Edward Snowden disclosed documents detailing how the authority was used, fueling a global debate over privacy and mass surveillance. The program is frequently used to track myriad national security threats.

In March, the Trump administration notified Congress that the Foreign Intelligence Surveillance Court renewed certifications for the surveillance program, letting it operate for another year even amid an expiration. The certifications can cover broad categories of national security risks, such as nuclear weapons and cyber threats.

But the split between the court’s recertification process and Capitol Hill’s role in extending the authority itself can create uncertainty for providers — such as AT&T and Microsoft — who are required to comply.

A congressional aide, speaking on the condition of anonymity to communicate private discussions, said staff on the House intelligence committee are assessing how the spying authority can still be used in the event of a lapse. One concern, said the aide, is that data collected under the 702 authority could become increasingly out-of-date, and, therefore, be less effective.

Civil liberties advocates contend that Section 702 collection can continue even after a statutory lapse because of the way annual certifications are approved, and that other authorities remain available to support national security operations.

A former intelligence official told Nextgov/FCW that, while collection activities would immediately, lawfully continue, firms may enter an “odd legal space” where providers mandated to comply with the law could argue that they don’t need to supply information. If access under 702 is curtailed, the intelligence community would likely explore ways to lean on other lawful collection authorities, the former official added.

Glenn Gerstell, former general counsel at the NSA, echoed these points.

“Companies may say they are not 100% certain the authority still applies,” he said in an interview.

Two areas — terror attacks and cyberattacks — might present a higher risk with the authority having lapsed, Gerstell added, because they are fast-moving developments that often rely on single tips that intelligence analysts must run down.

“702 is a great way to find and pursue that tip. It’s a great tool for quickly getting an answer,” he said. “If the FBI hears a ransomware attack has been made, and they believe it to be foreign-generated, they’re going to want to move with lightning speed to figure out where it’s coming from.”

“It feels like we’re playing Russian roulette with national security,” he later added.

The NSA, CIA, FBI and the Office of the Director of National Intelligence — which all have authority to access Section 702 data — did not return requests for comment.

]]>

DOJ shutters alleged China-linked operation targeting current and former feds

David DiMolfetta — Thu, 11 Jun 2026 08:00:00 -0400

The FBI and Justice Department seized 13 websites allegedly used by Chinese intelligence operatives to target current and former U.S. officials and military personnel with access to classified government information.

In a press release, the DOJ said the domains were designed to look like legitimate consulting firms and were used to advertise vague, well-paid consulting roles aimed at security clearance holders. The campaign, which allegedly began in November 2023, sought to entice Americans into producing research reports or sharing insider information on topics of interest to the Chinese government, according to court documents.

The seized domains included sites associated with firm names like Centrik Global Consulting, Rightinfo Consulting, Finnacle-Vesper Consulting, CYDF Consulting, Pulse Wave Global, Catalyst Global Solutions, Horizzen, GeoIndopacific, SafeSec Group and others.

The campaign relied on familiar job-market platforms and freelance sites to advertise positions such as “Senior Analyst” and “International Affairs Consultant.”

The Justice Department said the operators used aliases, fake personas, stolen identities and artificial intelligence-generated photographs to make the companies appear credible. The alleged scheme also involved encrypted messaging apps, including Telegram, overseas payments, cryptocurrency and online payment accounts registered under false names, according to an affidavit filed in support of the seizure warrants.

The takedowns mark the latest U.S. government effort to disrupt foreign intelligence schemes that blend online recruiting and financial incentives to reach Americans with access to sensitive national security information.

Waves of federal layoffs over the past year have pushed thousands of government employees and contractors into an uncertain job market. That disruption has created renewed collection opportunities for foreign intelligence services.

Nextgov/FCW reported in January that a suspected Chinese intelligence outfit contacted a former senior State Department official late last year and offered payment for an assessment of U.S. policy priorities in Venezuela. The person who contacted the former official claimed to be affiliated with a sham consulting firm that had previously surfaced in research first reported by Nextgov/FCW last September, that assessed the firm was part of a broader network of fake companies tied to China.

The U.S. has sought to further publicize targeting efforts. In a rare public disclosure, Army Deputy Chief of Staff for Intelligence Lt. Gen. Anthony R. Hale issued a memo in November warning that foreign adversaries are targeting soldiers, civilians and their families through fake companies and phony recruiters. The advisory was sent to more than a million personnel across the Army, and later to members of the media, marking an unusually direct acknowledgment of the threat.

]]>

Return-to-office push put GSA’s network infrastructure to the test

Edward Graham — Thu, 11 Jun 2026 07:00:00 -0400

Telecommunications services provider MetTel announced on Wednesday that it successfully completed network upgrades to 11 General Services Administration offices across the U.S. to help meet the needs of the Trump administration’s return-to-work mandate.

President Donald Trump signed a January 2025 executive order requiring that federal agencies “take all necessary steps to terminate remote work arrangements,” the vast majority of which evolved out of the COVID-19 pandemic that began in 2020. But an influx of employees back into offices also means that existing bandwidth and broadband services often need to be modernized.

MetTel said it outfitted the GSA offices “with Software-Defined Wide Area Network technology, 22 new high-capacity network circuits and Voice over IP services,” with the circuits being “tailored to the unique needs of each site.”

The work was conducted through GSA’s $50 billion governmentwide Enterprise Infrastructure Solutions contract to modernize its existing operations. MetTel received a $230 million task order under EIS in 2020 for network and voice infrastructure services.

A GSA spokesperson said in a statement to Nextgov/FCW that, “as the government’s needs continue to evolve, EIS contractors remain a dedicated partner, ready to respond to new requirements and support digital transformation efforts.”

MetTel has already taken steps to help modernize GSA’s operations, including announcing in November 2025 that it deployed “a nationwide network and voice infrastructure modernization” across the agency under the EIS contract.

In an interview with Nextgov/FCW, Don Parente — MetTel’s vice president of public sector — said that, “because we moved them to a software-defined architecture, it made it easier for us to very quickly spin up the dial and get additional bandwidth flowing for them.”

Parente said GSA’s previous SD-WAN adoption and embrace of faster broadband internet services, including Starlink, enabled it “to really pivot quickly when they needed to bring all these people back in the new office.”

]]>

OPM's long-planned HR overhaul moves ahead with $396M award to Oracle

Nick Wakeman — Wed, 10 Jun 2026 16:01:26 -0400

The Office of Personnel Management is sticking with the incumbent as the agency moves forward with a plan to modernize human resource systems across the government.

OPM has picked Oracle for the 10-year, $395.8 million Federal HR 2.0 contract that will cover more than two million federal employees. Oracle faced challengers such as Workday, IBM, SAP and Economic Systems Inc.

IBM and Economic Systems filed protests earlier this year objecting to terms in the solicitation. IBM withdrew its protest and GAO denied Economic Systems’ protest on June 1. Once the protests were resolved, OPM was clear to make its award.

Much of what OPM uses to manage HR functions is run on PeopleSoft, which Oracle acquired in 2005. Oracle recently extended its support for PeopleSoft through 2037, which includes updates and fixes.

The contract is structured as a firm-fixed-price award with a 10-year ordering period. Requirements include core HR and personnel action processing, payroll and benefits integration, audit-ready reporting, and time and attendance tracking.

The system also has to comply with security standards such as FISMA and FedRAMP, as well as be interoperable with existing federal IT systems.

OPM wants the core implementation to be completed by the fall. Other phases will follow for agency transitions, and then licensing and sustainment.

More than 100 HR systems currently operate across the federal government. Federal HR 2.0 is OPM’s attempt to wrangle all that into a single, integrated platform.

The goal of the program is to centralize HR functions across government agencies. OPM wants a platform that can be the infrastructure for a data-driven federal HR ecosystem, according to solicitation documents.

Some of the functions OPM wants include position management, personnel action, records processing, workforce analytics, and employee and manager self-service capabilities.

Given that the award was announced Wednesday, the clock is ticking for competitors to file protests. Companies generally have 10 days to file after a debriefing.

]]>

Building cyber-resilient payroll systems in government

Linda Jones — Wed, 10 Jun 2026 06:00:00 -0400

Payroll systems don’t usually make headlines, but in 2024, the State Department warned employees about a payroll fraud scheme where cybercriminals posed as staff to reroute direct deposits.

It started with spoofed emails that looked like they came from real employees and retirees, and some included fake 1099 forms loaded with malware. The goal was simple: Get in, change payment instructions, and disappear before anyone noticed.

It’s a sharp reminder that payroll is a high-value target. Essential, but vulnerable.

What the Threat Landscape Looks Like Now

Cybercriminals are increasingly targeting payroll and HR platforms because they know exactly what’s inside: credentials, Social Security numbers and bank details — prime ingredients for identity theft. Phishing attacks are the most common, but business email compromise is also rising. In these cases, attackers impersonate vendors or internal departments to reroute funds or gain access to sensitive files.

And while external threats get the most attention, internal risks shouldn’t be overlooked. Overly broad access or outdated permissions can lead to accidental exposure or worse. Then there are third-party tools that connect to payroll systems, like file transfer software or benefits integrations. These add convenience but also risk.

