B2G is moving!
Blogs posted after May 22, 2015 will be located on Deltek's central blog page at
Just select the "B2G Essentials" blog to continue to receive this valuable content.
The Hunt for the New Duct Tape – New Defense Cyber Strategy Looks to Cyber R&D

The Secretary of Defense, Ashton Carter, announced last week the release of the Department of Defense’s (DoD) new Cyber Strategy aimed at improving the their cyber capabilities. One theme focuses on leveraging cybersecurity research and development (R&D) to accelerate these capabilities. So how much money might DoD be directing toward cyber R&D?

New Defense Cyber Strategy Overview

The stated purpose of the new Department of Defense Cyber Strategy is to guide the development of DoD's cyber forces and strengthen its cyber defense and cyber deterrence posture. The strategy focuses on building cyber capabilities and organizations for DoD’s three cyber missions: defend DoD networks, systems, and information; defend the United States and its interests against cyberattacks of significant consequence; and provide integrated cyber capabilities to support military operations and contingency plans.

The strategy sets five strategic goals and establishes specific objectives for DoD to achieve over the next five years and beyond.

  1. Build and maintain ready forces and capabilities to conduct cyberspace operations
  2. Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions
  3. Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence
  4. Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages
  5. Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability

Cybersecurity Research and Development

Under the first strategic goal in the area of building technical capabilities for cyber operations the DoD is setting an objective to accelerate innovative cyber research and development (R&D) to build their cyber capabilities, looking to both the existing DoD R&D community and to established and emerging private sector partners for help in developing “leap-ahead technologies” that can aid U.S. cyber-defenses. To that end, DoD plans to focus its basic and applied R&D on developing cyber capabilities to expand the capacity of overall cyber workforce.

What might cyber-focused R&D look like in budgetary terms across the DoD? Looking at the FY 2016 Defense Research, Development, Test and Evaluation (RDT&E) budget books gives a general sense of magnitude and relative distribution of recent and proposed budget dollars. Reviewing the various RDT&E budget artifacts for Army, Air Force, Navy, and the Defense Agencies and searching for key terms like cybersecurity, information assurance, and information security identifies dozens of programs that are primarily directed at cybersecurity (and several more that appear cybersecurity-related.)

Looking at just the programs that appear directly cybersecurity-focused in the FY 2016 DoD RDT&E budget shows that the department budgeted nearly $780 million in FY 2014, with that level increasing to more than $1.1 billion in FY 2015 and FY2016. Further, the Air Force and DARPA have been the major players in the cyber R&D area for DoD, accounting for $844 million (72%) of the total $1.17 billion in FY 2016 requested funding. (See chart below.)



The R&D dollars depicted above are just part of the story. There is other cyber-related R&D spending embedded in larger efforts that contain cybersecurity elements or impacts, but ferreting out those dollars is gets tricky and can be even more imprecise. The point here is to get a sense of the size of the overall investment and where these dollars tend to be directed.

While it is important to recognize that not all of these dollars will be spent on contracts with industry partners for R&D services and technologies, the fact remains that the sustained need by DoD for more advanced cyber technologies and tools is likely to grow in both real terms and in proportion to other R&D areas. In fact, the investment in this push for greater cyber tools may easily outpace the growth rate for other areas of contractor-addressable cybersecurity within DoD. This is especially true in the support services area as the DoD strives to develop thousands of uniformed cybersecurity personnel in the coming years.

One thing seems for certain, the DoD recognizes its need to cover a lot of ground quickly when it comes to improving its cybersecurity capabilities and posture and they are looking to harness creative energies to address the need. In many ways, it’s not unlike past challenges where they have looked to partners in industry and elsewhere to come up with creative solutions. Who knows? Soon we could be looking at the cyber equivalent of duct tape.

New Guidance Targets Federal Supply Chain Risk Management Practices

Federal agencies are increasingly relying on commercially provided systems to advance capabilities and deliver cost savings. However, globalization and increasing complexity of technology increases the risks of threats to technology supply chains such as theft, tampering, poor development practices, as well as counterfeit and malicious hardware or software components. In April 2015, the National Institute for Standards and Technology (NIST) published new guidance on securing federal information technology supply chains.

The NIST information and communications technology supply chain risk management (ICT SCRM) program began in 2008 by kicking off development of risk management practices for non-national security information systems aligned with Comprehensive National Cybersecurity Initiative aiming to address global supply chain concerns. In 2012, NIST published an interagency report on methods and practices for supply chain risk management for federal information systems. The interagency report and related activities contributed to the drafting process for this new guidance.

The special publication, “Supply Chain Risk Management Practices for Federal Information Systems and Organizations,” notes that federal information systems and networks are increasingly complex. These systems and networks are composed of information and communications technology (ICT) products and services acquired through suppliers, system integrators, and external service providers.  In order to manage ICT supply chain risks, the integrity, security, and resilience of the supply chain must be ensured as well as the quality of products and services. The new guidance aims to help government organizations understand the risks around ICT and identify approaches to mitigate threats and vulnerabilities. Specifically, the document outlines steps for identifying, assessing, and mitigating risks throughout the ICT supply chain. These guidelines offer an approach to supply chain risk management that addresses key areas around foundational practices, organization-wide implementation, integration with the overall risk management process, and identification of priority components and/or systems.

