Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Cybersecurity

Are You a Solver?

The Government Effectiveness Advanced Research Center (GEAR) is responsible for improving the way the federal government solves issues. It has started making use of “Solvers” also known as academic leaders and subject matter experts in economics, design, and other creative areas.  (Federal Times, May 14, 2019)

Solvers (including participating individuals, teams, or legal entities) have been challenged by the government to tackle one or more of the major challenges facing government described in the current President’s Management Agenda (PMA). To take part in the challenge, Solvers demonstrate usefulness of a GEAR Center model that directly maps to cross-agency priority goals and proposes a workable GEAR Center model creatively addressing the PMA. (Challenge.gov)

The GEAR Center Challenge takes place in three phases: project proposal, project plan, and proposal presentations. Interested individuals or parties may submit multiple proposals to the challenge; however, only one prize per challenge will be awarded. Proposals might be used to shape the GEAR Center or as potential first steps for the long term. (Federal Times, May 14, 2019)

The first phase opened for submissions May 2nd, with each subsequent phase consisting of participants selected from the previous phases. Submissions for the first phase are due May 24, 2019. Submissions should consist of a two-page proposal summarizing the potential program, predicted outcomes, and the best possible team to implement the proposal and the materials necessary to undertake the proposal. (ibid)

Want to know more about the GEAR Center challenge? Give us a call at (301) 913-5000.

The Future is Cloud-y

In February, GSA released a draft request for proposal (RFP) to consolidate and upgrade all of the Defense Department’s back office functions into the commercial cloud. GSA’s Federal Acquisition Service is now in the early stages of doing the same for civilian agencies with Civilian Enterprise Office Solutions (CEOS). (Federal News Network, May 7, 2019)

To help ensure supply chain security, DHS took the lead on early efforts. GSA has taken over efforts to reduce the attack surface of the network. With managed service, security is already embedded in the solution, making it more secure than the currently situation. (ibid)

Alan Thomas, GSA FAS commissioner and a board member managing the Technology Modernization Fund (TMF), has recommendations/lessons learned for agencies applying for Fund loans to modernize their IT:

  • Agencies submitting proposals this year need to build incremental benchmarks into their proposal, or their funding will likely be pulled.
  • Quarterly reviews will be conducted on agencies receiving funding.
  • Agencies should make sure their proposals focus on value creation and cost savings as the agencies must pay back funding provided by TMF.
  • Agencies should coordinate internally on proposals prior to submission; otherwise, they run the risk of being turned down for funding. (ibid)

FAS is also in need of IT modernization. The FAS internal systems, FSS 19, is nearly 40 years old. It uses older programming languages (COBOL, PowerBuilder) that solved specific problems instead of approaching an integrated solution. FAS is in need of a new, updated IT solution to bring the agency out of the 1970s. (ibid)

Are you a software provider or integrator looking to bring civilian agencies into the 21st century? Let’s talk! 301-913-5000.

 

 

Outdated Software, Meet Innovation!

We all know that the Defense Department’s outdated software lags behind current industry standards. Procurement and updates take entirely too long. To get a handle on the situation, the Defense Innovation Board, through the DoD, conducted a year-long study with the results of the study, released last Friday. (Federal News Network, May 3, 2019)

The Defense Innovation Board suggests the following to get DoD software up to speed:

  • Congress updating laws to reduce procurement timeframes;
  • All military agencies working together to test and optimize software;
  • Ensuring cybersecurity; and
  • Enriching software employees through services. (ibid)

The DoD undersecretary would like to complete multiple pilots with one line of funds for software development, which would give DoD administrative flexibility. Other suggestions include special pathways for rapid acquisition of applications and upgrades, quicker turnaround time for software requirements processes, and a fund available for rapid software acquisition and upgrades. (ibid)

