Reporter’s Notebook

jason-miller-original“Reporter’s Notebook” is a weekly dispatch of news tidbits, strongly-sourced buzz, and other items of interest happening in the federal IT and acquisition communities.

Submit ideas, suggestions and news tips  to Jason via email.

 Sign up for our Reporter’s Notebook email alert.

Are contractors worrying too much over GSA’s data rule?

Many government contractors are worried, fearful and in disbelief about the General Services Administration’s implementation of its Transactional Data Rule.

There are calls for delays in implementation and more training for contracting officers and contracting specialists. There are worries that contracting officers will continue to ask for the dreaded, outdated, lawsuit inducing data that the TDR is supposed to replace — commercial sales practices (CSPs) and the price reduction clause disclosures.

And maybe most of all, industry is concerned about the cost to collect and transmit the data back to GSA.

Despite all of these fears, we know very little about the impact, cost or problems with GSA collecting transactional data, which it says is information generated when the government purchases goods or services from a vendor. The rule requires vendors to report specific details such as descriptions, part numbers, quantities and prices paid for the items purchased.

GSA finalized the TDR rule in June creating a requirement for government contractors to submit information about transactions through the schedule contracts and those governmentwide acquisition contracts run by the agency.

Let’s start off with what we do know about the GSA’s Transactional Data Rule. More than 1,000 companies have signed the modification under their Schedules contract and are starting to provide the data under the pilot. That is about 40 percent of the total number of contractors who are eligible under the pilot and 8 percent have held off, while the other 52 percent still are considering whether to take part in the year-long pilot or not.


New interagency group to show resistance to the cloud is futile

It would be an understatement to say David Bray, the Federal Communications Commission’s chief information officer, is a strong proponent of cloud computing.

It also would be an understatement to say Bray’s beliefs about the power of cloud doesn’t always jive with his colleagues.

Few CIOs are comfortable with Bray’s vision for government and the cloud — even six years after the Office of Management and Budget issued its cloud-first policy.

“We can take more advantage of things like artificial intelligence and machine learning once we’ve moved all of public service to the cloud, and right now there has been a lot of resistance, some of it just the concern of those who are currently doing their jobs that are familiar with the client-server model,” Bray said during the recent Government of the Future conference sponsored by Verizon in Arlington, Virginia. “If you don’t get them comfortable with cloud and comfortable with relying on partners beyond the scope of their agencies, they are kind of concerned they may not be able to observe blinking lights. But we’ve got to move to the cloud as quickly as possible, whether it’s private cloud for the Department of Defense and the Intelligence Community or public cloud for the rest of the civilian agencies.”

Bray said government has to get out of the business of writing its own code, out of the business of hosting its own infrastructure and maybe most importantly, rely on the commercial sector to provide reusable applications that agencies can stitch together to meet their missions.

Bray isn’t just talking the talk, but walking the walk, as the FCC has moved a large portion of its technology to the commercial cloud. By doing that, the FCC cut spending on legacy systems and operations and maintenance by 35 percent.

So it’s no wonder that when the General Services Administration began searching for a chairman of its new cloud center of excellence, Bray was the natural choice.


Federal procurement reforms start by naming the right type of leaders, experts tell Trump

The next administrator for the Office of Federal Procurement Policy —whomever that person ends up being — will have a significant to-do list as they walk in the door. There is a host of Obama administration-era priorities that industry disdains — category management, transactional data rule and a stack of executive orders that many would like to be undone or changed significantly.

Before the new OFPP administrator begins the analysis to set their priorities, a group of former OFPP, Defense Department and agency acquisition executives are urging the administration to focus as much on the “who” as the “what.”

The Procurement Roundtable, which includes former OFPP Administrator Allan Burman, former OFPP Deputy Administrator Rob Burton, former acting Assistant Secretary of the Army for Acquisition, Logistics and Technology Ken Oscar, former General Services Administration Senior Procurement Executive David Drabkin and many others, sent a letter in January to then President-elect Donald Trump outlining three areas the new administration should focus its efforts to improve the acquisition process.

The most important suggestion, however, isn’t about what needs to change or improve, but who is leading the overall effort.

“We thought it was the right time to reinforce with the President-elect the importance of picking the right candidates for the various position he has to fill from OFPP administrator to the GSA administrator to the various chief acquisition officers and undersecretaries. In considering their backgrounds in people he might select, having government and industry experience is key. That has not necessarily been the background of people who have been selected historically,” said Drabkin, who now is a member of the Section 809 Panel, “Advisory Panel on Streamlining and Codifying Acquisition Regulations” and director of government contracts at Dixon Hughes Goodman, LLP. “We also wanted to impress upon the President-elect our sense that he provides leadership to the acquisition workforce, and the workforce requires leadership to ensure agencies are getting value for the taxpayer and he should be leading that charge.”