Take the 2023 MOVEit breach, for example. A vulnerability in a file transfer tool allowed attackers to steal sensitive data from government contractors, including personal information tied to Medicare. The breach showed just how damaging a weak link in the software supply chain can be.

Core Cybersecurity Measures Every Payroll System Needs

There’s no single fix for these risks, but there are clear priorities. Multi-factor authentication should be standard for everyone with access to payroll platforms, especially admin users. Role-based access controls help limit exposure and keep users from seeing more than they need to.

Encryption is critical, with masking and tokenization adding protection. Agencies should scan for vulnerabilities, log activity, and flag unusual access.

The good news is that there are solid frameworks out there. The National Institute of Standards and Technology’s Cybersecurity Framework and the CIS Controls give agencies clear starting points. The latest NIST update even highlights the need to embed cybersecurity into HR practices like employee onboarding, offboarding, and system deprovisioning. That’s especially important when payroll and HR platforms overlap, as they often do.

Security vs. Compliance: Where Agencies Get Stuck

Just because a system checks the compliance boxes doesn’t mean it’s secure. Some legacy platforms technically meet Federal Information Security Modernization Act or Fair Labor Standards Act standards, but still rely on outdated security protocols or lack support for basic protections like MFA.

Another common issue is access sprawl: giving employees more permissions than they need “just in case.” It may help in the short term but makes lateral attacks easier. The best approach is one where IT, HR and compliance teams work together — not separately — to close these gaps.

Why it’s Hard to Fix but Worth it

Upgrading payroll is tough. Legacy systems, limited budgets and staffing gaps all slow progress. But the risk of doing nothing keeps growing. As more agencies move to cloud-based systems, there’s a real opportunity to rethink not just how payroll works but how it’s secured. Modern platforms offer stronger baselines and make it easier to adopt tools like MFA, encryption, and behavioral monitoring.

At its core, payroll is personal. It touches every employee in the agency. When it breaks down, people feel it fast.

That’s why cybersecurity shouldn’t stop at the perimeter or the server room. It needs to extend into the systems that keep the government workforce running. Treat payroll like the critical system it is, and you’ll be protecting more than just data. You’ll be protecting trust.

Linda Jones, SHRM-CP, is the Vice President of Administration and a Board Member at Software Solutions Inc., where she has provided leadership for nearly 20 years. In her role, Linda oversees human resources, facilities management, vendor negotiations, and special projects.

]]>

Trump memo pushes national security agencies to move faster on AI

David DiMolfetta — Mon, 08 Jun 2026 14:16:17 -0400

President Donald Trump on Friday signed a national security memo aimed at speeding up government use of advanced artificial intelligence across the military and intelligence community, while also trying to harden those systems against foreign theft and manipulation.

The National Security Presidential Memorandum reflects a growing view inside the White House that U.S. security agencies are moving too slowly to adopt frontier AI tools, even as the evolving technology improves rapidly and rivals like China seek ways to craft their own versions.

It calls for agencies like the FBI, the Office of the Director of National Intelligence and the Office of the National Cyber Director to build “deep, proactive” relationships with AI companies so that cutting-edge models can be made available to national security personnel faster.

It also instructs officials to identify areas where AI could improve government operations, including intelligence analysis and cyber threat detection. At the same time, the memo says the tools cannot be used for unlawful surveillance of Americans, language that speaks to long-running civil liberties concerns over how agencies collect, analyze and process data.

The memo also focuses heavily on protecting U.S.-developed AI models from foreign adversaries. It directs senior officials, including Defense Secretary Pete Hegseth and NSA Director Gen. Joshua Rudd, to work with private-sector companies on security protocols meant to prevent advanced models from being stolen, copied or compromised.

One area of concern is model distillation, a technique in which an AI system repeatedly queries another AI system in an attempt to mimic its performance and build out a separate model. The White House in April accused China of carrying out “industrial-scale” distillation attacks on U.S. AI systems.

The memo also directs agencies to work with industry to secure the infrastructure that supports frontier AI, including the data centers that store the enormous amounts of computing power needed to run advanced models. Data centers have recently become more attractive targets during periods of geopolitical tension.

Trump recently signed an AI security executive order that leans heavily on voluntary cooperation with industry. That order encourages developers to submit powerful new models to a 30-day government review before public release.

More AI-related guidance is expected soon. Nick Andersen, CISA’s acting director, said last week that the cyber agency is preparing a binding operational directive focused on AI-enabled cyber threats.

The administration’s approach to AI has shifted in recent months as officials confront a new class of cyber-focused models, including Anthropic’s Mythos, that can rapidly identify vulnerabilities across computer networks. The model has become a major driver of government discussions over how advanced AI systems could reshape both defensive and offensive cyber operations.

Last week, Anthropic said it is expanding Project Glasswing — its controlled-access program for giving trusted organizations early access to Mythos — to about 150 additional entities. The new group spans more than 15 countries and includes organizations in water, healthcare, communications and other critical infrastructure sectors.

OpenAI’s recent release of GPT-5.5-Cyber, which also demonstrated sophisticated cyber capabilities, has further heightened concerns in Washington over how quickly these systems are advancing and how they could reshape both cyber defensive and offensive operations.

]]>

Electronic health record modernization needs better cyber and privacy collaboration, GAO says

Edward Graham — Thu, 04 Jun 2026 17:34:23 -0400

The Government Accountability Office said on Tuesday that the unit overseeing the federal government’s new electronic health record system is not collaborating enough with its partner agencies to secure the software against digital threats or ensure that patient data is sufficiently protected.

In a watchdog report, GAO said the Federal Electronic Health Record Modernization office “doesn't fully follow leading practices for collaboration” when it comes to the cybersecurity and privacy of data with the new EHR system.

The office oversees the government’s effort to deploy one common, interoperable system across the Department of Veterans Affairs, the Defense Department, the U.S. Coast Guard and the National Oceanic and Atmospheric Administration. GAO said the completed system is expected to have “more than 500,000 users providing care to over 18 million servicemembers, veterans, and their families, making it one of the nation’s largest electronic health record systems.”

FEHRM was created through a joint charter signed by DOD and VA in December 2019, with the four participating agencies taking on varying levels of cyber and privacy responsibilities.

DOD is primarily responsible for managing the cybersecurity of the EHR software and the network used to access the system. GAO said VA also has “responsibility for the cybersecurity of its own network.” Each of the four agencies is also responsible for managing their own networks and following applicable privacy laws when it comes to handling users’ data.

While GAO said that FEHRM has “initiated a number of efforts to promote collaboration” with the four agencies, it added that “it has done so without well-defined common goals and outcomes.” The watchdog added this includes concerns that the office does not “monitor, assess or communicate on performance measures” to hold its partners accountable.

“Articulating clear and measurable goals would better position the FEHRM to oversee the coordinated cybersecurity of the federal EHR by providing insight into the specific resources, skills, or time needed to address shared responsibilities,” the report said. “Further, these goals would help hold the FEHRM accountable for demonstrating how its activities, such as the development of the Joint Incident Management Framework, align with the common outcomes it seeks to achieve.”

FEHRM has been working to create the framework since 2021 to streamline agency responses to EHR-directed cyber threats, with GAO saying the guidance was most recently scheduled to be released in April.

Without outlining clear goals and outcomes, the watchdog said “progress on planned efforts, such as the Joint Incident Management Framework, may be impeded or further delayed.”

GAO’s concerns about planning extended to the office’s logistical operations, with the report saying that FEHRM “has not fully articulated specific short- or long-term goals or intended outcomes related to the cybersecurity of the federal EHR or the privacy of health data within it.” This included office officials telling GAO in January 2026 that it was still developing its goals for fiscal year 2026.

The watchdog made two recommendations, including calling for both DOD and VA leaders to press FEHRM “to define common goals, outcomes, and associated performance measures, and monitor, assess, and communicate progress on collaboration efforts toward ensuring the cybersecurity and privacy of the federal enclave.”

DOD did not concur with the report as it was written. VA neither agreed nor disagreed with GAO’s takeaways, but said it initially focused on establishing a unified culture to build trust with partner agencies, which it called “the essential first step.”

While the joint EHR system has reportedly not been directly targeted by a cyberattack, previous cyber incidents have underscored the impact these types of breaches and digital assaults can have on healthcare delivery.

A February 2024 ransomware attack on Change Healthcare — a subsidiary of UnitedHealth Group and the largest healthcare payment system in the U.S. — disrupted payments and prescription processing at medical facilities across the U.S. This included VA’s systems, with an agency official saying at the time that it affected just over 40,000 veterans’ medications.

That attack also affected “interface assessments” at the Captain James A. Lovell Federal Health Care Center in North Chicago, Illinois, a joint DOD-VA facility that was in the process of switching over to the new federal EHR system. That rollout, which occurred in March 2024, was the Pentagon’s last site rollout of the new software.

DOD and NOAA have completed their deployments of the new software, and the Coast Guard is reportedly in the final stages of its rollout. VA, however, has faced numerous missteps in its own EHR implementation effort.

