“Inside the Reporter’s Notebook” is a bi-weekly dispatch of news and information you may have missed or that slipped through the cracks at conferences, hearings and the like.
This is not a column nor commentary — it’s news tidbits, strongly sourced buzz, and other items of interest that have happened or are happening in the federal IT and acquisition communities.
As always, I encourage you to submit ideas, suggestions and, of course, news to me at email@example.com.
CIO switching DHS components
Insight by Sonatype: Stephan Mitchev, acting CTO at USPTO, discusses how USPTO is looking at supply chain issues to address cybersecurity concerns. Dr. Stephen Magill, VP of product innovation at Sonatype, provides an industry perspective.
Another senior technology official at the Homeland Security Department is on the move. Thomas Michelli, the Immigration and Customs Enforcement chief information officer, made an interesting decision to step down and become the deputy CIO for the Coast Guard.
According to an email to his staff, which Federal News Radio obtained, Michelli will leave ICE on March 8.
“An opportunity with the U.S. Coast Guard has recently arisen, and after much deliberation, I have decided to accept this opportunity,” Michelli wrote to staff on Thursday. “I’m most thankful for the opportunity to serve as your CIO. To each of you, thanks for your support! You are dedicated and very skilled civil servants/IT professionals and I commend your support of ICE’s mission. I have every confidence that you will continue to enable ICE to ever greater mission accomplishments to protect and secure our nation through innovative information technology and business solutions.”
One industry source, who requested anonymity, said the Coast Guard recruited Michelli as a possible replacement for Rear Adm. Robert Day, the service’s CIO.
The source said Day is expected to announce in the coming months that he will retire by the end of the fiscal year.
“Tom could step up to be the CIO, but, so far, the Coast Guard wants to keep the CIO role as an admiral position. But that could change,” the source said.
Phil Letowt, ICE’s chief technology officer, is expected to be will be acting CIO after Michelli leaves next week. Letowt has been with ICE’s CIO office since 2007.
Michelli has been CIO at ICE since 2012 and spent much of his career in the Army Reserves where he rose to the rank of colonel and worked on the mobilization to the Army’s Information and Security Command, where he served as the chief of the Regional Computer Emergency Team – Southwest Asia and then as the director for operations at the Army Cyber Warfare Center.
The move to the Coast Guard comes as Michelli faced tough criticisms at a recent House Homeland Security Committee hearing over the TECS system that ICE and Customs and Border Protection are developing together.
An email to ICE asking about Michelli’s decision to step down was not returned.
“Tom was known for listening to his subordinates and brought a sense of cohesion to the IT team,” the industry source said. “He brought everyone into the discussion and wasn’t afraid to go to ICE’s senior levels and be honest about what they could accomplish.”
HUD to remain stuck in seat management
Almost three years after it held industry days and put our requests for information, the Department of Housing and Urban Development will remain stuck in 2005 for a few more years.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
HUD quietly extended the HITS contracts to Lockheed Martin and HP Enterprise Services Feb. 14 for potentially another three years.
Lockheed and HP have shared responsibilities to run the agency’s network and computing services since 2005 under what was a $800 million contract, that by now has ballooned to more than $1 billion.
HUD had planned to move to a new, cloud infrastructure under the HUDNet program.
The notices on FedBizOpps.gov extending HITS offer few details as to the status of the HUDNet program, but does mention that the final option year under the HITS extension should be used for transition.
Transition to what? It’s not clear.
An email to HUD asking for details was not returned.
But a 2014 Working Capital Fund document on HUD’s website sheds some light.
