GovWin
White House Announces New Cybersecurity Center

The White House has announced that it is launching a new federal organization to step up the national cybersecurity coordination and response capability. Details are still slim, but a senior cybersecurity adviser at the White House did outline the vision for the new center in a recent address.

News of the new cyber agency launch hit news sources like Washington Post and Reuters shortly before the official statement. In the public announcement, Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, said the new Cyber Threat Intelligence Integration Center (CTIIC) will reside within Office of the Director of National Intelligence and will be patterned after the National Counterterrorism Center (NCTC). “There are structural, organizational, and cultural shifts that were made in our government in the counterterrorism realm that also apply to cyber. We need to develop the same muscle memory in the government response to cyber-threats as we have for terrorist incidents.”

Filling a Void

In the summer of 2014, the White House created a Cyber Response Group (CRG) in response to the growing number of highly-publicized breaches and intrusions to both public and private networks. Modeled on the Counterterrorism Security Group, the CRG convenes multiple agency players and pools knowledge on current threats. It appears that the CTIIC will build upon the CRG’s efforts to “quickly consolidate, analyze, and provide assessments on fast moving threats or cyber-attacks.”

“Currently, no single government entity is responsible for producing coordinated cyber-threat assessments, ensuring that information is shared rapidly among existing cyber-centers and other elements within our government, and supporting the work of operators and policy makers with timely intelligence about the latest cyber-threats and threat actors. The CTIIC is intended to fill these gaps,” Monaco said.

CTIIC Functions

Monaco said that the new center will serve a similar function for cyber that the NCTC does for terrorism:

  • Integrate intelligence for cyber-threats – information sharing is critical
  • Provide all-source analysis to policy makers and operators – cross-domain analysis to provide a comprehensive perspective
  • Support the work of existing federal cyber-centers, network defenders, and law enforcement communities – coordinated action and response to achieve common goals.

What the CTIIC Will Not Do

Monaco was quick to stress that the CTIIC will not collect intelligence, but rather it will analyze and integrate information already collected under existing federal authorities. Similarly, Monaco said that CTIIC will not perform functions already assigned to other cyber-centers, but is intended to enable them to perform their respective roles more effectively.

Looking Ahead

In her remarks, Monaco said that the government will need to work in lockstep with the private sector and do its utmost to share cyber-threat intelligence information, not simply let private entities fend for themselves. The latest budget request from the White House for FY 2016 budget has $14 billion allocated to cybersecurity to protect critical infrastructure, government networks, and other systems.

The CTIIC announcement comes just days ahead of a White House Summit at Stanford University to discuss cybersecurity and consumer protections.

Contractor Implications

It is yet unclear what implications the CTIIC will have for federal contractors. There is limited public information about the role of contractor support at the ODNI and related entities within the Intelligence Community. That said, there is likely to be some need for technology infrastructure in setting up any new entity, and if the demand for skill sets exceeds the government’s talent pool then they may look to the contractor community for support.

The broader emphasis on cyber-threat information sharing and related cybersecurity provisions in recent National Defense Authorization bills and others will continue to raise the bar for contractor companies to meet federal cyber-requirements. Increasingly, companies are required to provide agencies with increased visibility into their internal security posture – including reporting incidents – as a stipulation to performing federal work. Expect provisions like these to continue to evolve.

Progress Continues on Cyber-Physical Framework

During the summer of 2014, the National Institute of Standards and Technology (NIST) kicked off a working group effort to develop a framework and roadmaps for cyber physical systems. Mid January 2015, this public working group focused launched the second phase of its work. 

Cyber-physical systems (CPS) are often simply referred to as “smart” systems. These co-engineered systems comprise interacting networks of physical and computations components. The influx of smart technologies has expanded CPS domains to include infrastructure (grid, water, gas), buildings, emergency response, healthcare, manufacturing, transportation, and numerous others. The public working group aims to take a multi-domain perspective to ensure the research, development and deployment guidance it produces will be applicable within all CPS domains as well as supporting cross-domain applications. In particular, this group intends to address needs for a common lexicon and taxonomy as well as a reference architecture. 

These working group efforts began during the summer of 2014 with plans for the first several phases over the course of a year. The first face-to-face meeting during August launched the first phase of the initiative to draft a framework for the CPS elements. This work produced draft reports from each of the five subgroups – Reference Architecture, Use Cases, Cybersecurity, Timing, and Data Interoperability. Following the launch of the first phase, the subgroups organized meeting and collaboration to create initial documents that would eventually combine as elements of the CPS framework. 

All five subgroups completed their documents by the close of 2014, so now efforts are underway to integrate and review the work. This second phase aims to produce a combined framework document by integrating the work completed by the subgroups and refining it further. The third phase of the work will result in a CPS technology roadmap which will identify opportunities for additional collaboration and propose a timeline for follow-on efforts to address key technical challenges. 