The processes and controls in the guidance can be augmented with organization-specific requirements (e.g. from policies, guidelines, and other documents) to enable organizations to develop technology supply chain risk management mitigation strategies that are tailored to their needs. The guidance does not provide contract language or a complete list of supply chain risk management methods and techniques to mitigate specific threats. While these guidelines have been specified for federal agencies, the recommendations could be applied to all sectors. Contractors can expect to start seeing language related to supply chain risk management in requests for proposals as agencies adopt the approach.


Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWinIQ. Follow me on twitter @FIAGovWin.

Competition for Cyber Talent Drives New Army and DHS Efforts

There is rarely a day that goes by when you won’t see a top story on cybersecurity and the scarcity of people with the right IT security skills to address the growing challenges. It is this very demand for skilled cybersecurity staff that is driving some new, creative, and some might say bold efforts by the Army and the Department of Homeland Security (DHS) to raise up, recruit, and retain talent.

The Department of Defense (DoD) may be the one federal entity where building a cyber workforce is the most prominent, as they continue to grow a cadre of uniformed cyberwarriors to staff various cyber commands and other network defense organizations, like the Joint Task Force-DoD Information Networks (JTF-DoDIN). However, building the force is only part of the challenge. Once their tour of service commitment is fulfilled these skilled cyberwarriors often have the attractive option to land high-paying jobs in the private sector, so the sustainability of a cyber-force is a major DoD priority.

Recognizing these realities is a driving force behind the establishment of the Army Reserve's Cyber Private Public Partnership, or Cyber P3, among the DoD, universities and private employers. In recent comments in a story by Nextgov, Cyber P3 program manager Lt. Col. Scott Nelson said that the program is trying to answer key questions of "how do we retain the investment the Army made in that soldier" and also "allow them to get a really good job with our industry partners?"

Maximizing the return on investment in cybersecurity personnel is not the only item on the Cyber P3 agenda. They also want to enhance the pipeline of skilled cyber personnel through building parallel cybersecurity education and training programs among military and universities. In that pursuit, several universities, companies and federal agencies are collaborating on the effort with the goal of establishing 3,500 to 5,000 Army reserve cyberwarriors that can be at the ready when the need arises. Among the 21 private companies that have already stepped up to help transition service members into civilian careers include Citibank, Microsoft, Fox Entertainment and Chevron, according to the Nextgov report. (Read more about Cyber-P3 here and here.)

The Pentagon is not the only federal agency looking to industry to bolster its long-term cybersecurity posture. The Department of Homeland Security Secretary Jeh Johnson announced at the RSA Conference in San Francisco that DHS is opening a cybersecurity branch office in Silicon Valley to “strengthen critical relationships… and ensure that the government and the private sector benefit from each other’s research and development.” Collaboration and synergy is not the only thing on Johnson’s mind, however. He’s recruiting. He intends to “convince some of the talented workforce in Silicon Valley to come to Washington,” highlighting the new United States Digital Service program that provides mechanisms for tech talent in private industry to complete a “tour of service” within government agencies. But on a more formal level, Johnson is “on the hunt” for a cybersecurity “all-star” to head up DHS' National Cybersecurity and Communications Integration Center (NCCIC), promising a direct reporting and communications line to the department Secretary, i.e. Himself.  

These efforts, and others, underscored the ongoing urgency and scope expansion of cybersecurity into nearly every area of modern life. As the “Internet of Things” (IoT) continues to march on – bringing digitization, sensor-ization and connectivity to everything from communications to home appliances and motor vehicles – securing this infrastructure from exploitation and destruction becomes even more critical. Further, the farther down the cybersecurity road we go, the more it becomes apparent that there is only so much we may be able to automate with tools – at least for now. This is especially true when it comes to decision-making and rapid response. Skilled people are critical, in high demand, and in short supply.

These efforts by the DoD, DHS, and others will take time to build the pipeline necessary to meet the demand. It will likely take years, not a cheerful prospect when one considers the growing threats we face. Meanwhile, the competition for these skills will remain fierce. 

New Federal Cybersecurity Organization Popping Up Everywhere

It seems that “you can’t swing a dead cat” around Washington, DC these days without hitting a new federal cybersecurity organization. In just the first two months of 2015 several new cyber- units have been announced that touch nearly every area of federal cybersecurity – from the defense to intelligence to civilian segments.

The White House & Office of the Director of National Intelligence (ODNI)

Recently, the White House announced the creation within the ODNI of the Cybersecurity Threat Intelligence Integration Center (CTIIC) (or CTIC, if you leave out the “integration,” as I have seen in some press stories) to fill a void by collecting and integrating cyber-threat intelligence and producing coordinated cyber-threat assessments for network operators and policy makers. Subsequently, Suzanne Spaulding, the Department of Homeland Security (DHS) undersecretary for the National Protection and Programs Directorate (NPPD) added that the center’s scope will go beyond cybersecurity to integrating broader intelligence information in a form that can be declassified and then sharing the information across relevant government and industry sectors. The $35 million agency was the latest news in federal cybersecurity, even to those in Congress.

The Department of Defense’s (DoD)

Back in January, the Defense Information Systems Agency (DISA) announced that it is launching a new cyber defense organization – the Joint Task Force-DoD Information Networks (JTF-DoDIN) – as part of the broader DISA reorganization. The new cyber organization is taking over all operational defensive activities from the U.S. Cyber Command (USCYBERCOM) to free it up to focus on cyber- policy and strategy in the face of fast growing threats.

