“Inside the Reporter’s Notebook” is a biweekly dispatch of news and information you may have missed or that slipped through the cracks at conferences, hearings and the like.

This is not a column nor commentary — it’s news tidbits, strongly sourced buzz, and other items of interest that have happened or are happening in the federal IT and acquisition communities.

As always, I encourage you to submit ideas, suggestions and, of course, news to me at jpmiller@federalnewsradio.com.

DoD taking own path with cloud security?

Defense Department CIO Teri Takai raised some eyebrows at the recent cloud and mobile integration conference sponsored by the National Institute of Standards and Technology.

Takai said DoD is developing its own cloud security standards.

“Moving into commercial clouds is a challenge. Each comes with a little different flavor of how they do security, how they manage and then the question becomes how much are they going to let us, DoD, see of the inner workings of their cloud and how far do we have to get in to make we can meet our security standards?” Takai said March 26. “We are looking at implementing a DoD cloud security model, which will effectively help us, with the assistance of the work that Federal Risk Authorization and Management Program (FedRAMP) is doing, provide to the commercial cloud providers some standards and some requirements to be able to operate for DoD.”

One industry expert said Takai’s mention of DoD cloud cyber standards is not a big deal as the Pentagon is focused solely on high security systems.

But GSA recently said it’s beginning to work on FedRAMP standards for NIST level 3 high security systems. So if DoD is working on a separate set of security controls for high-value systems, that seems to fly in the face of what FedRAMP is all about. No?

A government source says DoD, and really all of government, is trying to figure out how to incorporate existing government security capabilities, such as continuous monitoring, Einstein and the Trusted Internet Connections, with public, private and hybrid cloud infrastructures.

Takai didn’t clarify whether DoD’s cloud cyber effort is complementary to FedRAMP efforts or directly related. Publicly, she’s always been a big supporter of FedRAMP, which is why her comment raises concerns.

Without a doubt, security has to be DoD’s top concern when using public or even hybrid clouds, but the whole point of FedRAMP was to take advantage of common, agreed upon standards to reduce time and cost.

“Our move to the cloud and our desire to move to the cloud is as security based as it’s based in efficiencies, saving money or, to some extent, the presentation to the customer,” she said. “We are at significant risk if in fact we continue to have very sensitive information on devices. That is not just from mobile perspective. That’s from a standpoint of all the devices we use. We are seriously looking at how we can move to thin clients in those areas where it makes sense. From our standpoint, the less data on a device that can be compromised and lost, the better off we are from a security perspective.”

What is clear about DoD’s cyber efforts is the move to integrate NIST standards into the 8500 document is a big deal for federal IT community. This is the first update of the 8500 document since 2007. DoD released the revised cyber standards March 14.

“We are basing our standards on the NIST framework. There are going to be, in some cases, additional criteria that we will place on it,” Takai said. “But we will no longer put companies in a situation of having to do something different for DoD than what they are doing for others in the federal government who also are picking up and meeting the NIST standard.”

This is a major change that has been in the works for many years. DoD said in July they are more common than not when it comes to security standards.

And speaking of DoD and cybersecurity, Gen. Keith Alexander, the head of the National Security Agency and first commander of the U.S. Cyber Command, is retiring Friday.

Alexander faced a rough last year as head of NSA, but that shouldn’t overshadow his contributions and success with standing up and making Cyber Command an influential organization.

Over the last four years, Alexander brought Cyber Command from an idea to reality, and expanded its capabilities from primarily defensive to a combination of both offense and defense.

He also promoted the hiring of more and better trained cyber workers and brought each of the service’s individual cyber command under him for better oversight and coordination.

His tenure at NSA likely will be questioned based on details released by Edward Snowden, but as the father of the U.S. Cyber Command, his legacy is strong.

By the way, the Senate Armed Services Committee approved the nomination Alexander’s replacement, Adm. Mike Rogers, March 26 as well as Robert Work to be deputy secretary of Defense.

Treasury’s Reger joins OMB to fill financial management void

The Office of Management and Budget turned to a veteran of federal budgeting to begin replacing its top two financial managers.

Mark Reger recently came over to OMB on detail from the Treasury Department to be the acting deputy controller.

Reger’s detail helps fill the void left when controller Danny Werfel became the acting IRS Commissioner in May 2013, and his replacement Norman Dong, who had been deputy and then acting controller, moved over to head up the General Services Administration’s Public Building Service in late March.

By bringing Reger over, OMB has a veteran of state and local government, and someone who has served in senior executive capacities in small and large agencies.

Reger has been Treasury’s deputy assistant secretary accounting policy in the Office of the Fiscal Assistant Secretary since 2010 where he’s helped lead the financial management standards effort. He is a member of the Federal Accounting Standards Advisory Board and was CFO at the Office of Personnel Management for three years.

Reger also comes as OMB is putting some of the most important pieces in place to give its financial management shared services some life. OMB and Treasury’s Office of Financial Innovation and Transformation are expected to name new federal shared service providers in the coming month.

Along with the controller position, the White House still must name a new administrator in the Office of Federal Procurement Policy.

Federal Computer Week reported recently that Anne Rung, the associate administrator in the Office of Governmentwide Policy, is the on tap to be named to that role.

But talking with several senior executives and well-connected industry observers, Rung’s nomination is nothing more than strong rumor.

