Catalog management leads GSA’s planned federal marketplace updates for 2021
The General Services Administration is set to acquire a web interface for managing and improving the quality of data collected for GSA Advantage! customers in the spring.
The pre-solicitation for the Common Catalog Platform (CCP) will seek information from the 12 contractors on the current Chief Information Officer Modernization and Enterprise Transformation (COMET) blanket purchase agreement, followed by a request for quote.
CCP is part of the Federal Acquisition Service‘s effort to improve catalog management so customers can more easily search, compare and buy needed offerings on GSA‘s online purchasing service, called GSA Advantage!, and elsewhere.
“We’re continuing to streamline and improve how we manage data associated with the more than 50 million products and services offered through the federal marketplace,” wrote Sonny Hashmi, commissioner of FAS, in a blog post Monday.
CCP will also reduce the time it takes suppliers to manage their catalogs by replacing the Schedules Input Program for Multiple Award Schedules (MAS) contract holders. And FAS workers will have an easier time reviewing and approving catalogs.
Catalog management is one of the four pillars of FAS’s Federal Marketplace (FMP) Strategy, a framework for making continuous improvements to GSA’s buying and selling experience. Numerous updates were announced in an FMP Strategy winter release.
Another catalog management improvement is faster catalog load times for suppliers via an Authoritative Catalog Repository, which also ingests data for new MAS produces for CCP.
And GSA continues to onboard manufacturers to the Verified Products Portal (VPP), containing specifications for commercial-off-the-shelf products. GSA will update the MAS solicitation in April to allow authorized resellers of VPP products to use that data without providing a letter of supply. The changes are intended to help customers avoid buying counterfeit or noncompliant products, standardize contractor catalogs, reduce the burden on resellers and FAS workers find and remove unauthorized products.
SAM.gov
Also part of the FMP Strategy is the improvement of the Integrated Award Environment (IAE), at the heart of which is beta.SAM.gov. The website will eventually be a one-stop shop for all federal award information, and will lose the “beta” part of its moniker this spring when the original System for Award Management (SAM) is merged into the IAE.
“This is exciting for many reasons, not the least being suppliers and buyers will find it easier to get things done,” Hashmi wrote. “No longer will you have to log on to two sites to conduct business; everything will be housed on the new SAM.gov.”
That business includes registering to deal with government, find exclusion records, search for contract opportunities, find wage determinations — all under a single sign-on.
Expect changes to the look and feel of beta.SAM.gov shortly before the merger, Hashmi wrote.
T-Mobile brings 5G to Miami VA medical system
The Department of Veterans Affairs has added another 5G hospital to its growing list of medical facilities enabled with the next-generation wireless network.
T-Mobile announced it has deployed its Ultra Capacity 5G service “in and around” the Miami VA Healthcare System, providing in-building coverage with average speeds of 300 Mbps and peaks at 1 Gbps.
This allows medical providers in the hospital to “quickly access high bandwidth files such as imaging results, labs and medical charts without having to be tethered to a computer,” T-Mobile said in a release. T-Mobile claims to have the “fastest 5G network of any provider.”
“We set out to do good with our 5G network and right now healthcare is more important than ever,” said Mike Katz, executive vice president of T-Mobile for Business.
The Miami VA Healthcare System is no tiny hospital. It serves veterans in Miami-Dade, Broward and Monroe counties in southern Florida, with an estimated veteran population of 149,704, providing 372 hospital beds, according to the VA. The Bruce W. Carter Department of Veterans Affairs Medical Center, the main facility, sits on 26 acres of land and is connected to several outpatient medical facilities and counseling centers.
“Groundbreaking collaborative partnerships like this play an important role in our success moving forward and we are grateful to T-Mobile for their continued commitment to the partnership with VA,” Deborah Scher, executive advisor to the VA secretary, said in a statement.
T-Mobile has also partnered with the VA to provide 70,000 lines of wireless service to doctors, nurses and staff and free unlimited access to online telehealth for veterans, a service that has surged during the COVID-19 pandemic.