VA paused most rollouts of the EHR system in April 2023 to address a host of safety, technical and usability concerns. The agency and DOD subsequently conducted the Lovell deployment during the reset period, which was the sixth VA facility to receive the new software.

The agency recently resumed EHR software rollouts at four Michigan-based medical facilities in April and plans to deploy the system at nine more sites in 2026. VA Secretary Doug Collins told Congress last month that the new rollouts were “phenomenal,” although he said the agency needs to go back and fix issues at the first five sites that received the software.

]]>

GSA lays out step-by-step guide for agencies to cut, streamline and automate work

Frank Konkel — Wed, 03 Jun 2026 08:00:00 -0400

The General Services Administration published a new playbook Wednesday to provide federal agencies and executives tools, strategies and a modern blueprint to automate repetitive tasks and give employees time back to perform mission-critical work.

The Elimination, Optimization and Automation playbook, developed by GSA, builds on lessons learned from federal pilots, mature automation programs and the agency’s own extensive internal enterprise efforts to improve operations.

While a new product, the playbook is already foundational to the agency’s moonshot goal to save and automate 1 million hours of workload for its staff—a goal it’s more than halfway toward achieving, according to GSA Deputy Administrator Mike Lynch.

Yet Lynch said there’s tremendous potential value in taking what’s worked at GSA and “putting those best practices out back to the broader federal government,” with many agencies grappling with similar problems. In this way, he said GSA is serving as a force multiplier for other agencies.

“I think from what I've seen, at least working in government, is so many of the challenges [agencies] are trying to solve are incredibly consistent,” Lynch said in a recent interview with Government Executive. “So there may be unique nuances based on the mission of the agency, but everyone's trying to understand how to deploy technology and use AI and drive efficiencies within our workflows.”

“We just don't have to start from go every time,” Lynch added. “There are learnings that we can provide from our experience at GSA, where we've had a more formalized process that allows other parts of the government to go faster and better. Hopefully, the results we’ve been able to produce through these types of programs makes it compelling and something that other agencies can use as appropriate within their groups.”

An early copy of the 37-page playbook viewed by Government Executive includes best practices based on technology implementation efforts at GSA and a handful of other agencies, including NASA and the Education Department, during this administration as well as the previous Trump administration. Collectively, the handbook “is formatted to follow a typical EOA project through its lifecycle, from ideation to deployment.”

It outlines a multi-phased approach to EOA projects — opportunity assessments, solution planning and design, implementing and sustaining — as well as an EOA toolkit with tools and templates “to help accelerate your agency’s launch of an effective EOA initiative.”

The playbook lists Lynch, GSA Chief Financial Officer Nimisha Agarwal and Larry Allen, Associate Administrator of the Office of Government Policy as executive sponsors; Chris Grigsby, Executive Director of Digital Finance, Mehul Parekh, Principal Deputy Associate Administrator of OGP, Anthony Cavallo, Division Director of the Business Modernization Division, and program analysts Gabrielle Perret and Will Spelker as EOA subject matter experts; and Andy Stegmaier, President of Management Science & Innovation and Nick Surkamp, Chief Delivery Officer of Management Science & Innovation as EOA playbook authors.

“It is incredible the work the team has done to set this up and provide a top-down framework for the program,” Lynch said.

Once published, Lynch said the next step is evangelizing the playbook across government. Internally, those efforts began with a May 12 Emerging Tech Showcase held at GSA’s Washington, D.C. headquarters and attended virtually by more than 2,000 people. The showcase featured several panels on the playbook featuring many of its contributors, as well as panels on GSA’s internal AI-powered chat platform, AI use cases across the agency and an industry-focused panel.

Lynch said he hopes to host a governmentwide showcase with an even larger audience sometime in July.

Other ‘force multipliers’ at GSA

Lynch said governmentwide demand for USAi has increased steadily since GSA launched the shared service to streamline AI adoption last August. Thus far, the agency has inked 24 agency agreements with USAi with 40 more in the works. Another 82 agencies have asked for demos of the technology available on USAi.

“USAi continues to be a really strong platform for us that's meant to be in very similar fashion to the EOA playbook, where we're trying to host and help provide a safe sandbox for other agencies to start to explore how they deploy AI within their workflows,” Lynch said.

Another governmentwide program, OneGov, has generated some $1.15 billion in savings through negotiated discounts on a variety of AI and software tools using the collective power of the entire federal government. More than two dozen companies, including most leading AI firms, are selling their software at a discounted price to agencies through OneGov. In total, nearly 3.4 million users across government have access to that software through OneGov.

]]>

OPM moves one step closer to HR system overhaul for 2 million federal workers

Nick Wakeman — Wed, 03 Jun 2026 07:00:00 -0400

With one protest withdrawn and a second one denied, the Office of Personnel Management is now free to move forward with its plan to award a 10-year contract to modernize the government’s human resource systems.

OPM released the final solicitation in October for the Federal HR 2.0 contract to modernize systems that cover 2 million employees across the government. The agency wants a single integrated platform that will be the infrastructure for a more data-driven federal HR ecosystem, according to solicitation documents.

Bidders had to submit proposals by Oct. 31 and OPM followed a two-step process for evaluation. After step one, IBM Corp. and then Economic Systems Inc. filed their protests.

IBM filed its protest on Feb. 25 but withdrew without explanation on April 3. Meanwhile, Economic Systems filed a protest on March 2. On Monday, the Government Accountability Office posted on its public docket that it had denied Economic Systems protest.

OPM could not make an award while the protests were active, but it could continue to evaluate proposals. Now it can pick a winner with the protests out of the way.

While no dollar value has been disclosed, the undertaking is massive.

OPM wants the platform to have functions such as position management, personnel action, records processing, workforce analytics, and employee and manager self-service capabilities.

The agency will pick a winner based on four technical factors including past experience and solution readiness, a written implementation approach, systems testing, and a virtual live demonstration.

Last year, OPM awarded a sole-source contract to Workday to fast-track the modernization effort. OPM later rescinded it amid criticism and instead moved to create the current solicitation for a broader, government-wide solution.

Workday is one of several companies in the running for Federal HR 2.0. An award could come anytime this month, according to GovTribe data.

]]>

What DOGE taught us about AI and federal workers

Kristen Cordell and Adrian Brown — Wed, 03 Jun 2026 06:00:00 -0400

Last year, the U.S. Agency for International Development lost 97% of its staff in a matter of weeks. An article published in The New York Times last month found the majority of these former employees were still out of work a year later — not between jobs, but out of the market entirely, with some managers who once earned six-figure salaries applying for part-time retail positions.

I watched this happen. I worked at the State Department until August 2025 and helped create a pro bono coaching network for impacted colleagues, many of whom were deeply traumatized. After thousands of hours of those conversations, one question kept surfacing: who am I now?

The cuts were political, not technological. But strip that away and what remains is the most concrete demonstration we have of what happens when a large category of federal professional work disappears faster than any system can absorb it — and why the standard policy response is not enough to cover these numbers. Over 270,000 federal employees separated from the U.S. government through layoffs, forced resignations and buyouts.

Most impacted workers did not lack skills. They lacked a place where those skills made the most sense. Federal workers who spent careers running HIV programs or managing humanitarian operations did not simply need to update their LinkedIn profiles. They lost the institutional context that made their expertise meaningful. The formal policy response was minimal. Workers relied on informal networks. The DC labor market, despite being one of the most credentialed in the country, has not absorbed their talent.

This is where the federal story becomes a story about artificial intelligence. As deferred resignation agreements were being signed in August 2025, the U.S. government licensed ChatGPT to all federal agencies for a dollar. The State Department reframed AI as the vehicle for development outcomes that USAID's human expertise previously delivered. OpenAI began offering grants to NGOs in regions where USAID once operated.

This is not a Washington anomaly. The Economist devoted its cover earlier this month to a question that was once considered alarmist: whether AI could produce the most significant disruption to working life in a generation. The answer, even among economists who were recently skeptical, is increasingly, possibly ‘yes’ — and governments should not wait to find out.

New data from the Bureau of Labor Statistics show AI-exposed occupations are already losing jobs, and government employees could be among the most vulnerable, given the large concentration of workers handling the analytical, administrative and policy roles where AI capabilities are advancing fastest. The official numbers are not catching up fast enough. By the time they do, the adjustment will already have failed for the workers caught in the first wave.

There are three things federal agencies and policymakers should be doing now: First, plan for the fiscal squeeze. Federal workforce costs are not just a spending question — they are a revenue question. As AI shifts work from human labor to automated systems, the income tax base that funds agencies, benefits and services erodes at exactly the moment demand for support rises. Brooking Institution modeling shows this fiscal pressure could be severe. Agencies need fiscal scenario planning now, not after the trend is visible in budget projections.

Second, design workforce transition for what people lose. The Office of Personnel Management’s current transition support is built for skills retraining. The evidence from the DOGE displacement, and from every serious study of mass professional job loss, is that the harder problem is purpose and identity, not capability. Transition programs that ignore this will produce the same frustration the DOGE coaching networks documented.