OMB has suffered from holes in its management ranks for most of the last three-plus years of the Obama administration. With Director Sylvia Mathews and Deputy Director for Management Beth Cobert in place now for several months, senior federal executives have told me they are hoping for a re-emergence of the “M” side of OMB.

It’s never a dull time for agency chief information officers what with Rob Carey, the principal deputy CIO at the Defense Department, and Interior Department’s Bernie Mazer becoming at least the seventh and eighth CIO or senior IT executive to announce he’s leaving in the last six months. Currently, five large agency CIOs are in acting roles, including at the Veterans Affairs Department, where Stephen Warren has been acting for more than a year.

But on the positive side, NASA Goddard Space Center quietly named Dennis VanderTuig as its new CIO back in January. VanderTuig has been with Goddard since 2007 and previously lead an evaluation and restructuring of the Goddard IT functions.

Several people are asking why the sudden exodus of CIOs.

Is it just time for people to move on to new challenges?

Or is something else happening in the federal IT community?

New contracts database a win for OFPP, but will it stop the proliferation?

It’s great when OFPP commits to doing something and actually comes through and we find out about it. The combination of the two is a rarity across government.

Back in October 2011, then administrator Dan Gordon issued a memo in an effort to try to tame interagency contracting. In that memo, Gordon committed that OFPP would develop a database of all governmentwide acquisition contracts, blanket purchase agreements and other interagency contracts.

Well, OFPP launched the Interagency Contract Directory (ICD) and mentioned its existence to my knowledge for the first time publicly at the Acquisition Excellence Conference on March 20.

The ICD is pretty straightforward. You can do a simple search for keywords or, through the advanced search, you can filter the search through nine categories, including vehicle type, contracting department, who can use it — agencywide, DoDwide, governmentwide — and by product or service.

A quick search of IT and Telecom (D399 of course) returns more than 3,800 results. Who knew how many options an agency had to buy IT and telecom?

The results actually are quite informative, listing 26 different data elements ranging from who can use it, to whether it’s set-aside for small businesses or other socioeconomic categories to how many orders have been placed and how much money obligated against the contract so far.

In all, there are more than 18,000 contracts listed on the site, which should be the first sign there is a problem with the proliferation of these contracts.

In addition to the ICD, OMB launched Uncle Sam’s List last spring as a way to promote shared services. USL provides details on OMB’s MAX site about more than dozen commodity IT service areas and more than a dozen support IT service areas that can used across the government.

“I think we need to build [ICD and Uncle Sam’s List] out. I think we need to make it very clear what’s already out there. We are learning a lot on those commodity teams,” said Lesley Field, acting OFPP administrator. “We bring the people together and [they say] ‘We have a contract for this, and we have a contract for this.’ Those folks have never actually got into a room together to talk about how best to do it. And so, there’s a lot more we can do in this space.”

The idea of such a database is something that has been called for several times over the last eight years, and long-seen as a way to begin to address the proliferation of multiple award contracts.

The Government Accountability Office first highlighted the need in 2006. The Services Acquisition Reform Act Panel called for such a repository in its report in 2007. And GAO, again in May 2010 called for the development of a database, saying the lack of data hurts the government’s ability to ensure they are getting the best prices and best value.

OFPP tried to develop such a database in 2006 when it launched the interagency contracting data collection initiative. But that effort didn’t produce a worthwhile database.

Now that agencies know what contracts exist and who runs them, the long-held hope is that they will stop developing new ones and use the existing MACs.

Starting this year, OFPP requires agencies to develop a business case for any multiple award contract worth more than $50 million over the life of the vehicle and place the business case on OMB’s MAX website for other agencies to review for at least 15 days.

The ICD may be one of the few ways to know if this policy is actually working based on raw numbers of contracts on the database.

IT Job of the Week:

Ever dreamed of running the technology for an organization Congress actually likes? Well, the Congressional Budget Office is looking for a new CIO. You would manage a 13-person staff, must be able to obtain and maintain a top secret clearance and would oversee all aspects of CBO’s IT infrastructure. The job opening closes May 30.

OUT&ABOUT

• The Senate Homeland Security and Governmental Affairs Committee is holding part two its look into agency management on Monday. Scheduled to testify are former OMB senior executives Robert Shea and Shelley Metzenbaum as well as Max Stier, from the Partnership for Public Service, and Tom Lee, director of the Sunlight Labs for the Sunlight Foundation.
• The committee also has scheduled a data breach hearing on Wednesday with Edith Ramirez, Federal Trade Commission chairwoman, William Noonan, deputy special agent in charge of the Criminal Investigative Division in the Secret Service’s Criminal Investigative Division, and others.
• The Atlantic Council and the National Defense Industrial Association are hosting a discussion with Sen. Mark Warner (D-Va.), on Tuesday to discuss what budget reductions may mean for the future of the defense industrial base.
• The Digital Government Institute is hosting an event on Thursday on E- Discovery. The event features several panels of federal experts, including one with Nancy Eyl, the assistant counsel to the IG at the Homeland Security Department, Jeanette Plante, the director in the Justice Department’s Office of Records Management Policy, and Allison Stanton, the director of E-Discovery, FOIA and Records for DoJ’s Office of the Assistant Attorney General Civil Division.

RELATED STORIES:

March 14 — Inside the Reporter’s Notebook: USPS cloud credential exchange almost ready, flood of GSA contract protests

Feb. 28 — Inside the Reporter’s Notebook: CIO switching DHS components, HUD stuck in 2005

Feb. 16 — Inside the Reporter’s Notebook: CIOs on the move; DoD seeks acquisition reform help

“Inside the Reporter’s Notebook” is a bi-weekly dispatch of news and information you may have missed or that slipped through the cracks at conferences, hearings and the like.

