The Wrap: Guy Cavallo’s Next Adventure; Treasury Breach Limited; Fed CX Boss Incoming

Welcome to The Wrap for Monday, January 6!

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

?

Guy Cavallo’s Next Adventure

Hats off to Guy Cavallo – one of The Wrap’s favorite Federal CIOs – who broke the news today that he will step down from the top tech job at the U.S. Office of Personnel Management (OPM) and retire from Federal government service on Jan. 13 before he reemerges in the private sector later this year. No news to share yet on where the next landing spot will be, and ditto on how OPM will fill those shoes. What makes Cavallo a favorite around these parts? Just to name a few: the available data says he’s pretty good at what he does – check out the latest FITARA Scorecard; he’s not afraid to make some news during his frequent stops on the Fed-tech public speaking circuit; and he’s taken the time to help at least one tech journo (thanks Guy!) better understand and explain the steps in the long road to Federal IT modernization. If you want to hear about it from smarter techies than us, check out the comments on his LinkedIn post today, and please do click through for our whole story on his career highlights and colleague shout-outs.

?

CISA Says Treasury Breach Limited

The cybersecurity incident?disclosed by the Treasury Department last week appears to be limited to just that one agency, according to a statement today from the Cybersecurity and Infrastructure Security Agency (CISA). Software provider BeyondTrust notified the Treasury Department in early December of a China state-sponsored breach of some of the department’s sensitive systems, and said the threat actor had gained access to a key used by the vendor for remotely supporting Treasury Departmental Offices end users. CISA said today it is working closely with the U.S. Department of the Treasury and BeyondTrust “to understand and mitigate the impacts of the recent cybersecurity incident,” and concluded, “at this time, there is no indication that any other Federal agencies have been impacted by this incident.” CISA said it “continues to monitor the situation and coordinate with relevant Federal authorities to ensure a comprehensive response.”

?

Fed CX Boss Incoming

We don’t know who it will be yet, but there’s a new sheriff coming to D.C. to ride herd over improving government services delivery. That new position is courtesy of Congress, after President Biden on Jan. 4?signed into law?the Government Service Delivery Improvement Act, which aims to improve customer experience and accountability across the Federal government by creating a new senior management position at the Office of Management and Budget (OMB) devoted to improving customer experience. The law also puts the onus on Federal agency heads to do the same, as it declares those leaders to be “responsible for improving government services, building better trust with the public, and designating a senior agency official to drive changes,” according to text of the bill. The new CX leader will also be responsible for working with agency leaders to ensure that agency websites “are consistent with” requirements of the 21st Century Integrated Digital Experience (IDEA) Act, which was approved by Congress in 2018 and requires public-facing Federal agency websites to meet several modernization standards to be more accessible, user-friendly, and secure.

?

DoD Red-Teams AI, Finds 800+ Risks

The United States Department of Defense (DoD)?Chief Digital and Artificial Intelligence Officer (CDAO)?recently wrapped up?a?red teaming pilot that uncovered more than 800 vulnerabilities in the use of large language models (LLMs) to boost military medical services.?The Crowdsourced AI Red-Teaming (CAIRT) Assurance Program pilot focused on LLM chatbots within military medicine. According to a Jan. 2?announcement, the CAIRT program is designed to foster grassroots, crowdsourced approaches to AI Assurance and AI Risk Mitigation. During the exercise, over 800 issues were flagged, ranging from potential vulnerabilities to biases that could arise from using LLMs in these high-stakes medical contexts. The results of the pilot will not?only generate "repeatable and scalable output," including benchmark datasets for evaluating future AI vendors and tools,?but they’ll also play a key role in?shaping future DoD policies and best practices for the responsible use of Generative AI (GenAI)—with the ultimate goal of improving military medical care.

?

Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy. And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at [email protected].