Third, ensure that AI deployment decisions in federal agencies are not made solely by the vendors supplying the technology. The informal support networks that emerged in Washington show what community-level resilience looks like when institutions fail. They deserve federal attention and funding, not just admiration. Workers, communities and agencies affected by AI deployment decisions need a meaningful voice in how those decisions are made.

The DOGE cuts were political, but what they demonstrated is not. Federal agencies are the first institutions in America to run this experiment at scale. The question is whether anyone in government is paying attention to the results.

Kristen Cordell served as Senior Advisor at the US Department of State until August 2025 and is currently Senior Director of Policy at Grand Challenges Canada. Adrian Brown is Founder and CEO of Windfall Trust, a nonprofit working with governments and policymakers on AI economic preparedness.

]]>

Cyber Force? Senator pushes to create service branch under the Army

Thomas Novelly — Mon, 01 Jun 2026 17:16:13 -0400

A new cyber-focused military service branch would sit under the Army if one senator’s proposal comes to fruition.

Sen. Kirsten Gillibrand, D-N.Y., is spearheading a markup amendment to the Senate’s 2027 National Defense Authorization Act that would create a “Cyber Force” as the next armed service branch. The senator’s office confirmed that the amendment proposes to establish the branch under the Army, just as the Space Force and Marine Corps sit under the Air Force and Navy.

Similar provisions are reportedly being floated in the House, according to two people familiar with policy discussions. Earlier this year, Rep. Pat Fallon, R-Texas, told the Center For Strategic and International Studies that a “Cyber Force is inevitable” and “we’re going to get this done.” A Fallon spokesperson did not respond to multiple requests for comment on Friday asking about a potential amendment.

“New and escalating cyber threats on the battlefield demand a change to our current approach. The status quo and years of incremental changes are not meeting the current threat and are insufficient as that threat grows,” Gillibrand told Defense One in an emailed statement. “I believe, and many experts agree, that the creation of a dedicated Cyber Force will ensure the United States is ready to fight and win on the modern battlefield and protect our national security.”

The proposed amendment marks the latest push in a years-long effort. Gillibrand and House lawmakers have backed the idea before. In the 2025 National Defense Authorization Act, lawmakers commissioned the National Academies of Sciences, Engineering, and Medicine to study “alternative organizational models for the cyber forces of the Armed Forces.” Those findings have not been released. Details from the amendments showing what a Cyber Force might look like are not yet public, but think tanks and national security experts have already been pitching their own force designs.

A 2024 Foundation for Defense of Democracies report concluded that a Cyber Force could sit under the Army, muster about 10,000 personnel, and need a budget of around $16.5 billion. In August 2025, the FDD and the Center for Strategic and International Studies announced a commission on Cyber Force Generation. A report from those think tanks is scheduled to be released next month.

One former military official said there would be strengths to a cyber-focused service, but putting it under the Army is a bad idea. They argued that cyber would remain a secondary priority amid the branch’s many missions.

“The Army is the largest service by far,” the former official said. “Manpower-wise, it's like half the department, and it's like, ‘we'll put it under because it'll be easy for the Army to just put in another force.’ It's already hard enough to run the Army as it is.”

Mark Montgomery, a retired Navy rear admiral and an FDD senior fellow who advocates for a Cyber Force, argued that this year is an ideal time to create a new service.

“Timing-wise, you need to do this in the beginning or middle of an administration, not at the end of an administration,” Montgomery said.

The proposed amendment would need to survive multiple Senate and House edits to make the final compromise NDAA.

It’s not clear if the Trump administration would support the latest bipartisan push. Last year, the Pentagon rolled out CYBERCOM 2.0, a series of policy changes aimed at beefing up the recruiting, training, and missions of the existing U.S. Cyber Command.

Katie Sutton, the assistant defense secretary for cyber policy and principal cyber advisor to Defense Secretary Pete Hegseth, defended the Cyber Command reforms during a January Senate hearing, and said a renewed command and a new service could co-exist.

“I think this is a really important debate for us all to be having about the future of the cyber warfighting domain,” Sutton told the Senate Armed Services Committee in January. “I do think one of the most common misconceptions about Cyber Command is that it is a debate between Cyber Command 2.0 and a cyber force, and they are actually separate debates that I believe both need to be had, and we need to look closely at the pros and cons of both.”

Advocates for a separate and independent cyber-focused service branch say it aligns with the Trump administration’s calls for “offensive cyber operations against those planning to kill Americans,” the White House’s new counterterrorism strategy said. It also comes as President Donald Trump and Gen. Dan Caine, the Joint Chiefs chairman, acknowledged the growing role of cyber effects in U.S. military operations in Iran and Venezuela, Defense One and sister publication NextGov/FCW have previously reported.

“The president says, ‘We've got to be more offensive’ but then you got to better generate forces to be offensive, and we don't generate enough forces to do both offensive cyber and defensive cyber operations,” Montgomery said. “A cyber force is clearly necessary.”

]]>

Tech Force set out to hire 1,000 technologists last year. It’s onboarded 10 so far

Natalie Alms — Fri, 29 May 2026 08:00:00 -0400

Late last year, the Trump administration began an effort to recruit early-career software and data engineers after pushing almost 20,000 technology employees out of their government jobs under widespread downsizing imperatives.

The goal of that new effort, called the U.S. Tech Force, was to hire a 1,000-strong cohort — potentially as soon as the end of March, Scott Kupor, the head of the Office of Personnel Management, said in December.

So far, the program has onboarded only 10 new hires, Tech Force Director Kevin Hennecken said during a Thursday event held by the Alliance for Digital Innovation trade association. Overall, the program has made 180 to 200 hires.

“I would love to have everybody here yesterday,” Kupor told Nextgov/FCW in an interview. “But I’m learning the government hiring process does take time.”

OPM is managing the program centrally, working with agencies across the federal government to place fellows into two-year stints. OPM is also partnering with about 40 companies, like Amazon Web Services and Nvidia, to train the new hires, as well as provide managers from within their own ranks to take a leave of absence to work for the government.

Onboarding these new managers has also lagged. Three or four managers are in the process of onboarding now, said Kupor.

The Justice Department issued a memo in March blessing OPM’s plan to allow those private sector managers to keep their deferred compensation packages while working for the government — a setup that’s made ethics experts nervous.

“It’s always going to be slower than we would have wanted, but I don't think we’re discouraged by that at all,” said Hennecken, who said that the goal is to hire 300 to 500 fellows by the end of the summer. “I think it just takes time to build a program.”

A ‘heavyweight process’

Federal hiring is governed by strict rules and processes, some of which were established centuries ago and were meant to move the government from the spoils system to one based on merit.

It’s a “heavyweight process” that moves more slowly than the private sector, said Kupor, who previously worked in venture capital.

Kupor often laments the relatively small number of young workers in the federal government compared to the private sector. How to recruit and hire early-career talent within the federal system has long been a difficult challenge that has intersected with efforts to move the government away from antiquated technology into the 21st century.

Other efforts to hire cybersecurity talent or fill the gap by re-training existing employees with new skills have also stumbled.

For Tech Force, OPM has had to clear up “confusion” among HR officials in agencies about how some of the typical government hiring rules apply, said Kupor. The government typically prioritizes federal employees who have been laid off if they apply for other, open jobs that they’re qualified for.

That could have been welcome news for feds displaced last year as the Trump administration sought to shrink the size of the government workforce, many of whom are still searching for new jobs. But those rules don’t apply to Tech Force because of the type of hiring authority being used, said Kupor.

Government agencies also aren’t used to hiring off of centralized lists like those OPM is using to share Tech Force candidates after centrally testing and screening applicants, said Kupor, although doing more centralized hiring is one of his goals.

The hurdles have inspired an effort to drive a “tighter alignment” between agencies’ HR heads and senior political officials as part of OPM’s broader early career hiring push, said Kupor, so that any questions can be worked through more quickly.

A higher entry point

Eric Sidle, chief information officer and chief artificial intelligence officer at the Department of Housing and Urban Development, said Tuesday that delays in getting the new program going aren’t OPM’s fault.

The government’s HR agency is doing a "phenomenal job,” he said, noting that agency personnel shops themselves are busy balancing this effort against other priorities.

The early career talent that the government does hire as part of Tech Force — which may include cybersecurity-focused employees after OPM added that focus in April — will be making between $150,000 and $200,000, which is more than early-career hires in government typically make.

The government already has an early career tech program, called the U.S. Digital Corps, although it hasn’t onboarded a class since Trump took office for his second term. It pays its D.C. fellows a starting salary of $86,000.

While Tech Force is bringing employees into the government at a GS-14 level on the government’s pay and classification system — one of the highest available on the General Schedule — Digital Corps hires fellows at a GS-9 with the potential for promotions.

For Tech Force, agencies are getting resumes ranging from recent college graduates to people with a few years of experience on the job, one person familiar with the program told Nextgov/FCW.

