OMB may have found a way to bring $5 billion of the $85 billion sequestration price tag, back into play.  The recalculations would free up $4 billion from the Pentagon and $1 billion from other agencies such as NASA and DHS.

When Congress moved money around among various accounts in the Continuing Resolution which took effect in March, it restored $5 billion of the sequestration cuts due to accounting rules that govern the different accounts.  According to a quote from a government official in a recent Government Executive article, “Under the law, if [lawmakers] cut those accounts below their post –sequester level, there is a provision that credits back some of the funds.”  A 1985 budget law prescribes that funds be restored to accounts that had been deeply cut via sequestration.

Much of the specific calculations and data behind the restoration of funds is still hush hush.  According to Associated Press article that broke the story, the process is ongoing and public officials they contacted spoke under the guise of anonymity. 

Although much of the dire consequences of sequestration are yet to be felt by most American citizens, public pressure is mounting to decrease the impact of sequestration cuts.   Agency budget officials have been working with Congress to permit the transfer of funds between accounts to lessen the blow of the cuts.  Some agencies have been able to avoid or shorten furloughs due to this process, such as Department of State, Department of Justice, and Department of Homeland Security.  Department of Defense will benefit the most from the new calculations by being able to avoid $4 billion cuts.  

 

Now the budget is in the hands of Congress, which has historically appropriated more for IT than what the President requests. With fiscal priorities clashing and sequestration impacts now being felt across the market, federal IT could weather the current fiscal storm in relatively good shape.

Today President Obama delivered a $3.8 trillion spending plan to Congress which includes a $1.2 trillion request in discretionary funding levels and nearly $82 billion for information technology for FY2014.  The budget focuses on jobs creation, economic growth and to strengthen the American middle class.

The budget proposal also includes $1.8 trillion in additional deficit reduction measures over 10 years to reach a total deficit reduction of $4.3 trillion.   The proposed deficit actions would reduce the deficit to 2.8%of GDP by 2016.

Additionally, the budget proposes $400 billion in cuts to health programs including Medicare.  Savings and cuts would come from negotiating better prescription drug prices, fighting waste and fraud, and requiring the wealthiest seniors to pay more.

The table below shows the FY2013 enacted budget levels and the proposed FY2014 levels.

Other budget highlights:

• Includes $50 billion for upfront infrastructure investments to invest in repairs to highways, bridges, airports, transit systems, and to encourage innovative infrastructure projects 
• Invests in in education reforms and training with a commitment to early childhood education
• Simplifies the tax code and raises $580 billion for deficit reduction by limiting tax benefits, but not raising tax rates
• Creates new “ladders of opportunity” to ensure that hard work leads to a decent living by developing pathways to jobs and partnering with communities to rebuild after the recession 
• Includes $200 billion in savings from other mandatory programs, such as reductions to farm subsidies and reforms to retirement benefits 
• Proposes $200 billion in discretionary savings from both defense and non-defense programs 
• Offers $230 billion in savings from changes in the way the government calculates inflation for annual cost-of-living adjustments for benefits programs

Information Technology

The president’s budget proposes nearly $82 billion in IT funding, a 1.8% increase from the FY 2013 CR and a 2.1% increase over FY 2012 estimated level.

IT-related budget highlights:

• $575 million in savings is anticipated from DoD Data Center Closures. 
• $324 million is being cut from the DoD’s Global Hawk UAV program. 
• $22 million is being cut from Computer and Information Science and Engineering Research Programs at the National Science Foundation; CISE is the organization responsible for promoting R&D on big data.  NSF’s budget takes big hits for its small size, which will affect grant spending on technology R&D.  
• $81 million is being cut from the DoD’s Precision Tracking and Space System, which is part of Ballistic Missile Defense at the Missile Defense Agency. 
• $38 million in savings related to the Joint Polar Satellite System is anticipated at the Department of Commerce. 
• $29 million in savings is anticipated from IRS Business Systems Modernization at the Treasury. 

All told, the president’s budget request includes 215 cuts, consolidations, and savings proposals, which according to the administration, are projected to save more than $25 billion in FY2014.  The budget proposal outlines the administration’s priorities and proposed methods for generating more revenue, cutting costs, and reducing the deficit.  However, it joins competing budget plans in the House and Senate.  Serious Capitol Hill budget negotiations are not likely to take place until this summer.

While agencies aim to improve efficiency and deliver greater return on investments, they are looking increasingly to strategic sourcing and shared services a means of leveraging the government's buying power.  Tracking spending through agency mandated contract vehicles, we tend to end up with piecemeal impression of the impact these acquisition trends are having on the market. As luck would have it, the Office of Federal Procurement Policy (OFPP) has a registry of interagency contracts. However, according to Jack Kelly, Senior Policy Analyst for OFPP, the status has not been recently updated.  The current extent to which agencies are leveraging shared service contract vehicles isn’t entirely clear, but Kelly suggested that the Strategic Sourcing Leadership Council (SSLC) is likely to get engaged in activities to review and update the interagency contract registry. In short, we can expect strategic sourcing and shared services to continue shaping federal spending.