Last month, the VA announced a similar partnership with AT&T at the VA Puget Sound Health Care System in Seattle to pilot 5G and multi-access edge computing in its facilities. A Silicon Valley VA hospital has also been experimenting with 5G provided by Verizon to power augmented reality visualization.
The Department of Defense too is trying to get a head start on bringing 5G to some of its bases around the country through a series of commercial-driven pilots focused on providing services like smart warehouses, virtual reality and more.
Air Force turns to VR for suicide prevention training
The Air Force is turning to virtual reality technology to train its airmen to recognize and help others at risk of self-harm.
The service is using VR training to put airmen in life-like situations to practice how to get a distressed person help. With social distancing requirements, in-person training and face-to-face conversations pose a greater risk for COVID-19 transmission, a risk reduced by VR training with users communicating through a headset.
The Air Force has also embraced VR for other training, like flying and maintenance.
The rate of airmen dying by suicide has increased in the past few years, up from a 2018 rate of 18.5 per 100,000 to 25.1 per 100,000 in 2019, according to recent DOD data. Conclusive data on the rate in 2020 is not available, but initial reports indicate a further increase during the first months of the coronavirus pandemic.
“We are excited and highly motivated to be the catalyst for this innovative suicide prevention program,” Brig. Gen. Norman West, Air Mobility Command surgeon general, said in a release. “The VR scenario is very realistic and this is the type of training we need to save lives in the real world. One life lost to suicide is too many.”
The technology was recently used in a training session at Travis Air Force Base in California at the behest of the Air Mobility Command leader, Gen. Jacqueline Van Ovost. New modules were tested featuring clips of actors and on-screen prompts for what trainees should say, according to a video posted by the Air Force. Other modules are in development for instructors and other members of the Air Force working on suicide prevention.
The technology works by guiding airmen through a training session and then into a role-playing scenario where they speak directly with an actor who displays distress signs. A coach listens in on the session, and if trainees are not following procedures, they are reminded of specific questions they are supposed to ask, like “Do you have a gun in the house?” or “Are you thinking about harming yourself?”
“We believe this training will not only save lives but prepare our Airmen for tough conversations that will build a more resilient force,” said Victor Jones, AMC Suicide Prevention program manager.
Leaders overseeing the program are also using the tech to pick up on subtleties in how airmen interact with the VR experience.
“[W]hen someone needs to say something tough, they don’t say it as loud as the rest of what they say,” according to the release. That’s a data point trainers are using to encourage airmen to be confident in getting others help.
Spouses of airmen are also being offered the training and it is expected to continue as more modules are created by Moth and Flame, the VR studio contracted to make the content.
If you or someone you know needs help, call 1-800-273-8255 for the National Suicide Prevention Lifeline. You can also text HOME to 741-741 for free, 24-hour support from the Crisis Text Line.
Basic cybersecurity standards must start with procurements, experts say
Government must do a better job of setting minimum cybersecurity standards when buying IT to avoid more breaches like the ones agencies suffered after the SolarWinds hack, say cyber experts.
Large procurements, in particular, should be used to drive modern security architectures that better protect entire systems, said Jeanette Manfra, director of government security and compliance at Google and a former top official with the Cybersecurity and Infrastructure Security Agency.
If agencies consider the risks of introducing software like SolarWinds Orion to their networks during the procurement process, they’ll also avoid introducing vulnerabilities.
“The government is a very large consumer,” Manfra said during a Center for Strategic & International Studies event Friday. “They need to be driving what those security standards are that they want to see through their procurements.”
While the government should also establish minimum cybersecurity standards for the private sector, experts agreed they should be voluntary and not become a check-the-box activity for companies.
The SolarWinds software supply chain attack began in March and was massive in scale at nearly 18,000 intrusions. At least nine federal agencies were compromised, with the extent of the damage still being assessed.
While the hack was detected in December and widely reported to have been committed by Russia, the reality is that true attribution is ongoing, said retired Lt. Gen. Ed Cardon, senior counselor at the Cohen Group.