Whether the relatively high pay being offered to those joining the program will affect the morale of the teams they’re joining is an open question, that person said. The Tech Force applicants being shared with agencies don’t have the typical experience and skills of someone at a GS-14 level, they added.

Those running Tech Force have emphasized that the government often struggles to compete for in-demand tech talent against the private sector, in part because the latter can usually pay more.

Unlike the U.S. Digital Corps, which was designed to funnel early-career talent into permanent roles, keeping the talent recruited by Tech Force in government service isn’t necessarily an expectation.

By working with OPM, private sector companies are meant to prove to potential applicants that the experience they get in the government will be valued on the market when they’re done.

While in the government, many of the new hires will be working in agencies on wholly contained Tech Force teams, but, in some cases, they’ll be integrated into existing units at government agencies, said Kupor.

Three weeks ago, OPM itself onboarded the first Tech Force fellow, who graduated college last year.

Kupor said he’s planning to bring more fellows into OPM to work on the Trump administration’s ‘War on Fraud’ by using data science to flag potential fraud in the government’s health insurance portfolio that is run for federal employees.

]]>

Lacking data policy is more than a research problem, it's a government performance problem

David C. Wilson and Christopher Jackson — Fri, 29 May 2026 07:00:00 -0400

Effective democracies require modern data policies that direct the country’s ability to govern and hold legitimacy. Data policies offer information justice by providing formal guidelines and rules for the collection, management, protection, and disposal of public information — quantitative and qualitative. They can also bolster trust by setting oversight of information quality — ensuring accuracy and accountability. This policy domain of “data” is understudied, undervalued and underemphasized, despite the accelerated use of data against a backdrop of growing public mistrust.

The federal statistical system has long operated as background infrastructure, as something agency leaders and program managers relied on without much thought, the way they rely on relevant domains like electricity or broadband. Data from the Census Bureau, the Bureau of Labor Statistics, the Centers for Disease Control, the National Center for Education Statistics, and their counterparts across the government showed up when needed most in democracy: to justify budget requests, measure program outcomes, allocate resources and demonstrate results to oversight bodies and the public.

That infrastructure is now under serious strain with pain being felt inside and outside government, at federal, state and local levels. Earlier this year, the social science research company SSRS conducted a survey of more than 500 users of federal statistical data across academia, nonprofit organizations, state and local governments and the private sector. The core question was "have changes to the federal statistical system impacted your ability to do your work?" The findings were resounding, with 93% of respondents reporting that changes to the federal statistical system since the start of 2025 have damaged their ability to do their work. It is quite likely staff inside the government are experiencing similar difficulties.

These respondents describe specific challenges. They report datasets have been taken offline without notice. Expected data publications have been delayed or canceled. Restricted-use data approvals that once took days are now taking months, if they happen at all. Staffing cuts at federal statistical agencies have hollowed out the technical assistance functions that helped users work with complex federal datasets. These stories are not just about citizens, they also represent real breakdowns in the informational infrastructure that federal agencies themselves also depend on to manage programs, respond to Congress and serve the public. These are not failings of politics, they are failings of policy.

For federal leaders, the implications of not having earnest data policy cut in several directions.

The data crisis is a workforce crisis

Respondents to the survey were consistent on this point: the most immediate source of their difficulties is not missing datasets but missing people. When experienced staff depart, they take with them decades of applied knowledge about how data collections work, where the edge cases are and how to help users get reliable answers from complex products. One respondent described the situation plainly: institutional knowledge has been forever lost, and the data user community will suffer in ways that may not be fully known or even detectable. Agency leaders managing through the current period of workforce reduction should treat the departure of statistical expertise as a long-term operational risk, not just a position that can be filled in the next appropriation cycle.

Broken time series are not self-correcting

One of the most consequential findings from the survey involves longitudinal data, the long-running collections that allow agencies, researchers and policymakers to track trends over time. Respondents were clear about what interrupted collections mean in practice. A gap in a time series is not simply a missing data point, it undermines the comparability of all subsequent data, potentially for years. The government shutdown in fall 2025 produced the first interruption to the Current Population Survey in more than 70 years. The October 2025 Consumer Price Index was lost entirely. These are not recoverable losses. They are permanent holes in the historical record, with downstream consequences for economic forecasting, policy evaluation and program management that will persist long after the immediate disruptions are resolved.

There are no adequate substitutes

Public data users in this survey are doing their best to adapt. They are delaying programs until data is available, turning to older archived datasets or private sector sources, leveraging state and locally collected data or building statistical models as workarounds. But they are nearly unanimous that none of these options adequately replace timely, high-quality federal data.

Trust, once lost, is hard to rebuild

More than 70% of these public data users express concern about the long-term erosion of public trust in federal statistics. This is not a soft concern. Trust in official statistics is the foundation on which their practical utility rests. When state and local government planners, nonprofit service providers or academic researchers begin to doubt the integrity or continuity of federal data, they stop building systems that depend on it. The downstream effects on evidence-based management inside agencies are real and compounding.

What would it take to stabilize the situation? Beyond appropriations decisions, effective data policy should direct agencies to preserve statistical expertise as national security and workforce retention priorities, not afterthoughts. Where staff departures are unavoidable, structured efforts to document institutional knowledge, how data collections work, where errors arise and what common user needs exist, could help preserve at least some of what would otherwise be lost.

These public data users are instructive for data policy, they tell us that the federal statistical system is not only a research amenity, it is operational infrastructure. This is equally true for the federal workforce in general. When the data system degrades, government's capacity to know what is working, who needs help and whether resources are reaching their intended targets degrades with it — affecting how ordinary people experience democracy and their government. Rebuilding that capacity will require sustained attention from federal executives who recognize the need for serious data policy that modernizes America’s data infrastructure and take steps to safeguard it.

David C. Wilson is dean and professor at the Goldman School of Public Policy, UC Berkeley, and Chris Jackson is senior vice president at SSRS.

]]>

Top White House cyber policy official to soon depart

David DiMolfetta — Thu, 28 May 2026 12:24:29 -0400

Alexandra Seymour, a top policy official in the White House Office of the National Cyber Director, intends to leave her position soon, according to two people familiar with the matter.

Seymour, who serves as principal deputy assistant national cyber director for policy, is expected to depart within the next week, said the people, who spoke on the condition of anonymity to provide details about the move. It’s not clear where she is headed next, or when she would start a new role.

An ONCD spokesperson did not return a request for comment by publishing time.

Seymour previously served as staff director for the House Homeland Security Committee’s cybersecurity subcommittee, where she worked on cyber and critical infrastructure policy issues. She also advised the Senate Commerce Committee on artificial intelligence, quantum technology and CHIPS and Science Act implementation matters, and she co-founded the Congressional Staff Association on Artificial Intelligence.

During President Donald Trump’s first term, Seymour served on the White House National Security Council and at the Pentagon, where she worked on transnational organized crime issues and also served as a speechwriter for the deputy defense secretary.

Her anticipated departure comes as ONCD has sought to take a leading role in AI-related cyber policy matters and as officials in industry and government increasingly question whether the office’s leadership has been able to respond effectively to rapidly advancing artificial intelligence models with potentially dangerous hacking capabilities. A cyber-focused AI executive order was shelved last week amid overregulation concerns from industry.

“Alexandra is one of the nation’s top national security policy executives, and frankly, it wouldn’t be a surprise to see a top company move quickly to bring her on board,” Anjelica Dortch, vice president of operational risk and cybersecurity policy at the Independent Community Bankers of America, told Nextgov/FCW in response to the news.

“She has been an invaluable collaborator on efforts including the National Cyber Strategy, the reauthorization of the 2015 Cybersecurity Information Sharing Act, and ensuring that industry perspectives are meaningfully integrated into our nation’s cyber policies,” added Dortch.

]]>

Ryan Donaghy returns to CISA as first chief operating officer

David DiMolfetta — Fri, 22 May 2026 13:36:16 -0400

After departing the Cybersecurity and Infrastructure Security Agency last fall, Ryan Donaghy returned to the agency this week to serve as its first chief operating officer, according to a Thursday announcement.

Donaghy, who held acting director roles in two of the cyberdefense agency’s divisions, had moved to the Transportation Security Administration in October of last year, Nextgov/FCW first reported.

“As COO, Ryan will serve as the principal advisor to CISA’s Senior Leadership on agency operations, business functions, financial and acquisition management, policy development, and interagency efforts supporting our strategic goals,” the agency said in a LinkedIn post. “She will help ensure these efforts reflect the Director’s priorities and comply with applicable laws and regulations, while strengthening coordination across enterprise programs and DHS.”

Donaghy has held several leadership assignments in the cyberdefense agency, including chief of metrics and analysis within the Office of Infrastructure Protection, senior data scientist in the National Risk Management Center and deputy chief for chemical security policy, rulemaking and engagement.

Several of CISA’s units have been targeted for restructuring amid sweeping Trump-era cuts and reorganization efforts at the agency.

CISA has faced staffing reductions, program reviews and broader shakeups as the administration moves to scale back parts of the federal cybersecurity and infrastructure security apparatus. The White House is seeking to reduce the agency’s budget by a net amount of $360 million for the 2027 fiscal year.