This is not a column nor commentary — it’s news tidbits, strongly sourced buzz, and other items of interest that have happened or are happening in the federal IT and acquisition communities.

As always, I encourage you to submit ideas, suggestions and, of course, news to me at jpmiller@federalnewsradio.com.

CIO switching DHS components

Another senior technology official at the Homeland Security Department is on the move. Thomas Michelli, the Immigration and Customs Enforcement chief information officer, made an interesting decision to step down and become the deputy CIO for the Coast Guard.

According to an email to his staff, which Federal News Radio obtained, Michelli will leave ICE on March 8.

“An opportunity with the U.S. Coast Guard has recently arisen, and after much deliberation, I have decided to accept this opportunity,” Michelli wrote to staff on Thursday. “I’m most thankful for the opportunity to serve as your CIO. To each of you, thanks for your support! You are dedicated and very skilled civil servants/IT professionals and I commend your support of ICE’s mission. I have every confidence that you will continue to enable ICE to ever greater mission accomplishments to protect and secure our nation through innovative information technology and business solutions.”

One industry source, who requested anonymity, said the Coast Guard recruited Michelli as a possible replacement for Rear Adm. Robert Day, the service’s CIO.

The source said Day is expected to announce in the coming months that he will retire by the end of the fiscal year.

“Tom could step up to be the CIO, but, so far, the Coast Guard wants to keep the CIO role as an admiral position. But that could change,” the source said.

Phil Letowt, ICE’s chief technology officer, is expected to be will be acting CIO after Michelli leaves next week. Letowt has been with ICE’s CIO office since 2007.

Michelli has been CIO at ICE since 2012 and spent much of his career in the Army Reserves where he rose to the rank of colonel and worked on the mobilization to the Army’s Information and Security Command, where he served as the chief of the Regional Computer Emergency Team – Southwest Asia and then as the director for operations at the Army Cyber Warfare Center.

The move to the Coast Guard comes as Michelli faced tough criticisms at a recent House Homeland Security Committee hearing over the TECS system that ICE and Customs and Border Protection are developing together.

An email to ICE asking about Michelli’s decision to step down was not returned.

“Tom was known for listening to his subordinates and brought a sense of cohesion to the IT team,” the industry source said. “He brought everyone into the discussion and wasn’t afraid to go to ICE’s senior levels and be honest about what they could accomplish.”

HUD to remain stuck in seat management

Almost three years after it held industry days and put our requests for information, the Department of Housing and Urban Development will remain stuck in 2005 for a few more years.

HUD quietly extended the HITS contracts to Lockheed Martin and HP Enterprise Services Feb. 14 for potentially another three years.

Lockheed and HP have shared responsibilities to run the agency’s network and computing services since 2005 under what was a $800 million contract, that by now has ballooned to more than $1 billion.

HUD had planned to move to a new, cloud infrastructure under the HUDNet program.

The notices on FedBizOpps.gov extending HITS offer few details as to the status of the HUDNet program, but does mention that the final option year under the HITS extension should be used for transition.

Transition to what? It’s not clear.

An email to HUD asking for details was not returned.

But a 2014 Working Capital Fund document on HUD’s website sheds some light.

“HUD is approaching the HUDNET implementation in two phases over three years. The two phases are organized to combine services with the goal of optimizing cost and performance efficiencies and effectiveness,” HUD wrote in the document. “Phase 1 encompasses analysis of HUD IT infrastructure core services, technology shifts, Departmental priorities, service gaps, and the strategic direction of HUD and the federal community. As a result, HUD has been able to determine its contracting requirements for three of the five HUDNET services-Systems Engineering and Management, Transport Services, Automated Monitoring and Management. The first two of these have been solicited and are already in technical evaluation panel review, and the third is nearly ready to be released for competition. These services will enable HUD to support requirements for continuous monitoring, performance and asset management, transparency of operations, and technical planning. Phase 2 of HUDNET will complete HUD’s transition to the new IT Infrastructure, including bringing on-line the last two HUDNET services (Data Center/Housing and End User).”

The document, written in 2013, stated HUD planned to award the contract and transition to the new services in 2014.

With the awards to Lockheed and HP, it seems the transition is three years off at best.

“Through this contract, we will continue to provide essential IT services to HUD’s locations across the country. While this is a new contract, it is effectively a continuation of our current services and offers one base year, one option year and one transition year,” said Lockheed Martin spokeswoman Cindy Rhoten in an email. “We expect a new competition for future services will begin during the execution of this contract, and we look forward to participating.”

HITS came about during the “heyday” of seat management or managed services. Similar to NASA’s ODIN or the Navy’s Navy-Marine Corps Intranet contract, the idea was for a contractor — or in this case two contractors because of bid protests — to run all aspects of the network, desktop and ancillary services.

Agencies soon realized this model wasn’t exactly what they had bargained for. NASA, the Navy and Marines Corps got out of the seat management approach and took control over their networks.

HUD hasn’t been so lucky to move.

In 2011, then chief technology officer Mark Day, who now is running the General Services Administration’s Federal Acquisition Services cloud computing services program, wanted to switch business models under HUDNet to take into account the elasticity of the cloud.

