The most common terms appearing in justice/public safety and homeland security solicitations during April were fire alarm and alerting, camera/surveillance and radio. The below word cloud provides a visual interpretation of key term frequency.

• Number of Public Safety Bids: 1,400
• Top three states (by number of solicitations released): California (175), New York (95) and Pennsylvania (75)
• Top three keywords:  fire alarm and alerting, camera/surveillance and radio

Frequency of terms:

• Radio: 8 (4 state, 11 local)
• 911: 1 (3 state, 1 local)
• Computer Aided Dispatch (1 state, 3 local)
• Records Management System (1 state, 2 local)

Like March, April was a slow month for justice and public safety (JPS) procurements; and while numerous solicitations were released, there seemed to be little movement on projects in the early development stages. Many governments are waiting on funding to move forward with projects, and agencies widely differ in their approaches to how much work they put into a project prior to securing funds.

While some states are hesitant to spend a lot of time planning and developing specifications for projects that may never receive funding, others like Georgia work to have a nearly completed plan in place so that a project can move forward quickly once funding is secured. Vendors should be aware of these different approaches and have patience with governments that are unwilling to spend large amounts of time consulting with vendors early on. 

Many governments further along in project planning took big steps in April by releasing RFPs or RFIs, many of which were large in scale. Waukesha County, Wis., released an RFP for a trunked radio system, while Fairbanks North Star Borough, Alaska, released one for a new 911 system. These major projects, which have been in the works for several years, are likely to be among the most expensive these entities will undertake for some time.

Numerous entities also released solicitations for smaller projects, such as Cook County, Illinois’ inmate telephone audit and the Florida Department of Corrections’ inmate telephone system. Given the fact that inmate phone systems tend to be paid for by users rather than the government, these projects often require less lead time; therefore, vendors would be wise to contact project managers sooner than later to share their expertise before a solicitation is released.

Analyst’s Take

Vendors should gear up for a couple busy months as late spring and early summer tend to be extremely active for projects before the summer lull strikes in July and August, which tend to be slow due to vacations and scrambles to cover holidaying colleagues. For entities with July budgets, these months also act as planning weeks when solicitations and projects are worked on behind the scenes as agencies decide what to do with their funding. Many states and localities are also waiting to find out if they have received money from grant applications submitted in spring, such as the Justice Assistance Grant (JAG) program, for which applications are due May 30, 2013. Therefore, vendors should work particularly hard in the next few months to identify and make connections for projects that may be waiting on money from grants and the next budget cycle. 

Not a Deltek subscriber? Click here to learn more about Deltek’s GovWin IQ database and take advantage of a free trial.

Last April, Deltek utilized the Federal Communications Commission’s PSAP Registry to give vendors an overview of public safety answering points (PSAPs) in counties nationwide. Now, we’re using the current registry to detail information on consolidation efforts and other changes that have taken place across the country in the last year.

Consolidation projects have been taking place for the last few years as cities and counties work to become more efficient and, ultimately, save more money; however, the total number of PSAPs actually increased by 64 from 2012 to 2013. Still, of the 8,393 PSAPs, only 7,485 act as the primary call-taking location – 908 are considered “orphaned” and are no longer utilized. These orphaned PSAPs will not be included in future filings with the FCC.

Just as in 2012, Texas has the most PSAPs (667), followed by California (587) and Illinois (422) – all three states also saw slight increases in their total number of PSAPs year to year.

New Hampshire still has the fewest PSAPs (5), and Delaware’s nine puts it second from the bottom. Washington, D.C. held that spot in 2012, but an increase from seven to 11 PSAPs now ties the district with Vermont and Hawaii for having the third lowest number.

As of April 2013, a total of 719 PSAPs have changed name, state, county or city compared to only 679 that had as of April 2012. The majority of these took place in California, followed distantly by Nebraska – providing further evidence that dispatch centers in many locations are consolidating efforts and working to cover a wider geographical span.

The below chart provides a visual representation of PSAP locations by city and county in 2012 and 2013, as well as information on where vendors can find the most opportunities.

