The federal government’s procurement portal leaves beta with focus on data security
The federal government’s one-stop-shop for contracting activities SAM.gov dropped the “beta” from its name Monday.
The General Services Administration, which hosts the website, finalized the integration of the original System for Award Management (SAM) system — which featured entity registration, entity reporting and disaster response registry — with functions from beta.sam.gov, like contracting opportunities, on Monday to create a single system spanning all elements of federal contracting.
GSA made about 50 improvements to SAM.gov from its beta version based on 35,000 pieces of user feedback, with a focus on data security, during the transition.
Changes include single sign-on across datasets, optional identity proofing for entity administrators via login.gov that’ll become mandatory in fiscal 2022, and user roles controlling information access.
“We heard from our users that data security was critical to them and were asked to ensure our products include the latest security controls,” Katherine Rollins, project analyst at GSA, told FedScoop. “With over 734,000 active registrations as of April 2021, we understand the balance of data transparency and data protection.”
SAM.gov now allows users to check entity registration status and search reports and exclusions directly from the homepage, so long as they sign in. More than 54,000 registrations were started or updated in the last month, and a new “Getting Started” page walks users through the four main steps while explaining requirements and timelines.
GSA is in the process of assigning every organization that does business with the government a Unique Entity Identifier (UEI), and SAM.gov displays UEIs along with their current Data Universal Numbering System (DUNS) number — slated for retirement in April 2022. UEIs are now visible on contract opportunities if the corresponding entity won an award.
“By assigning the UEI in the entity record, we’re enabling those doing business with the government to begin the conversion now,” Rollins said. “Making it visible almost a year before it becomes authoritative gives you time and flexibility to prepare.”
SAM.gov’s search function remains a work in progress since being one of the first features added to the website in 2017. Users can now manage saved searches across domains in one place, and existing filters have been streamlined and new ones added.
Users still want more advanced keyword options based on focus groups that have provided feedback on more than 50 iterations of the search function.
“The search is working for a lot of our current users, so we don’t want to make a change that breaks it for them,” Rollins said. “But we do want to allow for those advanced keyword operators in the search, and that is a huge ask from our user base.”
According to Rollins, easing users into the transition has been a priority for the agency.
GSA migrated all user roles and permissions and entity-related data ahead of the switch while ensuring existing beta.SAM.gov logins still worked.
“This integration couldn’t interrupt the work or the business of the federal government or the work that the entities needed to do,” Rollins said. “In order to help with this — because we have over 1.5 million registered users as of April 2021 — it was essential to create a seamless transition for our users.”
While beta.SAM.gov is no more, six remaining legacy award systems still need to be merged as part of GSA’s larger Integrated Award Environment initiative.
Wage Determinations Online and the Catalog of Federal Domestic Assistance were the first two systems retired, followed by FedBizOpps.gov and SAM.gov. The remaining systems are: the Federal Procurement Data System-Next Generation, Contractor Performance Assessment Reporting System, Federal Awardee Performance and Integrity Information System, Past Performance Information Retrieval System, Electronic Subcontracting Reporting System, and FFATA Sub-award Reporting System.
“The new SAM.gov is the foundation for more improvements to come,” Rollins added. “As more systems merge, you’ll begin to see even more connections within the data.”
Department of Justice closes criminal investigation into Booz Allen Hamilton
The Department of Justice has shuttered its criminal investigation into Booz Allen Hamilton, the company revealed on Friday.
The federal contractor in its report for the financial year 2021 said the criminal probe had been abandoned but that civil DOJ and SEC investigations into the company are still pending.
“I am pleased to report that the Department of Justice has closed the investigation that we first disclosed in June 2017,” said Booz Allen President and CEO Horacio Rozanski, speaking on the company’s fourth-quarter conference call.
Booz Allen in 2017 disclosed that it was under criminal and civil investigation by the DOJ in relation to accounting and indirect cost charging practices relating to its government work.
“The company may receive additional regulatory or governmental inquiries related to the matters that are the subject of the DOJ’s investigation,” Booz Allen wrote in a regulatory filing last week. “In accordance with the company’s practice, the company is cooperating with all relevant government parties.”
