Reporter’s Notebook

jason-miller-original“Reporter’s Notebook” is a weekly dispatch of news tidbits, strongly-sourced buzz, and other items of interest happening in the federal IT and acquisition communities.

Submit ideas, suggestions and news tips  to Jason via email.

 Sign up for our Reporter’s Notebook email alert.

Agencies likely to miss March 31 deadline to release RFPs under new telecom contract

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The news that CenturyLink passed the last major hurdle to begin offering services under the $50 billion Enterprise Infrastructure Solutions (EIS) contract isn’t necessarily going to set off a tidal wave of solicitations from agencies.

CenturyLink is the first vendor to receive its authority to operate for its business systems, meaning it can accept and process task orders or service orders, provision or deliver services and bill for services. Other incumbent vendors such as Verizon and AT&T aren’t far behind, and the six other “new” companies should be completed in the coming month or two.

Until those vendors receive their ATOs, EIS will remain on a slow roll as agencies are hesitant, maybe even a little fearful of bid protests, to make awards until they feel like there is adequate competition.

“We can award before the ATOs are done, but we can’t execute the order until the ATOs are done. I think most organizations will wait until most or all the ATOs are done to award,” said one agency EIS transition executive, who requested anonymity because they didn’t get permission to speak to the press. “If you don’t wait for all nine vendors, there is a chance you will you go into a protest situation. I think there is some anxiety for how vendors will handle that. Some say only the incumbents have advantage in dealing with ATO, but I think that thinking is full of crap. All the vendors have known what the requirements are to get an ATO for years. But at the same time if I’m going to award, then I want to execute and not wait until there is an ATO because I’m still paying higher rates while I’m waiting for the approval.”

While this is only one expert’s opinion, others in and out of government believe most agencies will wait until the vendors have their ATOs, thus putting the General Services Administration’s March 31 deadline for agencies to release their EIS solicitations further in doubt.

As you may remember, GSA changed the transition timeline for agencies with the caveat of March 31 and Sept. 30 deadlines for releasing solicitations and making awards, respectively. GSA is extending the current Networx contract to May 2023.

“Agencies need to release their solicitations to industry and make timely task order awards so they can make the transition within the four-year window to modernize their IT infrastructure,” writes Bill Zielinski, the acting assistant commissioner in GSA’s Office of Information Technology Category in the Federal Acquisition Service, in a March 14 blog post. “To be clear, GSA intends to extend expiring telecommunications contracts so agencies have enough time to complete the transition and modernize, not to extend the time for the solicitation and task order award process. Agencies need to keep their foot on the gas to ensure they have time to transition their telecom services from their existing contracts and providers to EIS. For example, agencies should issue their solicitations to industry by March 31, 2019. If you don’t issue your solicitations to industry by this date, GSA may cease providing one of our transition support tools for solicitation development — the Transition Ordering Assistance program.”

Source: GSA blog post from March 14.

Additionally, Zielinski said since the 35-day government shutdown didn’t impact most agencies, GSA is keeping to its schedule, but will work with agencies on a case-by-case basis if they need additional help or time.

Bob Woods, a former GSA telecommunications official and now president of Topside Consulting, said GSA should instill and agencies should have a sense of urgency into the entire EIS effort.

“Sometimes you have to create a crisis and that hasn’t happened yet,” Woods said at the recent Independent Telecommunications Pioneer Association (ITPA) lunch in Vienna, Virginia. “GSA has the tools to help agencies, but they can’t issue an edict. They tend to go through the Office of Management and Budget and/or the President’s Management Council (PMC). When the secretary or deputy secretary comes back and asks, ‘why are we behind?’ that’s brings the pressure and gets the attention on the transition.”

Multiple government sources involved in the transition say OMB hasn’t sent any memos, guidance or instructions related to EIS transition, and it hasn’t come up too often during CIO Council meetings.

“The last time for Networx, the communications were more frequent and more structured from OMB,” said another government official involved in EIS transition. “GSA, I think, is getting pushed really hard by OMB to meet the transition dates. GSA said it would work with agencies who are behind.”

And so far as of Jan. 31—the last time GSA updated the transition chart—large agencies released 25 out of an expected 104 solicitations. The Defense Department accounts for 58 out of those 104 total RFPs.

Source: GSA EIS website.
Source: GSA EIS website.

The medium-sized agencies are further behind with only 5 of 40 solicitations out to vendors.

“There is a tsunami of solicitations coming because you are taking Networx, Washington Interagency Telecommunications Services (WITS), the regional contracts and saying we will combine them all into EIS, and that creates the tsunami in-and-of itself. Then GSA is saying do it fast,” the second federal executive said. “Then there are the changes in terms of how GSA is able to handle ordering and billing of the services, which is not nearly as flexible from a workload standpoint than it was previously under Networx.”

The federal executive added their agency is having to hire more people and processing the orders and dealing with the billing will be more costly for the agency.

“I can’t say enough about how well it worked before and how efficient it was,” the executive said. “We are not sure how many more people we will need. We hope we can keep it to 10 people, but some of the estimates say it may be more than that. We previously had about three people doing the ordering and maybe two doing the billing, and we had a defined and automated workflow in with GSA’s workflow.”

The first executive said they expect their transition to EIS to take two years in part because they expect the provisioning of services to take longer due to the complexity of the EIS contract’s approach using task orders.

