The votes are in for the 2025 FedScoop.

See the winners!

Air Force’s Platform One deepens ties with industry in new agreement with Lockheed

The Air Force’s DevSecOps environment Platform One has inked an agreement with Lockheed Martin to collaborate on software-factory activities, deepening the platform’s ties to industry.

The Basic Ordering Agreement (BOA) allows for future task orders and contracts between the two to get signed much faster than the traditional acquisition process allows. The work Lockheed anticipates doing is transitioning other defense customers’ systems to the Platform One environment and “hardening” the security of the platform.

“Collaboration with industry is key to the success of Platform One and other advanced cloud and software efforts, and we look forward to working with the Defense Industrial Base to improve the way we deliver fast, secure and high-quality code to warfighters,” the Air Force’s Chief Software Office Nicolas Chaillan said in a release.

A BOA is not a contract itself, but can allow for more easily issued task orders or contracts for products and services that are hard to quantify, like code, according to government guidelines. It can shrink the time to issue future contracts from months to days, senior software engineer and Lockheed Martin Space senior fellow, Robin Yeman, said in an interview.

“This allows us to rapidly get on contract for capability they need to deliver,” she said.

Platform One has been signaling its desire to deepen its ties with industry. It recently published a request for information for a Cooperative Research and Development Agreement (CRADA). That’s a research partnership between the government and nongovernment entities that allows for the private sector to commercialize government-created technology while contributing to further research.

Platform One’s DevSecOps uses containerization and the associated Kubernetes technology to automate code deployment in a secure way. The idea is to make the process so secure the products themselves can be trusted. It’s a process Yeman called “revolutionary,” especially in government where security is paramount but agility has been lagging.

“It is treating IT like a mission,” she said.

With this BOA, Lockheed also benefits by getting to apply Platform One’s DevSecOps to its own software factory.

“Software is at the heart of every system we deliver, and we understand the DoD’s urgent need for faster deliveries, more powerful mission capabilities, and open-source, open-architecture foundations for software,” Yvonne Hodge, senior vice president of Enterprise Business Transformation at Lockheed Martin, said in a release. “Platform One is a truly innovative approach that is propelling the DoD’s DevSecOps evolution, and the collaboration with industry has helped us build infrastructure and capabilities that are well-aligned to the DoD’s vision.”

Platform One is the environment on which all the code for the Air Force’s Advanced Battle Management System (ABMS) is being created. ABMS and other initiatives that aim to link sensors to shooters via an internet-like capability for weapons, all will rely heavily on software and the security of Platform One.

House Armed Services Committee adds subcommittee focused on tech

The House Armed Services Committee has split the focus of one of its subcommittees to give more attention specifically to the Department of Defense’s emerging technology and IT work, it announced Wednesday.

The new Cyber, Innovative Technologies, and Information Systems (CITI) Subcommittee was formed out of the now-former Intelligence and Emerging Threats and Capabilities Subcommittee. The intelligence and non-technical work of the former subcommittee will continue on under a new Subcommittee on Intelligence and Special Operations.

The change was made to be able to provide more focused oversight on technology matters and shift over non-technical topics, like special operations and counter-proliferation of weapons of mass destruction, to other groups of lawmakers. The new subcommittee’s jurisdiction includes cybersecurity, IT policy, artificial intelligence and software acquisition.

“As technology continues to advance at an incredibly rapid rate – from artificial intelligence to biotechnology and everything in between – it is critical that the Armed Services Committee redoubles our efforts to bridge the gap between current capabilities and future requirements,” larger committee chair Rep. Adam Smith, D-Wash., and new subcommittee chair Rep. Jim Langevin, D-R.I., said in a statement.

Langevin was also chair of the former intelligence and Emerging Threats and Capabilities Subcommittee. The top Republican on the old committee, Rep. Elise Stefanik, R-N.Y., will also transition over as ranking member.

Some of the new technology subcommittee’s members also participated in a recent task force that crafted a report on the future of warfare, examining at the use of artificial intelligence, cyber war and other technology-driven changes to the armed forces.

