This post first appeared on Federal News Network. Read the original article.
It’s no surprise that artificial intelligence remained a top storyline over the last 12 months. Agencies detailed 1,000 more use cases in the most recent update from the Office of Management and Budget.
But the 1,700 use cases alone don’t explain why AI continued to dominate the news, the sessions at nearly every federal conference and on Capitol Hill. One of the reasons agencies and industry were so excited about the potential and real capabilities of AI last year had more to do with all the work that these organizations had done over the previous decade. The focus is on the data and its governance. The move to the cloud to modernize systems and applications. Basically, the lead up to taking AI from an idea or concept to the pilot stage, which happened in the 2010s, made these capabilities possible in 2024.
Along with AI, cybersecurity and the implementation of a zero trust architecture remained, and will continue to be in 2025, a top priority for many federal leaders. The recent cyberattack against the Department of Treasury capped an otherwise eventful year with both Volt Typhoon and Salt Typhoon making federal and private sector chief information security officers stay up late to deal with these threats.
Additionally, agencies saw over the last 12 months several significant changes in federal policies from cloud security to the digital experience they provide to citizens to strengthening accessibility requirements of federal digital services for the first time in many years.
With so much going on across the federal sector, Federal News Network asked a panel of current and former federal executives for their opinions about 2024 and what federal IT and acquisition storylines stood out over the last 12 months.
The panelists are:
- Gundeep Ahluwalia, the former Labor Department CIO and now executive vice president and chief innovation officer at NuAxis
- Julie Dunne, former House Oversight and Accountability staff member and now a principal with Monument Advocacy
- Mike Hettinger, former House Oversight and Accountability staff member and now a president of Hettinger Strategy Group
- David Larrimore, the chief technology officer for the Department of Homeland Security
- Gary Washington, the chief information officer of the Agriculture Department
Here are the 2023 and 2022 year in reviews as well, in case you were interested in comparing previous responses.
What are two specific accomplishments in 2024 within the federal IT and/or acquisition community? Please offer details about those accomplishments and why you thought they had an impact and what changes they brought.
MH: The issuance of the cybersecurity maturity model certification (CMMC) final rule represents a significant accomplishment. With all of the fits and starts that have come with that program, to get the final rule issued this year is a major step forward. As we move into 2025 and beyond, the requirements of CMMC are going to be felt across the government contracting industry.
Next, I’d say the overall progress agencies have made in implementing zero trust, as required by the cyber executive order and multiple related directives. There’s still a long way to go but progress has been significant.
JD: The Federal Risk Authorization and Management Program (FedRAMP) Modernization memo from the Office of Management and Budget. Over the summer, OMB updated its 2011 FedRAMP memo. The updated FedRAMP memo was a much-needed refresh and offers a lot of promise toward the goal of increasing the number of FedRAMP-authorized software-as-a-service (SaaS) providers. Streamlining processes through automation and leveraging commercial sector security practices are important reforms. The July 2024 OMB FedRAMP memo offers the promise of significantly reducing the time and expense vendors must invest to become FedRAMP authorized.
Technology Modernization Fund. I was involved in drafting the original Modernizing Government Technology Act that created the TMF because Congress recognized the need for a multiyear funding capability to fund IT modernization projects. It’s gratifying to see the success of the TMF with over $1.05 billion invested in 69 projects across 34 federal agencies. I do wish there was a bit more transparency to the process so we can all learn from successful applications and better assist agency customers.
GA: Implementation of Enterprise Infrastructure Solutions (EIS) task orders, above 90% of the transition has occurred, this was a monumental task, one that could not have been achieved without coordination, cooperation between vendors, the General Services Administration and all the federal agencies.
DL: We recently announced the launch of DHSChat, a new artificial intelligence (AI) powered chatbot designed exclusively for internal use within the Department of Homeland Security. DHSChat is a significant step forward in leveraging secure, cutting-edge technology to enhance productivity and in supporting our critical missions. By using DHSChat, employees are able to perform routine work more efficiently, including summarizing complex documents and reports, generating computer code and streamlining repetitive tasks like data entry. With this new tool, thousands of employees are able to leverage generative AI capabilities safely and securely using nonpublic data. In the future, we hope to create a secure internal knowledge hub, which staff can query for information about DHS policies, data and other internal information. By collaborating with cloud, cybersecurity, privacy, civil rights and civil liberties experts across the department, DHS developed guardrails for DHSChat to ensure that it is effective, safe, secure and responsible.