 

• Non Cyber – Non Cyber is used for filing all reports of Personally Identifiable Information (PII) spillages or possible mishandling of PII which involve hard copies or printed material as opposed to digital records.
  
  
• Policy Violation – This subset of Improper Usage is primarily used to categorize incidents of mishandling data in storage or transit, such as digital PII records or procurement sensitive information found unsecured or PII being emailed without proper encryption.
  
  
• Malicious Code – Used for all successful executions or installations of malicious software which are not immediately quarantined and cleaned by preventative measures such as anti-virus tools.
  
  
• Equipment – This subset of Unauthorized Access is used for all incidents involving lost, stolen or confiscated equipment, including mobile devices, laptops, backup disks or removable media.
  
  
• Suspicious Network Activity – This category is primarily utilized for incident reports and notifications created from EINSTEIN and EINSTEIN 2 data analyzed by US-CERT.
  
  

These top 5 categories account for 87% of all incidents reported by federal agencies. Factoring out the Non Cyber category, the remaining top 4 make up nearly 60% of all reported federal security incidents. (See chart below.) 

Delving into the data a bit further shows where these incidents are most widely occurring among the 15 departments spending the most on their IT security, according to their FISMA submissions. (See table below.)

Implications

While a data comparison among categories and agencies has its limitations, it does lead us to ask further questions and draw some possible conclusions. The most obvious to me is noticing the clustering of incidents within categories that relate to internal behaviors.

Combining the frequency of Policy Violations, lost or stolen Equipment, and Non-Cyber (non-digital) incidents consisting of the physical spillage or mishandling of PII in paper form drives home that there appears to be much left to do in the area of cybersecurity training for IT users at these departments. If the Malicious Code category accounts for much in the way of code insertion through unsafe user practices then that incident frequency too underscores the ongoing training need. OMB notes in the report that federal agencies spent less than 1% of their IT security budgets in FY 2012 on training. In previous FISMA reports training accounted for roughly 2.5% in FY 2010 and FY 2011, but according to OMB, the DOD portion of the data for those years was incomplete so adjusting for DOD might show that 1% is consistent across all of these years.

The sheer number of departments in the top 15 above that list Policy Violations and/or Equipment incidents in their top 2 or 3 for frequency suggests that some of the greatest information security challenges facing federal agencies are internal – whether through lack of awareness or training or through outright disregard for approved security practices. In a fiscally constrained environment where return on investment for each dollar is scrutinized agencies might actually save money that they would spend on cleaning up security mistakes by users if they could more effectively prevent many of these incidents in the first place.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWin FIA. Follow me on Twitter @GovWinSlye.

The updated Federal Information Technology Acquisition Reform Act (FITARA), first proposed by Congressman Darryl Issa (R-CA) in September, now incorporates suggestions and comments from industry which strengthen the role of CIO, but limit requirements for centralized IT purchasing.

By some estimates, the legislation could save taxpayers as much as $20 billion annually by fundamentally reforming the way federal agencies purchase IT.  If passed, the FITARA would be the most significant reform to the IT acquisition landscape since the 2002 E-Government Act and the 1996 Clinger Cohen Act, which created the agency CIO function.  

Below is a brief summary of the updated legislation:

The Act would give more responsibility to agency CIOs by making them presidential appointees or designees, granting them greater budget authority and limiting agencies to one CIO for the whole agency; bureaus, offices, and subordinate agency organizations could not have their own CIO.

The updated bill promotes the use of “fixed price technical competition” or “bid to price” contracts, in which agencies would specify the price they planned to pay for IT products and/or services and contractors would compete to offer the best solution or service at that price.

After backlash from acquisition experts, the legislation was modified to eliminate plans for a government-wide IT Acquisition Center fearing that it might duplication services already provided by GSA.  Instead, the bill now calls for the establishment of the Federal Infrastructure and Common Application Collaboration Center to develop centralized program and technical management expertise to coordinate IT acquisition best practices.  The new Collaboration Center located within OMB, will assist agencies with challenging IT projects and support the CIO Council with TechStat reviews.

Congressman Issa plans to formally introduce the updated legislation soon.  According to NextGov, the legislation was likely discussed at a March 20^th House Oversight and Government Reform Committee business meeting. 

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWin FIA. Follow on twitter @FIAGovWin.