Congress created the Section 809 panel in the fiscal 2016 Defense authorization bill to find ways to streamline and improve the DoD acquisition process. The panel has two years to develop recommendations for changes in the regulation and associated statutes.


GSA to join DoD in hiring ethical hackers to find cyber vulnerabilities

The federal market for “white hat” hackers continues to grow. Not only are ethical security burglars popular in the Defense Department, but now the General Services Administration’s Technology Transformation Service (TTS) is setting up a bug bounty program.

TTS issued a draft solicitation in January aiming to set up a program where ethical hackers scan and find vulnerabilities in their cloud-based applications.

“As part of its programmatic focus on security, TTS needs to purchase access to a pre-existing, commercially available Bug Bounty software-as-a-service (SaaS) Platform that will allow it to launch and manage the TTS Bug Bounty program,” the performance work statement said. “This acquisition will give TTS access to a large network of security researchers, people who have an interest — both personally and financially — in helping to find and address bugs and other technical issues within TTS-owned web applications. While the Department of Defense has conducted a bug bounty program, this TTS program will be the first of its kind to be generated by a civilian (or non-DoD) federal agency. Only a select few small businesses are able to provide this software-as-a-service (SaaS) platform and that large network of researchers.”

TTS is asking for insights from vendors on how to set up the program that provides 12 services, including having ethical hackers test up to five applications and set up a secure reporting platform.


CDM Phase 3 complexities causing DHS, GSA to rethink approach

Like the tortoise racing the hare, the Homeland Security Department’s continuous diagnostics and mitigation (CDM) program continues to make slow but steady progress.

The CDM program now is in its fourth year and every agency is in the midst of implementing Phase 1 tools and has a contract in place for Phase 2. The agency and governmentwide dashboards are on tap to report data in 2017. Now DHS and its acquisition partner, the General Services Administration, are starting to think about what comes next in 2018 when the current $6 billion blanket purchase agreement contract expires.

“Phase 1 and Phase 2 were centrally funded by DHS and we saw huge savings. In most cases 30 percent and in some cases as high as 60 percent-to-70 percent,” said Jim Piche, a group manager at GSA’s FEDSIM office, which acts as the procurement arm for CDM, at the recent Institute for Critical Infrastructure Technology (ICIT) winter summit in Arlington, Virginia. “The model has to start changing in the future. OMB decided to redirect the funding back to agency CIOs so they are empowered to oversee and maintain their CDM infrastructure. So with Phase 3 on the horizon, it will be centrally funded, but maintenance and ongoing sustainment will not be centrally funded like it is now.”

Mark Kneidinger, director of Federal Network Resilience in the Office of Cybersecurity and Communications at DHS, said GSA and DHS are engaging with OMB, and particularly the Resource Management Officers (RMOs) for how to keep CDM well resourced.


House Oversight committee places high priority on renewing E-Gov Act provisions

While the federal IT and acquisition communities still are “patiently” waiting for President Donald Trump to name key players at the Office of Management and Budget, the General Services Administration and the Office of Personnel Management, Republican lawmakers gave us a little bit of insight into their plans for 2017.

The House Oversight and Government Reform Committee and the House Homeland Security Committee both released oversight plans in the last few weeks, giving agency IT and acquisition executives and contractors insights into their plans.

While details are still murky from the committees, there is plenty to chew on.

Let’s start with never-ending challenge of cybersecurity. Both committees have pledged more and stricter oversight.

Rep. John Ratcliffe (R-Texas), chairman of the Homeland Security Cybersecurity and Infrastructure Protection Subcommittee, said one major goal for him is ensuring agencies are using the EINSTEIN and continuous diagnostics and mitigation (CDM) program to their fullest extents.

“We saw that with the OPM breach and others how legacy systems contributed to those breaches,” Ratcliffe said in an interview with Federal News Radio. “One of ways we’ve tried to focus on that is by introducing a number of bills to learn from our counterparts in the private sector so we can leverage emerging technologies and catch up with a lot of what is happening outside of government and learn from that.”

Ratcliffe said he’s talked with Rep. Will Hurd (R-Texas), chairman of the Oversight and Government Reform Subcommittee on IT, about the importance of modernizing federal IT. He said he’s supportive of an approach to getting rid of legacy IT in agencies, but has not yet signed on to support the Modernizing Government Technology Act.


USDS, 18F could be exempted from federal hiring freeze

The General Services Administration’s Technology Transformation Service (TTS), and particularly the 18F organization, received some good news last week.

Multiple sources confirmed Trump administration officials said the upcoming guidance from the Office of Management and Budget to implement the hiring freeze of federal employees likely will not impact 18F or the U.S. Digital Service.