According to the current timeline, the combined framework is expected to be finalized this spring.  The group is scheduled to have its next face-to-face meeting in April, which will conclude the framework phase and launch the roadmap activities. A draft of the roadmap is anticipated in June 2015, followed by a month of review before its finalized in July. Another, related effort underway is also being led by the NIST Engineering Laboratory’s Smart Grid and Cyber-Physical Systems Program Office. The Cyber-Physical Testbed Development Workshop is scheduled for February 24-25, 2015 and will explore future research and development areas for CPS. 

Ultimately, these efforts hope to head off several trends like the sector-specific applications of cyber-physical system deployments and the expansion of the Internet of Things without a foundation of interoperability. By drawing stakeholders from government, industry, and academia, the working group hopes to address the increasing need for systems-of-systems solutions to integrate CPS across domains. For insights on how CPS and other technologies are shaping the federal landscape, check out the Federal Industry Analysis team’s recent report on emerging federal technology markets.

 

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWinIQ. Follow me on twitter @FIAGovWin.

 

FY 2016 President’s Budget Request – GovWin FIA’s First Take

The White House released its FY 2016 Budget request today, perhaps the earliest annual budget release of the Obama Administration thus far. Several of my fellow GovWin Federal Industry Analysis (FIA) colleagues and I wasted no time in delving into this budget so that we could provide you with our first impressions of what we found noteworthy.

Similar to each presidential budget, the FY 2016 President’s Budget Request provides a blueprint for the administration’s policy and legislative agenda for the coming fiscal year and beyond. We reviewed the largest federal departments’ discretionary budgets to get a sense of direction and priorities for FY 2016, which begins October 1, 2015. Below is a summary table followed by key funding details and initiatives arranged by department.


Defense

DoD’s discretionary base budget request is up nearly 8% over FY 2015. The $534.3B in discretionary funding is $38.2B more than the FY 2015 enacted level.

Funding highlights include:

  • $126.53B for the Army (an increase of $7.B from the FY 2015 enacted level)
  • $161.0B for the Navy (an increase of $11.8B from the FY 2015 enacted level)
  • $152.9B for the Air Force (an increase of $16B from the FY 2015 enacted level)
  • $94.0B for Defense-Wide operations (an increase of $3.4B from the FY 2015 enacted level)
  • $51B in Oversees Contingency Operations (OCO) funding across all DoD (a decrease of $13.4B from the FY 2015 enacted level)
  • $209.9B for DoD operations and maintenance funding (an increase of $14.5B from the FY 2015 enacted level)
  • $107.7B for DoD procurement funding (an increase of $14.1B from the FY 2015 enacted level)
  • $69.8B in DoD RDT&E funding (an increase of $6.3B from the FY 2015 enacted level)
  • Invests $12.3B in DoD’s Science and Technology (S&T) Program, including $5.5B in Advanced Technology Development
  • Provides $7.4B for C4I systems
  • Includes $7.1B for DoD Space Investment Programs
  • Funds construction of the Joint Operations Center for U.S. Cyber Command at Fort Meade, Maryland
  • Funds ongoing investments in the DoD’s Joint Information Environment
  • Modestly increases the budget of the Defense Advanced Research Projects Agency from $2.9B to 3B
  • Allocates $32.3B for the Defense Health Program
  • Allocates $109.4M for communications upgrades at the new U.S. Strategic Air Command headquarters building

Agriculture

The president’s budget request includes $23.5B in discretionary appropriations for the Department of Agriculture, 1.25% below the enacted level of $23.8B in Fiscal Year 2015.

Funding highlights include:

  • $1B in financial assistance to rural businesses
  • $2.2B in community facility loans for rural areas
  • $6.4B for direct and guaranteed farm ownership and operating loans
  • $450M for competitive, peer-reviewed research for fundamental and applied agricultural sciences
  • $200M in funding for Watershed and Flood Preventions Operations
  • $206M to invest in the backlog of priority facility construction and renovation for the Agricultural Research Service
  • $60M to modernize the Headquarters South Building
  • $7.6M for a digital services team to improve the efficiency and effectiveness of USDA IT systems

Commerce

The president’s budget request provides $9.8B in base discretionary funding to Commerce, an 11% increase over FY 2015 enacted levels. These funds are intended to promote growth through trade, invest, and innovation as well as a data-driven economy.

Funding highlights include:

  • Provides funding to National Institute of Standards and Technology in support of advance in areas like cybersecurity and advanced manufacturing. Efforts to work with industry are called out in particular, such as implementing the Cybersecurity Framework of standards and best practices. Funding will also sustain work on initiatives like cybersecurity automation and the National Strategy for Trusted Identities in Cyberspace (NSTIC).
  • $1.5B to Census to support research, development, and implementation of the 2020 Census. The Census Bureau will also include planned increase for the Economic Census and advance initiatives to make data and resources publicly accessible.
  • Continues strong funding for National Oceanic and Atmospheric Administration, including $2B for next generation weather satellites, including $380M for the Polar Follow-On satellites. $147M in funding is also provided for the construction of an ocean survey vessel.
  • $1.1B for National Weather Service includes increases in funding for critical infrastructure.
  • Includes $3M to establish an in-house Idea Lab to pursue innovative approaches to achieve the agency’s strategic goals and objectives.
  • Requests $6M to build a digital services team for Department of Commerce dedicated to improving IT systems and services.
  • $497M for the International Trade Administration includes $20M to expand SelectUSA efforts to grow business investment in the United States.
  • Auctions 500MHz of federal spectrum, aiming to reduce the deficit by $40B over the next decade and provide greater commercial access to spectrum.

Energy

The president’s budget request provides $29.9B in base discretionary funding to Energy, a 10% increase over FY 2015 enacted levels. These funds are intended to support nuclear security, clean energy, environmental cleanup, climate change response, as well as science and innovation.

Funding highlights include:

  • $5B in funding supports transformational research and development for critical technology areas such as nuclear safety, grid modernization, solar and renewable energy, and energy efficiency.
  • $5.3B to support scientific research, especially in the physical sciences.
  • $12.6B for National Nuclear Security Administration, an 11% increase over FY 2015 enacted levels.
  • $5.8B for critical nuclear legacy cleanup responsibilities.
  • Expands efficiency initiatives introduced in FY 2015 to advance key priorities and improve project integration.

Health and Human Services

The president’s budget request provides $79.9B in base discretionary budget authority to HHS, a 0.3% decrease over FY 2015 enacted levels. 

Funding highlights include:

  • Supports the Affordable Care Act and operation of the Health Insurance Marketplace.
  • Provides $4.2B to serve 28.6 million patients at more than 9,000 health center sites in medically underserved communities. $2.7B of this amount is new mandatory funding.
  • Funds reform of health care delivery by finding better ways to deliver care, pay providers, and distribute information.
  • Promotes innovative medical research to maintain the nation’s leadership in the life sciences including research into Alzheimer’s disease.
  • Advances product development efforts to support procurement of next-generation medical countermeasures against chemical, biological, radiological, and nuclear threats with a $522M investment.
  • Accelerates progress in scientific and public health efforts to detect, prevent, and control illness and death related to antibiotic-resistant infections with funding of $993M.
  • Proposes targeted reforms to Medicare and Medicaid which are projected to save more than $400B over the next decade.
  • Provides the Indian Health Service with $5.1B, an increase of $461M over FY 2015 enacted levels, to expand health care services and construct clinics and sanitation facilities.
  • Includes $1.6B to bolster food safety activities.    
  • Promotes continued efforts to cut waste, fraud and abuse in Medicare and Medicaid including removing social security numbers from Medicare beneficiary ID cards.

Homeland Security **

DHS would receive $41.2B in base discretionary funding in the president’s budget request, a 7.9% increase over the FY 2015 $38.2B budget request level. DHS is currently operating under continuing resolution (CR) at the FY 2014 enacted budget level of $39.8B. This CR expires on 2/27 by which time Congress is expected to pass appropriations to cover the remainder of FY 2015.

Funding highlights include:

  • $3.7B for Aviation Security and Screening at the Transportation Security Administration (TSA) sustain aviation security and effectively align passenger screening resources based on risk. These risk-based security initiatives maximize security capabilities and expedite the screening process for low-risk travelers.
  • $132.3M for the Customs and Border Protection (CBP) Trusted Traveler Programs (TTP) to provide expedited travel for pre-approved, low-risk travelers through dedicated lanes and kiosks.
  • $101M for Radiological and Nuclear Detection Equipment for detecting and interdicting illicit radioactive or nuclear materials by the Domestic Nuclear Detection Office and other DHS components.
  • $85.3M for the CBP Non-Intrusive Inspection (NII) program for passive radiation scanning and X-ray/gamma-ray imaging of cargo and conveyances
  • $373.5M is provided to maintain necessary border security infrastructure and technology to improve CBP’s ability to detect and interdict illegal activity
  • $480M for network security, including the EINSTEIN3 Accelerated program to detect and prevent malicious traffic
  • $102.6M for the Continuous Diagnostics and Mitigation (CDM) program for hardware, software, and services that strengthen the operational network security
  • $1B to replace aging Coast Guard cutters, aircraft, electronic systems and shore infrastructure
  • An increase of $86.7M to enhance U.S. Secret Service capacity to protect senior leaders

Justice

The president’s budget request provides $28.7B in base discretionary funding to Justice, a 5% increase over FY 2015 enacted levels. These funds are intended to support core law enforcement needs, safe and secure prisons, and other Federal, State, Tribal and local programs.

Funding highlights include:

  • Strengthening investment in cybersecurity through over $200M in IT upgrades and tools to detect and deter cyber-attacks. Funds also support plans for a Federal Cyber Campus to co-locate critical civilian cybersecurity agencies.
  • Provides $97M to expand training and oversight for local law enforcement, increase the use of body worn cameras, and provide additional opportunities for reform through technical assistance and training.
  • $482M in funds to address the back log of immigration cases at the Executive Office of Immigration Review. These funds will support hiring judges and legal representation as well as expanding the Legal Orientation Program.
  • Efforts to combat violent extremism include $4M for research, $6M for model development, $2M for technical assistance, and $3M for projects to enhance collaboration between law enforcement, communities, and other stakeholders.
  • Credits applied to Justice’s discretionary budget authority for FY 2016 include $13.5B from the Crime Victims Fund (CVF) and $304M from the Assets Forfeiture Fund (AFF). Both of these figures are up from the FY 2015 enacted levels. The CVF is up 39% over FY 2015, while AFF is up 58% for the same period.

Transportation

The president’s budget request includes $14.3B in discretionary appropriations for the Department of Transportation, 3.5% less than the $13.8B enacted in Fiscal Year 2015.

Funding highlights include:

  • Creates a new Office of Safety Oversight to coordinate and improve safety efforts across all modes of transportation
  • Provides $956M in discretionary funding for modernization of the Next Generation Air Transportation System
  • Provides $478B in mandatory and discretionary funding over six years for a surface transportation reauthorization proposal, including:
    • $1.25B per year for the TIGER Grant program
    • $18B over six years for the President’s National Export Initiative
    • $23B for transit and passenger rail programs and $144B over six years to expand transit capital investment grants
    • $6B over six years to provide credit assistance for nationally or regionally significant transportation projects through the Transportation Infrastructure Finance and Innovation Act Program
  • Provides $29.4B in mandatory and discretionary funding over six years for a Critical Immediate Safety Investments Program to provide targeted infrastructure investments
  • Provides nearly $6B in mandatory and discretionary funding over six years for the National Highway Traffic Safety Administration
  • Invests $935M in mandatory and discretionary funding over six years for vehicle safety and innovation, including vehicle automation and vehicle-to-vehicle technologies

Treasury

The president’s budget request provides $12.8B in base discretionary budget authority to Treasury, a 4.9% increase over FY 2015 enacted levels.   

Funding highlights include:

  • Includes $2.9B for Treasury’s international assistance programs to promote economic growth, poverty reduction, action on climate change, and security through Multilateral Development Bank (MDB) investments in developing and emerging economies.
  • Funds increases in transparency and accountability in federal financial management and implements the Digital Transparency Act of 2014 (DATA Act). 
  • Proposes funding to transform Treasury’s digital services with the greatest impact to taxpayers and businesses so they are easier to use and more cost-effective to build and maintain.
  • Provides IRS with $12.3B in base discretionary resources, an increase of $1.3B from FY 2015, to restore taxpayer services to acceptable levels.  Funds are also provided to continue major IT projects, which aim to protect taxpayer information, modernize antiquated systems, continue development of a state-of-the-art online taxpayer experience. 

Veterans Affairs

The president’s budget request provides $70.2B in base discretionary budget authority to VA, a 7.8% increase over FY 2015 enacted levels. VA also received $15B in the Veteran Access, Choice, and Accountability Act of 2014.

Funding highlights include:

  • Continues the largest department-wide transformation in VA’s history through MyVA, an effort to reorient the department around the needs of veterans.
  • Improves veterans’ access to medical care by investing $60B.
  • Supports improvements in veterans’ mental health care, telehealth care, life-saving treatment for Hepatitis C, specialized care for women veterans, long-term care, and benefits for veterans’ caregivers.
  • Provides $1.4B for programs aimed at ending veteran homelessness in 2015.
  • Strengthens veterans benefit programs by proposing an increase of $85M to hire 770 new staff to improve timeliness of non-rating claims, reduce the inventory of veterans’ appeals, strengthen the fiduciary program and further enhance disability claims processing accuracy and efficiency through centralized mail and the national work queue.

FY 2016 Federal Information Technology Budget Request

As of publishing time, the Office of Management and Budget (OMB) had not yet published IT budget specifics, but topline numbers show a 2.5% increase for FY 2016. This puts the total IT request (including state and local grants and classified defense spending) at $86.4 billion compared to the FY 2015 estimate of $83.4B.

The administration’s priorities fall in line with many of the initiatives discussed in the FY 2015 request along with those launched by OMB and the Office of Federal Procurement Policy (OFPP).  Focus areas include:

  • $450 million to drive forward progress on cross-agency management priorities such as the U.S. Digital Service (USDS), PortfolioStat, Freeze the Footprint, and Open Data.
  • Providing funding to 25 agencies for the development of their own agency digital services teams.
  • Piloting new initiatives in IT acquisition that will increase digital acquisition capability within agencies, train agency personnel in digital IT acquisitions, and test innovative contracting models.
  • Increasing the use of Shared Services
  • Funding that will allow agencies to make progress in implementing the DATA Act and increase Federal spending transparency
  • Continue development of the government’s Category Management initiative to include:
    • Proposing legislation making it easier for vendors to bid on modestly-sized procurements and bringing more new companies into the Federal marketplace.
    • broadening the range of purchases that can be accomplished with minimal complexity and Government-unique requirements by requesting authority to raise the simplified acquisition threshold from $150,000 to $500,000.
    • Seeking new pilot authority to make it easier for agencies to set aside work for new small businesses and other firms with cutting edge/creative solutions that have limited experience selling to the federal government

Stay tuned to FIA as we will be publishing our complete analysis of the FY 2016 budget request in the coming weeks, where we will go into greater detail on the key initiatives, IT investments and contractor implications that will shape the federal IT marketplace for FY 2016.

Fellow GovWin Federal Industry Analysis (FIA) analysts Kyra Fussell, Deniece Peterson, Angela Petty and Alex Rossino contributed to this entry.

 

Defense Cloud Security Guidance Aims to Empower Military Services

Mid January 2015, Defense Department’s (DOD) Defense Information Services Agency (DISA) released guidance for use of commercial and non-DOD cloud providers within the DOD.

Since the DISA publication is a Security Requirements Guide (SRG), it offers non-product specific requirements to mitigate risks associated with commonly encountered IT system vulnerabilities. While SRGs provide high level direction, Security Technical Implementation Guides (STIGs) offer product-specific details for validating, attaining, and maintaining compliance with the SRG requirements.

The previously published Cloud Security Model outlined 6 Information Impact Levels. Although the DOD cloud computing SRG has reduced the number to 4 impact levels, the numeric designators remain consistent with the previously published model. DOD provisional risk assessments for cloud services focus on evaluating the requirements for the impact levels at which a cloud service offering is supported by a provider.  Provisional authorization is then leveraged by the mission owner in granting authority to operate (ATO) for mission systems operating in the cloud.

The security control baseline for all levels aligns with the FedRAMP moderate baseline’s definition for confidentiality and integrity. This shift from high confidentiality and high integrity intends to support the categorization of customer systems targeted to be deployed to commercial CSP facilities. The 15 December 2014 CIO memo called out FedRAMP as the minimum security baseline for all DOD cloud services and advised that defense components “may host unclassified DOD information that has been publicly released on FedRAMP approved cloud services.”

The DISA cloud computing SRG covers systems up to the Secret level of classification. Services running at a classification levels above secret, including compartmented information, are governed by other policies and fall outside the scope of the guidance DISA released. General Service Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) aims to have a cloud security baseline established for FISMA high requirements within the next six months. DISA plans to consider incorporating the FedRAMP High Baseline into its guidance once it becomes available.

Ultimately, CSPs have three paths to choose from in pursuing a DOD provisional authorization. One option is to achieve a provisional authorization through FedRAMP’s Joint Authorization Board (JAB). Another option is to achieve FedRAMP Agency ATO by completing the FedRAMP compliance process as well as meeting any additional security control requirements from the authorizing agency. The third option is for a system to be comply with requirements fo DOD Self-Assessed Provisional Authorization. The concept of FedRAMP Plus (FedRAMP+) applies to situations where an agency has specific security requirements beyond the FedRAMP baseline. Within the DOD SRG, these additional security controls and requirements are necessary to meet and assure DOD’s mission requirements.

Like FedRAMP’s intention to allow agencies to take a greater role in steering commercial cloud authorizations, DISA’s guidance will empower the military services to procure their own solutions and leverage the government’s work through FedRAMP. Considering the trend toward shared service adoption, after a cloud solution is adopted by one service branch, other defense components may look to implement FedRAMP+ solutions or DISA may evaluate that solution for potential formal shared service use.

 

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWinIQ. Follow me on twitter @FIAGovWin.

DHS Would Get a $400 Million Boost for the Rest of FY 2015 Under House Bill

While most federal departments received their final fiscal year (FY) 2015 appropriations in mid-December, the Department of Homeland Security (DHS) was put in a funding holding pattern by the last Congress. Now, the new 114th Congress is in session and the U.S. House of Representatives has moved forward on a funding bill for the department.

In December, Congress passed an FY 2015 omnibus that funded all federal departments through the rest of the fiscal year, ending on September 30, except for DHS, which was funded with a continuing resolution (CR) until February 27, 2015. 

Now, with the DHS CR set to expire in a few weeks, the House has approved a FY 2015 Homeland Security Appropriations bill which would fund DHS through September, provided the Senate can move forward on a comparable version and the two chambers can reconcile a final bill to send to the president by the deadline.

The House bill, H.R. 240, provides a total of $39.7 billion in discretionary funding, which is an increase of $400 million (+1%) over the FY 2014 enacted level of $39.3 billion, which itself was a billion dollars more than White House requested in the FY 2015 budget. If enacted, the $37.7 billion would constitute more than a 3.5% increase over what the president requested for this fiscal year.

The bill and the accompanying Explanatory Statement provide details into agency funding and some specific IT investments areas.

  • Office of the Chief Information Officer (OCIO) – $288.1 million, of which $189.1 million is multi-year money available through FY 2016. The $288.1 million is $31 million over the FY 2014 enacted level. An additional $1 million is provided for the DHS Data Framework initiative and an additional $500 thousand is provided for cyber remediation tools.
  • Cybersecurity – The bill includes a total of $753.2 million for cybersecurity operations in the National Programs and Protection Directorate (NPPD). An additional $164.5 million is provided for NPPD Communications and $271 million for infrastructure protection programs, for an aggregate total of $1.19 billion. Cybersecurity workforce funding of $25.9 million is provided for Global Cybersecurity Management, of which at least $15.8 million is for cybersecurity education.
  • Science and Technology – $1.1 billion, $116.3 million below the FY 2014 enacted level, but $32.1 million above the president’s request. This includes $973.9 million for Research, Development, Acquisition, and Operations.
  • Customs and Border Protection (CBP) – $10.7 billion, an increase of $118.7 million above the FY 2014 enacted level. Of this, a total of $808.2 million is provided for Automation Modernization efforts for TECS, Automated Commercial Environment (ACE), International Trade Data System (ITDS) and others. The bill slates $382.5 million for Border Security Fencing, Infrastructure, and Technology (BSFIT).
  • Immigration and Customs Enforcement (ICE) – $5.96 billion, an increase of $689.4 million over the FY 2014 enacted level. IT funding includes $3.5 million to support enhancements to the PATRIOT system for visa vetting
  • Transportation Security Administration (TSA) – $4.8 billion, a decrease of $94.3 million below the FY 2014 enacted level. Technology provisions include $334 million for Explosives Detection Systems (EDS) Procurement and Installation, of which $83.9 million is discretionary funds. The bill also includes $449 million for Transportation Security Support IT and $295 million for Screening Technology Maintenance.
  • Coast Guard – $10 billion, $159 million below the FY 2014 level but $439.5 million above the president’s request, including $2.5 million to restore cuts to USCG information technology programs.
  • Citizenship and Immigration Services (CIS) – $124.4 million in discretionary appropriations is provided for the E- Verify program.
  • Federal Emergency Management Agency (FEMA) – $934.4 million for Salaries and Expenses, down $12.6 million from the FY 2014 enacted level. The bill allows for $7 billion for disaster relief and $2.5 billion in first responder grants, including $1.5 billion for state and local grants; $680 million for Assistance to Firefighter Grants, and $350 million for Emergency Management Performance Grants.
  • Secret Service – $1.7 billion, an increase of $80.5 million above the fiscal year 2014 enacted level. This includes $21.5 million to begin preparation and training for presidential candidate nominee protection for the 2016 presidential election, including for protective vehicles and communications technology. It also includes $45,6 million for investments in Information Integration and Technology Transformation programs.

As anticipated, the House bill restricts the use of funds for controversial White House immigration measures. The House Appropriations Committee Report that accompanies the bill includes an amendment stipulating that no funds, resources, or fees provided to DHS may be used to implement the immigration policy changes that the president initiated last fall.

The ball is now in the hands of the Senate Appropriations Committee (SAC), which has just solidified and announced committee chairs after the leadership change resulting from last November’s election. The Homeland Security subcommittee will need to quickly move their bill forward from the last committee action last summer if they hope to make the February 17 deadline, so the clock is ticking.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

 

New JIE Requirements May Help the “Internet of Things” at the DoD

The “Internet of Things” (IoT) is a pretty common phrase these days, with the rapid-expanding interconnectivity of devices and sensors sending information across communications networks, all to achieve greater capabilities, effectiveness, efficiency, and flexibility.  The Department of Defense (DoD) clearly links the growth of emerging, interconnected technologies to the sustained superiority of U.S. defense capabilities, on and off the battlefield, so you could say that the IoT impacts defense IT at all levels.

The key to leveraging the IoT is in harnessing and integrating three key areas:

  • Information – Data from devices and sensors, (e.g. phone, camera, appliance, vehicle, GPS, etc.) and information from applications and systems, (e.g. social media, eCommerce, industrial systems, etc.) provide the content input.
  • Connectivity – Network connections via various wireless capabilities and communications backbones provide the transport links for aggregation and distribution. This facilitates the environment where data meets the power to use that data.
  • Processing – The computational capacity and capabilities to make the data content useful.  This may reside at the device and/or back end and ranges in complexity, (e.g. data analytics, etc.)

 


DoD Implications

The use of integrated networks to connect data with processing capacity to affect outcomes is far from a new idea at the DoD – it gave us much of the warfighting capabilities we have today. But technological evolution has resulted in a growing IoT mentality that goes beyond combat operations. One example is the establishment of the Air Force Installation Service Management Command (AFISMC) to coordinate management and maintenance of resources across Air Force bases and facilities. According to Air Force CTO Frank Konieczny, potential uses of IoT include facilities and vehicle management, logistics and transportation, integrated security, and robotics.

But pervasive connectivity is also creating security ramifications.  In the wake of a network security incident last year, the Navy launched Task Force Cyber Awakening (TFCA) in an effort to protect hardware and software Navy-wide as IoT engulfs everything from weapons systems to shipboard PA systems.

Importance of the JIE

The drive to leverage sensor technologies and data analytics that these technologies enable is a driving force behind the DoD’s Joint Information Environment (JIE) network modernization efforts, so the pace of sensor-based innovation is tied to the success of JIE efforts. Adding potentially tens of thousands of diverse Internet-connected objects to a network that then need to be managed and secured will require proactive IT governance policies to ensure effectiveness, and some provisions in recent law apply.