The Office of Management and Budget (OMB)

In addition to working on guidance for the 2014 update to the Federal Information Security Management Act (FISMA) as well as several cybersecurity policy directives, OMB has established an E-Government Cyber unit under the existing Office of E-Government and Information Technology to lead their cyber- initiatives. The result of legislation passed late last Congress, the new unit has $15 million in new funding included in the FY 2016 budget request. E-Gov Cyber will expand OMB’s reach within the .gov cyber- realm beyond Cyberstat’s data-driven, risk-based framework and issuing cybersecurity-related guidance to include coordinating agency responses to cyber- incidents and vulnerabilities.

Central Intelligence Agency (CIA)

Although a new organization at the CIA has not been created there, yet . . . it appears that the possibility has more than crossed the minds of agency leadership. The CIA is expanding its cyber-espionage capabilities to overcome its increasingly obsolete approach to espionage due to the rapid proliferation of technologies like smartphones and social media. CIA Director John Brennan is calling for greater use of cyber capabilities in nearly every facet of agency operations, even considering the creation of a new cyber-directorate that would elevate the agency’s technology experts to be on par with CIA’s operations and analysis units.


According to the FY 2016 federal budget request release a few weeks ago, the president has proposed $14 billion in cybersecurity funding for cybersecurity initiatives and research. The proposal underscores the growing prominence that information resources and technologies play in our nation and the heightened sense that we should be doing more to protect these resources.

Yet, the fiscal climate for IT programs over the last few years has been uncertain, and with few exceptions notwithstanding, that pressure does not seem to be letting up just yet. However, given some of the high profile cybersecurity failures that have made the news in recent months it may be that the “cybersecurity card” is one of the few things that will ensure funding from Congress for needed IT investments at an agency.

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.


White House Announces New Cybersecurity Center

The White House has announced that it is launching a new federal organization to step up the national cybersecurity coordination and response capability. Details are still slim, but a senior cybersecurity adviser at the White House did outline the vision for the new center in a recent address.

News of the new cyber agency launch hit news sources like Washington Post and Reuters shortly before the official statement. In the public announcement, Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, said the new Cyber Threat Intelligence Integration Center (CTIIC) will reside within Office of the Director of National Intelligence and will be patterned after the National Counterterrorism Center (NCTC). “There are structural, organizational, and cultural shifts that were made in our government in the counterterrorism realm that also apply to cyber. We need to develop the same muscle memory in the government response to cyber-threats as we have for terrorist incidents.”

Filling a Void

In the summer of 2014, the White House created a Cyber Response Group (CRG) in response to the growing number of highly-publicized breaches and intrusions to both public and private networks. Modeled on the Counterterrorism Security Group, the CRG convenes multiple agency players and pools knowledge on current threats. It appears that the CTIIC will build upon the CRG’s efforts to “quickly consolidate, analyze, and provide assessments on fast moving threats or cyber-attacks.”

“Currently, no single government entity is responsible for producing coordinated cyber-threat assessments, ensuring that information is shared rapidly among existing cyber-centers and other elements within our government, and supporting the work of operators and policy makers with timely intelligence about the latest cyber-threats and threat actors. The CTIIC is intended to fill these gaps,” Monaco said.

CTIIC Functions

Monaco said that the new center will serve a similar function for cyber that the NCTC does for terrorism:

  • Integrate intelligence for cyber-threats – information sharing is critical
  • Provide all-source analysis to policy makers and operators – cross-domain analysis to provide a comprehensive perspective
  • Support the work of existing federal cyber-centers, network defenders, and law enforcement communities – coordinated action and response to achieve common goals.

What the CTIIC Will Not Do

Monaco was quick to stress that the CTIIC will not collect intelligence, but rather it will analyze and integrate information already collected under existing federal authorities. Similarly, Monaco said that CTIIC will not perform functions already assigned to other cyber-centers, but is intended to enable them to perform their respective roles more effectively.

Looking Ahead

In her remarks, Monaco said that the government will need to work in lockstep with the private sector and do its utmost to share cyber-threat intelligence information, not simply let private entities fend for themselves. The latest budget request from the White House for FY 2016 budget has $14 billion allocated to cybersecurity to protect critical infrastructure, government networks, and other systems.

The CTIIC announcement comes just days ahead of a White House Summit at Stanford University to discuss cybersecurity and consumer protections.

Contractor Implications

It is yet unclear what implications the CTIIC will have for federal contractors. There is limited public information about the role of contractor support at the ODNI and related entities within the Intelligence Community. That said, there is likely to be some need for technology infrastructure in setting up any new entity, and if the demand for skill sets exceeds the government’s talent pool then they may look to the contractor community for support.

The broader emphasis on cyber-threat information sharing and related cybersecurity provisions in recent National Defense Authorization bills and others will continue to raise the bar for contractor companies to meet federal cyber-requirements. Increasingly, companies are required to provide agencies with increased visibility into their internal security posture – including reporting incidents – as a stipulation to performing federal work. Expect provisions like these to continue to evolve.

Progress Continues on Cyber-Physical Framework

During the summer of 2014, the National Institute of Standards and Technology (NIST) kicked off a working group effort to develop a framework and roadmaps for cyber physical systems. Mid January 2015, this public working group focused launched the second phase of its work. 