According to the Federal IT Dashboard, HUD said “HUDNet seeks to transform and modernize HUD’s IT Infrastructure to a cost-effective, operationally efficient, technologically current and continuously monitored service delivery and management framework achieved through flexible and transparent contracts. The HUDNet IT infrastructure includes five primary service towers: Systems engineering and management, automated monitoring and management, transport services, data center and end user.”

Day left HUD in 2011 to join GSA.

HUD’s plans for HUDNet have changed over the last few years, according to a working capital fund document on its website. HUD initially planned to recompete HITS in 2011 and then it was pushed back to 2012. HUD held a third HUDNet industry day in February 2012 where it discussed a revised acquisition strategy that would award five contracts for assorted services and support and then issued another RFI in October 2012, according to a blog post by GovWin.

DoD not fond of FITARA

Defense Department Chief Information Officer Teri Takai didn’t have a lot of good things to say about the Federal Information Technology Acquisition Reform Act (FITARA) earlier this week.

But the Government Accountability Office may have shed some light on why the House is so intent on FITARA becoming law: The White House’s poor record on IT acquisition oversight — and we’re not just talking about the HealthCare.gov debacle.

Takai, testifying before the Senate Armed Services Subcommittee on Readiness and Management Support Wednesday, said the spirit of the law is good, but there are several things that fall short.

“Unfortunately, I think a couple of things. It looks to try to manage that by virtue of additional oversight,” she said. “We really feel very strongly that it’s in the processes that are implemented and it’s in the measurements of how we are actually managing the process as opposed to an additional oversight. Many of the areas of oversight that were suggested in the bill are actually things that we report on to OMB today, so additional reporting is a concern.”

Takai added many of the legislative’s provision already are underway through a policy change made by Defense Secretary Chuck Hagel in December.

She said FITARA would add another layer to what her office already reports to OMB, the Defense Secretary and Congress, which would put them in a tough situation.

“We’re again quite concerned more about the implementation than the intent,” Takai said. “We’ve been mentioning to your staff there are some areas where we could move forward with the intent, but do it in a little different way than the level of oversight suggested in the bill.” The House passed a new version of FITARA Monday. It’s unclear whether the Senate will take it up and the White House offered no comment on the latest version of the bill.

David Powner, director of IT and management issues at the Government Accountability Office, offered support for Takai — and in many ways the administration’s position-saying Congress needs to be careful about the reporting requirements.

He said the oversight issues come down to whether OMB is doing its job managing technology policy.

“There is a fundamental question whether OMB is doing the appropriate oversight of those policies. I can tell you we have some issues with that,” he said. “I think Congress is saying well if OMB isn’t going to oversee it, then we will oversee it. The bottom line on all of this is let’s make sure we better manage IT acquisitions and the right transparency and oversight, and let’s manage the inefficiencies out of the legacy bucket” of spending.

Powner praised some of the provisions in FITARA around data center consolidation, the IT Dashboard, encouraging the use of cloud computing and improving CIO authorities.

“I think the CIO authority thing is a big issue because CIOs don’t have the appropriate authority across the federal government,” Powner said. “There is a fundamental question do you grant them authority by giving them budget authority or do you make CIOs earn it through having certain responsibilities associated like with the Dashboard? That was the intent of the Dashboard: if we get CIOs more engaged on all of these major investments, they will be even more of a player at the table on the management team.”

DHS expands cyber analysis capabilities

The Homeland Security Department raised the level of focus on critical infrastructure security with the launch of a new office on Feb. 24. The Office of Cyber and Infrastructure Analysis (OCIA) in the National Protection and Programs Directorate (NPPD) will improve the organization’s analytical capabilities to understand, protect and mitigate cyber and physical security threats and vulnerabilities, according to an email Suzanne Spaulding, NPPD’s acting undersecretary, wrote to staff and obtained by Federal News Radio.

“The creation of OCIA is an important step forward in our broader effort to better leverage all of NPPD’s strong analytical and biometric capabilities across cyber and infrastructure systems, to people, partnerships, and protection of nationwide properties and assets,” Spaulding wrote.

She said John Murphy will continue to be the director and Brandon Wales will remain the deputy director. OCIA will help NPPD understand the impact of potential disruptions to critical infrastructure, their interdependencies and suggest ways for critical infrastructure owners and operators to prepare for potential disasters.

Spaulding said the new office grew out of a pilot effort, the Integrated Analysis Task Force (IATF).

IATF assessed the best approach for integrating analytic support for all of NPPD. It worked with the State of New Jersey at four water and wastewater sector facilities to assess the facilities’ systems and identify site-specific options to mitigate potential physical consequences that could stem from exploited cyber vulnerabilities within those systems.

Spaulding said IATF also brought experts together from across NPPD’s four offices to support an assessment of a federal building for which the Federal Protective Service had recently taken responsibility.

“OCIA will build on these successes by continuing to support coordinated analytic efforts and advancing NPPD’s excellence in integrated consequence analysis,” she wrote. “This new office is focused on supporting the work of existing NPPD elements, and its priorities will be guided by the leadership of those offices. OCIA will incorporate and build upon the established analytic expertise of both the Homeland Security Infrastructure Threat and Risk Analysis Center (HITRAC) and the National Infrastructure Simulation and Analysis Center (NISAC). Upon the stand-up of OCIA, the IATF will no longer exist.”

One former DHS official, who requested anonymity, said the standup of OCIA is puzzling.