]]>

Reported exposure of federal cybersecurity agency login data prompts Hill scrutiny

David DiMolfetta — Wed, 20 May 2026 15:25:50 -0400

Top Democratic lawmakers on the House Homeland Security Committee have requested a briefing from Cybersecurity and Infrastructure Security Agency acting Director Nick Andersen following reports of a contractor-linked leak of internal agency credentials.

Independent journalist Brian Krebs reported Monday that researchers identified a publicly accessible GitHub repository connected to government contractor Nightwing that allegedly exposed a broad collection of sensitive access information tied to systems used by CISA and its parent agency, the Department of Homeland Security.

“We demand a briefing as soon as possible on how this serious security lapse occurred, any potential security consequences, remediation activities, corrective actions related to the contractor personnel involved, and efforts to monitor for and prevent similar activity from occurring in the future,” wrote Rep. Bennie Thompson of Mississippi, the committee’s ranking member, and Rep. Delia Ramirez of Illinois, the ranking member of the panel’s cyber subcommittee, in a Tuesday letter shared with Nextgov/FCW.

The materials, stored in a repository labeled “Private CISA,” reportedly included items like authentication credentials, AWS GovCloud information and other sensitive data. The repository was later removed from public view. Nextgov/FCW has not independently verified its contents.

“Security researchers said the content openly available online included information on ‘how CISA builds, tests and deploys software internally,’ and they described it as ‘one of the most egregious government data leaks in recent history.’ We agree,” said the letter, referring to the contents of Krebs' reporting.

A Nightwing spokesperson referred inquiries to CISA.

“We do not comment on congressional correspondence but respond to members directly,” an agency spokesperson said.

A separate letter to Andersen was sent by Sen. Maggie Hassan, D-N.H., Axios reported Tuesday.

CISA has undergone significant workforce cuts in the last year, which Thompson and Ramirez say may have contributed to the incident. They worry that “a substantially reduced workforce, coupled with the administration’s indifference to security, created the conditions that allowed such a significant security lapse to occur. Moreover, we are concerned that the incident undermines CISA’s credibility.”

Editor’s note: This story was updated to include a comment from CISA.

]]>

USDA is using AI, but doesn’t have the required controls to manage risks, watchdog finds

Natalie Alms — Tue, 19 May 2026 17:16:45 -0400

The Agriculture Department is using artificial intelligence to identify risks in the supply chain, estimate yearly corn and soybean yields and make recommendations during the permitting process.

But the department doesn’t have all of the required cybersecurity and governance controls to keep that technology in check, according to an inspector general report released last week, which found that Agriculture doesn’t even have a generative AI policy at all.

The department hasn’t fully implemented cyber and risk controls in its AI systems, as required by federal standards, because it has prioritized using AI over setting up controls for the technology. The Trump administration has sought to aggressively roll out AI across the government, in addition to efforts to dominate with the technology on the world stage.

At USDA, AI systems “could be vulnerable and lack critical security controls, leaving the agency susceptible to data breaches or reputational harm” because of the lack of strong governance around the technology, the new report says.

Agriculture hasn’t followed all the risk management and governance controls set in place by the Office of Management and Budget during the Biden administration and modified by the Trump administration. The department has installed a chief AI officer as required, but it hasn’t updated agency policies — or implemented minimum risk management practices for AI systems deemed especially risky, like those that affect civil rights or critical infrastructure.

Almost none of the AI use cases in the department’s fiscal year 2024 inventory had an authority to operate, a formal approval issued for technology systems meant to make sure that the government thinks through the risks associated with different technologies before using them.

That means that management doesn’t have assurance that the department has cybersecurity controls in place, the report says.

The inventory itself may also be insufficient to account for all potential dangers, as the OIG said the department is at risk of shadow AI — technology used by employees that management isn’t aware of or hasn’t approved — creeping across the department, since it relies only on an annual data call for employees to self-report AI that they use.

The watchdog included several recommendations for the department to implement controls and update policies, all of which Agriculture agreed with.

]]>

'Your 30 days has become 30 hours’: AI is reshaping federal cyber defense

Frank Konkel — Tue, 19 May 2026 13:09:48 -0400

Advanced AI models with unique hacking capabilities like Anthropic’s Mythos should bring federal agencies that handle some of the government’s most sensitive information to a “reflection point,” according to one of the CIA’s top tech officials.

“I think it is a reflection point and I think people need to view it in that fashion,” said Dan Richard, Associate Deputy Director of the CIA’s Digital Innovation Directorate. Richard spoke on a panel Friday at the Qualys ROCon Public Sector 2026 conference in Tysons Corner, Virginia.

A previous version of the Mythos software was released to a limited group of tech companies in April with much fanfare, due to its ability to detect countless software bugs and defects.

Security researchers and experts reacted with a mix of excitement and caution, with some warning the software could usher in a new era for hackers and lower the barrier to entry for would-be attackers. Mythos and competing models like OpenAI’s GPT-5.5 have forced executive agencies to grapple with their capabilities and prompted emergency briefings for lawmakers.

Richard said he feels “bullish in terms of the opportunities that are out there,” largely because these AI models can help agencies like the CIA deal with the deluge of data they generate and automate responses to potential threats. He likened the current Mythos-driven moment to Ukraine’s response to Russia’s invasion in 2022.

“[Ukraine] had gone through a decade of the Russians infiltrating their networks and having to deal with that implication, but when the Russians attacked in 2022 the Ukrainians were prepared because they understood they couldn’t do it themselves,” he said. “Shoulder-to-shoulder with them were the private sector vendors to support what they were doing and to help what they’re doing.”

Richard said the U.S. government is in the “same position” now, and public-private partnerships will be key to ensuring the nation gets it right.

“80% of our nation’s critical infrastructure is in private sector hands, so there is no solution that does not include private sector partners,” Richard said. “We talk about partnership all the time, but this is really different. This isn’t transactional. This is us, as a country, figuring out with the academic community, with the private sector community and with our public sector partners working together to be able to defeat and take advantage of what I see as an optimal opportunity for the agency, but for the country.”

Joe Kelly, division director of the Applied Research Laboratory for Intelligence and Security at the University of Maryland, said advanced AI models are going to lower the barrier to entry for would-be hackers.

“The real danger when we look at something like Mythos — whether you believe the hype or not — is it certainly creates what we already see with Claude Code, the ability for script kiddies to cause real damage even without knowing what they’re doing,” Kelly said. “It’s going to lift all those. I do worry about the complexity that we’re entering in this era.”

‘It’s moving so fast, it’s scary’

IonQ Chief Information Officer Katie Arrington, who spent most of 2025 serving as the Pentagon’s chief information officer, said the influx of advanced AI tools — and the speed at which they’re emerging — will test government to the extreme. Existing governance requires IT security vulnerabilities be patched within 30 days, and 15 days for vulnerabilities designated “critical.”

“You don’t have time like that anymore,” Arrington said during a panel at the Qualys event. “We’re talking about a tool that can find every vulnerability in seconds on a platform.”

Arrington said these kinds of advanced AI models weren’t a discussion item even 12 months ago. At that time, the Pentagon was just trying to improve the speed that it could bring general AI tools into its networks.

“It’s moving so fast, it’s scary,” Arrington said. “It scares me and it excites me how fast Mythos came alive.”

Qualys CEO Sumedh Thakar said federal agencies may need to take a more proactive — rather than reactive — approach to risk management to deal with the growing range of threats from advanced AI tools. His company is using its AI-powered cybersecurity tools, including TotalCloud, which recently received authorization to operate in the government’s FedRAMP High environments, to allow customers to automate vulnerability patching, reducing some of the manual processes and “dashboard tourism” cyber professionals otherwise deal with.

Thakar said autonomous remediation allows savvy customers to “battle AI with the speed of AI.”

“Now with attackers leveraging AI, as soon as a patch comes out, they can reverse engineer the patch and they can start to figure out the exploit. Your 30 days has become 30 hours, or three hours,” Thakar said. “What we really focus on is to get over the fear of autonomous remediation. It’s not an option.”

]]>

OneGov AI deals are now reaching millions of federal users, GSA says

Edward Graham — Mon, 18 May 2026 14:31:25 -0400

Millions of federal users can now take advantage of artificial intelligence-specific tools offered through the General Services Administration’s OneGov initiative, an agency official said on Friday.

Speaking on a panel at the ACT-IAC Emerging Technology and Innovation Conference, Birgit Smeltzer — director of GSA’s Office of IT Products, IT Category — said “more than 120 orders have been placed against OneGov’s AI offerings, and that has provided this new technology, or availability, to about 3.4 million across government for this particular technology.”

GSA launched OneGov in April 2025 as a way to offer agencies discounted rates on select private sector technologies and software services by treating the government as one customer. Twenty companies, including Microsoft and Adobe, have reached agreements with GSA so far to offer significant cost savings on some of their products.

These deals have also provided agencies and government personnel with the opportunity to onboard new AI capabilities, which GSA officials previously said is helping speed up government use of and experimentation with the tools.