Cyber-physical systems (CPS) are often simply referred to as “smart” systems. These co-engineered systems comprise interacting networks of physical and computations components. The influx of smart technologies has expanded CPS domains to include infrastructure (grid, water, gas), buildings, emergency response, healthcare, manufacturing, transportation, and numerous others. The public working group aims to take a multi-domain perspective to ensure the research, development and deployment guidance it produces will be applicable within all CPS domains as well as supporting cross-domain applications. In particular, this group intends to address needs for a common lexicon and taxonomy as well as a reference architecture. 

These working group efforts began during the summer of 2014 with plans for the first several phases over the course of a year. The first face-to-face meeting during August launched the first phase of the initiative to draft a framework for the CPS elements. This work produced draft reports from each of the five subgroups – Reference Architecture, Use Cases, Cybersecurity, Timing, and Data Interoperability. Following the launch of the first phase, the subgroups organized meeting and collaboration to create initial documents that would eventually combine as elements of the CPS framework. 

All five subgroups completed their documents by the close of 2014, so now efforts are underway to integrate and review the work. This second phase aims to produce a combined framework document by integrating the work completed by the subgroups and refining it further. The third phase of the work will result in a CPS technology roadmap which will identify opportunities for additional collaboration and propose a timeline for follow-on efforts to address key technical challenges. 

According to the current timeline, the combined framework is expected to be finalized this spring.  The group is scheduled to have its next face-to-face meeting in April, which will conclude the framework phase and launch the roadmap activities. A draft of the roadmap is anticipated in June 2015, followed by a month of review before its finalized in July. Another, related effort underway is also being led by the NIST Engineering Laboratory’s Smart Grid and Cyber-Physical Systems Program Office. The Cyber-Physical Testbed Development Workshop is scheduled for February 24-25, 2015 and will explore future research and development areas for CPS. 

Ultimately, these efforts hope to head off several trends like the sector-specific applications of cyber-physical system deployments and the expansion of the Internet of Things without a foundation of interoperability. By drawing stakeholders from government, industry, and academia, the working group hopes to address the increasing need for systems-of-systems solutions to integrate CPS across domains. For insights on how CPS and other technologies are shaping the federal landscape, check out the Federal Industry Analysis team’s recent report on emerging federal technology markets.


Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWinIQ. Follow me on twitter @FIAGovWin.


FY 2016 President’s Budget Request – GovWin FIA’s First Take

The White House released its FY 2016 Budget request today, perhaps the earliest annual budget release of the Obama Administration thus far. Several of my fellow GovWin Federal Industry Analysis (FIA) colleagues and I wasted no time in delving into this budget so that we could provide you with our first impressions of what we found noteworthy.

Similar to each presidential budget, the FY 2016 President’s Budget Request provides a blueprint for the administration’s policy and legislative agenda for the coming fiscal year and beyond. We reviewed the largest federal departments’ discretionary budgets to get a sense of direction and priorities for FY 2016, which begins October 1, 2015. Below is a summary table followed by key funding details and initiatives arranged by department.


DoD’s discretionary base budget request is up nearly 8% over FY 2015. The $534.3B in discretionary funding is $38.2B more than the FY 2015 enacted level.

Funding highlights include:

  • $126.53B for the Army (an increase of $7.B from the FY 2015 enacted level)
  • $161.0B for the Navy (an increase of $11.8B from the FY 2015 enacted level)
  • $152.9B for the Air Force (an increase of $16B from the FY 2015 enacted level)
  • $94.0B for Defense-Wide operations (an increase of $3.4B from the FY 2015 enacted level)
  • $51B in Oversees Contingency Operations (OCO) funding across all DoD (a decrease of $13.4B from the FY 2015 enacted level)
  • $209.9B for DoD operations and maintenance funding (an increase of $14.5B from the FY 2015 enacted level)
  • $107.7B for DoD procurement funding (an increase of $14.1B from the FY 2015 enacted level)
  • $69.8B in DoD RDT&E funding (an increase of $6.3B from the FY 2015 enacted level)
  • Invests $12.3B in DoD’s Science and Technology (S&T) Program, including $5.5B in Advanced Technology Development
  • Provides $7.4B for C4I systems
  • Includes $7.1B for DoD Space Investment Programs
  • Funds construction of the Joint Operations Center for U.S. Cyber Command at Fort Meade, Maryland
  • Funds ongoing investments in the DoD’s Joint Information Environment
  • Modestly increases the budget of the Defense Advanced Research Projects Agency from $2.9B to 3B
  • Allocates $32.3B for the Defense Health Program
  • Allocates $109.4M for communications upgrades at the new U.S. Strategic Air Command headquarters building


The president’s budget request includes $23.5B in discretionary appropriations for the Department of Agriculture, 1.25% below the enacted level of $23.8B in Fiscal Year 2015.

Funding highlights include:

  • $1B in financial assistance to rural businesses
  • $2.2B in community facility loans for rural areas
  • $6.4B for direct and guaranteed farm ownership and operating loans
  • $450M for competitive, peer-reviewed research for fundamental and applied agricultural sciences
  • $200M in funding for Watershed and Flood Preventions Operations
  • $206M to invest in the backlog of priority facility construction and renovation for the Agricultural Research Service
  • $60M to modernize the Headquarters South Building
  • $7.6M for a digital services team to improve the efficiency and effectiveness of USDA IT systems


The president’s budget request provides $9.8B in base discretionary funding to Commerce, an 11% increase over FY 2015 enacted levels. These funds are intended to promote growth through trade, invest, and innovation as well as a data-driven economy.