“What is the mission and how is it different from what the Office of Cybersecurity and Communications is doing with critical infrastructure owners and operators?” the former official said. “I know the talking point is that OCIA will be developing modeling capability through contracts with National Labs, but I think that could be achieved without standing up another operating unit.”

IT Job of the Week

For all you cyber experts out there. The Energy Department is looking for a senior advisor for cybersecurity. In this position, the person would work with government, industry and the general public to address cyber threats and incidents affecting the nation’s critical energy delivery infrastructure. The advisor would work with the National Cybersecurity and Communications Integration Center (NCCIC) and provide consultation on energy delivery systems security activities among the six largest federal cyber centers; the DHS Office of Intelligence and Analysis and private sector partners.

Out&About

It’s budget week, what else can you say about where you need to be. Actually, only us policy geeks love budget week. There are other events you should keep an eye out for:

• The Federal Mobile Computing Summit will hope for better weather this Friday. The Jan. 22 snowstorm postponed the event. Robert Palmer, DHS’ director of information assurance, kicks off the agenda. Come by and see me as I moderate the afternoon panel on mobile integration with Greg Capella deputy executive director at DHS, Frank Chad Hoeppel a customer relationship manager at USDA, and James Miller a senior attorney advisor at the FCC.
• Tuesday is AFCEA’s DC chapter’s cybersecurity summit featuring a CIO and CISO roundtable moderated by Federal News Radio’s Tom Temin and featuring Navy CIO Terry Halvorsen, DoD deputy CIO Rob Carey and others.
• AFCEA Bethesda will hold its monthly breakfast on continuous diagnostics and mitigation on Friday featuring two DHS speakers, Don Matheson and Sharon Jurado

RELATED STORIES:

Feb. 16 — Inside the Reporter’s Notebook: CIOs on the move; DoD seeks acquisition reform help

Jan. 31 — Inside the Reporter’s Notebook: OMB’s IT passback loses its luster, changes its goals

Jan. 17 — Inside the Reporter’s Notebook: HeathCare.gov hearing takeaways, $60.4M in cyber awards

The General Services Administration is taking on the bulk buying of office supplies for a third time. Late Friday, it released the request for proposals for OS3 under the Federal Strategic Sourcing Initiative.

The solicitation is for four categories of office supplies: general office supplies, paper, toner/ink and GSA On-the-Go, which is a lowest price, technically acceptable section requiring expedited delivery of the order within four hours in the top 10 metro areas by population.

GSA expects to make as many as 21 awards under the contract, which is estimated to be worth $1.25 billion over five years.

The agency said it expects OS3 to save the government $65 million annually on administrative costs plus an additional $90 million in annual savings captured through lower prices.

“The new model, which eliminates an acquisition level of contracting (i.e. the BPAs) is designed to leverage industry purchasing volume power and dynamic pricing capabilities to the maximum extent, will increase internal efficiencies and our effectiveness in supporting customer requirements, will increase small business opportunity while lowering government costs and will increase savings to customer agencies and ultimately, the taxpayer,” GSA wrote in the solicitation.

GSA said it improved OS3 over OS2 by increasing the number of awardees to 21 from 15 reduced data reporting requirements and no longer requires companies to use the price reduction clause.

The current office supplies contract expires in May. GSA said agencies are expected to spend more than $800 million on OS2 by the time it ends.

Proposals are due March 17.

IT Job of the Week: Director of Network Services Program at GSA.

You want to be in charge of NS2020? What about the Networx telecommunications program? Well, GSA has your position. The Director of Network Services Program is all things telecommunications for the government. The person will review and manage policy, develop strategic and tactical plans and communicate and advocate for the program’s mission. The last permanent director was Karl Krumbholz, who left GSA in 2011. Frank Tiller has been acting since 2011. The job remains open until Feb. 24.

Out & About: Congress is back in session and several committees are looking at data breaches.

The Senate Judiciary Committee will host a hearing Tuesday titled, “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime.” It features public and private sector experts, including Federal Trade Commission Chairwoman Edith Ramirez and William Noonan, the deputy special agent in charge of the Criminal Investigative Division, U.S. Secret Service.

The House Homeland Security Committee on Thursday holds a hearing on border security IT systems, featuring Charles Armstrong, the assistant commissioner of the Office of Information and Technology for the Customs and Border Protection directorate.

Also on Thursday, Steven VanRoekel is the featured speaker at ACT-IAC’s first annual Recognition Program for Government’s Top IT Innovations.

RELATED STORIES:

Jan. 17 — Inside the Reporter’s Notebook: HeathCare.gov hearing takeaways, $60.4M in cyber awards

Dec. 20–Inside the Reporter’s Notebook: Top federal IT stories of 2013 provide few surprises

Dec. 9–Inside the Reporter’s Notebook: Labor pinched by poor cloud contracting; Financial shared services progresses

No mention in the State of the Union. Kicked out of the Defense Authorization bill for 2014. Reforms to federal IT aren’t garnering the type of support many thought they would after the HealthCare.gov debacle.

But wait, here comes another attempt.

Reps. Ann Eshoo (D-Calif.) and Gerry Connolly (D-Va.) released a draft version of the Reforming Federal Procurement of IT (RFP-IT) Act.

“Our draft bill puts proven best practices to work by instituting a White House office of IT procurement and gives all American innovators a fair shake at competing for valuable federal IT contracts by lowering the burden of entry,” said Eshoo in a statement.