The FY 2015 National Defense Authorization Act (NDAA), passed just last month, requires the DoD CIO to develop processes and metrics within the next six months for measuring the operational effectiveness and efficiency of the JIE. Further, Congress is having the CIO identify a baseline architecture for the JIE and any information technology programs or other investments that support that architecture.

These requirements may stem, in part, from a desire to help formalize and oversee JIE as an investment program, but the resulting baseline architecture will help pave the way to further implement greater IoT capabilities. The data from sensor-based devices will only continue to grow, but to maximize its utility the DoD will need a successful JIE to connect and carry the information.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

 

Federal Cloud Security Program Charts Course for Ramp Up

The program in charge of the government's cloud security baseline has outlined its plan to target key issues in the months ahead.

It’s been several years since the government started to address challenges around cloud security by establishing a cloud security baseline. The General Service Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) set out with the goal to “do once, use many times” when it comes to security authorizations. During the first two years of FedRAMP activities, achievements:

-       More than 50 Cloud Service Providers (CSPs) are engaged in the FedRAMP process.

-       27 CSPs have completed the FedRAMP compliance process

-       These authorizations address over 160 FISMA implementations

-       The Third Party Assessment Organization (3PAO) accreditation program has been established and 31 independent auditors have received accreditation. Two thirds of these auditors are small businesses.

-       Nearly every federal agency is participating in FedRAMP.

Mid December 2014, FedRAMP revealed its new logo and program roadmap for the next two years. The document outlines the program’s priorities. The goals include:

1)    Increase stakeholder engagement

o    Expand agency implementation of FedRAMP.

o    Increase cross-agency collaboration

o    Promote greater understanding of the FedRAMP

2)    Improve efficiencies

o    Greater consistency and quality of 3PAO assessments and deliverables

o    Create flexible framework for data and workflow management

o    Align with and leverage existing security standards

3)    Continue to adapt

o    Continuous Monitoring will advance and evolve

o    Establish additional baselines

o    Integrate further with cybersecurity initiatives and contribute to policy reform 

Over the next six months, program activities in pursuit of these objectives will include establishing a baseline for FedRAMP use across the federal government, provide implementation guidance for agency authority to operate (ATO), outline multi-agency authorization methodology, launch an online training program, re-launch the FedRAMP.gov website, collaborate with the Office of Management and Budget and Office of Federal Procurement Policy to develop and publish procurement guidance, release a draft baseline for FISMA high security controls, and publish a roadmap for evolving continuous monitoring. The list goes on to include laying out guidelines for addressing inconsistencies in security assessments and providing key indicators for officials performing risk analysis. In line with these goals, just before the end of the year, FedRAMP issued updated guidance for agency review of authority to operate (ATO). As a whole, these initiatives lay the ground work that will be built up on over the next two years to make the cloud security program more robust. From its outset, FedRAMP described its gradual approach as “crawl, walk, run,” and the program does indeed seem to be picking up the pace.

 

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWinIQ. Follow me on twitter @FIAGovWin.

 

Emerging Federal Technology Markets – Areas to Watch

Can technological innovation drive federal IT investments, even in the midst of budget pressures? Absolutely. This is what we explore in our latest report on Emerging Federal Technology Markets.

Under long-term pressure to “do more with less,” federal agencies are leveraging current trends in federal IT – cloud, wireless networks, IPv6, and virtualization – to gradually adopt new technologies that enable cost savings and the more efficient use of IT resources. Some of my colleagues and I took a look at how these and other technologies are shaping federal IT investments today and in the future.

Federal Investments in Foundation Technologies will Drive Emerging Markets

Technological change and proliferation span the gamut when it comes to impacting federal agencies. Sensor technologies are being introduced to track facility energy consumption and enhance physical security, while software-defined infrastructure is being explored to eliminate bottlenecks that result from stovepiped systems and the growing volume of data. Machine learning technology is being tested to create “smart” networks that rely less on person-based administration. Tying it all together are predictive analytics, which agencies are using for a growing number of purposes, from forecasting network performance and enhancing cyber security to ferreting out waste, fraud, and abuse. The result is that today’s investments set the stage for tomorrow’s capabilities. (See graphic below.)


Key market factors shaping the federal IT landscape

Some of the major drivers and key findings from our research include:

  • The drive to leverage sensor technologies and the data analytics that these enable is a driving force behind agency network modernization efforts like the DoD’s Joint Information Environment. The pace of sensor-based innovation is tied to the success of these efforts.
  • Software-Defined Infrastructure (SDI) is more pervasive than generally believed, particularly at agencies with highly-evolved Infrastructure-as-a-Service offerings.
  • Federal interest in SDI is not hype; it is a genuine trend with a growing number of current and planned use examples across federal agencies.
  • The use of predictive analytics programs has expanded significantly across the federal government since FY 2010, making it a maturing, though niche, technology that is expected to have continued strong growth.
  • The inclusion of predictive analytics as an offering on GSA’s Alliant 2 and, potentially, NS2020 government-wide contracts should help it become regarded less as an exotic technology and more as a standardized commercial-off-the-shelf solution.