Analyst’s Take

The number of dispatch opportunities in each of the regional areas has remained steady since 2012, with nine solicitations in the works in Los Angeles and Boston, and 12 within 100 miles of Chicago and 21 within 100 miles of New York City. This should provide some hope for vendors that cities and counties are still interested in purchasing dispatching technologies despite the tough economic climate.

Dispatch technologies are among the most vital tools that police use, and localities have little choice than to purchase new ones once they reach the end of their life cycles. This trend, along with increasing number of PSAPs, is likely to continue as individuals’ ability to report where and when crimes take place becomes easier. 

Not a Deltek subscriber? Click here to learn more about Deltek’s GovWin IQ database and take advantage of a free trial.

Michigan Governor Rick Snyder is utilizing his fiscal year 2014-2015 budget to highlight Michigan as the nation’s “comeback state,” calling for both fiscally responsible and innovative spending to ensure a bright future. With no big surprises, education, health care reform, and transportation are among the state’s top investment priorities. More than 75 percent of the budget is dedicated to education and health and human services, and state spending will go hand in hand with outcome measures and performance metrics.

The FY 2014 budget totals $51.8 billion, a 7 percent increase from FY 2013. The FY 2015 proposed budget tops $53 billion. Table 1 below represents the total budget starting in FY 2010.

Michigan’s FY2014-2015 budget is spot on with Governor Snyder’s goals to increase better health outcomes, education, and transportation for Michigan citizens. Touted as the “comeback state,” Michigan is turning a corner as employment rates and personal income rise. The unemployment rate is decreasing faster than the national average, and the housing market is starting to gain momentum. Further, the governor has called for a focus on long-term solutions and assistance for struggling local entities. For a deeper dive into the state’s budget, please click here for an Analyst Perspective (log-in required).

Deltek is currently tracking more than 30 core-IT opportunities in the state of Michigan, valued at an estimated $3.3 billion. Vendors interested in forming a partnership with the “comeback state” should visit our Michigan state profile to access procurement information, budget documents, and key contacts.

Every April, National Public Safety Telecommunicators Week celebrates the work that telecommunicators engage in every day to keep their communities safe. These individuals are often the first line of defense in the face of tragedy and work to keep everyone calm on what may be the worst day of their lives. When a call comes in to 911, they are the ones charged with gathering salient information, determining which agencies are best to respond, and dispatching first responders.

Public safety telecommunicators also provide key instructions for individuals calling in with an emergency, whether instructing them where to hide during a home invasion or how to give CPR and clear an airway.  

Telecommunicators rely not only on their extensive training and people skills, but also a complex network of technologies to ensure the appropriate help arrives at the correct emergency location as quickly as possible. In the past year, communities nationwide have recognized the importance of these essential technologies and have sought to upgrade or replace antiquated systems.

In the past year, several solicitations were released for the following technologies:

• 911 (Enhanced and Next Generation): 24 
• Records Management Systems (RMS): 19 
• Computer Aided Dispatch (CAD): 13 
• Automatic Vehicle Location Systems (AVL): 7 
• Geographic Information Systems (GIS): 6

Many public safety priorities for 2012 and 2013 emphasize increasing utilization of these systems and improving first-response efforts, which rely heavily on cooperation of neighboring jurisdictions or agencies in the event of an emergency. Increased interoperability coupled with the ability to receive information in real time has greatly enhanced overall telecommunications.

While most state and local governments manage their own dispatch centers, there is likely to be a continued focus on consolidation and partnerships between agencies to curb costs and improve efficiency. Dispatch equipment such as CAD, RMS, GIS mapping and AVL technology are typically procured through a formal solicitation process. Usually, CAD and RMS equipment are procured together, but as most of these technologies require integration, agencies may choose to procure all equipment within a technology suite. This helps agencies save time and money and allows for simultaneous upgrade and implementation processes.