Connolly, who also co-authored the Federal IT Acquisition Reform Act (FITARA), said large-scale IT failures remain too commonplace in government.

“Our RFP-IT discussion draft recognizes that transforming how the federal government procures critical IT assets will likely require bolstering ongoing efforts to comprehensively strengthen general federal IT management practices with targeted enhancements that promote innovative and bold procurement strategies from the White House on down,” Connolly said in a statement.

The draft bill details the basic ideas of how to improve federal IT procurement by:

• Creating a new Digital Government Office within the Executive Office of the President to review major IT projects before they begin. The office would depend on “top IT talent” to review all major IT projects and help agencies plan the contracting process. The federal chief technology officer would run this office with a goal of overseeing and advising agencies on technology to improve citizen services and government outcomes. The CTO also would oversee the Presidential Innovation Fellows program
• Having GSA establish and manage a fund to support the activities of the DGO by using 5 percent of the fees collected under governmentwide acquisition contracts and GSA schedules.
• Codifying the fellows program and call for participants to serve for 6-to-13 months.
• Enabling more small businesses to bid on IT contracts without having to spend thousands on compliance costs by lifting the threshold for a streamlined contracting process to $500,000 from $150,000.

Reaction to the draft has been cautious.

Mike Hettinger, senior vice president for the public sector at TechAmerica, said there are several provisions in the bill that need more discussion.

“One of the main goals of the bill — to open the federal government market to small and innovative business — is a worthy one,” he said. “We believe increasing the simplified acquisition threshold for the purchase of IT from $150,000 to $500,000 for small businesses helps foster this goal. But, we are concerned however that the creation of an Office of the federal CTO within the White House with the power to ‘prescribe such regulations regarding procurement’ may step on the current responsibilities of the Office of Federal Procurement Policy.”

Hettinger added TechAmerica also wants more details about the DGO’s charge to review every proposal for major IT systems. He said the definition of “major IT systems” seems overly broad and could include weapons systems.

RFP-IT will need support from high-ranking Republicans to make any real progress.

Rep. Darrell Issa (R-Calif.), chairman of the Oversight and Government Reform Committee, is likely to take another crack at FITARA this session. With Connolly as the co-author of FITARA too, it wouldn’t be surprising to see some elements of the RFP-IT Act merged into it.

The annual exercise that is the IT passback guidance from the Office of Management and Budget has lost its shine.

Where it used to be a great game of cat and mouse between the White House and reporters — well, at least this reporter — to find out what new IT initiatives or priorities the administration is planning for the coming year, alas it’s no more.

Multiple agency IT officials and chief information officers say the governmentwide guidance is just a reminder of what they already are doing, and there’s nothing new from a governmentwide guidance perspective. OMB, instead, focused more on agency specific requirements, but again, most were just reminders of goals the agency set for 2014 and beyond.

“It seems lighter this year than it has been in quite some time,” said one agency CIO, who requested anonymity in order to speak about the pre-decisional document. “They pushed harder last year, especially knowing agencies were behind on some initiatives, OMB directed us to accelerate some of those initiatives. Even in security areas, it’s just high level implementation guidance. There is nothing pointed in terms of new or updated initiatives or giving us deadlines.”

Multiple CIOs confirmed the governmentwide guidance reiterated existing priorities around data center consolidation, migrating systems to the cloud, shared services and, of course, implementing continuous diagnostics and mitigation of federal systems and stopping insider threats.

“OMB is trying to move on its IT reform plans. What OMB is trying to do is give gentle reminders that there are things going on,’ said another CIO. “For the specific agencies, they are asking for reports or updates on initiatives, such as the status of your data center consolidation effort. It’s a yawn. It’s not a decisive passback for us.”

A third government source added OMB also wants agencies to make sure they fund the e-government and other cross-agency programs by July, and ensure their workforces are properly trained.

Despite the disappointment by CIOs, it seems the lack of new initiatives or policy changes are part of a plan by federal CIO Steve VanRoekel.

An administration official said, “We usually target passback for more technical guidance for the budget. For more substantial policy changes, we use more traditional means of communication, such as policy guidance and memos.”

This comment elicited a lot of surprise by former OMB folks.

One former official said the comment was “weird” because passback is part of the governance process and communicates policy decisions made as part of the annual budget process when all major policy decisions are made.

“What a strange and non-statutory view of how government works,” the former official said.

Another former OMBer said it shows a void in the “management” side of OMB.

Part of the problem may be the lack of communication from OMB about how it wants to use the passback for now on. CIOs have expected policy and programmatic guidance in passback for the last decade or more. If OMB doesn’t address the perception and expectations, CIOs and IT managers will be left wondering where the E-Government and IT office plans on going in the new year. Sources say OMB missed a great opportunity to discuss those expectations at the CIO Council meeting Jan. 22.

The data center consolidation initiative is one of two reports the Government Accountability Office is working. Auditors also are reviewing OMB reporting requirements.

At the most recent CIO Council meeting, OMB told CIOs it plans to develop metrics for common IT services so agencies have a standard view of how money is spent and what kinds of services they are receiving as part of the determination as to whether they should move to a shared service provider.

In other council news, the Justice Department’s Kevin Deeley is the new co-chairman of the council’s Information Security and Identity Management Committee, taking over for Homeland Security Department CIO Luke McCormack, who became the vice chairman in January.