The federal contractor said also that it has been in contact with other regulatory agencies and bodies including the SEC, and it is working with lawyers to respond to probes that remain ongoing.
It comes as Booz Allen on Friday reported a 14.7% year-on-year rise in operating profits for the fourth quarter of fiscal year 2021, as well as earnings per share of $1.43, up from $0.98 in the prior-year period. The company’s net income rose by 43.4% year on year to $199.2 million.
Despite COVID-19 headwinds, the company said it had been able to preserve its profitability in part through strong cost management efforts and reductions in travel expenses.
Speaking on its Q4 earnings call, CEO Rozanski noted that growth at Booz Allen’s civil business segment had slowed during the second half of 2020.
“This was largely related to a pause on a large cyber program due to funding availability, which occurred in the third quarter and continued into the fourth quarter.
“Given the importance and criticality of this program for the client, we believe work will ramp up again in the coming quarters,” the executive added.
Bill Hunt joins SEC’s Cloud Center of Excellence
Senior government technologist Bill Hunt has joined the Cloud Center of Excellence at the Securities and Exchange Commission (SEC).
He takes up the role of assistant director at the unit, after previously working as chief enterprise architect at the Small Business Administration (SBA). Hunt reports directly to the agency’s CIO, David Bottom.
Prior to working at the SBA, he was cloud policy lead at the Office of Management and Budget, and before that was a digital services expert at the Department of Veterans Affairs.
Earlier in his career, Hunt held frontline development roles at nonprofit organizations including the Sunlight Foundation and the OpenGov Foundation. Before this, he worked in the private sector, including as a developer at WillowTree Apps and Boyd Caton and Grant Transportation Group.
During the COVID-19 pandemic, the SBA was tasked by Congress with distributing about $350 billion in small business loans and grants. The agency spends a little more than $100 million on IT annually.
The SEC’s Cloud Center of Excellence was established with a view to accelerating the implementation of new systems at the agency and to promoting experimentation. In 2019 the Office of Inspector General identified failings of the SEC’s adoption of cloud computing services, including that it had not effectively implemented strategy or tracked related goals.
The SEC did not respond to a request for comment on Hunt’s appointment.
U.S. Army will transfer staff and tech to Space Force without disruption: Lt. Gen. Karbler
The most senior officer in charge of the U.S. Army’s space and missile defense command has said that the service will transfer staff and technology to the recently-established Space Force without any gaps or lapses in capabilities.
“The expectation is, when it goes over to the Space Force, it stays the same,” said Lt. Gen. Karbler, referring to space assets and capabilities.
“[T]here is going to be no such thing as an [initial operating capability] or [functionally operating capability] it’s an operational capability,” he added.
The comments come as the army works with the Space Force to establish how the two services will share resources and operate together in space, which will involve the transfer of some technology and personnel.
According to Karbler, the U.S. Army Satellite Operations Brigade will be among the units that move to the Space Force. The unit is responsible for the operation of military communication satellites.
Military strategists and members of Congress have debated how the Space Force will fit into the current structure of military organizations. Members of the defense committees have largely been supportive of launching the new service, but some have questioned how space operations will be shared.
The transfer will be gradual after Oct. 1, the first day of the fiscal 2022 year. Most of the change will be in the who gets the money in their budget for the capability and which service has management over the programs.
Air Force to trial Wi-Fi hotspot-like tech in tankers and fast jets
The Air Force announced Friday that it is taking a “critical step” towards a new internet-of-things for war by installing communications pods into certain air tankers and fast jets.
The pods act like Wi-Fi hotspots, allowing the aircraft to relay large streams of data without having to land. The technology will initially be used with F-22 Raptor and F-35 Lightning II fighter jets, and also with KC-46 Pegasus tankers.
“A critical step in the progress of any military program…is the establishment of the manpower, resources and doctrinal infrastructure that underpin the program,” the Air Force said in a statement announcing the new technology trial.