Experts also say whenever the tsunami of solicitations come out, vendors and GSA alike likely will be overwhelmed.

“Some of industry struggled on Networx to put together quality packages. It was a little embarrassing. We knew we couldn’t call them out and tell them the bids were horrible, but they weren’t good,” said the second executive. “We want everyone bidding, but we may not get that as vendors will have to make hard choices on which opportunities they will cherry pick.”


Transportation, State, CIA experiencing change in CIO roles

Quietly, two agencies are making moves in their chief information officer shops.

The Transportation Department didn’t wait long to fill its vacant CIO role, hiring Ryan Cote without much fanfare. Cote, who started Feb. 4, came to DOT from Gartner where he was an executive partner.

Ryan Cote started as the Transportation Department’s CIO on Feb. 4.

He replaces Vicki Hildebrand, who left in December after just over a year on the job.

While Transportation filled its role quickly, the State Department hasn’t had a permanent CIO for more than 15 months, and now its acting CIO, Karen Mummaw, is retiring in April.

Sources confirm to Federal News Network that Mummaw announced her plans to leave in February.

State hasn’t had a permanent CIO since Frontis Wiggins retired in December 2017, and may not until the Senate confirms State’s undersecretary of management nominee, Brian Bulatao, who has been stuck in the nomination process since July.

Cote comes to Transportation after spending four years in the Marines and then his entire career in the private sector. He worked as the CIO and senior vice president of IT at iForce, a staffing and recruiting company, and for IBM as a senior practice consultant.

As the DOT CIO, Cote likely is picking up where Hildebrand left off in reshaping how the agency uses technology through the nine BHAGs—big, hairy, audacious goals—that focused on everything from cybersecurity to shrinking the IT footprint to implementing intelligent software.

DOT has a $3.7 billion IT budget, with 78 percent of all projects are on schedule and 68 percent are on budget, according to the federal IT dashboard.

Among his biggest challenges will be to continue the partnership with the modal organizations, particularly the Federal Aviation Administration.

Over at State, Mummaw caps a 31-year career at State where she spent her first 10 years as part of the Foreign Service working in technology and telecommunications roles at various embassies around the world and has spent the next 21 years working at both headquarters and overseas as an IT executive.

During her tenure, Mummaw helped led State’s continued transformation to the cloud. State has two main goals as part of its modernization plan: the centralization of back-office or commodity IT and consuming IT-as-a-service.

State still faces several challenges with its $2.2 billion IT budget, of which Mummaw’s office controls only about $725 million. The federal IT dashboard says 84 percent of State’s projects are on schedule, but only 52 percent are on budget. Additionally, State continues to recover from a recent breach of its unclassified email system.

CIA, NIST put out help wanted signs

The National Institute of Standards and Technology and the CIA also are looking for new CIOs. NIST posted a job opening on USAJobs.gov in late February. Resumes are due March 27.

The CIA announced its CIO, John Edwards, received a promotion to be the deputy chief operating officer. On March 19, the agency named Juliane Gallina, a former CIA officer currently at IBM, as its new CIO.

She will start April 1.

Gallina served as a naval officer with a specialization in cryptology and information warfare. In 2013, she retired from the Navy (Reserve) as a commander. Gallina graduated with honors from the U.S. Naval Academy in 1992. She graduated from the Naval Postgraduate School in 1998 with a Masters Degree in Space Systems. She earned a Masters Degree in Electrical Engineering from George Washington University in 2006

NextGov first reported the CIA’s hiring of Gallina.

Edwards has been the CIA CIO since March 2016 and served 14 years as a communications and technical operations officer within the Directorate of Science and Technology (DS&T) and five years serving as the chief of staff to the CIA’s executive director.

During his tenure, Edwards led the CIA’s move into the commercial cloud hosted by Amazon Web Services, and making it a part of the broader intelligence community IT modernization effort.

Additionally, he implemented what he has called a “franchise” model for IT where CIA offices must adhere to a strict set of standards and security requirements, but are able to operate their own IT infrastructures.

Among his long-term priorities, Edwards focused on mobility, interoperability, data management and ensuring capabilities at the edge.

Additionally, the Government Accountability Office is looking for a chief data scientist, the Agriculture Department’s Agriculture Research Service is looking for an assistant CIO to run its technology efforts, and Washington Headquarters Services in the Defense Department is seeking a new CIO.

Finally, Somer Smith is the new permanent chief of staff for Federal CIO Suzette Kent. She had been acting chief of staff since August.

Smith had been a performance analyst for the Office of Management and Budget since August 2017.

This also means OMB is hiring a new supervisory policy analyst.

“The position performs duties related to IT reform efforts, consistent with the Information Technology Oversight and Reform (ITOR) fund. Additionally, the incumbent will collaborate with agencies and policy teams in terms of the CIO Act, cyber policy initiatives, Evidence Based Policy and relevant executive orders,” the job listing states.


How a simple tweet opened frustration floodgates over security clearances

A single tweet on Thursday about something Rep. Will Hurd (R-Texas) said at the IBM ThinkGov event in Washington, D.C. created quite a bit of discussion and debate.

Hurd said he’d like to see the government be able to complete a security clearance in a week instead of six months or, in many cases, more than a year.

 

“Why does it take 10 months? Does talking to my neighbor who lived next to me 10 years ago have a better idea of me versus what I’ve clicked on over the past few weeks?” Hurd asked. “Why are we doing security clearances the same way as we did 100 years ago? We should be able to do a security clearance in one week. If you do that, you must make sure people [they’re] collaborating with in the private sector have the ability to share information.”

That single comment and ensuing tweet opened a torrent of frustration about the security clearance process that, while the feelings aren’t new, contractors and agencies seem to be getting less patient with the government’s efforts.

Rep. Will Hurd, R-Texas, wants to test out an approach to see if a federal employee can get a security clearance in a week. (AP Photo/Pablo Martinez Monsivais)

It’s not like the last three administrations haven’t recognized this problem, trying an assortment of approaches. The most recent statistics show progress against the backlog, which is a good sign, but far from a fix.

The National Background Investigations Bureau said the number of pending investigative matters stands at 542,000, down from 725,000 a year ago.

The Trump administration is transferring the NBIB to the Defense Security Service any day now, an executive order has been stuck in the ubiquitous “soon” of government talk for what seems like six months.

At the same time, agencies from the Air Force to the Office of the Director for National Intelligence to the Defense Information Systems Agency are testing new approaches or fixing the technology to accelerate the security clearance process but not lose any rigor.

The Air Force, for example, worked with the NBIB to establish temporary centralized interview hubs at 11 key locations where there is a high concentration of investigator case work and the mission in those areas needs immediate relief. Hubs are areas where security clearance interviews can take place without requiring someone to go to Washington to be vetted.

ODNI started to use a continuous evaluation approach in 2017 to supplement and enhance the current process, but not replace it.

While these two examples show change is possible, Hurd wants to transform the security clearance process even more quickly.

“I’ve had some conversations with smart people in the government about whether we can do a pilot project to try to streamline this process, and do it alongside people who already are getting their clearances to see if we can make it work,” Hurd, who became member of the Intelligence committee this session, said in an interview after his speech. “When I look at my initiative on the cyber national guard, one of the things that is getting in the way is the security clearance process.”

Hurd said the arduous clearance process impacts many of the issues he works on, which is why the he asked whether a week to get a security clearance is possible.

“My goal and my time will be spent on going out there to figure out a test case to do this and let’s introduce this,” he said.

Public, transparent standards needed

Hurd’s comments came as two other initiatives — one on Capitol Hill and the other from the Defense Department — kicked off to put more focus on security clearances.

Sens. Mark Warner (D-Va.) and Susan Collins (R-Maine) introduced the Integrity in Security Clearance Determinations Act to “ensure that the security clearance process is fair, objective, transparent, and accountable by requiring decisions to grant, deny or revoke clearances to be based on published criteria. It explicitly prohibits the executive branch from revoking security clearances based on the exercise of constitutional rights, such as the right to freely express political views, or for purposes of political retaliation. It also bans agencies from using security clearances to punish whistleblowers or discriminate on the basis of sex, gender, religion, age, handicap, or national origin.”

Warner and Collins said the bill also lets federal employees appeal decisions to deny or revoke a security clearance, and requires agencies to be more accountable and transparent about the results of those appeals.

Finally, the bill would apply more rigor and accountability of to the process to prevent abuses.

“The security clearance system is critical to protecting our country from harm and safeguarding access to our secrets. Americans should have the utmost confidence in the integrity of the security clearance process,” Collins said in a press release. “This bipartisan bill would make the current system more fair and transparent by ensuring that decisions to grant, deny or revoke clearances are based solely on established adjudicative guidelines.”

A major reason why Collins and Warner introduced this bill can be traced back to the Trump administration’s handling of security clearances for the president’s son-in-law Jared Kushner as well as the administration’s decision to withdraw security clearances from former intelligence officials over political disagreements.

But if you take a step back from the big “p” politics of the bill, the move to continuous evaluation or using social media and other public information as part of the basis for a decision requires more transparency and accountability in the process.

And the need for transparency leads us to the second initiative around security clearances from last week. The Defense Digital Service released a request for white papers to collect ideas to develop a prototype for automated background and reviews.

DDS wants help transforming the process

“The Defense Digital Service (DDS), in coordination with OUSD(I), will direct the creation of a prototype system that successfully collects a subject’s information, executes a background investigation (with automated and manual parts), and records an adjudication decision,” the request states. “This prototype will require integration with a wide variety of U.S. government and commercial databases to verify the subject’s identity and background information. Development of the prototype will be rapid and agile in nature, fielding new functionality to users for feedback every two weeks.”

Questions are due March 19 and white papers are due March 26.

DDS said it eventually will award a nine-month contract worth no more than $5 million to a vendor to build the prototype system.

The DDS efforts come as DISA has been modernizing the current online background investigation form for the last nine months and has been working on new technology to support the security clearance process since 2016. DISA recently transferred the technology infrastructure and employees to the Defense Security Service in early March as part of the consolidation effort.

With all this attention, the administration must not only make progress, but communicate how the security clearance process is improving while not losing any rigor. The opaqueness of NBIB’s efforts over the last year — aside from a recent update from ODNI’s Bill Evanina — has undoubtedly led to the frustration we saw when Hurd’s comments were spread to a broader audience.


How two efforts are trying to improve feds’ skills

The Trump administration’s initiative to reskill and retrain federal workers is picking up steam.

Federal Chief Information Officers Suzette Kent announced last week that the Federal Cyber Reskilling Academy received more than 1,500 applications, of which half of the employees were GS-5 to GS-11s.

Kent launched the academy in November to address the shortage of cybersecurity expertise across government through hands-on training. The first class is expected to hold 25 people who will be given a “cyber essentials” course, followed by four weeks of “follow-on learning, exercises and exams” over a four-month period.

At the same time, the Defense HR Activity issued a RFI for industry and other experts to submit white papers around six topics:

  • An approach to talent acquisition, talent development, talent analytics and talent management.
  • Describing software/technologies used to support talent acquisition, talent development, talent analytics and talent management.
  • Using advance technologies such as machine learning, artificial intelligence, simulations, virtual advisors, interactive autonomous programs, mobile applications and gaming.
  • Addressing Federal Risk Authorization and Management Program (FedRAMP) certifications, federal cloud computing, security and interoperability with existing federal IT systems.
  • Approaches to career pathing, competency identification and management, job roles, progression models and management, workforce and succession management, position management, performance management.
  • Providing operations and maintenance for software, mitigation and contingency operations.

“The key area of focus for this requirement is to gather information on industry best practices in the talent management and talent development arena and explore the new and future technology to support competency gap identification, employee re-skilling and agile workforce career management, while enacting best practices to elevate employee experience and engagement,” the RFI states.

Responses are due March 15.

The Defense HR Activity may be a part of the Trump administration’s broader effort to modernize the workforce, which is a key cross-agency priority goal under the President’s Management Agenda.

In December, the cross-agency goal leaders reported “OMB and the Office of Personnel Management are working with agencies to analyze workforce data and develop reskilling plans and test methods to reskill and redeploy existing federal talent. Interactive tools to assist executives, managers and employees are currently under development including a reshaping playbook, a reskilling toolkit and video vignettes featuring agency successful practices.”

Source: Performance.gov December 2018 report.

Additionally, the goal leaders say agencies want better technology and automation tools to make career paths easier to understand for employees.

“Respondents noted that career paths have the potential to yield improved outcomes in recruitment, retention, succession planning, talent development and reskilling. An industry day is planned for January 2019 to engage leading private sector career-pathing providers to explore how to better serve agency and employee needs, preferably through an enterprise service available to all agencies,” the goal leaders write.

Additionally, the National Science Foundation launched a reskilling challenge soliciting prototypes that NSF — and later all of government — can use to match existing federal employees and their skills to other kinds of work.

Public and private sector experts say agencies can move thousands of people out of low-value work and use automation to make up for that work.

OMB estimated in 2018 that about five percent of all federal occupations could be automated entirely, while 60 percent of all occupations could have at least 30 percent of their work automated. Overall, OMB says 45 percent of all “total work activities” could be automated.

Deloitte’s Center for Government Insights found government has the potential to free up anywhere from 266 million hours to 1.1 billion hours a year by retraining employees and using automation.

The appetite and potential for federal employees to move into new fields, whether it’s cybersecurity, data science or many of the other emerging occupations is real. The administration shouldn’t waste this opportunity because of big “P” politics and reach out to House lawmakers and employee union officials. The reality is change is happening, it’s just a matter of how quickly it can come and if OMB and OPM aren’t inclusive and strategic about all of this potentially impactful and needed work, agencies either will be stuck manually inputting data into Excel spreadsheets or they will make change on their own, which tends miss the important point of moving everyone forward together.


DHS continues a trend in IT contracting by no longer managing its own

The Homeland Security Department spends billions of dollars a year on technology products and services, and for much of the past 14 years through its EAGLE and FirstSource vehicles.

While Soraya Correa, DHS’ chief procurement officer, signaled a change in approach for the third version of EAGLE late last year, a new procurement notice details DHS’s plans.

“DHS spent several months collaborating across the information technology and procurement communities in identifying DHS’s IT priorities, evaluating the IT services requirements needed to support those priorities, and in establishing an overarching acquisition strategy that enables continued mission success,” Correa writes in a Feb. 27 notice. “EAGLE I and II have served their purpose. The department will not pursue a re-competition of EAGLE II. DHS will, however, continue to utilize EAGLE II until the expiration of its period of performance.”

Instead of version three of EAGLE, Correa said DHS will call its next step “EAGLE Next Gen,” where it will create a portfolio of DHS IT services contract vehicles with specialized, targeted scope in conjunction with balancing the use of existing governmentwide acquisition contracts (GWACs).

Correa said those GWACs include the General Services Administration’s Alliant 2, Alliant 2 Small Business, 8(a) STARS II and VETS 2, as well as the National Institutes of Health’s CIO-SP3 and CIO-SP3 Small Business.

Additionally, DHS plans to establish “a phased approach, DHS-specific contract which could include agile, cloud services, data center optimization, independent verification and validation and systems integration services.”

At the same time, Correa said DHS will decide by the end of March what the future holds for the FirstSource, IT products multiple award contract.

On the surface, the decision by DHS to move away from a duplicative indefinite delivery, indefinite quantity, multiple award IT services contract is a good thing. This is especially true given that GSA specifically designed Alliant 2 to be flexible enough to address current, emerging and future technologies and IT processes.

