GovWin
B2G is moving!
Blogs posted after May 22, 2015 will be located on Deltek's central blog page at www.deltek.com/blog.
Just select the "B2G Essentials" blog to continue to receive this valuable content.
New Federal Cybersecurity Organization Popping Up Everywhere

It seems that “you can’t swing a dead cat” around Washington, DC these days without hitting a new federal cybersecurity organization. In just the first two months of 2015 several new cyber- units have been announced that touch nearly every area of federal cybersecurity – from the defense to intelligence to civilian segments.

The White House & Office of the Director of National Intelligence (ODNI)

Recently, the White House announced the creation within the ODNI of the Cybersecurity Threat Intelligence Integration Center (CTIIC) (or CTIC, if you leave out the “integration,” as I have seen in some press stories) to fill a void by collecting and integrating cyber-threat intelligence and producing coordinated cyber-threat assessments for network operators and policy makers. Subsequently, Suzanne Spaulding, the Department of Homeland Security (DHS) undersecretary for the National Protection and Programs Directorate (NPPD) added that the center’s scope will go beyond cybersecurity to integrating broader intelligence information in a form that can be declassified and then sharing the information across relevant government and industry sectors. The $35 million agency was the latest news in federal cybersecurity, even to those in Congress.

The Department of Defense’s (DoD)

Back in January, the Defense Information Systems Agency (DISA) announced that it is launching a new cyber defense organization – the Joint Task Force-DoD Information Networks (JTF-DoDIN) – as part of the broader DISA reorganization. The new cyber organization is taking over all operational defensive activities from the U.S. Cyber Command (USCYBERCOM) to free it up to focus on cyber- policy and strategy in the face of fast growing threats.

The Office of Management and Budget (OMB)

In addition to working on guidance for the 2014 update to the Federal Information Security Management Act (FISMA) as well as several cybersecurity policy directives, OMB has established an E-Government Cyber unit under the existing Office of E-Government and Information Technology to lead their cyber- initiatives. The result of legislation passed late last Congress, the new unit has $15 million in new funding included in the FY 2016 budget request. E-Gov Cyber will expand OMB’s reach within the .gov cyber- realm beyond Cyberstat’s data-driven, risk-based framework and issuing cybersecurity-related guidance to include coordinating agency responses to cyber- incidents and vulnerabilities.

Central Intelligence Agency (CIA)

Although a new organization at the CIA has not been created there, yet . . . it appears that the possibility has more than crossed the minds of agency leadership. The CIA is expanding its cyber-espionage capabilities to overcome its increasingly obsolete approach to espionage due to the rapid proliferation of technologies like smartphones and social media. CIA Director John Brennan is calling for greater use of cyber capabilities in nearly every facet of agency operations, even considering the creation of a new cyber-directorate that would elevate the agency’s technology experts to be on par with CIA’s operations and analysis units.

Implications

According to the FY 2016 federal budget request release a few weeks ago, the president has proposed $14 billion in cybersecurity funding for cybersecurity initiatives and research. The proposal underscores the growing prominence that information resources and technologies play in our nation and the heightened sense that we should be doing more to protect these resources.

Yet, the fiscal climate for IT programs over the last few years has been uncertain, and with few exceptions notwithstanding, that pressure does not seem to be letting up just yet. However, given some of the high profile cybersecurity failures that have made the news in recent months it may be that the “cybersecurity card” is one of the few things that will ensure funding from Congress for needed IT investments at an agency.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

 

White House Announces New Cybersecurity Center

The White House has announced that it is launching a new federal organization to step up the national cybersecurity coordination and response capability. Details are still slim, but a senior cybersecurity adviser at the White House did outline the vision for the new center in a recent address.

News of the new cyber agency launch hit news sources like Washington Post and Reuters shortly before the official statement. In the public announcement, Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, said the new Cyber Threat Intelligence Integration Center (CTIIC) will reside within Office of the Director of National Intelligence and will be patterned after the National Counterterrorism Center (NCTC). “There are structural, organizational, and cultural shifts that were made in our government in the counterterrorism realm that also apply to cyber. We need to develop the same muscle memory in the government response to cyber-threats as we have for terrorist incidents.”

