The continuous diagnostics and mitigation (CDM) program isn’t working as planned. The decision to use a blanket purchase agreement approach for the assorted cybersecurity tools and services isn’t flexible enough, doesn’t take into account longer-term agency operations and maintenance needs, and pre-pricing tools and services up-front adds a level of complexity to the program that was unexpected.

That is why the Homeland Security Department and the General Services Administration already are plotting the program’s future with two more years left on the contract.

GSA awarded the original five-year contract in August 2013 to 17 companies with a $6 billion ceiling.

Jim Piché, a group manager at GSA’s FEDSIM office, which oversees the CDM program, said the BPA’s stumbling points are heavily influencing the future of the program.

“The big piece we’ve learned is to have the flexibility of buying the products. Even though we are asking the agencies to specify what their networks look like, and we are asking the offerors to specify a solution that is firm fixed price, we understand the analysis will not be there until they get through the first part of the delivery of the task order where they do that discovery and true-up of what’s really going to be required,” he said after speaking at a conference on CDM sponsored by 1105 Government Information Group. “So having that flexibility in the task order,  [we are] able to purchase that additional product and buy those additional services to install that product has been really important to making the task orders useful and viable in the near term.”

DHS and GSA are working with the Office of Management and Budget and others to figure out how best to position the CDM program for the future without the challenges of the current BPA.

(more…)

NASA made a $447.8 million award to SAIC in January to run one of the follow-on contracts under its I3P umbrella program. SAIC will continue to hold the Enterprise Applications Services Technologies 2 (EAST) contract. The company won the initial deal in 2010 under a 5-year, $321 million contract.

What’s most interesting about this award isn’t the fact SAIC won, or the fact that NASA’s decision survived a protest by CACI. The Government Accountability Office denied CACI’s protest in late April.

What really stands out about this entire process is NASA’s decision to release on FedBizOpps.gov its source selection document.

The 16-pager details NASA’s entire evaluation process for both bidders — SAIC and CACI. It outlines the strengths of each company’s proposal and why SAIC and CACI earned the evaluation scores they did.

Several long-time government contracting attorneys were shocked NASA would release such a document publicly.

“Generally, the source selection document is protected from disclosure from the Freedom of Information Act, but the agency can still decide to release it,” said Bill Shook, a long-time government contracts attorney. “This type of source selection document is one that I have seen hundreds of times, but always under a protective order.”

Tony Franco, a senior partner with PilieroMazza law firm, said seeing an unredacted version of this document is highly unusual.

(more…)

The Office of Management and Budget has been promising for the last 18 months to change the way agencies measure and mitigate risk.

Whether in policy or through the update of Circular A-123, OMB has been working to require agencies to take an enterprise approach to risk management.

Well, within the next four-to-six weeks, we should get a look at what managing enterprise risk will look like across government.

Dave Mader, OMB controller, said May 13 at the CFO-CIO Summit sponsored by the Association of Government Accountants and AFFIRM in Washington, that the update to A-123 will come out by the end of June.

“We are introducing a new chapter requiring every CFO Act agency to implement over the next year an enterprise risk management (ERM) program,” Mader said. “When the circular comes out in the next month or so, the thing that will be interesting is ERM will not be the responsibility of the CFO. We talked with a group of assistant secretaries for management recently and they asked us not to tag the CIO or the CFO to own ERM. So the way we are describing it and implementing it is this is a C-suite responsibility and it should be embedded in how the department runs on a day-to-day basis. It needs to be owned by the leadership across the department.”

Mader offered me a clarification after his presentation on what he meant that it has to be owned by the C-suite.

(more…)

The Defense Department continues to deny any systemic problem with using lowest-price technically acceptable (LPTA) too much for contracts. But there is a growing body of evidence where perception is overshadowing reality, therefore making LPTA a serious problem.

Two recent examples show just how much work DoD must do to either change the opinion of industry and therefore Capitol Hill, or actually educate its workforce to stop using this approach inappropriately.

The first case study is the ENCORE III IT services contract. Two vendors, Booz Allen Hamilton and CACI, submitted pre-award bid protests to the Government Accountability Office.

The second example is new legislation coming from Sens. Mark Warner (D-Va.) and Mike Rounds (R-S.D.). The two members of the Senate Armed Services Committee introduced the Promoting Value Based Defense Procurement Act of 2016 (S.2826) to limit the use of LPTA, especially in IT procurements.

(more…)

The Department of Housing and Urban Development is spending as much as 95 percent of its $342 million IT budget on legacy systems.

The Homeland Security Department, with its $6.2 billion technology spend in fiscal 2016, wasn’t much better just a few years ago. It was spending 80 percent of the department’s IT budget on legacy systems, including 48 percent on what technology executives considered commodity legacy systems that could be transitioned to shared or enterprise services.

DHS and HUD are two examples why the Office of Management and Budget is pushing for Congress to approve its proposal for the $3.1 billion IT Modernization Fund.

While lawmaker acceptance of the ITMF is unclear, HUD and DHS aren’t waiting around either.

Susan Schuback, HUD’s deputy chief information officer, said the implementation of a portfolio management approach is swinging the pendulum the other way on legacy IT spending.