Contract duplication has long been a concern for the Office of Federal Procurement Policy. Two of the past three OFPP administrators attempted to address this issue, going as far as requiring a business case for any new multiple award contract worth more than $50 million over the life of the deal. The Obama administration also seemed to make some progress as Bloomberg Government found in 2017 that the number of MACs dropped by about 200 from 2012 to 2016.

More recently, OMB has pressed agencies to use governmentwide contracts designated “best-in-class” at GSA, NIH and NASA, and stop developing or renewing their own—we can save a discussion about what “best-in-class” really means for another time. The FBI, the Air Force and now DHS has committed to using GSA schedules or other vehicles.

But at the same time, Correa’s comments about creating DHS-specific contracts for what seems to be commodity IT services is disconcerting.

It will be interesting to see why Correa believes DHS needs its own contracts for things like agile, cloud and systems integration services. These services rely on the same basic concepts whether your agency’s mission is law enforcement, immigration or agriculture so the reason for DHS not to use these GWACs, GSA’s schedules, or other similar MACs from NASA and NIH should be telling about whether the message from the Office of Management and Budget about reducing duplication and taking advantage of the government’s size is truly getting through, or is DHS just pulling the wool over the federal market’s eyes?


Are escape rooms for cyber education a new trend in government?

The Federal Housing Finance Agency has faced six audit reports from its inspector general since 2015 highlighting a host of challenges ranging from governance to business functions to supervisory activities related to risk.

Basically, FHFA, which oversees Fannie Mae, Freddie Mac and the federal home loan bank system, has many of the same problems protecting its systems and data like most of its federal brethren.

This is why FHFA’s recent contract notice detailing a potential award to a small women-owned business stands out. FHFA says it plans to hire Living Security, Inc. to “design, build, and operate a customized hands-on two day cybersecurity-themed escape room training on-site at [FHFA’s] headquarters” in Washington, D.C.

FHFA issued a intent to sole source to Living Security, but industry has until March 7 to respond and make the agency aware their similar capabilities before it finalizes the award.

That’s a pretty innovative approach to training employees at all levels how to deal with cybersecurity challenges, which impact nearly everything every agency does.

Living Security’s website describes its escape room as an “intelligence-driven security awareness training platform that leverages gamified learning to make cybersecurity training fun and effective.”

The Smallwood, Texas-based company said the game creates storylines and teaches lessons in security, safety and online privacy.

Under the four-month deal — a total cost figure wasn’t provided — Living Security will create an escape room that is customized to the FHFA’s IT and security policies, according to the sole-source notice. There isn’t a whole lot of other details about what the room will look like or what the challenges will address.

But if you’ve ever participated in an escape room with friends, your kids or through team building, you probably can see potential for cybersecurity. But for those of you who may not be familiar, the escape room concept is innovative because it teaches several important traits needed to address cyber challenges: Team building, critical thinking and problem solving.

FHFA not the only one

There are a handful of other federal cyber companies offering similar experiences. The Thales Group offers a “mobile box” that is a 10-minute experience that uses clues, hints and strategy to help participants complete the puzzle.

The SANS Institute also offers a similar experience to reinforce and teach cybersecurity best practices and principles.

“In many ways, a well designed escape room can represent an attack kill-chain and poor defense-in-depth. Each puzzle represents a vulnerability that the participant is exploiting, and if best practices were followed, the puzzle could not have been solved,” SANS wrote in an online presentation about its escape room concept.

This concept also is gaining some momentum in other areas of government. A team from the Washington State Department of Revenue won a statewide contest last November.

“The Office of Cybersecurity’s escape room challenged players to solve a variety of high-tech and low-tech puzzles to uncover clues needed to access information on a laptop,” the office wrote in a press release. “The purpose of the competition was to heighten awareness about common bad practices many people fall into when it comes to securing their digital information.”

This type of approach to cybersecurity training just makes sense given the ever-increasing need to keep employees engaged and familiar with the latest cybersecurity threats. And maybe even more important, typical cyber training at your desk through webinars or through half-day classes are boring and too often tuned out by employees.

Kudos to the FHFA for trying something different to not only fix long-standing cyber challenges, but also for finding a way to hopefully get employees to remember why  cybersecurity matters and how to protect themselves and their agency.


Exclusive

FBI, DoD IG conducting preliminary investigation into JEDI, procurements

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Defense Department inspector general and the FBI have launched a preliminary investigation into the DoD’s $10 billion Joint Enterprise Defense Infrastructure (JEDI) program and the Washington Headquarters Services’ role in this and other acquisitions.

A source confirmed to Federal News Network that they have met with the DoD IG and the FBI’s Public Corruption Squad recently to discuss a host of issues around DoD procurement.

The source, who requested anonymity in order to discuss an ongoing law enforcement matter, said the discussion centered on times and dates of meetings, and the Cloud Executive Steering Group and its role in drafting the solicitation for JEDI.

The source said the DoD IG and FBI also asked about relationships of contractors and government personnel as it relates to JEDI and other procurements.

Neither the DoD IG nor the FBI would confirm or deny the existence of an investigation.

While there are several unanswered questions about what the FBI and DoD IG are looking into, a former FBI agent and lawyers not associated with JEDI or the DoD cloud efforts — but familiar with how IG and FBI investigations typically work — said it’s not unusual for these two investigative organizations to work together on a case.