All of this points to gaps in information sharing between government and the private sector.
“Info sharing is a pretty broad term,” Cardon said. “Just simple things like worldwide collection of DNS logs, it’s amazing how if we would just do that we could do a lot with attribution. But often those are missing; they’re not collected.”
CISA, which Manfra left in November 2019, continues to make inroads with companies to determine who has the information it needs to avoid specific cyberattacks, she said.
The agency was established to be the central clearinghouse on the civilian side for threat information from the private sector, said Rep. Michael McCaul, R-Texas.
The ranking member on the House Foreign Affairs Committee said he’s planning to introduce legislation establishing a mandatory breach notification system. Breach data could be easily anonymized to protect the companies involved and liability protection ensured, so companies wouldn’t withhold information for fear of lawsuits, McCaul said.
“Some companies don’t report this at all,” McCaul said. “And it’s important we have that threat information to share it not only with the private sector, where 80% of this resides, but across all departments within the federal government.”
DISA’s Vice Adm. Norton retires
Vice Adm. Nancy Norton left one of the military’s top IT jobs Friday as she retired from her directorship of the Defense Information Systems Agency and command of Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN).
Lt. Gen. Robert Skinner of the Air Force replaced Norton at a change of command and directorship ceremony Friday.
Norton leaves at a critical time for DISA as it prepares to issue an $11 billion IT services contract, lead a major consolidation of support agency IT networks and continue investigating the SolarWinds hack. DISA will also maintain its own pivot to maximum telework and continue supporting DOD’s adoption of the Commercial Virtual Remote environment.
“We have done an amazing job,” she said during a virtual roundtable with reporters Thursday. “The thing that was most important, is how we have treated each other as people.”
Supporting the military’s shift to telework was not the first major crisis she steered DISA through. Under her watch, DISA was almost eliminated by Congress in 2018, a move she helped thwart. She said that “telling the DISA story” and increasing the transparency of the agency was what helped save it from the chopping block.
“It is pretty amazing if you think about what would have happened in 2020 if that had happened,” she said of the potential cutting of DISA’s funding.
Amid the response to a global pandemic, Norton also helped oversee the response to the recent SolarWinds breach. As commander of the Joint Forces Headquarters-Department of Defense Information Network, Norton leads the operation and protection of the military’s IT networks, which were targets of the suspected Russian hackers who led the larger cyberespionage campaign. DISA said it did not find any bad actors on DOD networks, but investigations remain ongoing.
Norton joined the Navy as an officer in 1986 and rose to become the first female director of DISA in 2018. While leading the DOD’s IT support agency, she pushed for more diversity and inclusion in the military technology community.
Network consolidation
DISA’s plan to make itself the single service provider for defense support agencies, dubbed the Fourth Estate network optimization initiative (4ENO), is a massive undertaking involving technical consolidation, personnel shifts and workforce restructuring. With Norton at the helm, DISA broadened its mission with the project.
The process is already underway with the Defense Technical Information Center already transitioning help desk and IT personnel into DISA, Norton said. More migration is expected to happen under Skinner’s directorship.
A part of the migration will be the award of the Defense Services Enclave (DES) contract for a single vendor to help with the technical integration of disparate networks — a deal that’s worth up to $11 billion.
The contract will be an indefinite-delivery, indefinite-quantity vehicle with task orders issued for specific work. The agency anticipates a 10-year work period, but the contract will have an initial four-year base with three optional two-year extensions.
“The concept of making DISA the single service provider is really something new,” Norton said. “That is really exciting.”
Pandemic pushed National Cancer Institute to commercial software for telemedicine, CIO says
Prior to the COVID-19 pandemic, the National Cancer Institute relied on “expensive and not user-friendly” custom systems for its telemedicine. But as the need to see patients remotely grew over the past year, the institute turned to commercial software that could more easily support its scaling needs, CIO Jeff Shilling said.