GSA employees, who attended the TTS town hall on Jan. 26 and who requested anonymity because they didn’t get approval to talk to the press, said Gerrit Lansing, the White House’s chief digital officer, and Reed Cordish, the assistant to the President for Intragovernmental and Technology Initiatives, assured them that the administration didn’t want to inhibit their ability to bring in talented IT employees.

“He said the administration would protect the ability we have to do tour-of-duty hiring,” said one GSA employee. “Gerrit said they have already incorporated language into OMB’s guidance that is coming out in the next few weeks that protects 18F and USDS from the hiring freeze. They said it’s a done deal. They didn’t go into a ton of detail, but said they had to get creative in the guidance.” (more…)

As administration drafts new cyber order, experts call for more action, fewer policies

Before Greg Touhill’s term ended as the first federal chief information security officer, he came to an important conclusion: agencies don’t need any more policies around cybersecurity and technology.

In fact, Touhill said on Jan. 23 that the Office of Management and Budget had identified 63 policies that needed to be rescinded under an initiative called Project CRUFT. Cruft is a term used in the software development process that means “dirty, unpleasant, extra, sloppily implemented, duplicated elsewhere or simply useless,” according to a TechTarget whitepaper on dev/ops.

“The success measure is not the number of policies, but how well you execute them. My focus is on execution and follow-through,” Touhill said at the Institute for Critical Infrastructure Technology (ICIT) Winter Summit in Arlington, Virginia. “I expect in the next coming weeks you are going to see a rescission of those policies. For example, why do we require every CIO out there to certify their systems are Y2k compliant? That is just adding drag to organization. I think we’ve successfully passed it. Follow-through is critically important. You need to be able to execute. That is something in the federal government, and I’d contend in the private sector too, this is a deficiency we all need to work on.”

As Touhill detailed his three recommendations around cybersecurity for the next administration, the Trump White House was busy writing yet another cybersecurity executive order calling for a host of studies and recommendations. To many experts, it feels like the Trump folks are paving the proverbial cyber cow path — more studies will just delay the real work.


Federal IT executives offer Trump transition team broad insights on state of IT

About a week before the end of the Obama administration, the Trump transition team leading the oversight of technology management held its own exit interview of sorts.

Multiple sources confirm that the Trump team met with five agency chief information officers and their deputy secretaries to discuss a range of issues, including the innovation, data center consolidation and the appropriate roles of federal CIOs.

The CIOs from the departments of Homeland Security, Luke McCormack,  and State, Frontis Wiggins, the Environmental Protection Agency, Anne Dunkin,  and the Office of Personnel Management, Dave De Vries,  and the Veterans Affairs Department’s chief technology officer, Marina Martin, who left her position in January, were part of the meeting.

Sources say former Office of Management and Budget Deputy Director for Management Andrew Mayock chose the CIOs, their deputy secretaries and helped organize the meeting.

The discussion also centered on the progress so far around IT modernization and cybersecurity as well as the proliferation of councils — privacy, chief information security officer (CISO), CTO, chief data officer (CDO) and others — and whether there were too many.

The meeting is noteworthy for several reasons. First, there has been a lacking of information and plans from the Trump administration regarding government management. So the 60-to-90 minute meeting is another piece to understanding what’s important and what could be part of a new management agenda.

Second, while OMB issued a State of Federal IT report, conducting a fact-finding mission shows the Trump transition folks understand that listening is one of the most important parts of planning.

Finally, each of the participants had nothing to lose from being honest about the state of federal IT, the challenges and opportunities as seen from the CIO level as three of the five have since left government — only De Vries and Wiggins were not political appointees.

The incoming federal CIO, whoever that may be — any rumors out there yet? — should be able to get off to a much faster start than any their predecessors based on this and other work by the Obama administration.

Return to the Reporter’s Notebook

House, Senate members working on a fix for the IT modernization bill

Rep. Will Hurd (R-Texas) is back at the helm of the Oversight and Government Reform Subcommittee on IT for the 115th session of Congress. This means he again will have his pulpit to try again to address federal legacy technology systems.

Hurd is working on an updated version of the Modernizing Government Technology (MGT) Act, which the House passed in December, but a $9 billion score by the Congressional Budget Office (CBO) and a short schedule doomed the bill in the Senate.

Both House and Senate staff members say a fix to the bill to address the CBO score is in the works and could be completed in the coming weeks.

“I look forward to working with Congressman Hurd to achieve passage of the Modernizing Government Technology Act in the 115th Congress. This critical piece of legislation continues to be a priority for me this year,” said Rep. Gerry Connolly (D-Va.), ranking member of the subcommittee on Government Operations, in an email to Federal News Radio. “We have been working with industry experts and the Congressional Budget Office to clarify the intent and actual costs of the legislation. However, I hope the new administration will be open to making investments in federal IT modernization, at least, for the sake of cybersecurity.”

A Senate aide said they are evaluating what the best approach is to move the MGT Act forward.


« Older Entries