Funding highlights include:

  • Provides funding to National Institute of Standards and Technology in support of advance in areas like cybersecurity and advanced manufacturing. Efforts to work with industry are called out in particular, such as implementing the Cybersecurity Framework of standards and best practices. Funding will also sustain work on initiatives like cybersecurity automation and the National Strategy for Trusted Identities in Cyberspace (NSTIC).
  • $1.5B to Census to support research, development, and implementation of the 2020 Census. The Census Bureau will also include planned increase for the Economic Census and advance initiatives to make data and resources publicly accessible.
  • Continues strong funding for National Oceanic and Atmospheric Administration, including $2B for next generation weather satellites, including $380M for the Polar Follow-On satellites. $147M in funding is also provided for the construction of an ocean survey vessel.
  • $1.1B for National Weather Service includes increases in funding for critical infrastructure.
  • Includes $3M to establish an in-house Idea Lab to pursue innovative approaches to achieve the agency’s strategic goals and objectives.
  • Requests $6M to build a digital services team for Department of Commerce dedicated to improving IT systems and services.
  • $497M for the International Trade Administration includes $20M to expand SelectUSA efforts to grow business investment in the United States.
  • Auctions 500MHz of federal spectrum, aiming to reduce the deficit by $40B over the next decade and provide greater commercial access to spectrum.


The president’s budget request provides $29.9B in base discretionary funding to Energy, a 10% increase over FY 2015 enacted levels. These funds are intended to support nuclear security, clean energy, environmental cleanup, climate change response, as well as science and innovation.

Funding highlights include:

  • $5B in funding supports transformational research and development for critical technology areas such as nuclear safety, grid modernization, solar and renewable energy, and energy efficiency.
  • $5.3B to support scientific research, especially in the physical sciences.
  • $12.6B for National Nuclear Security Administration, an 11% increase over FY 2015 enacted levels.
  • $5.8B for critical nuclear legacy cleanup responsibilities.
  • Expands efficiency initiatives introduced in FY 2015 to advance key priorities and improve project integration.

Health and Human Services

The president’s budget request provides $79.9B in base discretionary budget authority to HHS, a 0.3% decrease over FY 2015 enacted levels. 

Funding highlights include:

  • Supports the Affordable Care Act and operation of the Health Insurance Marketplace.
  • Provides $4.2B to serve 28.6 million patients at more than 9,000 health center sites in medically underserved communities. $2.7B of this amount is new mandatory funding.
  • Funds reform of health care delivery by finding better ways to deliver care, pay providers, and distribute information.
  • Promotes innovative medical research to maintain the nation’s leadership in the life sciences including research into Alzheimer’s disease.
  • Advances product development efforts to support procurement of next-generation medical countermeasures against chemical, biological, radiological, and nuclear threats with a $522M investment.
  • Accelerates progress in scientific and public health efforts to detect, prevent, and control illness and death related to antibiotic-resistant infections with funding of $993M.
  • Proposes targeted reforms to Medicare and Medicaid which are projected to save more than $400B over the next decade.
  • Provides the Indian Health Service with $5.1B, an increase of $461M over FY 2015 enacted levels, to expand health care services and construct clinics and sanitation facilities.
  • Includes $1.6B to bolster food safety activities.    
  • Promotes continued efforts to cut waste, fraud and abuse in Medicare and Medicaid including removing social security numbers from Medicare beneficiary ID cards.

Homeland Security **

DHS would receive $41.2B in base discretionary funding in the president’s budget request, a 7.9% increase over the FY 2015 $38.2B budget request level. DHS is currently operating under continuing resolution (CR) at the FY 2014 enacted budget level of $39.8B. This CR expires on 2/27 by which time Congress is expected to pass appropriations to cover the remainder of FY 2015.

Funding highlights include:

  • $3.7B for Aviation Security and Screening at the Transportation Security Administration (TSA) sustain aviation security and effectively align passenger screening resources based on risk. These risk-based security initiatives maximize security capabilities and expedite the screening process for low-risk travelers.
  • $132.3M for the Customs and Border Protection (CBP) Trusted Traveler Programs (TTP) to provide expedited travel for pre-approved, low-risk travelers through dedicated lanes and kiosks.
  • $101M for Radiological and Nuclear Detection Equipment for detecting and interdicting illicit radioactive or nuclear materials by the Domestic Nuclear Detection Office and other DHS components.
  • $85.3M for the CBP Non-Intrusive Inspection (NII) program for passive radiation scanning and X-ray/gamma-ray imaging of cargo and conveyances
  • $373.5M is provided to maintain necessary border security infrastructure and technology to improve CBP’s ability to detect and interdict illegal activity
  • $480M for network security, including the EINSTEIN3 Accelerated program to detect and prevent malicious traffic
  • $102.6M for the Continuous Diagnostics and Mitigation (CDM) program for hardware, software, and services that strengthen the operational network security
  • $1B to replace aging Coast Guard cutters, aircraft, electronic systems and shore infrastructure
  • An increase of $86.7M to enhance U.S. Secret Service capacity to protect senior leaders


The president’s budget request provides $28.7B in base discretionary funding to Justice, a 5% increase over FY 2015 enacted levels. These funds are intended to support core law enforcement needs, safe and secure prisons, and other Federal, State, Tribal and local programs.

