The votes are in for the 2025 FedScoop.

See the winners!

Department of Defense targeting late 2021 for completion of CMMC review

The Department of Defense expects to complete a review of its Cybersecurity Maturity Model Certification program by late 2021, delivering then any required changes to the program to industry.

The review is one of several current initiatives within the Pentagon looking at the cybersecurity program, including a probe by the Government Accountability Office, which is expected to be complete in fall.

“We anticipate the review to be completed in late 2021, at which point the Department will communicate any anticipated changes to the CMMC program to industry and other stakeholders,” a DOD spokesperson told FedScoop.

DOD’s probe of the program was initiated by the deputy secretary of defense in March this year and is focused on ensuring the program achieves its stated goals as effectively as possible, without introducing new barriers to the acquisition process.

Details of the DOD review were first reported by FedScoop in March.

CMMC was launched with the intention of boosting cybersecurity within the U.S. defense industrial base. It hinges on a verification model in which contractors working with the U.S. military must adhere to one of five tiers of cybersecurity controls, depending on the level of sensitive information they handle.

The scheme has attracted criticism from some in industry for introducing new burdens on contractors as it could unfairly penalize smaller companies.

In a letter to Deputy Secretary of Defense Kathleen Hicks last week, three industry groups asked for more communication with industry and support for small businesses trying to comply with the program — and warned that lack of information about CMMC could soon have serious financial implications for the companies they represent.

Hicks reiterated at an event in Pennsylvania at the start of September that the DOD is working with the White House and other agencies including the Small Business Administration to create more opportunities for small businesses to join federal contracting vehicles, saying the department would take “meaningful action” to remove barriers for small contractors.

Rebellion Defense military tech startup valued at $1B

Rebellion Defense — a defense and national security tech startup founded just over two years ago by ex-Department of Defense bureaucracy hackers — is now valued at more than $1 billion.

Rebellion’s unicorn status — as a startup valued at more than $1 billion — comes after it raised more than $150 million in a recent Series B funding round, as reported by Axios.

The valuation is remarkable considering Rebellion was founded in 2019 after CEO Chris Lynch stepped down from his role as director of the Defense Digital Service within the Pentagon but decided to keep his work of providing cutting-edge tech to the military going with through the startup. In particular, Rebellion provides commercial software products with a focus on battlefield awareness, artificial intelligence, data integration and cybersecurity.

Lynch founded Rebellion with Nicole Camarillo, former head of talent for the Army Cyber Command, which works closely with DDS on defense cybersecurity issues, and Oliver Lewis, a former deputy director of the U.K. Government Digital Service who has a background in defense intelligence.

Lynch told Axios that Rebellion is looking to grow its team of 160 by a couple hundred more, most of whom will be software engineers.

The company looks to stand out through its dedication to using tech to support defense and national security at a time when many larger commercial tech companies have toed that line, fearing a backlash from employees and the public. “There is a new wave of people coming into VC who have the courage and tenacity to support our nation’s defense,” Lynch said.

As part of the deal, Nick Sinai — former deputy federal CTO in the Obama administration and now senior adviser at Insight Partners, one of the leaders of Rebellion’s funding round — will join the firm’s board. Venrock joined Insight leading the fundraising deal, rounded out by Innovation Endeavors, Declaration Partners and Lupa Systems. Innovation Endeavors founding partner Eric Schmidt, who is also the former CEO of Google, and Lupa Systems CEO James Murdoch already sit on the board.

“Software excellence will define America’s national security leadership, especially in this new period of strategic competition. The ability for our nation and our allies to deter aggression and act first if needed—enabled by faster insights gleaned from our data, kept secure through continuous cyber readiness—is at the heart of the national security mission,” Sinai told FedScoop. “That’s why we at Insight Partners are excited to partner with Rebellion Defense, to support their continued growth as they build a new kind of defense software company. The Rebellion team has the talent, passion, and creativity to make a significant positive impact on our national security.”

Nuclear Regulatory Commission on track to complete EIS transition by year end

The Nuclear Regulatory Commission expects to complete its transition to the $50 billion Enterprise Infrastructure Solutions (EIS) contract by the end of 2021, nine months ahead of the federal deadline.

A success story among midsize agencies, the NRC received an A grade on the Federal IT Acquisition Reform Act (FITARA) 12.0 scorecard for exceeding 50% completion on its transition to the telecommunications and IT modernization contract and is, in fact, 98.9% done.

