In May, a blue-ribbon panel of experts identified a series of longstanding and difficult workforce challenges facing the Transportation Security Administration. Chief among those was pay. Now TSA is trying figure out the best way to improve the way it pays its employees, while reducing attrition and boosting retention.

Currently, entry-level TSOs typically begin at the “D pay band,” where salaries range from $28,668 to $40,954, according to TSA. Security officers have the potential for a promotion to an “E pay band,” where salaries range from $32,920 to $47,084.

“We have a wonderful set of authorities under the Aviation Transportation Security Act asset that lets us have much greater flexibility in how we pay, what we pay, where we pay it, than anything the general schedule offers,” said Patricia Cogswell, deputy administrator for TSA. “What the blue ribbon panel correctly noted is TSA has not taken full advantage of all of those authorities. So for example, we can have a different rating process, we can have a different way of incentivizing longevity, we can have different pay based on locations that have higher retention issues in a way that is much simpler to accomplish, or may not even be able to be accomplished under the general schedule.”

Longevity pay a key sticking point

One of the main issues driving dissatisfaction with the current pay scheme, Cogswell said, is the lack of longevity pay. Essentially, the longer you’re at an organization, the more you’d get paid. TSA currently does not have such a system. The General Schedule, on the other hand, does include longevity pay, which Cogswell said is the primary motivation behind the push to move to that pay scheme.

But she said the General Schedule is not the only way to achieve longevity pay, and TSA is looking into other authorities to make that happen. In its May report, the blue-ribbon panel also recommended against switching TSA to the General Schedule.

“So this is a topic we are directly working with the administration with Congress to see what options may be available,” Cogswell said. “As the administrator noted in his testimony, this is not a matter of authority. This is a matter of budget. So we will need to have support through both of those processes in order to resolve that issue.”

This is part of a bigger push by TSA to improve the morale of its workforce through human capital reforms. At the end of May, TSA released details on a new performance management system that will go into effect on Oct. 1 this year.

“So most of the standards that our screening workforce look to are, ‘Are you able to identify the right things in the X ray systems? Are you able to identify threats, exercise right protocols, follow our standard operating procedures, ensure you’re interacting with the public the way we expect them to?’” Cogswell said. “Those kinds of elements, to make sure they’re performing all of the security duties we need in the way that best informs and influences security.”

The goal, she said, is to make it as easy as possible for TSOs to understand what is expected of them.

“So in order to qualify for essentially the same bonus, same structure, same eligibility for pay increase, we are simplifying what those requirements are to make it clear that the vast, vast majority of our employees are truly doing what we need to do,” Cogswell said.

Finding those who go above and beyond

The second element of this new performance management system is the institution of a “model officer” program. This will be used to single out TSOs who go above and beyond minimum expected standards, and really excel in some particular area.

“So there will be a range types of recognition that come as a result, an individual who best identifies a covert test, and accurately identifies all potential threats, will be singled out as an eagle eye,” Cogswell said. “Someone who has done absolutely exceptional work, someone who goes above and beyond in caring for one of our customers who needs special attention, perhaps because of a disability or other issue, will receive recognition through that program.”

The blue-ribbon panel found that there’s currently a perception within the TSA workforce of favoritism and unequal levels of respect from TSA management. Cogswell said this program should actually help to improve that perception. First, it would be a rotating model, where different TSOs could be recognized throughout the year as appropriate. And second, simplifying the standards required of TSOs will help to inject more transparency into the process of recognition.

“Our goal is to make it as easy as possible for our officers to understand what we are trying to accomplish,” Cogswell said.

More and more drones are in the air every day, and it’s only a matter of time until they’re being used for commercial delivery purposes. But before that can happen, the Federal Aviation Administration has to figure out how to integrate them safely into an already crowded airspace. That’s why it’s currently running 10 pilot programs across the country, experimenting with using drones for a variety of programs, including first responder support, hurricane damage assessment, and delivery of medical products.