The Environmental Protection Agency finally is getting a new chief information officer after six months without a permanent one.

The next undersecretary of the Homeland Security Department’s Office of Science and Technology is coming over from the Defense Department.

And the General Services Administration, once again, reaches into the Office of Management and Budget for some help.

President Barack Obama on Jan. 30 nominated Ann Dunkin to be EPA’s assistant administrator for Environmental Information. Dunkin comes to EPA from the Palo Alto school district where she was the chief technology officer since 2012. She also worked the Hewlett-Packard from 1999 to 2008.

Dunkin replaces Malcolm Jackson, who left EPA in June to work for the private sector. Jackson now is the executive vice president and CIO for the Brickman Group, a commercial landscaping company.

Reggie Brothers, the DoD’s deputy assistant secretary for Defense research since 2011, is up for the DHS role. The President nominated Brothers yesterday as well.

He would replace Tara O’Toole, who resigned in September after almost five years on the job.

Before coming to DoD, Brothers spent time in and out of government. He was BAE Systems’ director for advanced programs and technology from 2007 to 2011, and was a program manager for the Defense Advanced Research Projects Agency from 2003 to 2007. Dunkin and Brothers both need Senate confirmation, so expect hearings later this year.

Dominic Sale is taking a six-month detail to work in GSA’s Office of Governmentwide Policy, sources confirmed. He has been a supervisory policy analyst in OMB’s Office of E-Government and IT since 2008.

Sources say at OGP, Sale will work to bridge the communication gap between OGP, CIOs, OMB and agencies more broadly on governmentwide initiatives. This is something that has been missing since GSA reorganized OGP in 2010.

Sale would make the second e-government policy analyst to move to GSA. Andrew McMahon joined the agency in July as a senior advisor to Administrator Dan Tangherlini.

The House Oversight and Government Reform Committee continues to bang the cyber drum over how secure HealthCare.gov is. They held yet another hearing about the site’s development, and the security measures and testing the Centers for Medicaid and Medicare Services performed before the launch and what it continues doing today.

Here are my three takeaways from the hearing:

1. Frank Baitman, the chief information officer for the Department of Health and Human Services, finally explained to members of Congress how the authority to operate (ATO) actually works. Baitman, Federal CIO Steve VanRoekel, federal chief technology officer Todd Park, and deputy CIO at CMS Henry Chao dropped the ball back in November at the committee’s first hearing. But earlier this week, Baitman responded to a question from Rep. James Lankford (R-Okla.) about who’s responsible for the ATO by fully explaining the process.”As I understand it, the HealthCare.gov project was built across various parts of CMS, some of which were not under [former CMS CIO] Mr. [Tony] Trenkle leadership,” he said. “They also had a CMS official who was responsible for all operational security for HealthCare.gov and that person was on the ground and obviously more closely focused on it. Ultimately, I thought it was appropriate that Ms. [Marilyn] Tavenner as the administrator for CMS, be the individual who accepted risk on behalf of CMS because the project was large and being done across all parts of CMS.”The agency CIO or CISO should have nothing to do with approving the ATO, which lawmakers continually fail to grasp and federal officials do not take the time to explain. It’s the system owner’s responsibility to accept the risk. That is exactly what Tavenner did — agree or disagree with the decision, it was hers to make.

    

2. CMS and the White House got the message about how best to secure the Affordable Care Act portal. Teresa Fryer, the CMS CISO, said as of Dec. 18 the portal passed all testing requirements that go above and beyond industry best practices. In a response to a question from Rep. Darrell Issa (R-Calif.), chairman of the Oversight and Government Reform Committee, said the agency completed end-to-end cyber testing of the system and is confident that it meets and exceeds in many cases best practices. Fryer said an independent third-party will continue to test the cyber robustness every quarter at least.
3. HealthCare.gov problems continue to build momentum for IT and acquisition reforms. Congress failed to pass the Federal IT Acquisition Reform Act (FITARA) last session, but a growing number of members seem poised to take another run at it. Issa and Rep. Gerry Connolly (D-Va.), the co-authors of the bill, are expected to continue their push, but at the hearing earlier this week Rep. Jackie Speier (D-Calif.) asked all three witnesses if FITARA would have helped in the development of the portal. While all three deferred answering the question, Issa put a finer point on the inquiry asking if giving CIOs more authority over the budget would help. Baitman said he thought you’d get greater accountability when you have one person who is clearly in charge. Fryer agreed with Baitman’s observation. Kevin Charest, the HHS CISO, said along with greater accountability, agencies could more easily increase efficiencies and reduce costs.The White House is expected to address federal IT and procurement reforms in the coming weeks, possibly during President Barack Obama’s State of the Union Address in two weeks.Sounds like there’s a ground swell occurring for FITARA or other reforms.

Four companies are first out of the gate to provide cybersecurity products under the continuous diagnostics and mitigation (CDM) contract.

The General Services Administration, on behalf of the Homeland Security Department, awarded $60.4 million worth of contracts to Technica Corp., Knowledge Consulting Group, HP Enterprise Services and Northrop Grumman Systems Corp. under a lowest-price, technically acceptable approach.

DHS says 33 agencies will receive endpoint asset management and software assurance tools. The agency would not identify which of the 33 would be first on the list to receive the cyber apps.