Funding highlights include:

  • Strengthening investment in cybersecurity through over $200M in IT upgrades and tools to detect and deter cyber-attacks. Funds also support plans for a Federal Cyber Campus to co-locate critical civilian cybersecurity agencies.
  • Provides $97M to expand training and oversight for local law enforcement, increase the use of body worn cameras, and provide additional opportunities for reform through technical assistance and training.
  • $482M in funds to address the back log of immigration cases at the Executive Office of Immigration Review. These funds will support hiring judges and legal representation as well as expanding the Legal Orientation Program.
  • Efforts to combat violent extremism include $4M for research, $6M for model development, $2M for technical assistance, and $3M for projects to enhance collaboration between law enforcement, communities, and other stakeholders.
  • Credits applied to Justice’s discretionary budget authority for FY 2016 include $13.5B from the Crime Victims Fund (CVF) and $304M from the Assets Forfeiture Fund (AFF). Both of these figures are up from the FY 2015 enacted levels. The CVF is up 39% over FY 2015, while AFF is up 58% for the same period.


The president’s budget request includes $14.3B in discretionary appropriations for the Department of Transportation, 3.5% less than the $13.8B enacted in Fiscal Year 2015.

Funding highlights include:

  • Creates a new Office of Safety Oversight to coordinate and improve safety efforts across all modes of transportation
  • Provides $956M in discretionary funding for modernization of the Next Generation Air Transportation System
  • Provides $478B in mandatory and discretionary funding over six years for a surface transportation reauthorization proposal, including:
    • $1.25B per year for the TIGER Grant program
    • $18B over six years for the President’s National Export Initiative
    • $23B for transit and passenger rail programs and $144B over six years to expand transit capital investment grants
    • $6B over six years to provide credit assistance for nationally or regionally significant transportation projects through the Transportation Infrastructure Finance and Innovation Act Program
  • Provides $29.4B in mandatory and discretionary funding over six years for a Critical Immediate Safety Investments Program to provide targeted infrastructure investments
  • Provides nearly $6B in mandatory and discretionary funding over six years for the National Highway Traffic Safety Administration
  • Invests $935M in mandatory and discretionary funding over six years for vehicle safety and innovation, including vehicle automation and vehicle-to-vehicle technologies


The president’s budget request provides $12.8B in base discretionary budget authority to Treasury, a 4.9% increase over FY 2015 enacted levels.   

Funding highlights include:

  • Includes $2.9B for Treasury’s international assistance programs to promote economic growth, poverty reduction, action on climate change, and security through Multilateral Development Bank (MDB) investments in developing and emerging economies.
  • Funds increases in transparency and accountability in federal financial management and implements the Digital Transparency Act of 2014 (DATA Act). 
  • Proposes funding to transform Treasury’s digital services with the greatest impact to taxpayers and businesses so they are easier to use and more cost-effective to build and maintain.
  • Provides IRS with $12.3B in base discretionary resources, an increase of $1.3B from FY 2015, to restore taxpayer services to acceptable levels.  Funds are also provided to continue major IT projects, which aim to protect taxpayer information, modernize antiquated systems, continue development of a state-of-the-art online taxpayer experience. 

Veterans Affairs

The president’s budget request provides $70.2B in base discretionary budget authority to VA, a 7.8% increase over FY 2015 enacted levels. VA also received $15B in the Veteran Access, Choice, and Accountability Act of 2014.

Funding highlights include:

  • Continues the largest department-wide transformation in VA’s history through MyVA, an effort to reorient the department around the needs of veterans.
  • Improves veterans’ access to medical care by investing $60B.
  • Supports improvements in veterans’ mental health care, telehealth care, life-saving treatment for Hepatitis C, specialized care for women veterans, long-term care, and benefits for veterans’ caregivers.
  • Provides $1.4B for programs aimed at ending veteran homelessness in 2015.
  • Strengthens veterans benefit programs by proposing an increase of $85M to hire 770 new staff to improve timeliness of non-rating claims, reduce the inventory of veterans’ appeals, strengthen the fiduciary program and further enhance disability claims processing accuracy and efficiency through centralized mail and the national work queue.

FY 2016 Federal Information Technology Budget Request

As of publishing time, the Office of Management and Budget (OMB) had not yet published IT budget specifics, but topline numbers show a 2.5% increase for FY 2016. This puts the total IT request (including state and local grants and classified defense spending) at $86.4 billion compared to the FY 2015 estimate of $83.4B.

The administration’s priorities fall in line with many of the initiatives discussed in the FY 2015 request along with those launched by OMB and the Office of Federal Procurement Policy (OFPP).  Focus areas include:

  • $450 million to drive forward progress on cross-agency management priorities such as the U.S. Digital Service (USDS), PortfolioStat, Freeze the Footprint, and Open Data.
  • Providing funding to 25 agencies for the development of their own agency digital services teams.
  • Piloting new initiatives in IT acquisition that will increase digital acquisition capability within agencies, train agency personnel in digital IT acquisitions, and test innovative contracting models.
  • Increasing the use of Shared Services
  • Funding that will allow agencies to make progress in implementing the DATA Act and increase Federal spending transparency
  • Continue development of the government’s Category Management initiative to include:
    • Proposing legislation making it easier for vendors to bid on modestly-sized procurements and bringing more new companies into the Federal marketplace.
    • broadening the range of purchases that can be accomplished with minimal complexity and Government-unique requirements by requesting authority to raise the simplified acquisition threshold from $150,000 to $500,000.
    • Seeking new pilot authority to make it easier for agencies to set aside work for new small businesses and other firms with cutting edge/creative solutions that have limited experience selling to the federal government

Stay tuned to FIA as we will be publishing our complete analysis of the FY 2016 budget request in the coming weeks, where we will go into greater detail on the key initiatives, IT investments and contractor implications that will shape the federal IT marketplace for FY 2016.