“I think the administration recognized there was a need to really give a booster to innovation in this area, that in order for the US to remain a global leader and to remain competitive, and to enable the innovative operations and to unlock the economic and societal potential of these aircraft, we really needed a little bit of a push,” said Jay Merkle, executive director of the Unmanned Aerial System Integration Office at the FAA.

The FAA is looking at two main areas in particular, Merkle said. The first is safety in the air. Drones can’t be running into other aircraft, especially manned aircraft, where they can do serious damage. Multiple large airports have been temporarily shut down in the U.S. and Europe due to drone activity that could threaten passenger jets.

The second is safety regarding people and property on the ground.

“So is the aircraft reliable and durable? Is the operation safe? Can we conduct it over people?” Merkle asked. “And in many of these cases, we’re testing certainly the ability to operate safely over people which is important from an FAA safety mission. It’s also important from a community understanding and accepting these drone operations as beneficial in their community.”

One way FAA is helping to mitigate the risk of operating over people and communities would probably be considered a design flaw by most consumers: the FAA drones are made to be easily breakable.

“It’s what we call frangible. In other words, it breaks apart when sufficient forces put on its components,” Merkle said. “And that ensures that for example, a rotor or an arm that holds the rotor doesn’t actually penetrate a person or a building or harm something. So it just simply breaks off. That same drone is also covered in a nerf like substance. So if it falls out of the sky, it literally just bounces. And so that prevents harm.”

Merkle also said the program is helping FAA make progress with moving beyond line-of-sight operations, meaning the drone is out of the operator’s direct vision. That involves some new technologies, such as machine learning to help the drone dodge obstacles. Merkle said with human pilots, it’s referred to as “see-and-avoid.” But with machine learning evaluating camera feeds, radar, and other technologies, FAA is transitioning to “detect-and-avoid.”

That same machine learning is also being applied to help drones perform visual inspections with less input from a human operator.

“What was done with a human either looking up at a pole or looking down at a railroad, it’s now being done with video and multiple types of sensors, visual range infrared, others, and now the machines can start to detect where are the problems so they can start to look at ‘Hmm, that’s not only a broken component on a power pole, but that might be a fatigued component on a power pole,’” Merkle said. “And where that would take humans hours to do, or it would take a human looking at video alone would have to look at tens of thousands of images, the machine learning starts to detect these things and do it and then point out to a human ‘Oh, I think this is in fact a broken component or fatigued component, etc.’”

Intelligent lighting, gunshot detection, and intersection analytics are reducing car accidents, crime and traffic by using artificial intelligence and big data.

But to use those technologies and add new ones to the government’s arsenal, those networks need to modernize at the pace of change. To do that takes planning and cooperation to ensure networks grow safely and securely.

“The key to modernization from a cybersecurity perspective is building security plans in from the outset,” said Martin Kessler, chief information security officer at Verizon Business Group, during a Special Bulletin Review: Securing our Citizens While Modernizing, sponsored by Verizon. “That allows government agencies to improve their security posture as part of their modernization efforts. The reality is no matter how mature an agency’s cyber plan is there will be incidents. The key is to operate through an attack.”

Kessler said it’s critical that agencies develop incident response playbooks and constantly exercise those plans to develop muscle memory.

Not only that, agencies should invite outside organizations to those exercises and introduce the element of surprise to press themselves harder.

“We are seeing the cyber threat evolve with time,” Kessler said. “As agencies modernize, one of the pitfalls we see is they modernize their technology, but they won’t also evolve their ability to detect, and ultimately contain, cyber threats. It’s really important for our customers and agencies to continue to evolve their cybersecurity defenses. We do the same at Verizon, as we roll out new products and services, we also have to involve our own cybersecurity program and make sure our security is wrapping around the new products.”

Federal agencies are starting to modernize into the 5G landscape and to do that they need to take into account all of those security lessons. However, the next generation network will also add new aspects to tighten security.