“HUD is approaching the HUDNET implementation in two phases over three years. The two phases are organized to combine services with the goal of optimizing cost and performance efficiencies and effectiveness,” HUD wrote in the document. “Phase 1 encompasses analysis of HUD IT infrastructure core services, technology shifts, Departmental priorities, service gaps, and the strategic direction of HUD and the federal community. As a result, HUD has been able to determine its contracting requirements for three of the five HUDNET services-Systems Engineering and Management, Transport Services, Automated Monitoring and Management. The first two of these have been solicited and are already in technical evaluation panel review, and the third is nearly ready to be released for competition. These services will enable HUD to support requirements for continuous monitoring, performance and asset management, transparency of operations, and technical planning. Phase 2 of HUDNET will complete HUD’s transition to the new IT Infrastructure, including bringing on-line the last two HUDNET services (Data Center/Housing and End User).”
The document, written in 2013, stated HUD planned to award the contract and transition to the new services in 2014.
With the awards to Lockheed and HP, it seems the transition is three years off at best.
“Through this contract, we will continue to provide essential IT services to HUD’s locations across the country. While this is a new contract, it is effectively a continuation of our current services and offers one base year, one option year and one transition year,” said Lockheed Martin spokeswoman Cindy Rhoten in an email. “We expect a new competition for future services will begin during the execution of this contract, and we look forward to participating.”
HITS came about during the “heyday” of seat management or managed services. Similar to NASA’s ODIN or the Navy’s Navy-Marine Corps Intranet contract, the idea was for a contractor — or in this case two contractors because of bid protests — to run all aspects of the network, desktop and ancillary services.
Agencies soon realized this model wasn’t exactly what they had bargained for. NASA, the Navy and Marines Corps got out of the seat management approach and took control over their networks.
HUD hasn’t been so lucky to move.
In 2011, then chief technology officer Mark Day, who now is running the General Services Administration’s Federal Acquisition Services cloud computing services program, wanted to switch business models under HUDNet to take into account the elasticity of the cloud.
According to the Federal IT Dashboard, HUD said “HUDNet seeks to transform and modernize HUD’s IT Infrastructure to a cost-effective, operationally efficient, technologically current and continuously monitored service delivery and management framework achieved through flexible and transparent contracts. The HUDNet IT infrastructure includes five primary service towers: Systems engineering and management, automated monitoring and management, transport services, data center and end user.”
Day left HUD in 2011 to join GSA.
HUD’s plans for HUDNet have changed over the last few years, according to a working capital fund document on its website. HUD initially planned to recompete HITS in 2011 and then it was pushed back to 2012. HUD held a third HUDNet industry day in February 2012 where it discussed a revised acquisition strategy that would award five contracts for assorted services and support and then issued another RFI in October 2012, according to a blog post by GovWin.
DoD not fond of FITARA
Defense Department Chief Information Officer Teri Takai didn’t have a lot of good things to say about the Federal Information Technology Acquisition Reform Act (FITARA) earlier this week.
But the Government Accountability Office may have shed some light on why the House is so intent on FITARA becoming law: The White House’s poor record on IT acquisition oversight — and we’re not just talking about the HealthCare.gov debacle.
Takai, testifying before the Senate Armed Services Subcommittee on Readiness and Management Support Wednesday, said the spirit of the law is good, but there are several things that fall short.
“Unfortunately, I think a couple of things. It looks to try to manage that by virtue of additional oversight,” she said. “We really feel very strongly that it’s in the processes that are implemented and it’s in the measurements of how we are actually managing the process as opposed to an additional oversight. Many of the areas of oversight that were suggested in the bill are actually things that we report on to OMB today, so additional reporting is a concern.”
Takai added many of the legislative’s provision already are underway through a policy change made by Defense Secretary Chuck Hagel in December.
She said FITARA would add another layer to what her office already reports to OMB, the Defense Secretary and Congress, which would put them in a tough situation.
“We’re again quite concerned more about the implementation than the intent,” Takai said. “We’ve been mentioning to your staff there are some areas where we could move forward with the intent, but do it in a little different way than the level of oversight suggested in the bill.” The House passed a new version of FITARA Monday. It’s unclear whether the Senate will take it up and the White House offered no comment on the latest version of the bill.
David Powner, director of IT and management issues at the Government Accountability Office, offered support for Takai — and in many ways the administration’s position-saying Congress needs to be careful about the reporting requirements.