NRC’s network modernization goal is to reduce aging technology while embracing newer multiprotocol label switching, unified communications and wireless technologies, and Chief Information Officer David Nelson attributes his agency’s success to close collaboration with contractors.

“We have held weekly transition calls with the primes and worked closely to scrub our inventory as best we could to minimize transitioning assets and services that were no longer needed,” Nelson told FedScoop by email.

GSA gave agencies until Sept. 30, 2019, to award all EIS task orders and 142, or 68.3%, of all expected ones have been. Three of those are NRC’s.

The first was for telecommunications, audio conferencing, unified communications and network services and was awarded to Verizon. The second went to AT&T for managed trusted Internet Protocol services. And Verizon won the third for dark fiber.

“The NRC has issued all task orders it intends to issue at this time,” Nelson said. “The NRC competed all three task orders among the EIS primes and made awards to the responsible quoters whose quotations conformed with the solicitations and were most advantageous to NRC, evaluated cost, price and other factors considered.”

As of the General Services Administration‘s last EIS Transition Progress Tracking Report, only two midsize agencies are fully transitioned off the Networx, Washington Interagency Telecommunications System (WITS) 3 and GSA Regional Local Service (RLS) contracts expiring May 31, 2023. Those two are the Executive Office of the President and the Federal Deposit Insurance Corporation.

The next step for the NRC is to transition its remaining local service agreements under EIS.

“The NRC anticipates another A grade on the next FITARA scorecard,” Nelson said.

Capgemini Government Solutions to acquire cybersecurity firm VariQ

Capgemini Government Solutions on Wednesday announced that it has struck a deal to acquire cybersecurity and software contractor VariQ, for an undisclosed sum.

According to Capgemini, the transaction is expected to strengthen the company’s position in the Federal market and to build momentum for continued growth. Both companies are on General Services Administration (GSA) contract vehicles to undertake IT and software work with various agencies across the government.

“As a company we are continuing to find ways to expand our ability to serve U.S. government agencies and this acquisition would augment our digital and agile capabilities while growing our talent base,” said Jim Bailey, CEO of Capgemini’s Americas Strategic Business Unit and group executive board member. “This acquisition marks an important moment for Capgemini Government Solutions and our vision for growth in the Americas.”

VariQ was founded in 2003 and provides software development, cybersecurity and cloud services for federal agencies including the Department of Navy and Security and Exchange Commission, according to its website. It is also on the Alliant 2 best-in-class contract vehicle, according the release.

In March 2020, VariQ won a $350 million integrated IT solutions contract for the State Department’s International Narcotics and Law Enforcement Affairs’ Office of Western Hemisphere Programs.

“Joining Capgemini would provide the scale and expansive capabilities to enable us to better serve our 20+ client agencies. We look forward to delivering end to end solutions in support of our clients’ missions.” Ben Edson, founder and CEO of VariQ, said in the release.

DOD inks $374M contract for new travel management system

The Department of Defenses‘ human resources branch has inked a $374 million contract with Concur Technologies to modernize its legacy travel management system that processes about four million trips each year.

The deal, signed Monday, should result in a new system dubbed “MyTravel” that will manage the full range of the department’s travel expenses and operations by fiscal 2025. The system will replace the legacy Defense Travel System (DTS) which has received poor user ratings and the department appears eager to replace, according to the contract document.

“The Government requires a secure, efficient, and effective commercial travel solution to book travel, provide travel fulfillment service, manage travel-related expenses, and initiate travel-related financial transactions,” the contract award states.

The system will cover travel across the globe, the document states. By replacing DTS with a software-as-a-service system, the DOD hopes to be able to maintain a modern system that keeps pace with tech changes. The DTS office was launched in 2006, but recently the system has faced poor reviews from users. The contract award states DTS is a “legacy system that continues to incur technical debt through poor usability, low customer satisfaction and improper payment of travel entitlements.”

The system design was sparked by a cross-functional team of staffed by the CIO’s office and the now-defunct Chief Management Officer’s office, which was dedicated to increasing business efficiencies.

Code for America CEO says nonprofit will ‘continue to act in good faith’ during union recognition talks

Code for America CEO Amanda Renteria has said the digital services nonprofit will “continue to act in good faith” in union recognition talks and reiterated that the organization will make a decision on voluntary recognition in October.