The trial is part of the Air Force’s Advanced Battle Management System (ABMS), which aims to connect everything in and around a battlefield and then to use artificial intelligence to make sense of the data.
ABMS is the Air Force’s part of the broader Joint All Domain Command and Control (JADC2) strategy. JADC2 is the Department of Defense’s plan to connect sensors from all US military services into a single network which, theoretically, could be more effective and less costly.
As part of the program, the Air Force has appointed new senior management as part of the program, as well as investing in technology. A new cross functional team has been established under the command of Brig. Gen. Jeffery Valenzia.
The new communication pods are some of the first physical pieces of ABMS tech reaching the field, but the Air Force is previewing new digital components coming online soon. The backbone of much of the program will be data libraries and new digital infrastructure that will store and transmit data between any platform in a battle, Air Force leaders have said.
Oracle files response brief in JEDI contract fight
It’s been almost three years since Oracle first launched its bid protest campaign to invalidate the Pentagon’s potential $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud contract. This week the cloud company made its latest case to the U.S. Supreme Court for why it believes the cloud mega-contract is in violation of federal law.
In a response brief filed Monday, Oracle continued its push to label the Department of Defense acquisition as an irregular single-award contract with “prejudicial,” competition-limiting gate requirements.
“Absent this Court’s intervention, the JEDI contract will proceed for the next decade as an illegal single-source award,” the company said in its submission to court.
Earlier this year, Oracle filed a petition for writ of certiorari, which is the legal process required to appeal for the Supreme Court to review a lower court’s decision. In this case, Oracle has asked the Supreme Court to review the Federal Circuit Court of Appeals’ decision to uphold the JEDI procurement. Oracle has previously lost out in appeals made to the Government Accountability Office and the Court of Federal Claims.
Government lawyers have previously argued that Oracle failed to meet basic gate requirements for the contract, which prohibited it from progressing in the bid process. The company has pursued almost every legal option available to contest the acquisition.
In its latest response brief, Oracle reintroduced allegations of conflicts of interest between the DOD and Amazon, which a lower court previously affirmed but said did not “taint” the overall acquisition. Oracle, however, believes that decision is not in line with Supreme Court precedents, according to court documents.
In a separate brief from earlier this month, the U.S. government argued to the Supreme Court that Oracle continues a tactic of “cherry pick[ing] from the vast amount of communications and isolat[ing] a few suggestive sound bites” as it relates to conflicts of interest. It also reminded the court that it is Congress’ “preference, though not a requirement, that task order and delivery order contracts be awarded to multiple sources, rather than a single source”.
Regardless of the Supreme Court’s decision on Oracle’s case, it’s possible there may not be a JEDI contract for much longer. Amazon Web Services has had success building a case in the Court of Federal Claims that prevented contract winner Microsoft from building out an enterprise cloud system for the DOD. The department said recently that if things were to continue on much longer with that lawsuit, it might consider alternatives to JEDI.
Oracle was contacted for comment.
Lawmakers reintroduce bill to finance 5G projects in 22 European countries
House lawmakers have reintroduced legislation that would let the federal agency responsible for financing private development projects abroad fund 5G infrastructure development in 22 countries in Central and Eastern Europe.
Under the Transatlantic Telecommunications Security Act, the U.S. Development Finance Corporation would work with relevant agencies improve the resilience of vulnerable telecommunications networks by providing early- and late-stage project support and replacing potentially compromised equipment.
The bill was first proposed towards the end of the last legislation session in December 2020, when it was referred to the House Foreign Affairs Committee but never taken up. It is co-sponsored by Rep. Marcy Kaptur, D-Ohio, and Rep. Adam Kinzinger, R-Ill.
The proposed legislation responds to China‘s Belt and Road and 17+1 initiatives, which have seen state-linked telecom companies Huawei and ZTE sell potentially compromised infrastructure in a region historically lacking it since the Soviet era.
“The United States and our allies are facing increasing threats from state-linked companies in China as they seek to infiltrate and undermine democratic institutions,” said Rep. Marcy Kaptur, D-Ohio, in a statement. “These companies pose an especially dire risk as our European allies and partners work to build out their 5G infrastructure.”