“5G will allow breakthroughs in artificial intelligence, robotics, the internet of things, the list goes on and on,” Kessler said. “In addition to the transformative effects 5G will have on agencies and their missions, it’s also a step forward in terms of network security. There’s new security layers that are built in, including additional encryption, additional security at the edge and also a new feature that allows us to isolate devices until they are fully authenticated into the environment.”

5G has serious implications for agencies like the Federal Aviation Administration.

“All of these modernization opportunities are going to benefit agencies, which directly relate to benefits for our citizens,” Kessler said. “The FAA’s number one issue is the weather, which is none of us can control. The latency of a 5G network is just a few milliseconds. When you think about cloud computing at the edge, plus the speed of that 5G network, plus real-time situational awareness from a number of forecasting systems, the air traffic controllers on the runway will have absolutely real-time information that will allow them to do their job better and ultimately deliver better services to the citizen. This is just the beginning. Can you imagine the impact of augmented and virtual reality on disaster response and training scenarios? The opportunities to improve mission are limited only by our imagination.”

Elements of Cybersecurity

The key to modernization from a cybersecurity perspective is building security plans in from the outset. That allows government agencies to improve their security posture as part of their modernization efforts. The reality is no matter how mature an agency’s cyber plan is there will be incidents. The key is to operate through an attack.

Martin Kessler

Chief Information Security Officer, Verizon Business Group 

Meeting Government Needs

We are seeing the cyber threat evolve with time. As agencies modernize, one of the pitfalls we see is they modernize their technology, but they won’t also evolve their ability to detect, and ultimately contain, cyber threats. It’s really important for our customers and agencies to continue to evolve their cybersecurity defenses. We do the same at Verizon, as we roll out new products and services, we also have to involve our own cybersecurity program and make sure our security is wrapping around the new products.

Martin Kessler

Chief Information Security Officer, Verizon Business Group 

Supply Chain

All of these modernization opportunities are going to benefit agencies, which directly relate to benefits for our citizens.

Martin Kessler

Chief Information Security Officer, Verizon Business Group 

Listen to the full show:

Even as the Coast Guard prepares for the 2019 hurricane season to get started, it’s still trying to recover from two years ago. Hurricanes Harvey, Irma and Maria did severe damage to the East and Gulf coasts, including some Coast Guard bases.

“We still have damage to many of our facilities in Puerto Rico and the Virgin Islands and Florida and Texas, Georgia, South Carolina, North Carolina,” said Vice Admiral Scott Buschman, Atlantic area commander for the U.S. Coast Guard. “So we have some temporary facilities, some temporary repairs to them. I’ll tell you, we’re very fortunate that there have been two different disaster supplementals that provided us the resources not only to repair these facilities, but in many cases, rebuild them in resilient states that are capable of surviving future storms.”

Making these bases more resilient can include raising them up to avoid flood waters, or hardening the structures to make them capable of withstanding storm impacts.

“We are looking at making sure that wherever we rebuild a facility that we can rebuild the resiliency standard so they can survive future storm that might impact that area,” Buschman said.

Those aren’t the only investments the Coast Guard is making to improve its ability to respond to future hurricanes. It’s also investing in technologies, including recapitalizing its IT infrastructure, embracing mobile technologies and incorporating unmanned aerial systems in its disaster response.

“We’ve actually used some small UAS incorporated with some of our teams that go out there and do flood response in a land environment that may be flooded, where they’re going out through neighborhoods in shallow water boats,” Buschman said. “And cooperating UAS technology, small UAS technology allows them to kind of go ahead and see what’s ahead of them or where people may be in need of assistance and have a better situational awareness of the area they’re working in.”

And that’s especially important during a hurricane response where the Coast Guard has to mobilize extra workforce. Many times, these teams doing flood response come from different areas, so they aren’t familiar with the landscape.