He said the oversight issues come down to whether OMB is doing its job managing technology policy.
“There is a fundamental question whether OMB is doing the appropriate oversight of those policies. I can tell you we have some issues with that,” he said. “I think Congress is saying well if OMB isn’t going to oversee it, then we will oversee it. The bottom line on all of this is let’s make sure we better manage IT acquisitions and the right transparency and oversight, and let’s manage the inefficiencies out of the legacy bucket” of spending.
Powner praised some of the provisions in FITARA around data center consolidation, the IT Dashboard, encouraging the use of cloud computing and improving CIO authorities.
“I think the CIO authority thing is a big issue because CIOs don’t have the appropriate authority across the federal government,” Powner said. “There is a fundamental question do you grant them authority by giving them budget authority or do you make CIOs earn it through having certain responsibilities associated like with the Dashboard? That was the intent of the Dashboard: if we get CIOs more engaged on all of these major investments, they will be even more of a player at the table on the management team.”
DHS expands cyber analysis capabilities
The Homeland Security Department raised the level of focus on critical infrastructure security with the launch of a new office on Feb. 24. The Office of Cyber and Infrastructure Analysis (OCIA) in the National Protection and Programs Directorate (NPPD) will improve the organization’s analytical capabilities to understand, protect and mitigate cyber and physical security threats and vulnerabilities, according to an email Suzanne Spaulding, NPPD’s acting undersecretary, wrote to staff and obtained by Federal News Radio.
“The creation of OCIA is an important step forward in our broader effort to better leverage all of NPPD’s strong analytical and biometric capabilities across cyber and infrastructure systems, to people, partnerships, and protection of nationwide properties and assets,” Spaulding wrote.
She said John Murphy will continue to be the director and Brandon Wales will remain the deputy director. OCIA will help NPPD understand the impact of potential disruptions to critical infrastructure, their interdependencies and suggest ways for critical infrastructure owners and operators to prepare for potential disasters.
Spaulding said the new office grew out of a pilot effort, the Integrated Analysis Task Force (IATF).
IATF assessed the best approach for integrating analytic support for all of NPPD. It worked with the State of New Jersey at four water and wastewater sector facilities to assess the facilities’ systems and identify site-specific options to mitigate potential physical consequences that could stem from exploited cyber vulnerabilities within those systems.
Spaulding said IATF also brought experts together from across NPPD’s four offices to support an assessment of a federal building for which the Federal Protective Service had recently taken responsibility.
“OCIA will build on these successes by continuing to support coordinated analytic efforts and advancing NPPD’s excellence in integrated consequence analysis,” she wrote. “This new office is focused on supporting the work of existing NPPD elements, and its priorities will be guided by the leadership of those offices. OCIA will incorporate and build upon the established analytic expertise of both the Homeland Security Infrastructure Threat and Risk Analysis Center (HITRAC) and the National Infrastructure Simulation and Analysis Center (NISAC). Upon the stand-up of OCIA, the IATF will no longer exist.”
One former DHS official, who requested anonymity, said the standup of OCIA is puzzling.
“What is the mission and how is it different from what the Office of Cybersecurity and Communications is doing with critical infrastructure owners and operators?” the former official said. “I know the talking point is that OCIA will be developing modeling capability through contracts with National Labs, but I think that could be achieved without standing up another operating unit.”
IT Job of the Week
For all you cyber experts out there. The Energy Department is looking for a senior advisor for cybersecurity. In this position, the person would work with government, industry and the general public to address cyber threats and incidents affecting the nation’s critical energy delivery infrastructure. The advisor would work with the National Cybersecurity and Communications Integration Center (NCCIC) and provide consultation on energy delivery systems security activities among the six largest federal cyber centers; the DHS Office of Intelligence and Analysis and private sector partners.
It’s budget week, what else can you say about where you need to be. Actually, only us policy geeks love budget week. There are other events you should keep an eye out for: