GovWin
B2G is moving!
Blogs posted after May 22, 2015 will be located on Deltek's central blog page at www.deltek.com/blog.
Just select the "B2G Essentials" blog to continue to receive this valuable content.
Pending FY 2014 NDAA Keeps Pressure on Air Force Logistics Systems Modernization

In a highly contested budget environment no department or agency wants their IT modernization program failures to come back to haunt them. But that may well be the case for the Air Force if a provision in the current House version of the FY 2014 National Defense Authorization Act (NDAA) makes it through to the final bill.

The House passed their version of the FY 2014 NDAA, HR 1960, in June and the bill was received in the Senate shortly thereafter. But the full Senate has only begun debate on the bill this week and at the time of this writing any amendments and passage are still pending. Then the bill goes to conference committee for the two chambers to hammer out the final language for and up-or-down vote in each chamber.

The passed House version has some language that speaks directly to one of the challenges facing the Pentagon – how to effectively and economically modernize large enterprise systems, especially Air Force logistics systems.

Section 213—Limitation on Availability of Funds for Air Force Logistics Transformation

According to the House Armed Services Committee report, this section would restrict the obligation and expenditure of Air Force procurement and research, development, test, and evaluation (RDT&E) funds for logistics information technology programs until 30 days after the Secretary of the Air Force submits to the congressional defense committees a report on the modernization and update of Air Force logistics information technology systems following the cancellation of the expeditionary combat support system.

The bill specifically states that not more than 50 percent of the FY 2014 procurement and RDT&E funds may be obligated or expended until 30 days after the Secretary of the Air Force submits the report, which is to include:

  1. Near-term strategies to address any capability gaps in logistics IT and longer-term modernization strategies for the period covered by the current future-years defense plan (FYPD);
  2. A root-cause analysis leading to the failure of the expeditionary combat support system (ECSS) program; and
  3. A plan of action to ensure that the lessons learned under such analysis are shared throughout the Department of Defense and the military departments and considered in program planning for similar logistics IT systems.

Implications

It was about a year ago that Congress took special note when the Air Force decided to cancel the Expeditionary Combat Support System (ECSS) program after seven years and over $1 billion in spending without much to show for it. The announcement came in the first quarter of FY 2013, yet the Air Force reported total FY 2013 spending of $188 million on the program when the FY 2014 IT budget request was released the next spring.  While that budget request zeroed-out the program going forward it appears that with latest Defense Authorization the Hill is still watching with great interest for any revived modernization efforts at the Air Force.

These and other large enterprise-wide systems like ERPs continue to have mixed results at keeping up with the changing demands of a technically advancing military and doing so economically and with the demonstrable savings they promised. Although not called out in the NDAA, the GAO recently reviewed the Army’s Logistics Modernization Program (LMP) Increment 1 which cost roughly $1.4 billion through FY 2012. GAO determined that while some functional benefits had been achieved through LMP the Army has no accurate process in place to track financial benefits associated with the system.

In spite of the challenges, the persistent and enduring need to modernize legacy logistics systems at the Air Force remains, but it needs to be done with more realistic goals and expectations, effective and authoritative leadership, and well-defined requirements and plans.  The presence of such targeted language is likely evidence of ongoing discussions between key members of Congress and IT leadership at the Air Force in recognizing this need.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

GovWin Recon - November 27, 2013

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

Headlines beginning with an * include quotes from Deltek analysts. 

Sequestration / Budget:

Federal IT:

Agency News:

Cybersecurity:

Health IT:

Mobility:

Contracting / Acquisition:

Legislation:

State and Local:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

 

 

 

Still More Work Ahead to Improve IT Acquisition and Implementation

Expanded use of critical success factors in IT acquisition, such as active stakeholder engagement and support from agency executives, along with further implementation of government and industry best practices, will better position agencies to more effectively deliver mission-critical systems, according to GAO.

Leveraging previous research and oversight efforts, GAO Director of IT Management Issues, David Powner, delivered testimony before the House Committee on Oversight and Government Reform last week as part of the sixth major Congressional hearing regarding the botched launch of Healthcare.gov.

With over $80 billion in federal IT spending per year, it’s incumbent upon agencies and the administration to learn from successful IT implementations, as well as failed projects.  As reported by GAO, effective implementations possess common critical success factors.  GAO interviewed IT officials at the top ten federal departments based on IT budgets to determine mission-critical, major IT investments that best achieved cost, schedule, scope, and performance goals.  Seven investments were identified, totaling $5 billion in lifecycle costs.  GAO, in conjunction with agency officials, identified nine common factors critical to the success of these investments:

  • Program officials were actively engaged with stakeholders 
  • Program staff had the necessary knowledge and skills 
  • Senior department and agency executives supported the programs 
  • End users and stakeholders were involved in the development of requirements 
  • End users participated in testing of system functionality prior to formal end user acceptance testing 
  • Government and contractor staff were consistent and stable  
  • Program staff prioritized requirements 
  • Program officials maintained regular communication with the prime contractor

A number of IT acquisition best practices have been developed by government and industry, along with legislation to support effective IT implementation: 

  • Software Engineering Institute Capability Maturity Model® Integration for Development (CMMI-DEV) and Capability Maturity Model® Integration for Acquisition (CMMI-ACQ) 
  • GAO’s Information Technology Investment Management Framework 
  • Clinger-Cohen Act of 1996 
  • E-Government Act of 2002

Further, OMB has put in place several initiatives to improve IT programs and outcomes.  In 2009, OMB established the IT Dashboard to improve the transparency and oversight of agency IT investments. CIOs are required to post evaluations of the investments on an ongoing basis to allow Congress, OMB, other oversight organizations, and the general public to view the performance of these investments. 

In 2010, OMB began holding TechStat sessions with agency leadership to review selected IT investments and increase accountability, transparency and performance.   Additionally in the same year, OMB released a plan to reform IT management over an 18 month period, part of which involved the goal of turning around or terminating at least one-third of underperforming projects by June 2012.

Overall, GAO commended OMB and agency efforts at improving IT acquisition and implementation, however numerous troubled projects and investments still exist.  While use of best practices, legislation, and OMB efforts at transparency and oversight have improved IT execution and spending, continued leadership and attention is necessary to build on current progress.

 

DATA Act Passes House

Mid-November, the House passed the Digital Accountability and Transparency Act (or DATA Act), which stands to improve the transparency of federal spending. Introduced back in May of this year, the legislation would standardize and publish government reports and data related to financial management, procurement, and assistance. <font >

Under the legislation, the Treasury department is called to establish data standards in consultation with OMB, GSA, and the heads of federal agencies. In addition to standardizing the information, the data would be made publicly accessible in machine-readable format through the improved USASpending.gov site. Recipients of federal funding, including state and local organizations, would regularly report how money is being spent.

The accessibility of this data holds promise for delivering greater transparency to citizens and investors, identifying and eliminating waste and fraud through data analytics, and facilitating automation of compliance for contractors and grant recipients.

Introduced back in May, the House vote on H.R. 2061 passed the House on November 18, 2013. The Senate Committee on Homeland Security and Governmental Affairs passed their version of the bill (S. 994) and reported it to the full U.S. Senate on November 6, 2013. Although a version of the bill passed the House in 2012, it failed to receive Senate committee votes.

Currently, the version in of this legislation in the Senate removes a provision for an expanded role of the Recovery Accountability and Transparency Board’s accountability platform. This existing system has aided inspectors generals to find waste and fraud in stimulus grants and contracts. The substitute amendment not only cuts this accountability platform, it removes “prevent waste, fraud, abuse, and improper payments” from the goals of the bill. It might seem like this move hamstrings the inspectors generals ability to use this data, but that may not be the case. Once the data is available, other systems and technologies may advance to provide more robust analytics solutions. Although the Recovery Board’s accountability platform already exists, the Board itself is scheduled to end its operations in 2015. Unless the final version of the bill expands the accountability platform, inspectors general will be faced with a window to identify a replacement capability for recovering and preventing fraud.

Through its Open Data policy and associated initiatives, the administration has sought leverage transparency to stimulate innovation, increase efficiency, and reduce waste. Back in September 2013, the Data Transparency Coalition hosted the nation’s first open data policy conference to explore opportunities for new tools to streamline processes. As momentum behind these efforts continues and financial reporting requirements persist, contractors and grant recipients should anticipate further spending scrutiny to drive transparency and decrease waste, fraud, and abuse.

--------

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWinIQ. Follow me on twitter @FIAGovWin.

GovWin Recon - November 26, 2013

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

Headlines beginning with an * include quotes from Deltek analysts. 

Sequestration / Budget:

Federal IT:

Agency News:

Cybersecurity:

Cloud Computing / Data Center Consolidation / Virtualization:

Health IT:

Mobility:

Waste, Fraud and Abuse:

Legislation:

State and Local:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

 

Congress May Press DHS to Bolster Cybersecurity Workforce Development

When we hear the phrase “boots-on-the-ground” most of us think of uniformed military personnel being deployed in active combat situations. But a current bill in the U.S. House of Representatives uses the phrase in connection with boosting Department of Homeland Security (DHS) efforts to improve its domestic cybersecurity workforce development activities.

In October, the House Committee on Homeland Security marked-up and passed the bill by voice vote authorizing it to be reported to the full House for consideration. It joins several other cybersecurity-related bills that have been introduced and are at various stages of progression. It is yet unclear which if any of these bills will progress to a vote in the House and are taken up in the Senate, given other priorities.

HR 3107 - Homeland Security Cybersecurity Boots-on-the-Ground Act

The bill in its current form would require DHS to develop:

  • Occupation classifications for individuals performing cybersecurity mission activities and ensure that they are used throughout DHS as well as other federal agencies
  • Workforce strategy that enhances the readiness, capacity, training, recruitment, and retention of the DHS cybersecurity workforce, including a multi-phased recruitment plan and a 10-year projection of federal workforce needs
  • Verification process so that contractor cybersecurity employees at DHS receive initial and recurrent information security and role-based security training

Other provisos

  • Defines "cybersecurity mission" as threat and vulnerability reduction, deterrence, incident response, resiliency, and recovery activities to foster the security and stability of cyberspace.
  • Directs the DHS Chief Human Capital Officer and Chief Information Officer to assess the readiness and capacity of DHS to meet its cybersecurity mission.
  • Requires the Secretary to provide Congress with annual updates regarding such strategies, assessments, and training.
  • Expands recruiting outreach through a tuition-for-work fellowship program and a program to identify military veterans and unemployed computer specialists for potential DHS cybersecurity employment

Implications

The challenge that DHS has faced with recruiting and retaining cybersecurity personnel is not breaking news. DHS has announced multiple efforts to improve recruitment and retention over the last 5+ years. Even with those efforts, the GAO reported earlier this year that more than 20% of cybersecurity positions at the National Protection and Programs Directorate (NPPD) are vacant (see p. 24). 

To cope with the shortfall agencies have continued to supplement their internal workforce with contracted personnel, but budget constraints from all sides add to the challenge. According to OMB, up to 90% of federal IT security spending is on personnel costs. The rest is a mix of training, testing, cyber tools and risk management policy implementation.

It seems to me that this is a tough cost model to sustain in an increasingly constrained fiscal environment, but the nature of current cybersecurity operations and existing needs present challenges to automating many functions that require experienced analysts’ eyes (or “boots,” to follow the theme) monitoring the networks. The nature of the work combined with the priority of improved overall cybersecurity continues to show growth prospects, bucking the budget belt-tightening trend.

Read more of our perspective in our latest report: Federal Information Security Market, FY 2013-2018.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

GovWin Recon - November 25, 2013

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

Headlines beginning with an * include quotes from Deltek analysts. 

 

Federal IT:

Agency News:

Vendor News:

Cybersecurity:

Health IT:

Mobility:

Contracting / Acquisition:

Legislation:

State and Local:

AEC News:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

 

 

GovWin Recon - November 22, 2013

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

Headlines beginning with an * include quotes from Deltek analysts. 

Sequestration / Budget:

Federal IT:

Agency News:

Vendor News:

Cybersecurity:

Cloud Computing / Data Center Consolidation / Virtualization:

Health IT:

Mobility:

Transparency and Performance:

Legislation:

Mergers and Acquisitions:

State and Local:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

 

 

 

In a Cyber-attack, Should We Shoot Back? A DHS Cyber- Official Weighs In

At an industry event I participated in recently, a current U.S. Department of Homeland Security cybersecurity official was asked whether he thought private companies should be legally permitted to respond to cyber-attacks with in-kind force to protect themselves and their customers, similar to having an armed guard on duty capable of shooting an on-coming attacker. The question recognizes a hot topic in cybersecurity – what is the role and scope of active and reactive defenses and who should use them? The official’s response took some by surprise and got everyone’s attention. And it revealed the complex world of cybersecurity in which we find ourselves.

This event on Continuous Monitoring inaugurated a series by the Chertoff Group to discuss the challenges and implications of agencies shifting from periodic or annual security and compliance assessments to risk and mitigation efforts assessed in real- or near-real-time. Participants included several former DHS leaders including Undersecretary for Cybersecurity Mark Weatherford, Chief Information Officer Richard Spires, Deputy Secretary Jane Holl Lute, and Secretary Michael Chertoff. 

One current DHS participant was John Streufert, Director of Federal Network Resilience and who leads DHS’s recently awarded $6 billion Continuous Diagnostic and Mitigation (CDM) program. Streufert was part of a panel with leaders from several cybersecurity companies discussing how to successfully implement continuous monitoring.

During the Q&A a question came from the audience asking Streufert and his fellow panelists their opinion on whether companies should be allowed to respond or retaliate against cyber-attackers, similar to having an armed guard on duty that is capable of shooting an attacker. Streufert’s response was emphatic:

“When considering whether we want to encourage companies to respond in kind when they are attacked we need to ask a fundamental question. Do we really want to trust people who are incapable of securing their own networks to be accurate and effective at “shooting back” when they are attacked? I don’t think so.”

Streufert’s fellow panelists, as well Lute and Chertoff later, agreed with Streufert and added their perspectives that can be summarized in a couple of basic points that drive home the complexity of the issue.

  • Attribution is hard – Attackers are keenly adept a concealing their identities, origins and tracks, so knowing exactly who hit you and from where is an ongoing challenge that cyber-defenders face. Given that, any “return shots” could actually result in high collateral damage to innocent people and systems that are only cursorily related to the attack. In fact, setting up an unwitting down-stream victim might even be part of the assailant’s plan.
  • Calling the cops is a real response – Companies are not alone, left to fend for themselves or left without remedy.  Federal, state, and (most) local law enforcement agencies all have channels to investigate cyber-attack incidents. Companies need to be willing and forthright in sharing with law enforcement information about the attacks they incur. If you’re concerned about liabilities, trade secrets, negative publicity or corporate privacy discuss the matter with your corporate legal counsel beforehand so that you can share confidently.

In this age of increased interconnectivity among organizations and individuals, governments and businesses, we are learning that we’re never that far-removed from malicious actors who seek to do us harm, for whatever reason. As progress is made in continuous monitoring for cyber-vulnerabilities and attacks maybe we will reach a point where the need for proactive and reactive measures is made unnecessary. If Streufert’s comments, and those expressed by others, are indicative of the challenges still ahead, then we’ll continue to see the same essential question raised for the foreseeable future.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

GovWin Recon - November 21, 2013

GovWin Recon, produced by Deltek's Federal Industry Analysis (FIA) team, is designed to support awareness and understanding of the issues impacting the government and the contractors that serve it. Recon highlights key developments surrounding government technology, policy, budget and vendor activities.

Headlines beginning with an * include quotes from Deltek analysts. 

Sequestration / Budget:

Federal IT:

Agency News:

Vendor News:

Cybersecurity:

Cloud Computing / Data Center Consolidation / Virtualization:

Health IT:

Big Data / Analytics:

Transparency and Performance:

Waste, Fraud and Abuse:

Contracting / Acquisition:

Legislation:

State and Local:

GovWin Recon is Deltek's daily newsletter highlighting federal government contracting news and analysis from around the government contracting world. Get it delivered to your e-mail inbox, free!

 

 

 

 

More Entries