(more…)

The Obama administration fashioned itself as the “big data” White House almost from the beginning. Looking back at the litany of initiatives, starting with Data.gov, to the $200 million proposed investment in big data projects in 2012, to the naming of the first federal chief data scientist, the White House deeply enjoys talking about the real and potential impact data can have on the government and society at-large.

While there is plenty of reason to question the administration’s self-proclaimed desire to “unleash the power of data” — many will say the only data the White House wants to make public is the self-congratulatory type or the fact that Data.gov hasn’t lived up to its billing — the latest White House report on big data is a better example of the true power of open data. and worth reading.

“What stands out to me in this particular report is how important it is to think about the ethical implications of both data collection and algorithm design,” said Nick Sinai, a former deputy chief technology officer at the White House during the Obama administration, and now an adjunct lecturer in public policy at the Harvard Kennedy School and a venturepPartner at Insight Venture Partners. “Whether it’s hiring, college admissions, or credit decisions, we need to make sure the use of big data technology starts with principles of ‘equal opportunity by design.’ In criminal justice, for example, we’ve seen what happens when data inputs reflect racial bias in building predictive algorithms — and thereby perpetuate discriminatory outcomes in pretrial release, sentencing, and parole decisions.”

Sinai’s comments highlight a growing understanding of the power of big data outside the usual communities.

(more…)

A constant stream of industry pundits and Capitol Hill overseers are calling for evidence of the impact of the Federal IT Acquisition Reform Act (FITARA).

Is it working? Are federal chief information officers taking/being given a real “seat at the table?” Why haven’t the departments of Energy and Labor finished their implementation plans yet?

Too often these and other questions don’t have a direct answer.

But if you listen closely enough to what CIOs are saying, you can see just how FITARA is taking root.

Let’s start with the Commerce Department, where CIO Steve Cooper has to manage two big-dog bureaus: Census and Patent and Trademark Office.

Both have huge budgets: PTO requested almost $600 million in fiscal 2017 for IT alone, and Census requested $1.6 billion, including $778 million for the decennial count, which includes a host of IT initiatives.

Understanding the risk and concerns about the 2020 count, Cooper is working with Census technology executives in a way that’s different than what past CIOs did.

And whether he or anyone admits it, the reason is two-fold: FITARA and, more importantly, the intense scrutiny on the 10-year event.

(more…)

The Office of Federal Procurement Policy is trying really hard to educate agencies and vendors alike about what exactly category management really is.

As Anne Rung, the OFPP administrator, said April 28 at the Coalition for Government Procurement spring conference, “Category management is one of the most significant reform efforts underway in the federal contracting space. What I like about category management is it’s really driven around what are the business needs of the agency and customers, and our category leads are really CEOs, really thinking about how to help agencies meet their mission needs rather than ‘can I make sure these 10 things have happened, or occurred, or if we’ve received this kind of reporting from our contractors.’ So I’m really struck by that.”

Part of Rung and the General Services Administration’s message over the last year has been that category management is not about contract consolidation or driving toward centralization, but rather giving contract officers the best information to make a decision before buying a product or service.

Category management is about creating transparency about best practices and identifying the best solutions for every agency procurement problem.

But these messages seem to be stuck in low-gear as vendors and now some lawmakers are questioning the real motivation behind category management.

Reps. Steve Chabot (R-Ohio) and Nydia Velazquez (D-N.Y.), chairman and ranking member of the Small Business Committee respectively, wrote a letter to GSA Administrator Denise Turner Roth in early April asking for more details on how GSA is ensuring category management doesn’t impact small businesses. The lawmakers also expressed concern about GSA’s own small business contracting accomplishments.

(more…)

Three agencies are refilling the ranks of their IT executives.

Let’s start over at the General Services Administration, where Steve Grewal is the new deputy chief information officer.

As I first reported in early March, Grewal is indeed leaving the Education Department, making him the second senior leader to have left the department in the last two months. If you remember, Danny Harris resigned after a tumultuous hearing on his conduct and the agency’s cybersecurity posture before the House Oversight and Government Reform Committee.

“I have enjoyed my time here and appreciate the support you have provided to me during my tenure. I have had the privilege of working with some of the finest and talented people during the past 5-plus years,” Grewal wrote in an email to colleagues, which Federal News Radio obtained. “I will miss the team. I wish that my new job also provides me with great friends and colleagues like you. I wish you all, my fellow partners and everyone in the larger ED family, all the very best.”

Grewal had been acting CIO since Harris resigned. He worked at Education since 2012.

Grewal’s last day at Education was April 29 and starts at GSA on May 2.

(more…)

It took the Homeland Security Department three days to own the computer networks of three agencies.

Usually that’s a bad thing when an outside organization takes control over another’s systems and data so quickly.

But in this case, the hope is that DHS is serving up a harsh bit of reality before China, Russia or any of the other assorted hacker groups attacking agency networks daily do so with Ransomware or other malware.

John Felker, the director of the National Cybersecurity and Communications Integration Center (NCCIC) in DHS, said teams of “white hat” hackers are working with three agencies to improve their network security.

“We owned those agencies from top to bottom and side-to-side, and we could go anywhere we wanted to just like a bad guy,” Felker said during an April 19 speech at cybersecurity conference sponsored by AFCEA Bethesda in Washington. “Our guys are working now with those agencies on how to remediate those networks and systems.”

Felker wouldn’t name the specific agencies the NCCIC was working with, but did offer that one was small, one was medium and one was large.

(more…)