• Total discretionary budget authority of nearly $1.2 trillion, including
• Full-year appropriations for Defense and Military Construction/Veterans Affairs committees
• Defense – $518 billion in non-war funding for the DoD, $87 billion for overseas contingency operations (OCO)
• MilCon/VA – $72 billion in discretionary funding for military construction and the Department of Veterans Affairs, with some shifting of funds away from military construction to support increase in veterans’ programs, which are exempt from sequestration
• The remaining federal agencies would be funded at fiscal 2012 levels under a continuing resolution covering the remaining 6 months of fiscal 2013

• Veterans Benefits Administration – Provides $3.3 billion for information technology, including $1 billion for staff pay, $1.8 billion for operations and maintenance, and $494 million for systems development, modernization, and enhancement. This DME funding is 2-year money available through FY 2014 but requires the VA Secretary or CIO to submit to Congress a certification of the amounts to be obligated for each project. Further, Congress requires approval of any transfers between the three funding sub-accounts or individual project funding increases/decreases of more than $1 million.
  
• No more than 25% of any joint DoD-VA integrated electronic health record (iEHR) may be obligated until the DOD–VA Interagency Program Office gets the approval of both Congressional Appropriations Committees on the planned costs, timelines, acquisition, etc.
  
• Of the $60.5 billion appropriated for veterans compensation and pension benefits programs no more than $9.2 million “shall be reimbursed to ‘General operating expenses, Veterans Benefits Administration’, ‘Medical support and compliance’, and ‘Information technology systems.’”
  
• $115 million for the VA’s the Office of Inspector General, to include information technology costs and for constructing, altering, extending, and improving any of the facilities.
  
• Only upon approval of Congress may the VA Secretary transfer funds to/from the VA’s ‘‘Information technology systems’’ account to/from the ‘‘Medical services’’, ‘‘Medical support and compliance’’, ‘‘Medical facilities’’, ‘‘General operating expenses, Veterans Benefits Administration’’, ‘‘General administration’’, and ‘‘National Cemetery Administration’’ accounts.
  
• Department of Justice, General Administration, Justice Information Sharing Technology receives $22 million, the National Protection and Programs Directorate, United States Visitor and Immigrant Status Indicator Technology receives $279 million, and the Office of Health Affairs receives $132.5 million, of which $85 million is for the BioWatch program.

• None of the DoD appropriation can be used for new multiyear procurement contracts for any systems or components if the value of the multiyear contract would exceed $500 million, unless specifically provided in the bill. A cursory review finds these are predominantly weapons systems, with some mention of commercial SatCom for naval vessels.
  
• The DoD provisions further stipulate that no multiyear procurement contract can be terminated without 10-day prior notification to the congressional defense committees.
  
• Defense Intelligence Agency funds may be used for the design, development, and deployment of General Defense Intelligence Program intelligence communications and intelligence information systems for the Services, the Unified and Specified Commands, and the component commands, unless otherwise stated.
  
• $12 million for mitigation of environmental impacts on Indian lands resulting from DoD activities, including training and technical assistance, related administrative support, the gathering of information, documenting of environmental damage, and developing a system for prioritization of mitigation and cost to complete estimates for mitigation.
  
• None of the funds in the Act may be used for research, development, test, evaluation, procurement or deployment of nuclear armed interceptors of a missile defense system. 
  
• $519 million in multi-year funds for  Cooperative Threat Reduction for the elimination and secure transportation/ storage of nuclear, chemical and other weapons; to prevent the proliferation of weapons, weapons components, and weapon-related technologies, etc.
  
• RDT&E New Starts Justification – Funds appropriated under ‘‘Research, Development, Test and Evaluation, Defense-Wide’’ for any new start advanced concept technology demonstration project or joint capability demonstration project may only be obligated 45 days after a report, including a description of the project, the planned acquisition and transition strategy and its estimated annual and total cost, has been provided in writing to the congressional defense committees. (The Secretary of Defense may waive this restriction on a case-by-case basis.)
  
• Funds appropriated for research and technology for programs of the Office of the Director of National Intelligence shall remain available until the end of fiscal year 2014.

• Federal Emergency Management Agency receives $35 million for the National Urban Search and Rescue Response System, $22 million shall be for capital improvements at the Mount Weather Emergency Operations Center, and not less than $5 million directed to the modernization of automated systems. 
  
• United States Citizenship and Immigration Services (USCIS) receives $112 million for the E-Verify Program. 
  
• DHS’s National Protection and Programs Directorate, Infrastructure Protection and Information Security receives $1.1 billion, with $328 million slated for Network Security Deployment and $218 million for Federal Network Security to establish and sustain essential cybersecurity activities, including procurement and operations of continuous monitoring and diagnostics systems and intrusion detection systems for civilian federal computer networks. $213 million (40%) of the combined $546 million is tagged as multi-year funding through FY 2014.