“Often when it comes to government contracting investigations, the FBI will not take over the case, and they often will enlist other people who are experts,” said Thomas Baker, a retired FBI special agent who worked in a variety of investigative and management positions at the bureau.

But if the FBI is involved in interviews on any topic, the experts say it implies there potentially is some sort of wrongdoing involving DoD civilian personnel and/or DoD procurement procedures.

“The FBI and the DOD IG are both very talented and professional law enforcement agencies, who each have overlapping legal authority to investigate matters. The two agencies have learned how to avoid stepping on each other’s turf, and to ‘work’ matters jointly when appropriate. There may be an aspect of any case that is important to the FBI, which most often takes investigation of public corruption cases, although that may not be the case here, and the DoD IG which has expertise on government procurement matters,” said Stephen Ryan, a former general counsel to the Senate Committee on Governmental Affairs, a former assistant U.S. attorney and now a partner with McDermott Will & Emery. “One may be focusing on a part of an investigation while the other maybe focused on another issue, but it makes sense to collaborate.”

Additionally, experts say the DoD IG is one of the most well-resourced, well-trained units across the government, meaning they typically don’t need the FBI’s help. And if the FBI is involved, agents aren’t just participating because they don’t have better things to do.

Experts say if the FBI is involved in a case like JEDI or more broadly around potential public corruption, they are looking at any sort of crime that falls under 18 U.S. Code, 201, the federal bribery statute, and other similar statutes that cover unlawful acts by public officials.

Ryan stated that if it is established that both the DoD IG and the FBI are working together on any matter, one cannot infer the case has greater weight or importance legally until there is a court filing or other lawful public disclosure of the matter.

And Baker added that many times the FBI looks into something and finds there isn’t enough evidence for it to be a criminal matter and administratively closes the case. He said the FBI could very easily be at the beginning of an inquiry where they are just gathering information.

The fact that the DoD IG is looking at JEDI, however, isn’t surprising. Reps. Steve Womack (R-Ark.) and Tom Cole (R-Okla.) asked the agency to dig into the much anticipated and highly controversial contract in October. The House Appropriations Subcommittee on Defense members said they were most concerned that JEDI restricted competition.

Womack’s spokeswoman told Federal News Network that the DoD IG hasn’t given the lawmaker “an official response in writing yet.” Emails to Cole’s office seeking comment were not returned.

DoD has been under heavy scrutiny for much of the past 18 months as it developed its plan and solicitation for JEDI.

Since the release of the request for proposals last summer, industry has turned up the pressure with multiple bid protests, first to the Government Accountability Office and now to the Court of Federal Claims.

The news of the preliminary investigation comes as DoD announced its own investigation into a possible conflict of interest that compromised the procurement.

What is surprising, however, is the FBI’s involvement. Several industry and Hill sources expressed outward surprise when told of the bureau’s interest. One Hill staff member chuckled out-loud, as if to say “it figures” rather than to express glee or shock.

While it’s difficult to know exactly what the FBI and DoD IG are working on, it’s clear there is enough concern to warrant them asking questions and digging into the details. No matter what comes from this, it’s just another factor that will impact JEDI and DoD’s plans in the near term.


The end is near for the worst website in government?

Just two weeks after calling FedBizOpps.gov the WORST WEBSITE in GOVERNMENT, there is a light at the end of the tunnel.

The General Services Administration quietly let those who were paying attention know that the new FBO.gov will migrate to beta.SAM.gov late in calendar year 2019.

Source: GSA IAE website

In the first quarter 2019 Integrated Acquisition Environment (IAE) digest released last week, GSA’s Vicky Niblett, the deputy assistant commissioner for IAE in the Federal Acquisition Service, wrote, “We’ll be unveiling our newest roadmap and schedule in the second quarter, but we already know that [Wage Determinations Online] WDOL.gov will be the next IAE system to transition into beta.SAM.gov. After that will be FBO.gov, probably sometime in late 2019.”

Wait, that means we have to put up with the 15-year-old site that’s stuck in the 1990s for only a few more months?

Let’s not put the champagne on ice quite yet, but you know I’m ready to celebrate.

Now after expressing my continued frustration with FBO.gov, a former FAS systems guy tweeted at me reminding that maybe I should use the beta.SAM.gov site.

That’s a fine idea, so over the next few weeks, I will commit to testing out the new site – just like I used FBO.gov – and will report back with an analysis.

In the meantime, Niblett said GSA also will make other changes to beta.SAM.gov, including adding login.gov to the registration process and implementing ‘federal hierarchy,’ which is an internal process through which appropriate roles can be assigned to federal government workers.

In related news, GSA announced that IBM would continue to provide maintenance and migration support for the SAM.gov effort.

The agency awarded IBM a sole source contact worth $24 million over the next four years.

GSA awarded IBM the initial contract in 2010 and experienced some initial challenges with the program. But GSA says in its sole source justification that IBM has delivered good performance.