Filling a Void

In the summer of 2014, the White House created a Cyber Response Group (CRG) in response to the growing number of highly-publicized breaches and intrusions to both public and private networks. Modeled on the Counterterrorism Security Group, the CRG convenes multiple agency players and pools knowledge on current threats. It appears that the CTIIC will build upon the CRG’s efforts to “quickly consolidate, analyze, and provide assessments on fast moving threats or cyber-attacks.”

“Currently, no single government entity is responsible for producing coordinated cyber-threat assessments, ensuring that information is shared rapidly among existing cyber-centers and other elements within our government, and supporting the work of operators and policy makers with timely intelligence about the latest cyber-threats and threat actors. The CTIIC is intended to fill these gaps,” Monaco said.

CTIIC Functions

Monaco said that the new center will serve a similar function for cyber that the NCTC does for terrorism:

  • Integrate intelligence for cyber-threats – information sharing is critical
  • Provide all-source analysis to policy makers and operators – cross-domain analysis to provide a comprehensive perspective
  • Support the work of existing federal cyber-centers, network defenders, and law enforcement communities – coordinated action and response to achieve common goals.

What the CTIIC Will Not Do

Monaco was quick to stress that the CTIIC will not collect intelligence, but rather it will analyze and integrate information already collected under existing federal authorities. Similarly, Monaco said that CTIIC will not perform functions already assigned to other cyber-centers, but is intended to enable them to perform their respective roles more effectively.

Looking Ahead

In her remarks, Monaco said that the government will need to work in lockstep with the private sector and do its utmost to share cyber-threat intelligence information, not simply let private entities fend for themselves. The latest budget request from the White House for FY 2016 budget has $14 billion allocated to cybersecurity to protect critical infrastructure, government networks, and other systems.

The CTIIC announcement comes just days ahead of a White House Summit at Stanford University to discuss cybersecurity and consumer protections.

Contractor Implications

It is yet unclear what implications the CTIIC will have for federal contractors. There is limited public information about the role of contractor support at the ODNI and related entities within the Intelligence Community. That said, there is likely to be some need for technology infrastructure in setting up any new entity, and if the demand for skill sets exceeds the government’s talent pool then they may look to the contractor community for support.

The broader emphasis on cyber-threat information sharing and related cybersecurity provisions in recent National Defense Authorization bills and others will continue to raise the bar for contractor companies to meet federal cyber-requirements. Increasingly, companies are required to provide agencies with increased visibility into their internal security posture – including reporting incidents – as a stipulation to performing federal work. Expect provisions like these to continue to evolve.

Will Congress Help DHS Stem its Cyber-Workforce Hemorrhaging?

Recent news media reports reveal endemic leadership and staff turnover and low morale at the Department of Homeland Security (DHS) and these challenges continue to impact both its intelligence and cybersecurity missions and the department’s ability to attract and retain skilled experts. Now, it appears that some legislation in Congress might help address some of the issues. 

According to a recent Washington Post report, over the past four years, federal employees have left DHS at a rate that is nearly twice as fast as the overall federal government, and the trend is accelerating. Morale is dismal, by most reports, and the department’s ability to attract replacements and new talent has been slow and ineffective. Contributing factors include cultural clashes and in-fighting among the sub-agencies, bureaucratic lethargy, unclear missions, a high degree of regulatory oversight, and low pay compared to similar jobs in the private sector. The departures have hit the leadership area especially hard. The department’s ­top-level vacancy rate had reached 40 percent, although the Senate has confirmed 10 top DHS officials in the last six months or so.

The high-level leadership departures have hit hard DHS’s intelligence functions as well as cybersecurity. The Post reports that between June 2011 and March 2012, four senior DHS cybersecurity officials left, right as DHS was arguing its case to Congress to be given more authority in protecting critical private-sector infrastructure and networks, a failed effort. High churn rates have also impacted operational areas like the National Cybersecurity and Communications Integration Center (NCCIC), which just recently lost its director and another key leader. The high turn-over rate is credited with stalling the progress of major programs like EINSTEIN. Compensation is a major issue as cybersecurity experts can make 2-3 times as much, or more, in the private sector than they can at DHS.

While numerous legislative bills aimed at beefing up the federal cybersecurity workforce have come and gone over the last few years, one effort to support DHS has gained legs recently. The Senate recently passed the Border Patrol Agent Pay Reform Act of 2014, which includes the DHS Cybersecurity Workforce Recruitment and Retention Act that is aimed at helping the department recruit and retain cybersecurity experts.