In an internal memo obtained by FedScoop, Renteria said that the organization is facing a significant learning curve over the unionization process and that it has received the recommendation to be as thoughtful as possible about the process “without delaying or rushing.”

“As an organization, we appreciate the important role that unions have played in this country,” the executive said. “In that spirit, the leadership of Code for America remains committed to good stewardship by ensuring we can continue to live our values and make the greatest impact we can in creating a people-centered government.”

The intervention comes as part of a process to recognize a union at the organization, which began last month. It also comes as employees inside the federal government and the wider technology sector received a boost from the prioritization of rights to collective action under the Biden administration.

In the memo, Renteria said also that Code for America has appointed two law firms to assist with the union recognition process — Bredhoff Kaiser, which is working with the Office and Professional Employees International Union on unit definition, and Jackson Lewis, which is working to support management on broader HR and legal matters.

The appointment of Jackson Lewis attracted criticism on social media late Tuesday, with critics citing the firm’s track record for union-busting, including work carried out for management at technology giant Amazon.

A spokesperson for Code for America reiterated also that management is focused on resolving questions about equity and inclusion as they move forward with the union unit definition process.

Last month, FedScoop reported that the nonprofit’s management had requested additional time from staff for the union recognition process, citing a desire to educate management about the process and to engage with staff.

In August, Code for America staff revealed their intention to organize through the Office and Professional Employees International Union (OPEIU) Local 1010. So far, 62 people at the organization have signed union authorization cards, which is understood to represent about 77% of its workforce.

Under U.S. labor law, formal recognition of a union can be either granted voluntarily by an employer or through a secret-ballot election organized by the National Labor Relations Board.

In a statement, a spokesperson for Code for America Workers United said: “CfA Workers United continues to take Code for America’s leadership at their word that they are committed to working towards voluntary recognition in good faith.

“We are continuing to work with them towards swift voluntary recognition. In the meantime, we are grateful for the strong support and encouragement our unionization effort has received from the organized labor movement and folks in government agencies and civic tech,” the spokesperson added.

US must lead in ethical application of AI, says Rep. Eddie Bernice Johnson

The U.S. must lead the world in the ethical application of artificial intelligence – as well as dominating research in the field, according to Rep. Eddie Bernice Johnson, D-Texas.

The chairwoman of the House Committee on Science, Space and Technology said it was clear that the way in which federal government agencies approach AI will determine America’s standing in the world in decades to come.

“We know that AI has the potential to benefit society and make the world a better place. In order for the U.S. to be a true global leader in this technology, we have to ensure that the AI we create does just that,” wrote Johnson in an op-ed on The Hill.

“Technological progress does not have to come at the expense of safety, security, fairness, or transparency. In fact, embedding our values into technological development is central to our economic competitiveness and national security,” she said. “Our federal government has the responsibility to work with private industry to ensure that we are able to maximize the benefits of AI technology for society while simultaneously managing its emerging risks.”

The intervention follows a missive from civil rights groups late last week that called on the National Institute of Standards and Technology (NIST) to issue recommendations to prevent agencies from adopting AI systems that have discriminatory or inequitable outcomes.

NIST, which is part of the Department of Commerce, is in the process of developing a new voluntary framework that is intended to support the development and deployment of safe and trustworthy artificial intelligence.

NIST is currently soliciting public comments until Sept. 15 and will develop the framework in several iterations to allow for stakeholder input. The new framework is intended to manage the work of both public and private sector researchers.

Companies show early interest in ATARC’s Zero Trust Lab

The Advanced Technology Academic Research Center expects around 30 companies to participate in its Zero Trust Lab, having begun the intake process Monday.

ATARC‘s lab will showcase technical architectures and hardware and software solutions addressing 12 zero-trust scenarios identified by the government members of its Zero Trust Working Group.

The launch of the Zero Trust Lab follows the success of ATARC’s Trusted Internet Connections 3.0 Demonstration Center, which was geared toward remote computing and wrapped at the beginning of 2021.

“Zero trust was a lot bigger of a concept,” Tom Suder, president of ATARC, told FedScoop. “You have to worry about your network in zero trust, but then you’ve got to worry about the software side.”

For that reason the Zero Trust Lab will employ a virtual environment from Acuity, where companies can put their software, in addition to the physical, data center environment created by Equinix for the TIC 3.0 Demo Center. The cloud will connect the environments, so companies can choose whether to use one or both.