The full list of the subcommittee’s jurisdiction will be:

FBI awards $13.5M risk assessment contract in move to CIA clouds

The FBI is adopting the intelligence community’s real-time risk assessment practices for cloud computing.

Telos Corporation announced a $13.5 million contract from the bureau Wednesday to integrate its Xacta solution — which is already used by the CIA — with the FBI’s clouds. The bureau wants to shorten the time it takes to grant contractors permission to access its systems so its assessors can focus on more pressing security issues.

“They want to have a customized risk-management framework,” John Wood, CEO of Telos, told FedScoop. “They want to have a customized business process that provides workflows, and that ensures process efficiency and consistency across their enterprise.”

Telos has 12 months to add the risk assessment capability to the GovCloud the FBI uses, then to the FBI’s part of two CIA clouds: Commercial Cloud Services (C2S) and Secret Commercial Cloud Service (S-C2S). The FBI expects to hook up with those services this year.

Contractors seeking authorities to operate in the FBI’s system, whether on premise or in the cloud, must test against about 11,000 security controls within the National Institute of Standards and Technology’s Cybersecurity Framework. The manual process used to take nine months for the IC to provision a server but with the cloud takes 30 seconds, Wood said.

Xacta automates 85 percent of and continuously updates those controls, which ensure “very solid” cyber-hygiene such as good passwords, strong user access control and multi-factor authentication, Wood said.

Gaining a better understanding of the bureau’s risk posture is especially important following the massive breach of software from government contractor SolarWinds, Wood said. The incident compromised at least eight agencies as of December. The FBI has not specified whether it was exposed to the breach.

CMMC Accreditation Body must split to meet requirements of new contract

The third-party accreditation body implementing the Department of Defense‘s new cybersecurity standards for contractors will split into two entities to meet international standards mandated through a no-cost contract it signed with the department last fall.

The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) will split off the part of the organization that trains and tests assessors, creating the CMMC Assessors and Instructors Certification Organization (CAICO), according to contract language that mandates the shift. The AB will retain the responsibility of accrediting assessors that will do the cybersecurity audits of defense contractors’ networks.

The mandate was a focal point of the months-long negotiations between the accreditation body and the DOD on the no-cost contract’s statement of work (SOW), which defines the relationship between the two. Those discussions grew contentious at times, especially over control and responsibilities of the CMMC “standard,” sources told FedScoop.

The contract was signed in November, but only became public on Feb. 1 following a Freedom of Information Act request from Inside Cybersecurity. FedScoop filed a separate FOIA in early December that has not been returned.

The AB has said the split will not substantially impact assessors within the ecosystem, adding that the move is necessary to meet international standards that guard against conflicts of interest in assessment organizations.

Some board members have hinted at the AB looking different in the months and years to come while still providing the same services to those seeking to become assessors.

“There is a lot to this; this is not going to happen next month,” Jeff Dalton, the new vice-chair of the AB, said during a recent town hall. “We are going to start moving toward these things over time.”

The split outlined in the SOW is tied to ISO 17011, which does not permit accreditation bodies to control both the training and accreditation process. Housed under one entity, there could a conflict between the quality of the training and the scrutiny of the accreditation.

The split will not impact other parts of the CMMC ecosystem the AB has oversight over, board members have said.

The AB will need to have the organizational split completed by Oct. 31, 2022, according to the contract.

The board is now in a race to accredit enough assessors to begin the long process of certifying the roughly 300,000 contractors in the defense industrial base. CMMC requirements are being rolled out into contracts over a five-year period. Once fully in place, contractors will need to be certified at the appropriate one-to-five cybersecurity maturity level to work on a DOD contract. The scale is based on the sensitivity of the information contractors will be given permission to handle on their networks — level one requires basic security hygiene practices and level five includes elaborate security for networks.

The statement of work replaces a previous memorandum of understanding and gives the DOD considerable oversight over the AB. Now, the board’s financial decisions must be reported to the DOD. The department will also conduct quarterly reviews of the AB to ensure it’s in compliance with DOD policy and “alignment” with the contract.