A recent article summarizes the provisions to include:

  • Giving DHS greater hiring authorities, similar to those at DoD, to expedite the on-boarding of cybersecurity staff, as well as greater leeway in compensation,
  • Requiring DHS to report annually on the progress of the hiring effort, and
  • Requiring DHS to develop cyber- occupation classification codes for staff performing cybersecurity activities to aid in identifying and fulfilling its cybersecurity needs.

What gives some hope to the current Senate bill is that it is similar to the Homeland Security Cybersecurity Boots-on-the-Ground Act that passed the House this summer.  I discussed this House bill when it first passed out of committee back in October, 2013. Now, nearly a year later, we will see if this or the Senate bill has enough legs to be passed as-is by the other chamber or can survive a conference committee mark-up and re-vote in both chambers to make it to the president. Given that we are in a Congressional election year with little left in the legislative calendar before the run-up to November, such fate may fall to the lame duck session and that is an uncertain fate for sure.

Even if legislation were enacted immediately, it will take significant time to for DHS to make up lost ground and build up its workforce. Until then, they look to industry to help fill the gaps and protect the department and the rest of the .gov domain from an increasingly hostile cybersecurity landscape.

---
Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @GovWinSlye.

NSA Adds Five Schools to Centers of Academic Excellence Roster

The National Security Agency (NSA) Central Security Service (CSS) Center of Academic Excellence (CAE) programs support the President's National Initiative for Cybersecurity Education (NICE) in growing the base of skilled workers capable of supporting a cyber-secure nation.  Mid July 2014, NSA recognized five schools as additions to the Cyber Operations Program.

The Cyber Operations program includes technologies and techniques pertinent to cyber operations as well as legal and ethical considerations. According to the NSA, “these technologies and techniques are critical to intelligence, military and law enforcement organizations authorized to perform [cyber] specialized operations.” The July 14, 2014 announcement added five schools to the ranks of qualified academic institutions:

  • New York University (New York);
  • Towson University (Maryland);
  • The United States Military Academy (New York);
  • The University of Cincinnati (Ohio); and
  • The University of New Orleans (Louisiana).

The additions bring the total of schools in the Cyber Operations program up to thirteen. NSA’s Centers for Academic Excellence include programs addressing Cyber Operations, Information Assurance Education, and Research. The Information Assurance Research and Information Assurance Education, jointly overseen by NSA and the Department of Homeland Security, boast over 100 existing centers of academic excellence.

While the Cyber Operations program is “designed to cultivate more U.S. cyber professionals,” it’s not clear whether these individuals are expected to bolster the nation’s information security from within government ranks. While students may consider the CAE designation in evaluating schools, they might have their sights set on the private sector. Students participating in the Cyber Operations program will have opportunities to pursue summer internships at NSA, which suggests that there is hope to bring in new talent.  Considering the workforce challenges agencies have faced in recent years, it’s questionable whether that’s where students will head. When it comes to information security personnel, federal agencies have struggled with recruitment, retention, training, and hiring system complications.

Although the most recent FISMA report did not include data on security personnel, the FY2012 FISMA Report indicated a continue reliance on skilled personnel. Workforce amounted to approximately 90% of FY2012 IT security costs. Within civilian agencies, around 42% of the FTEs with major responsibilities in information security were contracted roles. Defense agencies managed to fill 68% of those information security roles with government employees, but they still relied on contractors for nearly a third of the workforce with information security responsibilities.  It’s clear that agencies will need contractor support for the foreseeable future. At the same time, the current fiscal environment casts this cost structure in an unsustainable light. Perhaps, the more realistic expectation for these academic programs is simply to serve as incubators for cyber talent. In the long run, both industry and government (often through contracted support) stand to benefit, and continued government-industry collaboration will help improve our overall cybersecurity posture adapt to future threats.

----------------------------------

Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @FIAGovWin.

 

Defense and Security Mobility Landscape Reflects Changes and Challenges

Federal agencies in the defense and security mission areas are grappling with how to effectively harness the capabilities of mobile and wireless technologies in a secure and cost-effective way. The remarks and panel discussions at a recent industry event reveal that agencies are in different points in their development, but all are facing challenges.