NCI began using Microsoft Teams to communicate with and administer telemedicine to patients in clinical trials. This let both the NCI doctors and researchers and the patients stay safe while continuing care.
People had their doubts about using commercial software for such a highly sensitive mission set. But it was a crisis, and NCI was forced to go into crisis mode to make the move.
“Never let a good crisis go to waste,” Shilling joked during an SNG Live session Thursday. But on a more serious note, he said of people’s concerns using Microsoft Teams for sensitive communications, “Listen, we’ve got to talk to these people. We have many people dying of cancer — many, many millions of people dying of cancer — we can’t worry about some of these things.”
NCI did work with Microsoft to “make sure that everything was encrypted properly, everything was a unique connector,” Shilling said, adding that Microsoft did everything “really well,” rising to the occasion because it too was in crisis mode.
At the end of the day, the new model was successful, Shilling said, because the commodity IT was ready to scale immediately and it was user-friendly from the start — and, perhaps more importantly, it was cheaper.
“The doctors don’t use special medical computers, they use Macs and PCs, just like everybody else,” he said. “So they have all the benefit of using these commodity tools. And so we think we can use these commodity tools in telemedicine as well. And that’ll extend past the patient, to radiology, to pathology, all these things that we can start to use the standard tools, it’ll make it just much, much more portable. And we need that. We need it because we need more medicine for more people. And the only way we can do it is to make it less expensive.”
Dr. James Gulley, director of the Medical Oncology Service at NCI, and his team were some of the first to make the move to Microsoft within the institute last spring. He said in an interview published by the National Institute of Health that his team “quickly got used to the platform, and it became our preferred means of communication between team members, other collaborators and patients.”
“This has opened up opportunities for us to communicate more effectively with patients at home,” Gulley said. “Phone conversation can get some of the information however much of communication is nonverbal. This also provides improved efficiency for patients and healthcare providers and decreases costs in both money, time and potential exposure to SARS-CoV2.”
How open technology and process help the public sector innovate
SBA adapting IT systems providing COVID-19 relief amid program changes
The Small Business Administration continues to adapt its IT systems processing COVID-19 relief applications to address changing program requirements.
The Biden administration announced a two-week window starting Wednesday where only small businesses with less than 20 employees may apply for Paycheck Protection Program (PPP) forgivable loans to keep their workforces employed during the pandemic.
As new legislation and executive mandates attempt to provide relief where it hasn’t yet been granted, SBA is scrambling to make changes to its E-Tran loan system and program portals.
“We’ve been obviously faced with a tremendous scaling challenge…in terms of the volume of transactions we are processing,” said Sanjay Gupta, chief technology officer at SBA, during an ATARC event Thursday. “But also more importantly the velocity at which we are processing this higher volume.”
Businesses went under because initial PPP loans dragged into the summer as SBA struggled to process requests for $400 billion in relief funds and adjust E-Tran to shifting rules for eligibility, financial institutions, terms and conditions, and transferring loans into grants.
SBA also responds to disasters, and President Biden declared Texas’ snowstorm a major disaster earlier this week. The declaration will mean a workload surge for SBA on top of dealing with PPP and Economic Injury Disaster Loans for the pandemic, Gupta said.
Fortunately, SBA’s cloud migration began in 2017, allowing it to scale with increased employees better than it would otherwise. But in March the agency accelerated implementation of a cloud-based secure connector, in lieu of its traditional virtual private network, to improve security and visibility into traffic and performance.
Conditional access — which throttles users’ access if they fail to meet certain conditions related to things like where they’re connecting to the network — has proven helpful during the pandemic. The same is true for geofencing, which took six hours to implement in March and took care of traffic from foreign countries trying to access pandemic loan portals, Gupta said.
SBA is relying on native capabilities more heavily when it comes to cybersecurity tools, anomaly detection and machine learning.
“We are automating these things,” Gupta said. “So a year from now you’ll see a higher resilience posture.”
Uniquely identifying virtual machines on SBA’s network continues to be a challenge however, Gupta said. He led SBA’s 90-day Continuous Diagnostics and Mitigation modernization effort in coordination with the Cybersecurity and Infrastructure Security Agency, and together they developed a model for identification.
Virtual machines are instantiated as needed and may need to be created and destroyed in microseconds. SBA’s model attempts to track and manages those machines in a cloud environment and was published in a report, but the CDM team has yet to release guidance.
“I’m sure it’s in the works,” Gupta said.
NSA issues zero trust guidance, urging DOD and contractors to adopt model
The National Security Agency issued a cybersecurity information sheet Thursday with instructions for defense agencies and contractors on how to set up a zero-trust network architecture.
In it, NSA urges the entirety of the Department of Defense and its contractors to implement zero trust for sensitive systems to better prevent data exfiltration.
“NSA strongly recommends that a Zero Trust security model be considered for critical networks to include National Security Systems (NSS), Department of Defense (DoD) networks, and Defense Industrial Base (DIB) systems,” according to the cybersecurity information document.
The push to zero trust — where compromise is assumed and users are asked to verify their identity as they move around a network — has grown stronger after the discovery of the massive SolarWinds hack last year. The penetration of sensitive network components by suspected Russian hackers in the breach was another dire example of cybercriminals gaining wide access to information once in a network.
“Adopting the Zero Trust mindset and leveraging Zero Trust principles will enable systems administrators to control how users, processes, and devices engage with data,” NSA said in a release. “These principles can prevent the abuse of compromised user credentials, remote exploitation, or insider threats, and even mitigate effects of supply chain malicious activity.”
The seven-page document is just the beginning of the reference architecture the NSA plans to release to help contractors and DOD components move to a zero-trust model. The agency teased late last year a reference guide it has been working on in partnership with the Defense Information Systems Agency that it plans to release in 2021.
The document includes the pitfalls and challenges associated with its implementation. A lack of commitment by leadership to enterprise wide adoption is primary among those challenges listed in the document.
“With the pervasive need for Zero Trust concepts to be applied throughout the environment, scalability of the capabilities is essential,” the document states.
DIU sees another year of growth in spending, tech transition
The Department of Defense’s Silicon Valley outpost continues to award cash to companies looking to break into the defense market, growing its number of prototype contracts and transitioned technologies in 2020, according to its annual report.
In 2020 the Defense Innovation Unit transitioned 11 programs into full production, meaning it turned a prototype deal into a follow-on contract awarded by a military department or agency.
While an increase from the nine technologies transitioned the year before, it is a small drop in the massive bucket of tech programs run across the DOD.
DIU increased metrics across the board, including new programs started, some of which were launched to contain the spread of the coronavirus in service members. 2020 was DIU’s fifth year of existence, a milestone that was not guaranteed since it was set up as an experiment by then-Secretary of Defense Ash Carter.
The DIU has been the darling of some technology innovation advocates, with its former director calling for a “10x” multiplication of its budget in a congressional hearing. But the challenge for offices like DIU is not necessarily getting companies to build prototypes but rather scaling innovation and disruptive technology use across the massive department. In its five years, DIU has only transitioned 26 technologies, according to the report.
“Now is the time to supercharge DOD access to innovation,” Raj Shah, the first DIU director said during a hearing for the House Armed Services Committee’s Future of Defense Task Force in 2019.
Another change to DIU’s operations this year was the breadth of programs it worked on. It launched 23 new programs, a 35 percent increase over 2019. It placed a large focus on tech that could enhance the DOD’s response to COVID-19. One program created wearables that could detect subtle changes in the wearer’s behavior to identify infected service members.
Another new program Blue sUAS found success outside of just the military, giving agencies options to purchase drones that meet security requirements. The program certified five drones that met cybersecurity and other standards for government use in the face of concerns over Chinese-made drones. Local government agencies also have access to the program.
Artificial intelligence-based technologies continue to be a priority for DIU, the report noted. DIU is not alone in its interest, with similar rapid acquisition offices like AFWERX prioritizing AI procurement as their largest budget area.