In September 2023, we released our first set of policies surrounding the responsible use of artificial intelligence. In March 2024, OMB issued Memo M-24-10 with governmentwide requirements for AI risk management, as directed in President Joe Biden’s AI executive order. Where requirements differed between DHS’s internal AI policies and M-24-10, we met the higher standard.
Over the course of 2024, we re-reviewed every AI use case at DHS, searched out new and previously un-inventoried use cases across the department, and identified safety- and/or rights-impacting AI use cases that required compliance with M-24-10 minimum risk management practices.
In this process:
- We identified 39 safety- and/or rights-impacting use cases, 29 of which are deployed and 10 are pre-deployment as of Dec. 16.
- Of the 29 deployed use cases, 24 already comply with minimum risk management practices, while OMB approved short compliance extensions for five use cases.
- We determined that DHS did not need to issue any waivers of required risk management practices for any deployed use cases.
- We determined that 27 AI use cases do not meet the M-24-10 definitions for safety-and/or rights-impacting AI, despite falling under OMB’s presumed impacting categories.
Many teams across DHS put in a lot of hard work to reach this milestone. We implemented new and complex policies at a rapid pace to meet ambitious timelines as a step to increasing transparency and responsible AI use. We will continue to mature our approach to AI governance over time as technology evolves.
GW: I think the AI guidance and the digital experience efforts. I think both are good steps to a more modern, effective and cost-efficient government.
From a federal IT/acquisition perspective, what is one word or phrase will 2024 be remembered for and why?
GW: Challenging. I say challenging due to all the programs and new areas of focus that required attention this year such as AI, cybersecurity and modernization.
JD: Artificial Intelligence. There was a significant amount of policy activity in 2024 with task forces, conferences, executive orders, OMB memos and legislation. The conversations were varied in terms of topics and especially when it comes to AI risks and opportunities. The next administration appears poised to shift the conversation more toward innovation versus establishing a regulatory-like framework for AI. Meanwhile, agencies are already buying AI-enabled tools and inventorying their use cases.
MH: DOGE — is that even a word? The idea of government efficiency and effectiveness, including broadly how we use technology, is D.C.’s hottest club right now and that effort is just ramping up.
DL: I think we will remember 2024 as the year of “pilots.” In March 2024, DHS became the first federal agency to roll out a comprehensive “AI Roadmap” to integrate the technology into a variety of uses. The AI roadmap announced three generative AI (GenAI) pilots to test the effectiveness of GenAI solutions and their potential to enhance mission-specific capabilities in a safe, responsible, and effective way. These pilot programs were housed in the United States Citizenship and Immigration Services (USCIS), Homeland Security Investigations (HSI) and the Federal Emergency Management Agency (FEMA).
By October 2024, DHS successfully tested these pilot programs, while protecting civil rights, privacy, and civil liberties. The department gained valuable insights into the real-life impact of GenAI tools as well as their limitations. Learnings from these pilots will help guide the development and deployment of other AI tools throughout the department.
GA: Protests have become staple to the acquisition process. Both trigger-happy incumbents and government mistakes have stalled so many large contract awards and start an incessant cycle of suboptimal bridges.
What emerged as the biggest challenge of 2024 that will have an impact into 2025 and beyond?
DL: Making the shift to continuous modernization practices like SecDevOps automation and human-centered design (CX) continues to be a challenge. Large monolithic IT programs are bound by traditional mechanisms for funding and risk management that can’t easily adopt continuous modernization practices like “modernizing in place” and require us to focus on bringing technical talent more intently into those programs to create the foundations for change. Adopting these practices are tantamount to ensuring our IT systems can continue to meet the needs of the mission.
GW: Decreasing technical debt and legacy IT.
JD: Artificial intelligence for the reasons stated earlier.
GA: Protests, outcome-based contracting.
MH: Artificial intelligence dominated 2024 and there’s no sign of it slowing down in 2025. While the technologies that make up “AI” are still in the growth and development stage, how we buy and use AI was everywhere in 2024. As the new administration gets ready to take over, their vision of AI, which differs in many areas from the current administration, is going to take center stage.
The post No surprise: AI, cyber continued to dominate in 2024 first appeared on Federal News Network.