At the recent Defense and Security Mobile Technologies Symposium held by AFCEA-DC representatives from across the Department of Defense, Department of Homeland Security, the intelligence community and other federal agencies gave their individual perspectives on their mobility plans, activities, and challenges.

A few general take-aways from the event:

  • Changing technologies – Federal agencies, especially DoD, are still struggling with the rapid change of technology and the security challenges of mobility. This is especially true for BYOD. But agencies recognize that they can’t keep spending on specialized devices at the same rates as in the past.  

  • Declining budgets – Surprise! NO ONE said their budget would be up for mobility in the coming year(s). A few agency speakers said their budgets will be flat at best. Most said things like “we need to find efficiencies in our IT and shift the savings to other (non-IT) areas.”
      
  • Shifting view of MDM – The consensus among agencies is to move in the direction of device-agnosticism so that they can accommodate and secure whatever devices connect to their networks. This has direct implications for Mobile Device Management (MDM) policies and approaches, leading some to say that MDM that focuses on the device is the wrong approach. Similarly, there’s continued stress on implementing security at the data level, rather than primarily focusing on security at the network and device level. While these themes are consistent with what we’ve been hearing over the last several years it is clear that they are still working to make them a reality. It’s going to take longer than most anticipate.
      
  • CAC’s the way – DoD mobility credentialing will be inextricably linked to CACs since they are effective and ubiquitous. The Pentagon is looking for ways to allow users to access a network via multiple concurrent devices through derived credentials via Common Access Card (CAC). There are a lot of policy and technical issues to work through inside the Department and with solutions-providers, as is noted in a recent news story on the topic. While technical issues exist, governance policy is also a major hurdle.
      
  • More choices, more challenges – The rapid growth of Android and Apple devices is driven by end-user demand for more functional capabilities, but it also continues to present management issues. iOS devices present some challenges within the DoD because Apple doesn’t change their products simply because the government wants them to. Their branding is based on careful attention to their individual customer experience and that is not something they are willing to risk lightly.

Clearly, the federal mobility landscape will be in a state of flux for the foreseeable future, presenting opportunities for creative solutions providers to offer policy and governance support as well as technical offerings.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

Depressed Spending Heightens Focus on Key Technology Investments

At the beginning of November 2013, Defense Secretary Chuck Hagel delivered a speech at the Center for Strategic and International Studies that explored the future role of the U.S. military forces. Budget pressure is expected to continue as commanders weigh decisions about reduced end strength levels and optimized resource management. For Hagel, preserving investments in several strategic technologies will be critical to modern warfare.

Defense Secretary Robert Gates established the ISR Task Force in 2008 to expedite development and delivery of ISR technologies to forces in Iraq and Afghanistan. To date, the organization is reported to have spent around $12 billion.  Some of the technologies delivered include surveillance aircraft and drones. This past September, a memo from Deputy Defense Secretary Carter outlined a transition of the ISR Task Force from part of the Office of Secretary of Defense to the Under Secretary of Defense for Intelligence. The move is expected improve staffing and support rapid technology development. At the same time, the move suggests a strategic change for the organization as the task force evaluates global warfighter requirements.
 
The increasing emphasis on what General James Cartwright called “computational power in our command-and-control data analysis” will fuel demand for technology developments in areas including space systems, cyber capabilities, and ISR (intelligence, surveillance, and reconnaissance). The model of operations that evolved through conflicts in Afghanistan and Iraq has driven demand for greater precision through intelligence gathering capabilities.
 
In response to these shifts, tailored technology offerings are being brought to market that acknowledge eroding bandwidth prices and ballooning scale of data transfers in the defense and intelligence community.  In addition to improving access to data, systems that automatically scan ISR data sets for anomalies are accelerating data processing, analysis, and dissemination. These high volume/high data rate solutions will continue to present growth opportunities for vendors as requirements rescope and align with changes to military strategic priorities.

Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about GovWinIQ. Follow me on twitter @FIAGovWin.

The Joint Information Environment (JIE): Areas of Opportunity

In a blog post published last May, I outlined the evolution of the Defense Department’s Joint Information Environment, or JIE, as I understood it at the time.  My purpose in writing the post was to clarify the short-, mid-, and long-term objectives of DoD’s JIE strategy for readers confused about what was happening.  Confusion is certainly warranted in this case as contract opportunities surrounding the JIE have not amounted to much.  I believe this is about to change as multiple, simultaneous JIE efforts take off in FY 2014.  All of this assumes of course that the federal government eventually returns to functioning in a somewhat normal manner.  Once that occurs, I expect the forthcoming business opportunities associated with the JIE will be tremendous.
 