Buschman said the Coast Guard is also looking to improve the way it mobilizes that extra workforce for a disaster response. For example, it’s looking into how those personnel are trained for these operations, and how it ensures its personnel are qualified for the tasks they’re being mobilized for.

Buschman also said the Coast Guard is looking into how it can be more efficient in the way it recalls its reserve forces in disaster response situations.

For federal agents investigating cybercrimes, gathering open source intelligence is a lot like going undercover. They establish fake identities to gain the trust of the bad guys, and gather information on criminal activities. They just do it all from a keyboard.

“To simplify it, you’re basically just trying to make yourself look like a bad guy, right?” Michael Ray, inspector in charge of cybercrime and analytics at the U.S. Postal Inspection Service, told Federal News Network. “And there’s a lot of different methods and tactics and practices behind that. But it’s how do you do that in a very effective, timely manner?”

The challenge is that the internet has now been around for a long time. Both the good guys and the bad guys are capable of looking into the history of a user or a vendor on a particular marketplace.

“There’s a whole internet history that we have to take a look at, to really understand,” Ray said. “So when it comes to doing online undercover work, our biggest challenge is — since our program is fairly new, going back to 2014 — trying to establish that long term persistence and that long term identity and in enabling the visibility of the user identity over a long period of time to build that reputation, build the street creds, if you will. Because you don’t have that face to face interaction, because the bad guys are going to apply the same principles and tactics do their own assessment.”

Both law enforcement and criminals look at the same information: How long has a vendor persisted on a marketplace? What kinds of prior interactions does a user have? They’re making the same assessments, such as, “Is this someone I’m willing to engage with? Do I have this conversation, make this transaction?”

Here at least, Ray said the criminals have a leg up on law enforcement. They entered into the marketplace from the very beginning with sincere bad intentions.

“Basically the dark web, it’s a series of different marketplaces. So think of it as an e-commerce platform out there,” Ray said. “Just as what we commonly know as your Walmarts, your Targets, your eBays, your Amazons, it’s a marketplace to enable e-commerce transactions collectively to be done by many different users of that particular marketplace.”

And just like with those legitimate marketplaces, users and vendors get reviews and ratings. There are reputation assessments. And building that reputation is a challenge.

But law enforcement has certain advantages as well.

“I would argue that the advancement of the blockchain technology … has actually helped with our ability to follow the money,” Ray said. “So when you had face-to-face transactions, you didn’t have a public ledger, you didn’t have open source information. You had to go through [the Treasury Department’s Financial Crimes Enforcement Network] and get suspicious activity reports. You had to look at bank records that were subpoenaed, under course of legal process. Now, I think with the advent of cryptocurrency, certain types of cryptocurrency are posting those in blockchain ledgers. And now if you know the wallets and all of that, you can take a look at that. And you can follow the money to a certain extent.”

To be sure, it can be more complicated than that. But Ray said on the whole, access to those ledgers without the necessity for legal processes like subpoenaing records actually saves law enforcement time and effort, getting the data into the hands of investigators and analysts more quickly and efficiently.

That also opens up new avenues for hiring, Ray said. Because of the nature of the investigations, his cybercrime analysts don’t necessarily need a technical foundation, like the ability to do forensic network analysis. Instead, he’s looking for more practical experience in these realms, such as cryptocurrency analysis, or undercover identity creation and management. Can this person follow a bad guy through multiple identities and marketplaces?

That can also involve certain soft skills, Ray said, like behavioral and psychological assessments.

“The folks that we have right now that actually do some online investigations now have some of the foundational components that may not apply directly to your traditional technical requirements, your technical certifications, like your forensics certifications, your incident response certifications, your Ethical Hacker certifications,” Ray said. “But they do have the foundational components, which tells us they should be successful, in theory, to apply not only what foundation we have, but develop the technical expertise to then fall into an incident responder, and then also a higher level investigation that requires that technical aptitude.”