5G networks will further development of emerging technologies like artificial intelligence, making it “critical” to European nations’ security and economies they be protected from “malign” actors like China and Russia, Kaptur added.
The legislation supports the Three Seas Initiative organized by 12 Central and Eastern European countries in the European Union to secure the telecom space, as well as Ukraine, Moldava, Georgia and Western Balkan countries interested in joining the EU.
If made law, the act would require the State Department to work with DFC and the U.S. Trade and Development Agency to identify 5G projects worth financing. Eligible projects would improve 5G networks with new hardware or software, provide market transparency, avoid or replace potentially compromised equipment, and increase telecom integration in the target region.
Preference would be given to projects that attract private sector, international financial institution, home government or European Commission investment; are available for funding through the Three Seas Initiative Investment Fund; are in countries belonging to that initiative, NATO or are democratic-leaning; and advance U.S. economic interests.
The U.S. president would have a year from enactment to report the progress made assisting projects, including financing and contractual terms and success eliminating potentially compromised equipment.
All told, the countries included in the act are: Albania, Austria, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, the Czech Republic, Estonia, Greece, Hungary, Kosovo, Latvia, Lithuania, Moldova, Montenegro, North Macedonia, Poland, Romania, Serbia, Slovakia, Slovenia, and Ukraine.
Sen. Mark Warner, D-Va., in November called for an “alliance of the willing” between the U.S. and its allies in Europe, Japan, South Korea, India, and Israel to pool resources and possibly financing for 5G, AI, quantum computing, and facial recognition research and development. The current chair of the Senate Intelligence Committee said that way Western companies can compete with Chinese ones.
“Many of them are quite good, but at the end of the day they are not loyal to their shareholders,” Warner said back then. “They are loyal to the Communist Party of China, which in my mind makes them a national security threat.”
VA found ‘no evidence’ of compromise in SolarWinds hack: CISO Cunningham
The Department of Veterans Affairs (VA) was not a victim of the sweeping SolarWinds hacking campaign, the department’s top cyber official told lawmakers Thursday.
Paul Cunningham, chief information security officer of VA, said there was no evidence of compromise across its wide-ranging and complex networks. He told lawmakers this finding was reaffirmed in separate investigations by the Cybersecurity and Infrastructure Security Agency and the intelligence community.
Within 12 hours of CISA’s emergency directive to agencies to suspend the use of SolarWinds’ Orion platform, the VA was able to remove the software from its environment, according to Cunningham. It then searched for indicators of compromise across its networks but found none.
“We installed all the indicators of compromise, we replayed our NetFlow data looking for any other indicators that show this might have happened in the past, to identify that maybe an attacker used those indicators before who received them,” he said during a House Veterans Affairs Subcommittee on Technology Modernization hearing. “There was no evidence of that.”
CISA, the federal government’s lead cybersecurity agency housed within the Department of Homeland Security, then took a look at the VA’s systems “and found nothing,” Cunningham said. The VA also invited the intelligence community to assess the situation.
“[T]hey would come back to us if they saw anything — that’s how they put it. And they didn’t come back.”
On top of this, the VA contracted with Microsoft to once again look for any indicators of compromise. Cunningham said the company also found nothing.
“They agreed that there was no indicators that would show…first of all, that the malware was activated, or that it was used in a way to move data and nefarious way,” Cunningham added.
The biggest impact to VA, according to the official, was that in taking the SolarWinds software offline, there was a loss in the “operational monitoring” the Orion platform provides.
As the VA chose to be “slow and methodical” about investigating the possibility of compromise, it was without that capability for some time before bringing it back online in coordination with CISA guidance.
The story wasn’t the same for at least nine U.S. government agencies and 100 companies who fell victim to the Russian hackers who exploited SolarWinds’ software to access their systems and data.
Government Accountability Office highlights rising cost of cyber insurance
The U.S. Government Accountability Office (GAO) highlighted the rising cost of cyber insurance in a new report assessing challenges faced by the private market in mitigating cyberattacks.