“During IBM’s eight years of performance on the SAM-AOCS contract, they have gained substantial knowledge of IAE systems. They have repeatedly delivered good performance and have improved over time,” GSA states in the justification. “IBM has gained the most technical knowledge of IAE systems among any source in the marketplace. Additionally, the SAM legacy systems are at the end of their product life and are scheduled to be retired and their functions transferred to the GSA cloud business platform over the next one-to-three years. The timing will depend on funding, completion of new system modules and applications, and the number of hurdles encountered during transition to the new information technology platform. It is considered impractical and risky to have a new contractor step in at this phase of the work, which is in the final steps of a 10-year project. For reasons of continuity during completion of the work, it would not be advantageous to the Government to solicit a new full and open RFP.”

Read more of the Reporter’s Notebook


In the move to the cloud, FBI hangs out the ‘innovations wanted’ sign

Innovation is one of those overused words in the federal sector. Every agency wants innovation. Every vendor says what they do is innovative.

So what makes a program or initiative innovative? Like the Supreme Court famously said about something else, “you know it when you see it.”

That’s the case with the FBI’s new Innovation Council.

Jeremy Wiltz, the FBI’s assistant director IT enterprise services division, said the council, which is just getting started, will bring together a diverse set of people, both those who have been at the bureau for a long time and newer employees, to generate ideas and focus areas.

“I have IT specialists that support tier one, that support desktops and visit customers. In our headquarters building with 11 floors and people going all over the place, we came up with an idea of a solutions center. We kind of tried to make it like an Apple store where people come to us in a central location in the building and get service,” Wiltz said at a recent AFCEA Bethesda event. “I had a couple of folks who were instrumental in making this very successful. One of them came to me and asked ‘how do we do more of this?’ And he said, ‘there are more of us like me.’ So I said, let’s come up with this idea of an innovation council.”

He said the goal of the council is to encourage employees to come up with ideas to improve processes and procedures and have a place to go where someone will assuredly listen to them.

“I want to hear from them and be able to say, ‘is that a tasking you can take?’ I don’t want to derail or circumvent their management so they will have to take this on as additional duty,” he said. “But it’s very rare to find those kinds of people who came to me. If I ignore this, I’m ignoring a whole set of people who are motivated to do things and not just sit around and wait for things to happen.”

One obvious idea the council may work on is franchising the solutions center concept to other FBI offices at Quantico or regionally.

“Franchising in the government, who’s talking about that? That, in and of itself, is an innovative idea. That wouldn’t have come about if these people weren’t motivated themselves and willing to approach me,” he said. “So having that kind of courage, I thought I have to take hold of that. I can’t wait to see where it goes.”

Wiltz offered an update to the council last week. He said the innovation council continues to come together.

“The individuals leading the effort are currently working behind the scenes to ensure alignment on mission, vision and goals prior to establishing a formal charter,” he said in an email to Federal News Network. “The innovation council will be composed of a diverse cadre of employees, working in the field and at headquarters across a variety of roles (IT and non-IT). Participants will share an interest in leveraging innovation solutions to make the FBI more efficient. Topics and priorities are still to be determined but one of the primary focus areas will be improving customer service.”

Giving employees a real voice in change

What makes the FBI innovation council so “innovative” is the simple fact that they are listening to the employees on the ground. Too often agencies want innovation to come from outside the agency, like the Defense Department’s Innovation Board. The DIB is made up of well-known technology industry experts like Eric Schmidt, founder of Google, and professors from Duke University, the California Institute of Technology and Carnegie Mellon University, who are helping the Pentagon take on enterprisewide issues.

Other efforts such as the Obama administration’s SAVE awards petered out after several years, and it’s unclear if any of the ideas that emerged from the frontline employees were ever fully implemented.

Michael Giuffrida, the CEO of Acendre, said engaging employees and giving them a real voice to drive change is much easier said than done.

“There are a lot of organizations out there where they give employees the opportunity to be heard through things like pulse surveys or in other ways. But how do you take that feedback and act on it?” Giuffrida said. “It’s important for employees to see the change that comes from their ideas. If they don’t see that change that’s where these efforts fail. It’s all about how you turn ideas into action and close the feedback process. That is where you see positive outcomes of engagement.”

Giuffrida said employee engagement “fits hand-in-glove” with increasing productivity and mission success.

“[From] the metrics we look at – on average – people are losing $9,000 per employee a year due to a lack of engagement in terms of productivity. If you have 100,000 employees, that’s a lot of money,” he said. “So if you can move the needle 10 percent-to-20 percent, that’s a lot. It’s important and getting mission critical especially when we are all fighting all the dynamics in the federal space.”

Giuffrida added that the dynamics include budget uncertainty, shutdowns and the arduous hiring process, all of which make it more difficult to bring innovative approaches into government.

Not if, but when apps move to the cloud

And this brings us back to the FBI’s innovation council.

Wiltz said new ideas and approaches become more important as the FBI moves more apps to the cloud.

“I see going into the cloud as a force multiplier. You have Amazon, Microsoft, Google’s security operations center on top of your SoC and their layers of security on top of your layers of security,” Wiltz said. “My boss has put out a vision, a toolbox of the future. We are beginning to plant it in the minds of people who don’t think the way we think or don’t think about moving toward mobility. We are starting to plant those seeds.”

And what better way for those seeds to grow and prosper than by seeking the input and backing of the people who are going to reap the harvest.

Read more of the Reporter’s Notebook


Cyber gushes from 2019 spending bill, if you know where to drill

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

When you dive into the fiscal 2019 budget sometimes you need a miner’s hat, and sometimes you need to be an oil driller.