The upgrade or enhancement of 911 systems to next generation has been on the radar of many governments over the past few years due to many systems becoming obsolete. Next generation 911 advancements have put pressure on agencies to incorporate new capabilities into 911 systems, such as the ability to receive text-to-911, video streaming and picture messaging. Most 911 projects are implemented through a formal procurement process, and some agencies even prefer to utilize an RFI or hire a consultant prior to formal implementation. Despite tight budgets, agencies will likely continue to put forth the effort to ensure the most efficient and advanced dispatching technologies are purchased because, like dispatchers, these systems are central to the mission of public safety agencies.

Not a Deltek subscriber? Click here to learn more about Deltek’s GovWin IQ database and take advantage of a free trial.

 

Now the budget is in the hands of Congress, which has historically appropriated more for IT than what the President requests. With fiscal priorities clashing and sequestration impacts now being felt across the market, federal IT could weather the current fiscal storm in relatively good shape.

• The threat vector has dramatically changed at the same time that laws are changing that put penalties on not securing your data. More is changing in this environment than is staying the same.
• Some security practitioners have dropped the word “advanced” from the description of advanced persistent threat (APT) because they observe the vast majority of attackers using common attack approaches – the “open door” rather than “breaking a window.” The disparity in security capabilities is greater than the disparity in threat.
• Mobility – The number of new mobile vulnerabilities being detected is growing almost exponentially each year, making mobility the biggest growing threat vector.
• Cyber arms race is unlike any other arms race in history because it is frictionless. For example, it took 3 days for Stuxnet to be reverse-engineered, reproduced, and propagated. It taught everybody how to attack a SCADA system. It has also given rise to the private cyber arms manufacturer – people who build cyber-attack capabilities and sell them on the black market.
• Personnel training to avoid risky behavior is the most important element of cybersecurity. NSA statistics show that 80 percent of exploitable vulnerabilities are a result of poor cyber hygiene. The other 20% is the APT.
• Social engineering is a growing threat because, among other things, it gives the attackers a deeper understanding of how users and organizations behave, respond and think.
• Growing cyber threats in the aviation sector target in-flight operations, ground support operations, air traffic managements systems, etc.

• Some agencies are moving to cloud services because of financial constraints, knowing of security risks and hoping security will follow soon afterward.
• Some key challenges in effectively implementing Cloud include:
  • Contract structuring: How do you structure a contact offering when you don’t own the asset? How do agencies (GSA, etc.) effectively strengthen cloud acquisition policy and build in security into SLAs?
  • Clearance: what types of clearance levels are needed for people around the world who are supporting agencies or have access to their data, but are not necessarily part of a secure sector? Information sharing on threats, etc. is sensitive.
  • Incident response: When there is an incident, who do I call? The Cloud Service Provider (CSP) or the agency? 

• Information sharing is not an ends, it’s a means to an ends. In this context, it is needed to gain an effective shared situational awareness among shared stakeholders.
• One challenge to information sharing stems from a sense of human preservation. We have a culture of not sharing information, while hackers have a culture of sharing widely.
• Electricity Sector Information Sharing and Analysis Center (ES-ISAC) – Allows electric providers to share information in a non-compliance framework and encourages free flow of information without fear of compliance threat hanging over you. Effective sharing requires the freedom from the threat of sharing.
• Cyber Federated Model (CFM) – the warfighter has great command and control (C2) information and the CFM intends to enable C2 for cyber indicator information. For example, an infected site is sent into the CFM and within a few minutes all other sites within the CFM get the information. Some sites have automated updates and the information sharer gets to control with whom they share.
• One key to effective sharing includes the ability to be able to do it securely, i.e. share with assurance. Also, data must be anonymized to be shared, especially if the data is classified, sensitive or contains private information. Sensitive but unclassified information will need cooperative agreement between government and industry to set the boundaries for what each can do with the information they receive.
• Automated information sharing should focus on machine-readable threat indicators to automate data flow and get people out of loop where possible. Currently, high-priority threat-level information is XML-based, but going forward organizations will need more visual analytics.

