Can a new model for cyber come from an existing consumer protection effort?

WILLIAMSBURG, Virginia. — As the 27th and final Executive Leadership Conference sponsored by ACT-IAC wound down in Williamsburg, Virginia last week, the industry group announced its plans to revamp the event for 2018. Called ImagineNation 2018, ACT-IAC is rethinking both ELC and its other big conference, the Management of Change, and is asking for industry and government input.

ELC and MOC have been constants in the federal IT and acquisition communities over the last 25-plus years, where you could track down news and gossip, and renew business relationships. While ACT-IAC continually tried to freshen up the conferences, the federal market has become saturated with similar events, so the time is right to breathe some new life into ACT-IAC’s offerings.

But before we move into 2018, ELC delivered some interesting discussions and news tidbits. Here are my top takeaways from the event:

Consumer Product Safety Commission for cyber?

Trevor Rudolph, the former chief of the Office of Management and Budget’s Cyber and National Security Unit Office, who now is a cyber policy fellow at New America, offered up this fascinating idea.

Advertisement

Why not copy the successful model for food, pharmaceuticals and general consumer products for cybersecurity?

Rudolph said this new agency could be called the Consumer Technology Security Commission (CTSC).

“It could be under the National Institute of Standards and Technology or the Consumer Product Safety Commission, or an entirely new agency in government,” Rudolph said during one of the ELC’s TechTalks. “It would set and enforce standards for cybersecurity of consumer products.”

He said the best example of this approach is the CPSC. The agency works with Congress and industry to develop standards, accredits third-party assessment labs to accredit products and provides regulatory oversight through recalls for faulty products.

“The market alone will not solve the cyber problem,” Rudolph said. “The consumers do not have the technical knowledge to force vendors to change either. Creating such an agency would help improve the cybersecurity of consumer products.”

The Food and Drug Administration actually launched an effort that could be a building block to this new agency. The Digital Health Software Precertification (PreCert) Program kicked off Aug. 1 with a goal of creating a new evaluation approach for software products, including a precertification program for the assessment of companies that perform high-quality software design and testing.

“This voluntary pilot program is part of FDA’s ongoing efforts to develop pragmatic approaches to balance benefits and risks of digital health products. FDA intends to develop a precertification program that could replace the need for a premarket submission in some cases and allow for decreased submission content and/or faster review of marketing applications for software products in other cases,” FDA said in its July notice in the Federal Register.

Rudolph said the new Consumer Technology Security Commission would focus on coordinating and developing security design standards, create a certification and accreditation program and enforce the quality through third-party assessment and recalls.

Would vendors really be keen on another regulatory approach?

Rudolph said if the government uses tax incentives or labor market incentives as carrots and borrow the certification and accreditation process already accepted in other consumer markets, the acceptance curve may not be that great.

4 priorities for GSA’s acquisition service

Alan Thomas, the commissioner of the Federal Acquisition Service at the General Services Administration, still is getting situated in his new role, but offered some updated ideas of where he wants the service to go over the next few years.

Thomas, who started as FAS commissioner in June, detailed four priorities, starting with improving customer experience.

Thomas said he wants to modernize FAS systems to make finding vendors, getting on the schedules or using governmentwide acquisition contracts (GWACs) easier.

David Zvenyach, the acting assistant commissioner for systems management at FAS, said his goal for the common acquisition platform, which includes the System for Award Management (SAM), is to provide an “excellent buying experience and customer experience.”

“Bet.SAM.gov is going to be the future home of FedBizOpps. I want you to imagine a future that doesn’t involve SAM.gov, FBO.gov, FPDS.gov, CPARs and PPIRS, and instead just having SAM.gov. When you register as a vendor for SAM.gov, you say, ‘Let me tell you who I am,’ and guess what, it tells you what opportunities are relevant to you.”

Zvenyach added that agency customers get notified that there are new vendors in a specific space.

“We are underway,” he said. “We are actually in the midst of release 11 for Beta.SAM.gov, so you should see some new functionality going out there. We will be doing some planning for release 12 in mid-November, so if you have some ideas, go to Beta.SAM.gov and provide some feedback.”

Thomas’ second priority is around continuing to streamline and simplify GSA’s processes, including the FASTLane program to get on schedules or the Springboard program to help get small, innovative companies into the government.

“I would like to do a little more and do it a little more quickly,” he said. “A great example would be around the ‘making it easier’ campaign in terms of getting on-schedule. We have some very good guidance for industry, but it’s still sort of guidance for how to fill out your tax form, or the solicitation in this case, versus a TurboTax-like experience. I’m pushing for that more TurboTax-like experience in that area.”

A third priority is shared services, across areas such as fleet, contact centers and other back-office areas.

“We think those are things we can do more efficiently for agency partners and then essentially give them dollars back that they can put toward their mission,” Thomas said.

The final priority is around supply chain security. Thomas said ensuring products don’t increase agency risk thresholds is a governmentwide challenge and GSA can help improve coordination, and be more proactive in how it secures the supply chain.

He said GSA may also hire a senior executive to organize and oversee those efforts.

“We want good systems and we want good people leading the businesses and portfolios we have out there serving the customers,” Thomas said.

Return to the Reporter’s Notebook