Smeltzer said multiple agencies have already taken advantage of OneGov’s AI offerings, including the departments of Health and Human Services, Veterans Affairs, Transportation and State, among others. She added that AI offerings accessed through OneGov can enhance workforce familiarity with the tools as the government looks to increase adoption of the capabilities moving forward.

“Now, the agency makes it available to you for maybe a limited time, but you're able to use it in your workday, and can see how it can benefit you and get your work done more efficiently — perhaps without losing your job over [using] it,” Smeltzer said.

GSA officials have touted the cost savings associated with using products purchased through the initiative.

“We want GSA not to just be a shared service across government, but a force multiplier across the government,” GSA Deputy Administrator Mike Lynch said Tuesday at the Coalition for Common Sense in Government Procurement Spring Training Conference in Falls Church.

He added that GSA has identified $1.15 billion in savings through the OneGov program through negotiated discounts of a variety of AI and software tools using the collective buying power of the federal government. The program, Lynch said, will continue to mature in the coming year.

Lynch also said acquiring AI at discounted rates achieved through OneGov is an ideal follow-up for agencies that have experimented with AI and large language models through the USAi.gov shared service platform. Several thousand federal employees have used the USAi platform since GSA launched it last August in response to President Trump’s AI Action Plan.

“We want to see where we can add value, and we’re constantly checking in with industry partners and with agencies to ensure we’re providing world-class service,” Lynch said.

In a statement to Nextgov/FCW, a GSA spokesperson said the AI use and cost savings made possible through OneGov “are real, measurable results from unified buying and direct engagement with [original equipment manufacturers].”

GovExec Editor-in-Chief Frank Konkel contributed to this report.

]]>

House Homeland panel gets a rare look at advanced AI tool amid escalating cyber concerns

David DiMolfetta — Fri, 15 May 2026 07:00:00 -0400

Members of the House Homeland Security Committee were briefed Wednesday on Mythos, the Anthropic artificial intelligence model that has drawn vast attention across the cybersecurity community for its advanced hacking capabilities.

Anthropic executives provided the panel with a live demonstration of Mythos, allowing members to see how advanced AI can identify and reason through software vulnerabilities, according to a committee aide who attended the briefing and requested anonymity to communicate details of the demo.

“What we saw reinforced the urgency of ensuring that federal agencies, including our civilian cyber defenders, can responsibly access and deploy the most advanced U.S. models to find and patch vulnerabilities before foreign adversaries or criminal actors exploit them,” said the aide, who noted the briefing was one of the first live demonstrations delivered to Congress.

President Donald Trump is meeting with Chinese President Xi Jinping this week, where AI competition is expected to come up in the discussion. Last month, the White House accused Beijing of attempting to copy components of U.S. AI systems to build similar models of its own through a process known as distillation.

“As the [People’s Republic of China] aggressively works to close the AI innovation gap with the United States, the committee remains focused on ensuring that America’s AI leadership translates into a durable national security advantage, not a temporary lead that adversaries can copy, steal or rapidly commoditize,” the aide added.

The briefing was “productive and focused on a range of AI security and competitiveness issues,” according to a second person familiar with the demo.

Members discussed how the U.S. can preserve its advantage in AI, including maintaining leadership in compute power and preventing China from obtaining advanced chips, said the person, who added that attendees discussed safeguards for advanced AI models and ensuring future systems are developed and deployed safely and securely.

Lawmakers also asked questions about Anthropic’s engagement with the federal government, including whether an ongoing legal dispute over a Defense Department supply chain risk designation against the company is affecting conversations about the use of AI models across federal agencies, including at CISA, which reportedly doesn’t have full access to the model.

The second person did not add additional details about who in the government has access to Mythos, but said “the implications of advanced AI tools for state and local governments and under-resourced critical infrastructure sectors, including water systems, were also discussed.”

Mythos, unveiled last month, was held back from a full public release on the grounds that it could pose national security risks in the wrong hands. U.S. critical infrastructure stakeholders have been vying for access to the tool so it can be run against their own systems to identify and patch previously undiscovered vulnerabilities that could be exploited by hackers.

The Hill first reported news of the demo.

It’s unclear which government agencies have access to Mythos, although multiple reports and people familiar with the matter previously confirmed to Nextgov/FCW that the NSA is among them.

Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., told Politico that he and Chairman Tom Cotton, R-Ark., were briefed on Mythos by Gen. Joshua Rudd, who leads Cyber Command and the NSA, but did not provide further details.

]]>

‘It would be insane’ for spy agencies to not have AI model early access, lawmaker says

David DiMolfetta — Tue, 12 May 2026 15:40:39 -0400

Rep. Jim Himes, D-Conn., the top Democrat on the House Intelligence Committee, said Tuesday it would be “insane” for U.S. intelligence agencies to not have early access to advanced artificial intelligence models that could be used for hacking and cyberdefense.

His remarks, delivered on a panel at Politico’s Security Summit, come as the Trump administration is reportedly considering a major AI executive order and debating whether the Commerce Department or intelligence community should oversee evaluations of AI models. They also come as President Donald Trump makes a planned trip to China this week, where he is expected to discuss AI matters with Chinese President Xi Jinping.

“Making sure that, in particular, where our real computational brains are, the National Security Agency, making sure they have access to the most capable hacking tools … it would be insane not to do that, right?” he said.

The NSA, the spy community’s premiere hacking, codebreaking and foreign eavesdropping giant, has been testing Mythos, a major Anthropic model that’s been held back from full public release due to its substantial cyber capabilities, multiple people familiar with the matter said.

On Monday, The Washington Post reported the Trump administration is split over whether to give spy agencies or the Commerce Department dibs at evaluating models. Commerce officials are pushing back against a White House proposal to house an AI evaluation center within the intelligence community, according to the report.

Himes said the Commerce Department should also have a role to play in AI policy.

“Across the government, we should be looking at these capabilities,” he said, adding that “we ought to be cultivating — not damaging — our relationship with the producer of this remarkable new technology,” in a nod to the ongoing legal complaints Anthropic has lodged at the Defense Department, which deemed it a supply chain risk earlier this year after the company said it wouldn’t meet certain Pentagon demands.

Himes said he doesn’t think the legal spat between the DOD and Anthropic has set back the intelligence community in the near term, though “if this drags out, if [Defense Secretary] Pete Hegseth gets a bee in his bonnet about this and just decides to target because his ego is damaged … that will be a massive liability for United States national security.”

Officials are circulating draft policy documents with language clarifying the government’s ability to use private sector tech without outside stipulations, Nextgov/FCW reported last week. It’s not clear if the contracting language is part of a coming executive order or a separate policy initiative.

The ongoing discussions highlight how the Trump administration is closely examining cyber threats brought on by advanced AI models and is looking to take a more hands-on approach toward the AI sector, despite prior laissez-faire positions.

]]>

Anthropic, Code for America pilot AI tools for SNAP eligibility support

Kaitlyn Levinson — Mon, 11 May 2026 17:26:20 -0400

The civic tech nonprofit Code for America is partnering with artificial intelligence company Anthropic to develop tools aimed at helping caseworkers enhance public benefits administration across the nation.

The organizations are working together to develop an AI-enabled solution to improve the accuracy and timeliness of benefits service delivery under the Supplemental Nutrition Assistance Program, Jana Rhyu, vice president of product at Code for America, announced Friday at a summit hosted by the organization in Chicago last week.

The SNAP Policy Navigator tool is built on federal regulations, state manual selections, official policy directives and other documents to help caseworkers “quickly and accurately get an answer to [a] very specific policy question” when they are working with clients, said Michael Lai, who leads state and local government AI at Anthropic.

The tool leverages Anthropic’s Claude chatbot and is built on a model context protocol to ensure a secure two-way connection between data sources and AI applications, Rhyu said. A caseworker can input a simple, policy-based question, such as how a client’s change in income or a new federal policy could impact their benefits, and the tool outputs an up-to-date response in plain language with cited sources and suggested next steps.

The user “gets clarity on policy, not a decision on overall eligibility. The decision stays with [them],” she said.

The announcement comes as state and local public benefit agencies scramble to comply with rule changes to the federal food assistance program made last July under President Donald Trump’s “Big, Beautiful Bill.” The law subjects participants to expanded work requirements, shifts administrative costs to states based on their SNAP payment error rates, and requires that the Thrifty Food Plan — the model used to calculate the lowest-cost nutritional meal for a family of four — be cost-neutral to changes in food prices.

Since its passage, SNAP participation has declined by more than 3 million people across 36 states as of January, and further reductions are expected once the new rules are fully implemented, according to the Center on Budget and Policy Priorities.

“Policy is constantly changing, and the complexities of policy implementation are immense, which places an even bigger burden on the caseworkers,” Rhyu said.

That’s why it’s critical for resources like the SNAP Policy Navigator tool to help reduce caseworkers’ administrative burden of sifting through and trying to apply intricate policies to individual cases, she said.

Indeed, the complex rules regarding eligibility and exemptions present common barriers to benefits access and having to explain those to residents who depend on the timely and accurate delivery of public assistance to meet their everyday needs only adds to it, Lai said.