The modernization of agency IT environments is opening the doors to future investment in emerging technologies.  The convergence of agencies’ work on expanding wireless networks, deploying standardized, commodity hardware, and engineering Internet Protocol-based transport networks is enabling the introduction of new sensor technologies and software-based capabilities. The impact of emerging technology adoption will be to introduce greater efficiency and security to agency IT environments. 

To get our full perspective on Emerging Federal Technology Markets read the full report. 

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

Commerce Department Information Security Contract Analysis Highlights Spending Areas

As the Department of Commerce prepares to implement an enterprise approach to information security and vulnerability monitoring, we explore the department’s reported spending on information security.

 

Methodology

As part of the research and analysis completed for the recent Federal Information Security Market, 2014 to 2019 report, the Federal Industry Analysis Team explored reported spending on information security across the government. Historic spending data was collected using a non-definitive selection of 24 information security related keyword searches on FPDS.gov. The resulting 224,297 contracts were culled down to 33,233 through further analysis. This analysis reviewed the initial set for IT-related product or spending (PSC) codes, duplicate entries, and as well as security related contract descriptions.

 

The report includes findings from the over 33,000 contracts, which provide an approximate baseline total contracted value for security contract awards that can be used to assess the overall size and composition of historical federal information security spending from FY 2009 to FY 2014. The discussion in this blog addresses findings associated with over 550 information security contracts awarded by the Department of Commerce, the top 20 contracts from that set as well as the conclusions drawn from analysis of spending department-wide.

 

Findings

The National Oceanic and Atmospheric Administration (NOAA) contracted the largest share of the department’s obligations from FY 2009 to FY 2014. The top 20 contracts during this period account for nearly $97.6 million in spending across four bureaus. Fifteen of those contracts were awarded by NOAA. Three were awarded by the Patent and Trademark Office. Meanwhile the Census Bureau and National Institute of Standards and Technology claimed one top award each. Requirements filled by these top awards include data stewardship systems, enterprise security monitoring, identity, credential and access management (ICAM) support, security products, as well as security support services. 

 

Top products/services bought 2009 to 2014 include cyber security and data back up services, system development services, technical and engineering support, integrated hardware/software/services solutions (predominantly services), IT strategy and architecture.

 

The top 20 contract vehicles and programs leveraged for security spending during this period accounted for $102.6 M in spending. These vehicles include Comprehensive Large Array Data Stewardship System (CLASS), NOAA Link, CIO End User Support (EUS),  computer and information security services, identity and access management solution, NIH Electronic Commodities Store (ECS) III, and GSA’s IT Schedule 70.

The Department of Commerce’s top vendors by total obligations received from FY 2009 to FY 2014 include:

  • Diversified Global Partners JV, LLC
  • 2020 Company, LLC
  • Evolver, Inc.
  • Nangwik Services, LLC
  • ActioNet, Inc.
  • Earth Resources Technology, Inc
  • SAIC
  • Cyberdata Technologies, Inc.
  • Trusted Security Alliance, LLC
  • Harris Corporation,
  • FCN, Inc.

 

Conclusions

Since NOAA historically does the most information security related contracting, it makes sense that they’re expected to lead the procurement and development of the back-end infrastructure for Commerce’s new Enterprise Security Oversight Center (ESOC). A recent Federal News Radio article on the development reported that the enterprise security center is anticipated to begin initial operating capability by the end of the December. If past performance is an indicator, NOAA is likely to continue providing support as the effort matures.

----------------------------------

Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @FIAGovWin.

Top Information Security Contracts FY 2009 to 2014

Analysis of historic federal information security spending reveals where agencies are investing the most.

Methodology

As part of the research and analysis completed for the recent Federal Information Security Market, 2014 to 2019 report, the Federal Industry Analysis Team explored reported spending on information security across the government. Historic spending data was collected using a non-definitive selection of 24 information security related keyword searches on FPDS.gov. The resulting 224,297 contracts were culled down to 33,233 through further analysis. This analysis reviewed the initial set for IT-related product or spending (PSC) codes, duplicate entries, and as well as security related contract descriptions.

 

The report includes findings from the over 33,000 contracts, which provide an approximate baseline total contracted value for security contract awards that can be used to assess the overall size and composition of historical federal information security spending from FY 2009 to FY 2014. The discussion in this blog addresses findings associated with the top 50 contracts from that set.

Findings

The top 50 contracts spread nearly $1.4 billion in funds across 11 different federal agencies.

Conclusions

Over the past five years, agency top contracts have provided security related products and services including compliance with security mandates (e.g. HSPD-12), encryption devices, enterprise identity management, and technology support services. While some of these awards are through stand-alone contracts or dedicated security programs, a number are associated with agency preferred contract vehicles. Going forward, agencies aiming to implement enterprise solutions or streamline costs are likely to continue leveraging existing channels to address security capabilities.

 

----------------------------------

Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @FIAGovWin.

More Entries