The Wrap: Busting China’s APT31 Hackers; JWCC Racking up Orders; VA EHRM Blues
Welcome to The Wrap for Monday, March 25!
?
From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:
?
Charging China’s APT31 Hackers
The Justice Department today hit back at the China-based hacking group known as Advanced Persistent Threat 31 (APT31), charging seven members of the group with thousands of hacking attempts against U.S. officials, institutions, and critics of the Chinese government stretching back for more than a decade. On the alleged hacking hit list: election campaign staff from both major U.S. political parties leading up to the 2020 election; people working in the White House, and at the Departments of Justice, Commerce, Treasury, and State; and members of Congress on both sides of the aisle. The seven defendants charged today are citizens of China, so the DoJ action in practical terms won’t pose much harm against them unless they were to travel to other countries where the U.S. law carries more weight. “The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick Garland said in a press release announcing the charges. “This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies,” he said.
?
JWCC Racking up Orders
Based on fresh numbers from Defense Department (DoD) CIO John Sherman, the agency’s Joint Warfighting Cloud Capability (JWCC) program is racking up some impressive numbers. Sherman told House Armed Services Committee members last Friday that DoD has awarded at least 47 task orders under the $9 billion multi-vendor contract thus far and has another 50 or so in the pipeline. While we don’t have dollar figures to add color to those totals, the numbers suggest that JWCC has become the go-to within the Pentagon. “Following our award of the [JWCC] contract in December 2022, DoD Components now have access to commercial cloud computing at all three security classifications, from the headquarters to the tactical edge,” Sherman told lawmakers. Nearly two years ago the Pentagon?selected?Amazon, Google, Microsoft, and Oracle for the JWCC contract after it abandoned work on the previous $10 billion Joint Enterprise Defense Infrastructure (JEDI) arrangement.
?
VA EHRM Blues
Internal watchdogs at the Department of Veterans Affairs (VA) issued three new reports late last week on the status of the VA’s Electronic Health Records Modernization (EHRM) program, and the news was not encouraging for hopes of a rapid resumption of the EHRM rollout across most VA facilities. Two of the reports covered incidents stemming from 2022 – when scheduling issues within the new EHR system caused pharmacy-related?patient safety issues?and contributed to the?death of a patient. In the third?report, the VA Office of Inspector General revealed that more work must be done to fix the EHRM scheduling system challenges at the five sites where the program has been rolled out, lest those same problems become “exacerbated at larger, more complex medical centers.” The OIG first?revealed?the limitations of the EHR’s patient scheduling system in November 2021, and said that scheduling issues had not been ironed out before deployments to the initial set of VA facilities. For instance, the new scheduling system was not able to mail appointment reminders to patients as it did with the old scheduling system. The OIG report says that the VA and contractor Oracle Cerner had yet to fix this issue as of December 2023. Click through for the whole story.
?
GAO Flags USPTO Fraud Steps
The U.S. Patent and Trademark Office (USPTO) needs to adopt stronger fraud risk management? practices to improve its trademark system, the Government Accountability Office (GAO) said in a March 14?report. At the heart of the report is a discussion of how USPTO could do more to improve its data systems that run the agency’s trademark prevention programs under the Trademark Modernization Act of 2020 (TMA). That law created new procedures covering expungement and reexamination “that allow individuals and businesses to challenge a registered trademark on the basis that it was not used in commerce, as is normally required.” The report found that “USPTO current data systems do not allow the agency to assess the effectiveness of current trademark fraud prevention programs and implement new technologies for identifying fraud.” Additionally, the report found that “computational tools such as predictive analytics could help the USPTO identify trademark applications with false or inaccurate information more effectively.” USPTO concurred with the GAO findings.
?
Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy. And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at [email protected].