Such challenges are exacerbated by funding uncertainty, workforce shortages and increasing caseloads that many states and localities are grappling with across the U.S.

He pointed to one former caseworker who described their job as “an email inbox that's always full, where each one requires care and attention, but you're constantly getting interrupted as you try to work through the never ending inbox of people to help.”

In addition to the SNAP Policy Navigator, Code for America and Anthropic will develop a suite of Claude-based tools to further assist benefit workers with answering policy questions, reviewing eligibility documents and drafting communications to benefit recipients, Code for America leaders said in an announcement last week.

“We know that caseworkers are really overburdened in general, but especially at this moment with HR 1 as well, and so AI shouldn't be used for AI’s sake,” Lai said. “We want it ultimately to be helping in this human way and trying to make benefits administration more efficient, more accurate and more human centered.”

]]>

Pentagon will ‘never again’ rely on a single AI provider, official says

Alexandra Kelley — Fri, 08 May 2026 16:27:35 -0400

Leadership at the Pentagon reiterated the agency’s commitment to diversifying its artificial intelligence service providers, with Under Secretary of Defense for Research and Engineering Emil Michael taking the stage Thursday at an event in Washington, D.C., to stress that his department is never being “single-threaded with any one model.”

Speaking during the Special Competitive Studies Project’s AI+ Expo event, Michael said that the recent deals between eight leading AI developers and the Department of Defense are both a private sector statement of support for working with the government, as well as a step towards the Pentagon’s goal to diversify its tech stack with different providers.

“We were single-threaded on one vendor, one AI vendor at the Department of War, and to integrate into classified systems is not just putting your software on a public cloud and having it work,” Michael said, referring to his agency’s contract with Anthropic. “These are sophisticated, protective systems that take a lot of work to integrate on, so it wasn't like I could just turn on a few other models that easily. But never again we’ll be single-threaded with any one model.”

Michael continued to say that the new deals with Amazon Web Services, Google, Microsoft, NVIDIA, OpenAI, Reflection, Oracle and SpaceX are “a statement by the biggest tech companies in the world who are involved in the AI space … and have them say, ‘We support the Department of War, we support the U.S. government, and we support the… armed services for all lawful use cases.”

Michael’s comments come in the midst of an ongoing dispute between Anthropic and the Department of Defense following the company’s refusal to have its technology used in operations involving autonomous weaponry and American surveillance.

The fallout of that dispute resulted in the Pentagon designating Anthropic a supply chain risk and the White House ordering agencies to begin removing the company's products from their tech stacks. A judge put a hold on those actions in late March pending ongoing litigation over the government’s actions.

The release of Anthropic’s advanced cybersecurity-focused model, Mythos Preview, changed the discussion. Access to Mythos and its advanced capabilities for detecting cybersecurity flaws is tantalizing for the U.S. government, prompting internal drafts of policy plans that would enable some agencies to use Anthropic’s cutting-edge model.

Michael said that the advent of Mythos signals the forthcoming evolution of cyber-capable AI models.

“The Mythos moment is really a cyber moment, and it's: ‘How is the U.S. government going to deal with cyber?’” Michael said.

Major tech companies are responding to Michael’s drive to diversify the Pentagon’s vendor portfolio. Rand Waldron, the vice president of the Global Government Sector for Oracle Cloud Infrastructure, told Nextgov/FCW that Defense officials are asking cloud service providers like Oracle to prioritize interconnectedness in the effort to avoid vendor lock-in.

“From what I can see, the Department of War has some very savvy people who … don't want to go all in on one [model] because then six months later, they may need to go all in on another,” Waldron said.

He explained that there will likely be models that are more finely-tuned to particular use cases, such as code generation, data analytics, supply chain management or targeting in warfighter operations. One model from a single provider may not effectively serve each of these workflows.

“I don't believe that all those different use cases will end up being the exact same model at any given time,” Waldron said.

The Pentagon’s desire to expand the service offerings available for its workforce has precedent. Waldron said that DOD and the intelligence community have laid the foundation for a flexible approach to AI services acquisition, citing the creation of the Commercial Cloud Enterprise and Joint Warfighting Cloud Capability contracting vehicles as the blueprints for future contracting structure.

“It's not like they're trying to replace Anthropic with another model provider,” Waldron said. “They want to replace Anthropic with four model providers.”

]]>

Inside the effort to connect Congress with the feds enacting its policies

Natalie Alms — Fri, 08 May 2026 13:30:33 -0400

Congress is flying blind on the effectiveness of the laws it creates.

That’s the thesis of a new project released last week by the POPVOX Foundation, a nonpartisan nonprofit, based on the input of 50 federal employees pushed out of their government jobs last year. The intent of this work was partly to gather insights on how policy implementation works in the executive branch and what barriers exist to effective government that lawmakers may not know about.

But it’s also about showing Capitol Hill what’s possible, said Anne Meeker, senior advisor for the POPVOX Foundation, which collaborated with the Niskanen Center, Civil Service Strong, the Partnership for Public Service and the Foundation for American Innovation on the work, called Departure Dialogues.

Communication between those making laws and those implementing them has been a problem for a long time, said Meeker, in part because federal employees doing the work aren’t usually authorized to go talk to Congress about what they may be dealing with as they turn statute into reality. That made last year a unique opportunity, as federal employees left the government en masse under the Trump administration's efforts to shrink the size of the federal workforce.

Typically, Congress’ current mechanisms for feedback from those closest to implementation in the government are limited. Hearings “are performative as often as they are informative,” the new report reads. Audits from the Government Accountability Office are usually retrospective, and congressionally-mandated reports are often compliance exercises.

Federal agencies have legislative affairs offices, but the information they transmit to Congress often gets filtered down to politics and top-level priorities, not the “program-level, operational oversights [of] what’s working, what’s breaking, what statutory language creates unnecessary friction,” the new report reads.

The hope is that Congress may replicate POPVOX’s process, or parts of it — including the use of AI to synthesize insights and surface patterns — so that experts have channels to communicate with lawmakers and their staff. For that reason, Departure Dialogues includes a methods report, in addition to a report on key findings and a legislative index.

One recommendation is for congressional committees to consider building structured input processes into reauthorization cycles or invite mid-level experts in for structured listening sessions.

As for what lawmakers may find if they take on the charge of hearing more from those in government agencies, one top takeaway Departure Dialogues found is that the accumulation of policies and requirements is making it difficult to get things done. Congress usually adds requirements, but it doesn’t take them away.

“One recurring challenge I encountered was the cumulative burden imposed by overlapping and sometimes conflicting legislative and reporting requirements associated with different funding streams,” Vikki Stein, who worked at the U.S. Agency for International Development for 30 years, told POPVOX.

“While each requirement was reasonable in itself, together they created inefficiencies that reduced our ability to focus on program effectiveness,” she continued. “This led to significant duplication of effort, diverting staff time and resources away from program monitoring, learning, and adaptation.”

Others told POPVOX that statutory language sometimes directly prevents them from achieving what Congress intended.

A common culprit: the Paperwork Reduction Act, a law created before the days of the internet that’s meant to reduce paperwork for Americans. Detractors say the law adds bureaucracy internally to those delivering government services who want to collect data like feedback meant to help ensure that government programs work well for people — but that it doesn’t ultimately always reduce burden on citizens the way it’s intended to.

Those writing the new report saw themes across workforce, contracting and internal communication: just as agencies and Congress are siloed, so too are agencies isolated from each other, and even teams within agencies are experiencing separation.

“The project was a little bit of an experiment to see if departing federal employees in this really politically tense moment were interested in participating,” Meeker said of the work.

“The response that we got … was really neat to see. We had so many folks really excited about this chance to say to Congress, like, ‘Look, forget the partisanship, forget the politics. This is just the one thing you need to know about how to make this program better,’” she continued. “That spirit of service was actually really kind of moving.”

]]>

Education tech chief heads to OMB as deputy federal CIO

Natalie Alms — Thu, 07 May 2026 12:27:17 -0400

Federal Chief Information Officer Gregory Barbaccia has a new deputy: Thomas Flagg, currently the CIO for the Education Department, according to an internal email viewed by Nextgov/FCW.

Flagg has been at Education since fall 2024, and he worked at the Labor Department for over 11 years before that.

“He understands firsthand the operational realities, constraints, frustrations, and opportunities that agency technology leaders face every day,” Barbaccia wrote in the email announcing Flagg’s new role. “I am looking forward to working with him as he brings that ground-truth knowledge into the federal policy process, helping us better interpret agency pain points and translate them into practical, effective government-wide direction.”

OMB did not return a request for comment.

Flagg joins the OMB team as Barbaccia is split between several roles, including serving as the acting director of the Technology Transformation Services within the General Services Administration. That team helps agencies across the government with their technology, including by maintaining some central solutions. It has lost about 70% of its staff since President Donald Trump took office last year.

Barbaccia is also the federal chief AI officer — overseeing the government’s AI efforts — and serves as the federal government’s service delivery lead under the Government Service Delivery Improvement Act.

]]>