A lot of new information about the JIE has come to light since last spring.  This information has filled in a number of blanks, and while numerous gaps remain, enough details have been made public to determine where areas of opportunity are beginning to surface.  To illustrate where these areas are I put together a graphic depicting the JIE.  The gold-colored text and shading are the parts of the environment where I believe work will be required.



The Joint Information Environment (JIE)

The graphic shows two levels where JIE related work is either taking place now or will be required in the near future.  These levels are at the Military Departments (MILDEPS) and at the Defense Information Systems Agency (DISA).  Starting with the MILDEPS, all indications are that the Army is currently at the center of JIE-related work.  These efforts are focused on integrating new network hardware to enable interoperability.  For example, Army officials recently announced that Congressional reprogramming of funds have enabled it to make a large bulk purchase of Multi-Protocol Label Switching (MPLS) routers.  In addition, the Army has been authorized to spend $175 million in FY 2014 to implement Joint Regional Security Stacks (JRSS) with nodes in the U.S. and in the Middle East.

These efforts are intended to rapidly increase the bandwidth capability of Army networks and to lay groundwork for the creation of a MPLS transport cloud in FY 2014.  Once the Army has completed the installation of the new equipment, it will turn it over to DISA for operation and maintenance (truly a joint endeavor).  The Air Force has also embarked on MPLS installation for the same purposes as the Army.  I have no information on activities like these on the Navy.  Lastly, all of the Services will continue consolidating data centers, rationalizing applications, and collapsing/integrating networks on standards that conform to JIE requirements.
 
This takes us to DISA and the portion of the graphic that is in the cloud.  The implementation of new, faster hardware at the MILDEP level will enable DISA and commercial partners to deliver capabilities and services via a series of clouds.  This means not only procuring the capabilities DISA will deliver (e.g., Unified Communications), but also setting up the processes required to utilize commercial cloud services and cloud storage.  Then there are the efforts that will be required to build out Acropolis, the new Defense analytics cloud, and, presumably, to integrate DISA’s cloud infrastructure with the IC IT Environment (IC ITE).
 
Clearly the promise of the JIE is on the road to becoming reality.  Hardware vendors will benefit from the build out of transport capabilities and need for storage.  Software vendors will provide cloud-based applications, data analytics, and cyber security tools.  Services vendors will help DISA pull it all together.  Taking this into consideration, expect creating the JIE to be the biggest business opportunity in federal IT in 2014 and beyond.

TTC's Big Data Conference Offers Big Insights

Last week I had the opportunity to attend a conference on government big data put on by the Technology Training Corporation.  TTC always puts on an excellent event featuring a balanced mix of government and industry speakers that provide multiple perspectives on the subject at hand.  The subject of this symposium was big data for the defense and intelligence communities.  Given that these two parts of the federal government are trailblazers in the use of big data solutions, I went to the conference in anticipation of getting a plethora of good insight into capabilities that the DoD and IC are looking for.

I wasn’t disappointed.  The first major theme that cut across most of the presentations was the intersection of cloud computing and big data.  This is a subject I’ve written on several times in the last year, particularly in regard to the fact that cloud computing is proving to be an enabling factor for big data capabilities.  This theme was echoed by several of the speakers.  For example, Jill Singer, formerly the Chief Information Officer for the National Reconnaissance Office (NRO), and now a partner with Deep Water Point, called cloud a “game changer” when it came to the ways that federal customers are seeking to leverage IT services in general and big data capabilities in particular.  Diving deeper into Ms. Singer’s comments, she stated that “big data is about the network” meaning “big infrastructure companies [will need to] make an investment to keep up.”  The need for big infrastructure gets straight to the point about the value of cloud for government customers.  Even more than migrating applications to the cloud, government customers are looking for ways to divest themselves of infrastructure spending.  This is translating into big contracts for vendor provided cloud based infrastructure that customers can buy on a “per drink” basis.