“We are committed to deploying CDM tools and services as quickly as and efficiently as possible,” DHS stated in the FAQ document sent to Federal News Radio. “We are particularly pleased to report that strategic sourcing resulted in an average 30 percent reduction off GSA Schedule 70 pricing for the commodities purchased today, for a budget avoidance of up to $18 million. This award will allow federal departments and agencies to gain more comprehensive situational awareness into their cybersecurity risk posture and begin to mitigate the most significant risks first.”

GSA issued the request for quote Nov. 13 to the 17 vendors on the CDM multiple award contract.

DHS is leading the effort to help agencies meet the Office of Management and Budget’s 2017 deadline to implement dynamic, proactive cybersecurity.

GSA and DHS are working on another award in the coming months for a continuous monitoring dashboard tool.

“It’s great to see DHS moving swiftly to get this first phase of a major government cybersecurity program underway,” said Ken Kartsen, vice president, McAfee Federal, who is a subcontractor to the Knowledge Consulting Group under this program. “CDM will create efficiencies, cost-savings and ultimately a higher level of cybersecurity for civilian agencies — and any other entities that choose to use it. One of the best features of CDM is that it’s an iterative process, which makes good sense. Government agencies shouldn’t be expected to leap from A to Z immediately. With CDM, they can move progressively through thoughtfully designed steps to achieve a high level security posture. This is an important change from the past, under FISMA and the report card model.”

The start of a new year always is one of the most popular times for federal employees to retire or leave government. GSA, for example, is one of many agencies feeling the impact of senior officials exiting to other agencies or the private sector.

But one person who flew under the radar for much of his career, but should get some recognition recently called it a career.

Charlie Bartoldus retired after almost 35 years in government, including the last year working on detail at the White House’s National Security Staff. With the White House, chief among his focus areas was the collaboration with Kshemendra Paul, the program manager for the Information Sharing Environment, on the National Strategy for Information Sharing and Safeguarding Implementation Plan.

Bartoldus is one of those smart, hardworking career feds who stays out of the limelight, but gets the job done, and too often is not recognized for their contributions.

Before coming to the White House as senior director for transportation and border security, Bartoldus was the deputy assistant secretary for resilience in DHS’ Office of Policy, where he oversaw the development and implementation of disaster planning policies.

He also spent time as the homeland security attaché to the United Kingdom and Republic of Ireland for DHS from 2009 to 2012 and was the senior director in the DHS Screening Coordination Office.

Over his career his work has been recognized with the DHS Silver Star for Meritorious Service, the Senior Executive Service Presidential Rank Award and the Vice President’s National Performance Review Hammer Award.

Too often, federal employees such as Bartoldus, are overlooked for their contributions, advice and experience, and that shouldn’t be the case.

Do you know someone like Bartoldus that should be recognized for their long- time contributions? Let me know: jmiller@federalnewsradio.com.

New Feature: IT Job of the Week

The Navy is seeking an executive director for the Cyber Warfare Development Group. It’s a Defense Intelligence Senior Level position in charge of developing and implementing policy and conducting acquisitions to get the department cyber capabilities. The Navy is accepting applications until Feb. 6.

OUT&ABOUT: Next week is a bit slow with Congress out of session, but there are a few events that you shouldn’t miss. AFCEA DC hosts its monthly lunch Tuesday featuring a panel of Defense Information Systems Agency IT and acquisition officials, including Dave Mihelcic, CTO, and Dave Bennett, CIO. The Federal Mobile Computing Summit takes place Wednesday in Washington featuring Margie Graves, DHS deputy CIO and Rick Holgate, CIO of the Bureau of Alcohol, Tobacco, Firearms and Explosives, discussing version 2 of the federal mobile strategy. I’ll be moderating a panel in the afternoon on mobile integration with Walter Bigelow from ATF, Greg Capella, from DHS, Jerome Davin, from Agriculture, and James Miller, from the FCC. Also on Wednesday is the quarterly meeting of the Government Accountability and Transparency Board, where members will begin developing their annual plan. On Thursday, the IT Innovation Forum hosts Data Innovation Day, where federal deputy CTO Nick Sinai and Eric Newburger, the assistant to the associate director of communications for the Census Bureau, are expected to speak.

RELATED STORIES:

Dec. 20–Inside the Reporter’s Notebook: Top federal IT stories of 2013 provide few surprises

Dec. 9–Inside the Reporter’s Notebook: Labor pinched by poor cloud contracting; Financial shared services progresses

Nov. 15—-Inside the Reporter’s Notebook: 3 takeaways from HealthCare.gov IT hearing; First task order for continuous monitoring is out

Nov. 4–Inside the Reporter’s Notebook: DATA Act substitute minus accountability provisions; OFPP testing prices paid portal

Oct. 18–Inside the Reporter’s Notebook: Acquisition, IT trends; Is cybersecurity awareness month still necessary?

Oct. 4–Inside the Reporter’s Notebook: OMB adds clarity to new cyber policy; Cyber risks during shutdown overstated; OASIS delayed indefinitely

Sept. 13–Inside the Reporter’s Notebook: FEMA to name Gardner as CIO; new DHS CIO close; NASA struggles with HSPD-12

Aug. 16–Inside the Reporter’s Notebook: A new job for a former VA senior official; Countdown to cloud credential pilot begins

Aug. 2–Inside the Reporter’s Notebook: Shining a light on GSA contract awards; Congress continues battle over E-Gov Fund

July 12–Inside the Reporter’s Notebook: DHS cyber contract awards delayed; musical chairs in federal IT ranks