Any new defense acquisition system should be optimized for software-centric (not hardware) systems that prioritize security, speed, and cycle time over cost, schedule, and strict requirements.. Additionally, “DoD will need to create and maintain an interoperable digital infrastructure that enables rapid deployment, scaling, testing and optimization of software as an enduring capability; manage it using modern development methods and eliminate the existing hardware-centric regulations and other barriers for software programs.” (ibid)

The report emphasizes bringing software development into the modern age by making it a high-priority career track with specialized recruiting, education, promotions, and salaries to attract the talent necessary to maintain, optimize, and develop products over time. It also pointed out that procurement requirements must move from rigid lists to a format of desired features and required characteristics: this will keep programs from bottlenecking. (ibid)

The Pentagon is currently rewriting D0D’s primary acquisition policy document, Instruction 5000.02, in an effort to start improving the acquisition process.  Many see this as a step in the right direction, albeit a small one.

Do you have a talent pool ready to work with DoD to modernize their software and new acquisition process? Give us a call at 301-913-5000, and we can talk about your options.

GSA is bumping up cybersecurity offerings

GSA recently announced a restructure of the Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) to include a greater range of cyber services. The new format addresses the government’s need to protect high-value assets and enables federal agencies to purchase proactive and reactive cybersecurity services.  (Fifth Domain, April 2, 2019)

According to GSA Acting Assistant Commissioner Bill Zielinski, “The restructured HACS solution on IT Schedule 70 will provide federal agencies with easier access to services and solutions to protect large complex network and data systems, including [high-value assets] that hold sensitive information critical to national and economic security.” (ibid)

GSA is consolidating the four original SINs under HACS into a single SIN with the following five subcategories:

  • High-Value Asset Assessments
  • Risk and Vulnerability Assessment
  • Cyber Hunt
  • Incident Response
  • Penetration Testing (ibid)

Have questions about the restructuring of IT Schedule 70 or if you are affected by the change? Give us a call at 301-913-5000.

 

 

 

Are you practicing “safe cybersecurity”?

The Department of Defense (DoD) is working to extend its own cybersecurity expertise and infrastructure to small and medium-sized businesses. Their current plan is to build a “secure cloud” for company data instead of leaving it to the responsibility of the contractor. (Federal News Network, March 25, 2019)

DoD plans to use their 2020 research and development budget for the Defense Industrial Base (DIB) Secure Cloud Managed Services Pilot. The project will start by making the cloud service available to a specified number of small and medium companies that support prioritized, critical DoD missions/programs. (ibid)

Ellen Lord, the undersecretary for acquisition and sustainment said, “In contract terms, the Department would treat the secure cloud as Government Furnished Equipment (GFE).” She believes larger companies are already quite savvy and have the funds to create a hardened environment. Ms. Lord is most concerned with small, innovative companies. She said, “we sit down and talk to them about cybersecurity, and sometimes we hear – no kidding, ‘my nephew does my cybersecurity.’ That gets us a little bit worried. And we know that we will either put these small companies out of business, or we will drive them away from the Department of Defense if we give them very, very onerous regulations to meet.” (ibid)

In 2017 DoD began inserting clauses into contracts that require firms to implement the security controls in NIST Special Publication 800-171. Prime contractors are required to impose the same requirements on their subcontractors as they are expected to meet when coming in contact with sensitive, unclassified information. (ibid)

It does not appear as though verification of a company’s compliance with the standards has been accomplished, thus far. However, going forward, spot checks are likely to take place with the hope of getting to a point where DoD certifies third-party cybersecurity examiners to help verify contractors systems meet the existing requirements and that their systems are adequately protected. Currently, about 800,000 systems should be regularly audited. (ibid)

We do know that information is being stolen; but classification levels make it hard to investigate in a reasonable time frame. The details of any individual data theft are classified, making specifics about nature and volume difficult to determine. We also know that sufficient cybersecurity capabilities to protect information must be in place sooner rather than later in order for small and medium-sized businesses to remain contractors to DoD.

Call us with any questions regarding this project at 301-913-5000.