In its study published Thursday, the agency said that according to industry sources, rates have surged. It also cited a recent insurance broker survey, which found that premiums for more than half of clients rose by 20% to 30% in late 2020.
“After holding relatively steady in 2017 and 2018, cyber insurance premiums increased markedly in 2020,” the agency said in its report. “Higher prices for cyber insurance have coincided with increased demand for the product and higher insurer losses from increasingly frequent and severe cyberattacks (particularly ransomware attacks that block users from accessing systems or data until a ransom is paid).”
GAO has studied the private cyber insurance market in response to new requirements included in the National Defense Authorization Act for the fiscal year 2021.
Most publicly listed companies purchase standalone cyber coverage as part of their risk management operations, as do some public sector entities such as state governments and agencies.
The report found also that insurers are offering lower coverage limits, and noted that insurance companies have limited historical data on most losses.
Insurance companies are offering lower coverage limits and increasingly encouraging clients to purchase specific, standalone cyber policies. Previously, many insurers have offered cyber coverage as an optional add-on to other types of policies, such as property insurance.
This has created aggregation risk for the insurance market, which is known as “silent cyber.”
According to GAO, the language used in cyber policies also often lacks common definitions.
Cyber insurance companies’ appetite for writing policies for public sector entities has declined substantially in recent months, following a slew of high-profile attacks, including attacks against Texas’ Department of Transportation and state court system.
Oak Ridge lab leader says further investment key to U.S. leadership in supercomputing
A supercomputing expert at the Oak Ridge National Laboratory has warned that investment is key to U.S. leadership in exascale computing and that scientific innovation could “stagnate” if it is not forthcoming.
“Without investment, essentially we are going to stagnate scientific innovation,” said Georgia Tourassi, responding to lawmakers’ questions on Wednesday. “We will stop innovating not only across basic sciences but across applied sciences.”
Tourassi is director of the National Center for Computational Sciences at Oak Ridge National Laboratory, which is a multiprogram science and technology laboratory sponsored by the U.S. Department of Energy. The research leader testified at a subcommittee hearing of the House Committee on Science, Space and Technology.
Oak Ridge is developing a new exascale computing system called Frontier, which is expected to be completed in October. It will compute eight times faster than the nation’s current most powerful supercomputer, Summit, which is also housed at the laboratory.
Congress has so far sought to fast-track development of exascale computing by appropriating $1 billion during fiscal 2021 to the Department of Energy’s Advanced Scientific Computing Research program, which is leading development of the Frontier exascale computing system. Exascale refers to a computing system that can perform at least one exaflop – or one quintillion (a billion-billion) calculations per second.
All told, the Department of Energy and the National Nuclear Security Administration within DOE have spent $460 million on their joint Exascale Computing Project to date. The hearing on Wednesday comes as the U.S. races to catch up with China in a supercomputing arms race.
“It is imperative for the United States to expand and enhance the national research computing ecosystem,” added Tourassi, giving evidence at the hearing. “The DOE has asked us to deliver Frontier one year earlier than planned, and we’re focusing our efforts on meeting that effort.”
Another exascale computing system will go to Argonne National Lab in 2022 and a third to Lawrence Livermore National Lab in 2023. But high-performance computing is also an investment priority for U.S. competitors China, Japan and the European Union.
Commenting on the U.S.’s development of supercomputing capabilities, Rep. Frank Lucas, R-Okla., the ranking member of the House Science Committee, said: “We know that our international competitors, like China, are outpacing us in basic research investment and are closing the gap in key computing focus areas like artificial intelligence and quantum sciences.
“Expanding our capacities in these fields requires a strategic effort with strong federal investment and active public-private partnerships,” he added.
Lucas is involved in crafting the Securing American Leadership in Science and Technology (SALSTA) Act that would roughly double ASCR’s funding over the next 10 years.
Lawmakers are also considering the Quantum User Expansion for Science and Technology (QUEST) Act, which would establish a DOE program for forming public-private partnerships around resource use and encourage increased participation in quantum information science.