• SCADA (supervisory control and data acquisition) systems, and other industrial control systems (ICS) were never designed for networking, but they have been extensively. So we are now building monitoring capabilities in an attempt to detect and defend against attacks on systems that were never designed to withstand such attacks. 
• Attacks like Stuxnet and Shamoon targeted energy sector systems and disclosed SCADA system vulnerabilities.
• The patching treadmill – These control systems were never designed to be patched and/or shut down regularly. This patching can mean an entire plant must be shut down to complete the patch. This has the potential for unforeseen domino effects and implications for supply interruptions and other complexities.
• Different organizations and unrelated sectors currently have different architectures and protocols for collecting and sharing threat information. What is needed is a common open-standards XML schema to communicate attacks in industrial control and other systems.

• There is not currently a consensus on how to proceed with administering cyber- and critical infrastructure protections, with significant polarization existing between competing regulatory/compliance and collaboration/incentive approaches. 
• Comprehensive legislation (Lieberman-Collins, and others) that failed in the Senate included new and expanded regulatory and compliant elements over the private infrastructure community.
• Some industries, like nuclear energy, have very mature regulatory environments and some assert that the success in this area is an example of positive regulation that should serve as a prototype for other infrastructure industries.
• Public-private partnerships are essential. The Critical Infrastructure Partnership Advisory Council (CIPAC) and HSPD-7 were the predecessors to the latest Executive Order (EO) and Presidential Policy Directive (PPD-21).

 

• Non Cyber – Non Cyber is used for filing all reports of Personally Identifiable Information (PII) spillages or possible mishandling of PII which involve hard copies or printed material as opposed to digital records.
  
  
• Policy Violation – This subset of Improper Usage is primarily used to categorize incidents of mishandling data in storage or transit, such as digital PII records or procurement sensitive information found unsecured or PII being emailed without proper encryption.
  
  
• Malicious Code – Used for all successful executions or installations of malicious software which are not immediately quarantined and cleaned by preventative measures such as anti-virus tools.
  
  
• Equipment – This subset of Unauthorized Access is used for all incidents involving lost, stolen or confiscated equipment, including mobile devices, laptops, backup disks or removable media.
  
  
• Suspicious Network Activity – This category is primarily utilized for incident reports and notifications created from EINSTEIN and EINSTEIN 2 data analyzed by US-CERT.
  
  

These top 5 categories account for 87% of all incidents reported by federal agencies. Factoring out the Non Cyber category, the remaining top 4 make up nearly 60% of all reported federal security incidents. (See chart below.) 

Delving into the data a bit further shows where these incidents are most widely occurring among the 15 departments spending the most on their IT security, according to their FISMA submissions. (See table below.)

Implications

While a data comparison among categories and agencies has its limitations, it does lead us to ask further questions and draw some possible conclusions. The most obvious to me is noticing the clustering of incidents within categories that relate to internal behaviors.

Combining the frequency of Policy Violations, lost or stolen Equipment, and Non-Cyber (non-digital) incidents consisting of the physical spillage or mishandling of PII in paper form drives home that there appears to be much left to do in the area of cybersecurity training for IT users at these departments. If the Malicious Code category accounts for much in the way of code insertion through unsafe user practices then that incident frequency too underscores the ongoing training need. OMB notes in the report that federal agencies spent less than 1% of their IT security budgets in FY 2012 on training. In previous FISMA reports training accounted for roughly 2.5% in FY 2010 and FY 2011, but according to OMB, the DOD portion of the data for those years was incomplete so adjusting for DOD might show that 1% is consistent across all of these years.

The sheer number of departments in the top 15 above that list Policy Violations and/or Equipment incidents in their top 2 or 3 for frequency suggests that some of the greatest information security challenges facing federal agencies are internal – whether through lack of awareness or training or through outright disregard for approved security practices. In a fiscally constrained environment where return on investment for each dollar is scrutinized agencies might actually save money that they would spend on cleaning up security mistakes by users if they could more effectively prevent many of these incidents in the first place.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWin FIA. Follow me on Twitter @GovWinSlye.