Where a miner must go underground and chip away at rock to find the IT “gold,” a driller just has to know where to start.

That is the case with cybersecurity in the 2019 budget — hitting just the right spot brings a gusher of black cyber gold.

The best place for drilling is in the Department of Homeland Security’s section where the Cyber and Infrastructure Security Agency (CISA) now lives.

In this region of DHS, lawmakers allocated CISA $322.8 million for “procurement, construction, and improvements.”

To get the oil out of that field, you have to start boring some holes, first in the continuous diagnostics and mitigation (CDM) program. CDM received two funding allocations: The first is for deployment of capabilities where DHS received a total of $115.8 million, which is $3.7 million more than the Trump administration requested and $13 million more than CDM received in 2018.

But that’s a minor gusher compared to the money DHS received for the procurement of tools. Congress allocated $160 million for DHS to buy agencies new tools under CDM, which is $34.4 million more than the White House requested, but almost $87 million less than what the program received in 2018.

Now with Congress acting as the investors in this CDM Spindletop-of-sorts, they want updates on how DHS is pumping out their profits.

“CISA is directed to provide a briefing, not later than 90 days of the date of enactment of this act and semiannually thereafter, on the updated timelines and acquisition strategies for the National Cybersecurity Protection System (NCPS) program and the Continuous Diagnostics and Mitigation (CDM) program, including the accelerated deployment of CDM Phase 4 data protection management (digital rights management, data masking, micro-segmentation, enhanced encryption, mobile device management, etc.) across all ‘.gov’ civilian agencies,” the omnibus spending bill states.

While the CDM field continues to flow millions of gallons of oil, the NCPS program, which includes the Einstein intrusion and prevention tools, is starting to dry up for tool procurement.

Lawmakers allocated $96 million in total funding for this year, down from $115 million last year and $5 million less than what the administration requested.

“A reduction of $15 million to the NCPS acquisition program is included due to contract delays,” lawmakers write.

But at the same time, lawmakers increased NCPS funding to $297 million for deployment of NCPS tools, up $10 million over 2018 and about $600,000 more than the administration requested.

The third piece of the federal cybersecurity funding came to the Federal Network Resilience group at DHS. It received $50.1 million for 2019, which is $7.3 million more than in 2018 and slightly over the administration’s request.

Lawmakers also told DHS to redirect some of their extra funds for “facility construction, expansion and renovations necessary to support CISA’s growing cybersecurity workforce; expanding operations, laboratory, and logistics support activities; and Continuity of Operations functions at the agency’s existing support facility. In fiscal year 2018, $500,000 was appropriated for facility design purposes.”

The DHS oil fields are well known for their gushers, but the 2019 spending bill also had some lesser known fields for some deeper drilling.

Supply chain risks continue for CJS bill

In the Commerce, Justice and State bill, lawmakers reemphasized supply chain risk management.

Legislators told those agencies, including NASA and the National Science Foundation, they can’t buy any technology for high or moderate impact systems unless:

  • They have reviewed the supply chain risk for the information systems against criteria developed by the National Institute of Standards and Technology and the Federal Bureau of Investigation (FBI) to inform acquisition decisions;
  • They have reviewed the supply chain risk from the presumptive awardee against available and relevant threat information provided by the FBI and other appropriate agencies; and
  • They have consulted the FBI or other appropriate federal entity, conducted an assessment of any risk of cyber-espionage or sabotage associated with the acquisition of such system, including any risk associated with such system being produced, manufactured, or assembled by one or more entities identified by the United States government as posting a cyber threat, including but not limited to, those that may be owned, directed or subsidized by the People’s Republic of China, the Islamic Republic of Iran, the Democratic People’s Republic of Korea, or the Russian Federation.

Additionally, lawmakers say these agencies must not buy technology for high or moderate risk systems unless the agency has “developed, in consultation with NIST, the FBI, and supply chain risk management experts, a mitigation strategy for any identified risks; determined, in consultation with NIST and the FBI, that the acquisition of such system is in the national interest of the United States; and reported that determination to the Committees on Appropriations of the House of Representatives and the Senate and the agency Inspector General.”

These provisions follow a long history of concerns at these agencies over supply chain risks. In 2014, former Rep. Frank Wolf (R-Va.), added a similar provision in that year’s spending bill.

Treasury, Transportation get cyber funds

Two other regions ripe for bringing in rigs for drilling is in the Treasury and Transportation sections of the bill.

First, the Treasury Department received $25.2 million for enhanced cybersecurity services and personnel. Lawmakers instructed Treasury’s bureaus to send the agency’s chief information officer a spending plan for approval.

In the Transportation Department sector, you had to drill a little deeper to find $15 million in cyber oil.

Lawmakers told Transportation to use the money for “necessary expenses for cybersecurity initiatives, including necessary upgrades to wide area network and information technology infrastructure, improvement of network perimeter controls and identity management, testing and assessment of information technology against business, security and other requirements, implementation of federal cybersecurity initiatives and information infrastructure enhancements, and implementation of enhanced security controls on network devices.”

This is, by far, not a comprehensive review of all things cyber in the spending bill. Congress also allotted quite a bit of cyber money for election security, critical infrastructure protections and research and development. But the cyber spending highlighted above are what will impact agency security postures in real and immediate ways.

Read more of the Reporter’s Notebook


« Older Entries