Fellow GovWin Federal Industry Analysis (FIA) analysts Kyra Fussell, Deniece Peterson, Angela Petty and Alex Rossino contributed to this entry.


Defense Cloud Security Guidance Aims to Empower Military Services

Mid January 2015, Defense Department’s (DOD) Defense Information Services Agency (DISA) released guidance for use of commercial and non-DOD cloud providers within the DOD.

Since the DISA publication is a Security Requirements Guide (SRG), it offers non-product specific requirements to mitigate risks associated with commonly encountered IT system vulnerabilities. While SRGs provide high level direction, Security Technical Implementation Guides (STIGs) offer product-specific details for validating, attaining, and maintaining compliance with the SRG requirements.

The previously published Cloud Security Model outlined 6 Information Impact Levels. Although the DOD cloud computing SRG has reduced the number to 4 impact levels, the numeric designators remain consistent with the previously published model. DOD provisional risk assessments for cloud services focus on evaluating the requirements for the impact levels at which a cloud service offering is supported by a provider.  Provisional authorization is then leveraged by the mission owner in granting authority to operate (ATO) for mission systems operating in the cloud.

The security control baseline for all levels aligns with the FedRAMP moderate baseline’s definition for confidentiality and integrity. This shift from high confidentiality and high integrity intends to support the categorization of customer systems targeted to be deployed to commercial CSP facilities. The 15 December 2014 CIO memo called out FedRAMP as the minimum security baseline for all DOD cloud services and advised that defense components “may host unclassified DOD information that has been publicly released on FedRAMP approved cloud services.”

The DISA cloud computing SRG covers systems up to the Secret level of classification. Services running at a classification levels above secret, including compartmented information, are governed by other policies and fall outside the scope of the guidance DISA released. General Service Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) aims to have a cloud security baseline established for FISMA high requirements within the next six months. DISA plans to consider incorporating the FedRAMP High Baseline into its guidance once it becomes available.

Ultimately, CSPs have three paths to choose from in pursuing a DOD provisional authorization. One option is to achieve a provisional authorization through FedRAMP’s Joint Authorization Board (JAB). Another option is to achieve FedRAMP Agency ATO by completing the FedRAMP compliance process as well as meeting any additional security control requirements from the authorizing agency. The third option is for a system to be comply with requirements fo DOD Self-Assessed Provisional Authorization. The concept of FedRAMP Plus (FedRAMP+) applies to situations where an agency has specific security requirements beyond the FedRAMP baseline. Within the DOD SRG, these additional security controls and requirements are necessary to meet and assure DOD’s mission requirements.

Like FedRAMP’s intention to allow agencies to take a greater role in steering commercial cloud authorizations, DISA’s guidance will empower the military services to procure their own solutions and leverage the government’s work through FedRAMP. Considering the trend toward shared service adoption, after a cloud solution is adopted by one service branch, other defense components may look to implement FedRAMP+ solutions or DISA may evaluate that solution for potential formal shared service use.


Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWinIQ. Follow me on twitter @FIAGovWin.

DHS Would Get a $400 Million Boost for the Rest of FY 2015 Under House Bill

While most federal departments received their final fiscal year (FY) 2015 appropriations in mid-December, the Department of Homeland Security (DHS) was put in a funding holding pattern by the last Congress. Now, the new 114th Congress is in session and the U.S. House of Representatives has moved forward on a funding bill for the department.

In December, Congress passed an FY 2015 omnibus that funded all federal departments through the rest of the fiscal year, ending on September 30, except for DHS, which was funded with a continuing resolution (CR) until February 27, 2015. 

Now, with the DHS CR set to expire in a few weeks, the House has approved a FY 2015 Homeland Security Appropriations bill which would fund DHS through September, provided the Senate can move forward on a comparable version and the two chambers can reconcile a final bill to send to the president by the deadline.

The House bill, H.R. 240, provides a total of $39.7 billion in discretionary funding, which is an increase of $400 million (+1%) over the FY 2014 enacted level of $39.3 billion, which itself was a billion dollars more than White House requested in the FY 2015 budget. If enacted, the $37.7 billion would constitute more than a 3.5% increase over what the president requested for this fiscal year.

The bill and the accompanying Explanatory Statement provide details into agency funding and some specific IT investments areas.