John Marshall, Deputy Director of the National System for Geospatial Intelligence (NSG) Program Management Office at the National Geospatial-Intelligence Agency (NGA), echoed the importance of infrastructure, but added that bandwidth concerns are causing the DoD/IC to rethink data location.  As an example, Mr. Marshall cited the collocation of data centers and access points to ensure that the Defense and Intel Communities have adequate bandwidth to move big data around.  Another challenge DoD and IC components are having is finding cross-domain solutions that enable the free flow of data to proper classification levels while simultaneously keeping the data secure.  Lastly, Mr. Marshall stressed the need for better data mining capabilities and trained analysts to glean insight from the data.

Another speaker, Lisa Shaler-Clark, the Deputy Director/Program Manager for Futures at Army Intelligence and Security Command (INSCOM) touched on similar themes as Mr. Marshall, but expanded her comments to explain how INSCOM is leveraging cloud to address some of the cross-domain challenges.  Specifically, INSCOM is consolidating data into a “one cloud per domain” approach with cross-domain interfaces.  Data in these clouds is tagged (metadata) so that analysts can choose and analyze the data they require for their respective missions.  The biggest challenge, Ms. Shaler-Clark said, is balancing the use of 4 different architectures across the IC.  These architectures are the Intelligence Community IT Environment, (ICITE), for national and international level intelligence, the Joint Information Environment (JIE) for the strategic domain, the Army’s Common Operating Environment (COE) for the tactical domain, and the Defense Intelligence Information Enterprise or DI2E.

Summarizing these priorities and challenges, the pain points discussed make it clear that the Defense and Intelligence Communities require big data solutions in the following areas:
  • Improving cross-domain data sharing
  • Improving data analysis capabilities, including text mining and full motion video analysis tools
  • Developing effective bandwidth utilization strategies
  • Reconciling disparate cloud architectures
Vendors offering solutions to any/all of these challenges will find eager partners in the DoD/IC. 

 

 

Cybersecurity – From Frameworks and Farewells to Foreign Affairs

It’s been a busy time lately on the cybersecurity news front. In the last few weeks, there have been reports ranging from the release of evolving cybersecurity policies to outright attacks, and rumors of past and future attacks, on traditional networks and websites as well as industrial and weapons systems. It seems that cybersecurity issues are all-pervasive.

On the policy side, the National Institute of Standards and Technology (NIST) released a preliminary cybersecurity draft framework outlining various standards, best practices and guidance to provide guidance to organizations on managing cybersecurity risks. According to comments surrounding the release, the goal is to complement, rather than replace, an organization’s existing cybersecurity processes. The primary focus of the framework is improving cybersecurity among private critical infrastructure owners like utilities and other industrial entities, although there may be some applications for government agencies as well. The current draft is the next round in an eventual final framework that is expected to be codified in October.

The NIST critical infrastructure cyber- framework draft release comes on the heels of some very earnest comments from the outgoing Homeland Security Secretary, Janet Napolitano. In her farewell address, the Napolitano urged her eventual successor to have a strong sense of urgency in preparing for major cyber-attack on US infrastructure. “While we have built systems, protections and a framework to identify attacks and intrusions, share information with the private sector and across government, and develop plans and capabilities to mitigate the damage, more must be done, and quickly,” Napolitano said.

While it is widely acknowledged that adversarial nations employ offensive cyber capabilities against the US government and industry, etc. the threat also includes non-state and other loosely-defined actors. For example, al-Qaeda has been exploring ways to conduct cyber-attacks on US drones, enlisting engineers to identify ways to exploit any technical vulnerability in the aircraft to jam or remotely hijack them or otherwise compromise them to reduce their effectiveness.  And with the brewing potential for US strikes in Syria there were reports of tampering with a Marine Corps recruitment website by apparent pro-Syrian government hackers. It is unclear whether these or other actors could or would be able to effectively strike at other, less mundane, targets if things escalate.

Speaking of cyber-attacks . . . There’s growing confirmation that the US is taking its offensive cyber capabilities as seriously as its defensive know-how. The news that US intelligence entities have carried out hundreds of offensive cyber-operations against adversaries over the last few years, likely to include the Stuxnet attack on Iranian nuclear control systems, hints at the scope, abilities, and magnitude of their efforts. A related report reinforced the fact that federal cybersecurity spending – both defensive and offensive – is decentralized and peppered throughout numerous programs and areas.