Because no one company can be the entire zero-trust solution for an agency, combinations of an integrator and several different products will be needed to address ATARC’s 12 scenarios:

ATARC will house four to five zero-trust solutions in the lab at any one time and let one or two companies present their hour-and-a-half demos per week to agency officials. The TIC 3.0 Demo Center saw about 50 to 60 officials attend each presentation, Suder said.

Another perk of the Zero Trust Lab is it’s a neutral environment, as opposed to the curated environments agencies set up, affording companies an even playing field, Suder said.

Rather than having participating companies requisition their equipment at the end of their initial demos, for Phase 2 ATARC intends to let them stay in the environment and have government submit additional, agency-specific use cases on a rolling basis.

“Zero trust is going to be here for a while,” Suder said. “We haven’t solved it by any stretch of the imagination.”

Company submissions are due Friday via the intake form.

ATARC has not only created a unique space for agencies to assess software products, but the Zero Trust Working Group has fostered conversations comparing solutions between agencies like the departments of Homeland Security and Justice.

“I think at the end of the day it is helping the entire government really be able to validate some solutions without having to set up their own environment,” Suder said. “I think it raises the collective IQ.”

The VA is looking to 5G to enable ‘X-ray vision’ for doctors

As the Department of Veterans Affairs expands its use of 5G wireless technology in its medical centers across the nation, the enhanced network infrastructure could soon support physicians going into an operation with “X-ray vision.”

The VA has put 5G-enabled augmented reality to use for more than a year now under what it calls Project Convergence to give doctors the ability to look at and manipulate large imaging files, like MRIs or CT Scans. While the program’s initial work so far has focused on training, education and pre-surgical planning before an operation, the hope is soon VA doctors will be able to use AR headsets to superimpose that medical imaging on a patient for “safer and more effective procedures,” says Thomas Osborne, director of the VA’s National Center for Collaborative Healthcare Innovation (NCCHI).

The VA has already been able to do the so-called augmented reality X-ray vision in a lab setting, Osborne told FedScoop.

“We’re right on the cusp of taking that information in superimposing it seamlessly on top of the patient in front of you,” he said of doing it in an actual medical procedure. “And so at that point, you literally have X-ray vision.”

Such a scenario would be massively beneficial, Osborne said. “All kinds of opportunities open up, not only for just like understanding what’s going on with the person in front of you and quite frankly literacy for everybody involved, trainees and patients, to understand what’s going on. But now you can see exactly where that thing is. There’s an opportunity for us to have safer, more effective procedures because we can go in and find the safest path without having to worry about hitting things that you don’t want to hit like vessels and nerves and going to the most precise and efficient way.”

While such an innovation depends on powerful imaging software and a cutting-edge AR headset, it’s the 5G network that sets up the foundation for the capability of processing such large imaging datasets in real-time.

Osborne described the move from 4G to 5G networks and how data flows on them like going from riding a bike down a dirt road to moving to “a five-lane superhighway without traffic.”

“You can have more data and be able to process more data, take it from one place, like the point of care, and bring it to another place efficiently and fast, like a supercomputer or a cloud-based analytics platform where that information can be processed and turned into knowledge and wisdom and then brought back to the point of care so you can have real-time clinical decision support,” he said of 5G. “And the more elements you bring into that system, the better you are empowered to come up with the most precise action actionable and personalized care.”

Osborne continued: “It’s sort of a foundational infrastructure that allows us to build and to do more than we could have otherwise.”

With a traditional wired or 4G wireless infrastructure, “it just wouldn’t be possible — you’d have processing times that are too slow,” he said.

Project Convergence is but one of the many innovations NCCHI is looking to bring to veteran healthcare. And many others similarly rely on the bandwidth of 5G to transmit large swaths of data. For instance, the center is looking to use 5G-enabled drones on medical campuses for search and rescue of missing patients or other emergencies. The VA is even looking at hologram-like telepresence, which would allow remote patients receiving telehealth to “virtually bring someone into the room with them,” Osborne said.

NCCHI has many other projects that aren’t beholden to 5G, like its work on sensor-driven fall prevention devices, artificial intelligence that can predict kidney injuries, and a smart cane for the blind that uses LIDAR.

The hope is that NCCHI can be an incubator for these innovations that can then scale to medical centers across the U.S.

“The goal is to spread those ideas for others to benefit from,” Osborne said.