  • Office of the Chief Information Officer (OCIO) – $288.1 million, of which $189.1 million is multi-year money available through FY 2016. The $288.1 million is $31 million over the FY 2014 enacted level. An additional $1 million is provided for the DHS Data Framework initiative and an additional $500 thousand is provided for cyber remediation tools.
  • Cybersecurity – The bill includes a total of $753.2 million for cybersecurity operations in the National Programs and Protection Directorate (NPPD). An additional $164.5 million is provided for NPPD Communications and $271 million for infrastructure protection programs, for an aggregate total of $1.19 billion. Cybersecurity workforce funding of $25.9 million is provided for Global Cybersecurity Management, of which at least $15.8 million is for cybersecurity education.
  • Science and Technology – $1.1 billion, $116.3 million below the FY 2014 enacted level, but $32.1 million above the president’s request. This includes $973.9 million for Research, Development, Acquisition, and Operations.
  • Customs and Border Protection (CBP) – $10.7 billion, an increase of $118.7 million above the FY 2014 enacted level. Of this, a total of $808.2 million is provided for Automation Modernization efforts for TECS, Automated Commercial Environment (ACE), International Trade Data System (ITDS) and others. The bill slates $382.5 million for Border Security Fencing, Infrastructure, and Technology (BSFIT).
  • Immigration and Customs Enforcement (ICE) – $5.96 billion, an increase of $689.4 million over the FY 2014 enacted level. IT funding includes $3.5 million to support enhancements to the PATRIOT system for visa vetting
  • Transportation Security Administration (TSA) – $4.8 billion, a decrease of $94.3 million below the FY 2014 enacted level. Technology provisions include $334 million for Explosives Detection Systems (EDS) Procurement and Installation, of which $83.9 million is discretionary funds. The bill also includes $449 million for Transportation Security Support IT and $295 million for Screening Technology Maintenance.
  • Coast Guard – $10 billion, $159 million below the FY 2014 level but $439.5 million above the president’s request, including $2.5 million to restore cuts to USCG information technology programs.
  • Citizenship and Immigration Services (CIS) – $124.4 million in discretionary appropriations is provided for the E- Verify program.
  • Federal Emergency Management Agency (FEMA) – $934.4 million for Salaries and Expenses, down $12.6 million from the FY 2014 enacted level. The bill allows for $7 billion for disaster relief and $2.5 billion in first responder grants, including $1.5 billion for state and local grants; $680 million for Assistance to Firefighter Grants, and $350 million for Emergency Management Performance Grants.
  • Secret Service – $1.7 billion, an increase of $80.5 million above the fiscal year 2014 enacted level. This includes $21.5 million to begin preparation and training for presidential candidate nominee protection for the 2016 presidential election, including for protective vehicles and communications technology. It also includes $45,6 million for investments in Information Integration and Technology Transformation programs.

As anticipated, the House bill restricts the use of funds for controversial White House immigration measures. The House Appropriations Committee Report that accompanies the bill includes an amendment stipulating that no funds, resources, or fees provided to DHS may be used to implement the immigration policy changes that the president initiated last fall.

The ball is now in the hands of the Senate Appropriations Committee (SAC), which has just solidified and announced committee chairs after the leadership change resulting from last November’s election. The Homeland Security subcommittee will need to quickly move their bill forward from the last committee action last summer if they hope to make the February 17 deadline, so the clock is ticking.

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.


New JIE Requirements May Help the “Internet of Things” at the DoD

The “Internet of Things” (IoT) is a pretty common phrase these days, with the rapid-expanding interconnectivity of devices and sensors sending information across communications networks, all to achieve greater capabilities, effectiveness, efficiency, and flexibility.  The Department of Defense (DoD) clearly links the growth of emerging, interconnected technologies to the sustained superiority of U.S. defense capabilities, on and off the battlefield, so you could say that the IoT impacts defense IT at all levels.

The key to leveraging the IoT is in harnessing and integrating three key areas:

  • Information – Data from devices and sensors, (e.g. phone, camera, appliance, vehicle, GPS, etc.) and information from applications and systems, (e.g. social media, eCommerce, industrial systems, etc.) provide the content input.
  • Connectivity – Network connections via various wireless capabilities and communications backbones provide the transport links for aggregation and distribution. This facilitates the environment where data meets the power to use that data.
  • Processing – The computational capacity and capabilities to make the data content useful.  This may reside at the device and/or back end and ranges in complexity, (e.g. data analytics, etc.)


DoD Implications

The use of integrated networks to connect data with processing capacity to affect outcomes is far from a new idea at the DoD – it gave us much of the warfighting capabilities we have today. But technological evolution has resulted in a growing IoT mentality that goes beyond combat operations. One example is the establishment of the Air Force Installation Service Management Command (AFISMC) to coordinate management and maintenance of resources across Air Force bases and facilities. According to Air Force CTO Frank Konieczny, potential uses of IoT include facilities and vehicle management, logistics and transportation, integrated security, and robotics.

But pervasive connectivity is also creating security ramifications.  In the wake of a network security incident last year, the Navy launched Task Force Cyber Awakening (TFCA) in an effort to protect hardware and software Navy-wide as IoT engulfs everything from weapons systems to shipboard PA systems.

Importance of the JIE

The drive to leverage sensor technologies and data analytics that these technologies enable is a driving force behind the DoD’s Joint Information Environment (JIE) network modernization efforts, so the pace of sensor-based innovation is tied to the success of JIE efforts. Adding potentially tens of thousands of diverse Internet-connected objects to a network that then need to be managed and secured will require proactive IT governance policies to ensure effectiveness, and some provisions in recent law apply.

The FY 2015 National Defense Authorization Act (NDAA), passed just last month, requires the DoD CIO to develop processes and metrics within the next six months for measuring the operational effectiveness and efficiency of the JIE. Further, Congress is having the CIO identify a baseline architecture for the JIE and any information technology programs or other investments that support that architecture.

These requirements may stem, in part, from a desire to help formalize and oversee JIE as an investment program, but the resulting baseline architecture will help pave the way to further implement greater IoT capabilities. The data from sensor-based devices will only continue to grow, but to maximize its utility the DoD will need a successful JIE to connect and carry the information.

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.


More Entries