There is a theme that connects all of these areas: As information technology continues to advance and permeate how we operate our critical infrastructures, government and military, the demand to protect and exploit this technology will continue to grow. And federal spending will likely grow with it.

---
Originally published for Federal Industry Analysis: Analysts Perspectives Blog. Stay ahead of the competition by discovering more about 
GovWin FIA. Follow me on Twitter @GovWinSlye.

Big Data and Cloud Computing at the Heart of the Army’s Distributed Common Ground System

In a federal market under tremendous fiscal pressure, the Army’s Distributed Common Ground System (DCGS-A) program stands out for its visionary approach to the use of cutting-edge technology solutions. Over the next few years, the consistently well-funded DCGS-A program will seek to make even more extensive use of big data tools, like advanced analytics and visualization applications, hosted and delivered in a cloud setting. These capabilities will provide a consistent stream of intelligence data to Army intelligence, joint Defense components, and the intelligence community, making the DCGS-A one of the most intriguing and forward-looking programs currently in existence.
At the end of last August, the Project Manager Distributed Common Ground System - Army (PM DCGS-A) and TRADOC Capability Manager for Sensor Processing (TCM-SP) hosted an industry event called the 2013 DCGS-A Innovation Showcase.  Speakers at this showcase outlined the way ahead for the Army’s iteration of Distributed Common Ground System.  The presentations included multiple discussions of upcoming requirements and capabilities.

For those not familiar with it, the DCGS-A is a single system that receives data from multiple types of sensors.  This includes data from aerial and terrestrial platforms (e.g., drones and vehicles), from individual soldiers, and from national level intelligence sources.  The system enables this data to be easily shared across the joint Defense environment and with coalition partners while enabling multi-disciplined analysis that fuses signal data, imagery, and human intelligence into a common data product.  Every branch of the Armed Services has a version of the DCGS, making it the de facto tactical intelligence network for the Department of Defense.

The Army’s portion of the DCGS appears to be the most highly evolved, a status that has attracted the attention of Congress for cost overruns and problems with interoperability.  This said, the DCGS-A continues to be one of the Army’s top priorities and largest investments.  The Army has, for example, requested more than $295 million for DCGS-A in FY 2014.  Best of all from an industry standpoint, 100% of these dollars are slated for Development, Modernization, and Enhancement (DME).  DME dollars tend to flow into contracts so this is good news in an overall shrinking market.  Finally, to illustrate just how important the DCGS is to the Army and the DoD, funding for the system in FY 2012 and FY 2013 totaled $239.3 million and $225.3 million respectively.  Again, all of these dollars were for DME so even in the leanest of fiscal years, large amounts of money have continued to flow into the program.

Why has the DCGS-A program been so well funded?  Simple.  It is critical to the national security of the United States.  The DCGS-A program is also notable for its employment of the most forward-looking technologies, including cloud computing and big data analytics.  For example, according to the presentation given by COL Dave Pendall, the Army G2 Liaison to MIT Lincoln Laboratory, the requirements forecast for the DCGS-A include

- Real-Time Distributed Cloud Architecture and Analytics
- Sensor Situational Awareness, Sensor Collaboration, and On-Board Processing
- Collaboration Technology and Data Fusion Visualization Tools
- Identity Intelligence
- Network / Data Security Advancements for the Distributed Enterprise at Network Speed

The way ahead for the system is also anticipated to include work developing an interface between the DCGS-A cloud and the Intelligence Community IT Environment (ICITE) cloud.  This interface will enable data from the DCGS-A to be stored in the hosting infrastructure provided by the National Security Agency (NSA).

This brings us to the question of procurement.  The PM DCGS-A makes use of a large variety of acquisition avenues to buy what it needs.  Covering all of these avenues is beyond the scope of this brief blog post, but there is one contract vehicle worth mentioning that the PM likes to use most frequently - the Army’s Strategic Services Sourcing (S3) multiple award IDIQ contract.  Over the lifetime of S3, spending related to DCGS-A amounts to approximately $1.6 billion.  Much of this earlier spending was for systems integration efforts.  Future spending is likely to be related to data fusion efforts (i.e. data cleansing, interoperability, metadata tagging), additional analytics for full motion video analysis, and enhanced geospatial capabilities.  Therefore, to maximize potential for winning business with the PM DCGS-A, one of the DoD’s best funded programs, competing for the next iteration of S3 is essential.

 

More Entries