3 myths about moving to the cloud and how to think about them

When the federal government issued its “Cloud First” policy more than a decade ago, the virtues of virtualized infrastructure were full of promise. The strategy promised a path forward for agencies to migrate to a safer, more secure and more economical IT operating environment. What wasn’t promised was the notion that the journey would be easy.

Over the course of the last 10 years, as agencies threw themselves into cloud modernization projects, three myths evolved that continue to weigh down assumptions about moving to the cloud, according to two experts who spoke at a recent SNG Cloud Live Event. And while agencies have come a long way in understanding what’s required in standing up cloud services, understanding these myths — and how to think about them — are essential to the long-term success of any agency cloud initiative.

Myth 1: Cloud is cheaper

Brian Merrick, Director of Cloud Programs at the Department of State, said one of the biggest myths surrounding cloud migrations is that they are all, somehow, cheaper and automatically result in immediate cost savings.

“That’s not totally the case,” Merrick said. “You have to look at it in the totality of your operation. You end up spending more because you’re doing more with the cloud. It gives you great opportunities to do a lot of functionality, and you’re going to end up finding more to do with it. And that’s going to bring with it a cost,” he said.

Juliana Vida, Group Vice President and Chief Strategy Advisor for public sector at Splunk, and former deputy CIO at the Pentagon, agreed that there are costs agencies must be prepared for, but said those costs can be offset by new efficiencies.

“I think the key is to set expectations accurately from the beginning and not position cloud investments or IT modernization as initial cost savings — just so that other stakeholders don’t think that it’s a really quick solution to a complicated problem and it’s going to drive cost savings right away,” Vida said.

The same thing is true with legacy IT modernization, according to Vida. Eventually, every agency realizes that IT modernization projects involve ripping out old infrastructure. “It’s worth the investment, you just have to know upfront that you’re not going to be saving dollars right out of the gate,” she said.

Myth 2: Cloud is easy

For years, agencies have been sold on the myth that moving to the cloud is going to simplify IT — and lead to a single pane of glass to manage an entire IT environment.

“The reality is, it’s just too complex for that in most use cases, especially if you have a multi cloud environment,” Merrick said.

Many agencies turn to SaaS tools and other cloud platforms to speed up their modernization journey without necessarily having to invest right away in cleaning up the entire back end. But sometimes they don’t have enough money to do that upfront. And that’s an eye-opener, said Merrick.

“So they’re looking for that hybrid approach to sort of plug the gap until they can get there with their process evolution. But it’s a lot more complex on the architecture side and the policy side, when you think about it,” Merrick said. “Our traditional network folks have spent their careers trying to keep the cloud out or keep things from leaving the environment when you’re saying, open it up. And that’s definitely a challenge for policy folks who have to work through good security strategies to do that.”

The good news is that cloud technologies have evolved significantly over just the last few years in terms of inherent cybersecurity capabilities, inherent openness and agility and scalability, said Splunk’s Vida.

“So technology isn’t the problem. There’s no lack of very good, scalable, agile technology that the government can use,” she said. “But again, it’s not a one stop shop, and it’s not out of the box. You’re going to get exactly what you need, generally, and setting that expectation upfront is really important.”

“The key,” she added, “is to actually get into conversations with your vendor partners, or your integrator partners, and figure out what works best for you in terms of the technology that will help you tap into and optimize the other products that you have.”

Myth 3: You’re the only agency facing a talent shortage

The IT talent shortage is all too real. But sometimes it can feel like only your organization is having trouble finding enough workers to fill critical IT jobs.

Merrick and Vida both agreed, however, that all organizations are going through the challenges of finding enough skilled workers.

“I think that in the public sector, a lot of agencies and a lot of leaders feel that they’re the only ones that have a talent problem or have a struggle with getting talent,” said Vida. “But that’s not necessarily true. We are all fighting for talent, we in industry, government agencies, nonprofits, and we do better when we do it together.”

But fresh talent doesn’t only exist outside an organization, Vida said. “I think we often forget about the upskilling of existing talent, as opposed to just grabbing new talent and bringing it in. All those skills don’t have to come from newly graduated college students. There are a lot of people in the federal government and other state local governments who want to be doing public service and they’ve been doing it for a long time. Now’s the opportunity to tap into those folks that have a heart for the mission, and that want to really be contributing to the missions of the government and teach them new things and let them be excited about work again.”

View the full on-demand discussion (Panel 6) with Brian Merrick and Juliana Vida. And learn more about how Splunk is helping government modernize their IT environments and strengthen their zero-trust architecture.