How cloud security tools provide greater return on agency resources

Security weaknesses exposed during the COVID-19 pandemic have prompted government agency IT leaders to look for better ways to address three key areas: vulnerabilities, threats and inefficiencies in measuring risk, according to a new report.

These vulnerabilities have also led to the realization that rather than piling on more tools, agencies are attaining more meaningful results by utilizing cloud services to increase visibility across their networks and analyze security data more rapidly.

cybersecurity

Read the full report.

The report spotlights New York City Cyber Command as one of the many agencies that have seen significant operational improvements by taking a cloud-based, zero-trust approach that utilizes Google Cloud. The increased storage capacity, processing power and lower total costs gave NYC Cyber Command cybersecurity experts the ability to analyze data quickly and respond to security threats faster.

Using a cloud-based approach to security is a more cost- and resource-effective way to get the most from agency security tools, says the report, produced by FedScoop and StateScoop and underwritten by Google Cloud. With a single-pane-of-glass” view across the infrastructure — and a number of FedRAMP-approved cloud services — Google Cloud’s platform is designed to take on cybersecurity in a holistic manner.

The reality for many organizations is that their IT teams have a lot to manage already. In addition to ever-changing regulations and policy updates, there is an overwhelming amount of data and tools that agencies must manage, according to Dan Prieto, Google Cloud’s strategic executive for Public Sector.

“An average large enterprise can have upwards of 150 cyber tools installed. That level of complexity and fragmentation hinders the ability of cyberdefenders to operate with agility, scale and timeliness in the face of evolving cyberthreats,” he says.

To turn the corner on security, finding the right partners work with is an effective way to integrate the use of real-time analytics at scale. It can be a game-changer in terms of productivity.

The report touches on a number of tools that are available to consolidate and integrate cybersecurity telemetry and essential IT operations data from across all parts of the enterprise — legacy and cloud alike.

“When organizations move to a hybrid- or multicloud environment, a common misconception is that they can take their existing infrastructure and replicate it,” shares Chris Johnson, global compliance product lead at Google Cloud. The problem with that practice is that if you have inconsistent application of your security and compliance controls, you’re at risk.

That’s why the single-pane-of-glass view deployed across the hybrid-cloud infrastructure helps solve those visibility problems around policy and focuses security on outcomes.

Rather than piling on more tools, leaders are able to understand risk and able to make better informed decisions about resource trade-offs to make their existing resources go as far as possible.

Learn how Google Cloud helps government agencies improve citizen services, increase their operational effectiveness and deliver proven innovation or read more stories on preparing a Future-Ready Government.

This article was produced by FedScoop and StateScoop and sponsored by Google Cloud.

The future of work in a post-pandemic world

The COVID-19 pandemic is pressuring federal agencies to embrace digital transformation at a faster rate than they have been accustomed to. While these quick changes present certain challenges, they may set many organizations on a path towards a more secure infrastructure, more productive workforce and ability to retain the necessary talent within public service, according to a new report.

Read the full report.

The good news for agencies is that they are not alone. Every organization has been undertaking digital transformation in some form for years. The pandemic has just given technology adoption all-new gravity and urgency.

A recent report, produced by OpenText, explores the possibilities and pitfalls of the future workforce and offers guidance for public service and critical infrastructure leaders. As the pandemic response has evolved, common trends are emerging among organizations to keep their workers safe and remain productive.

“Even industries that once held a siloed view of themselves are now looking more to their counterparts to evaluate what’s working,” says the report. “This kind of cross-industry collaboration and knowledge sharing will play a significant role in shaping the future of work for every industry.”

Whether or not these changes will continue after the immediate crisis ends is unclear. But the report predicts long-lasting lessons that will change how organizations operate moving forward, such as:

“Enterprise leaders must consider how they adapt their existing processes to continuously enhance their employee and customer experience,” the report says.

That will require agency leaders to be more proactive with technology changes that can equip them with actionable insights from their organization’s data and streamline systems function to ensure agency programs are flexible enough to support change.

“From the rise of cybersecurity attacks, data and compliance challenges, as well as the pressure to accelerate digital transformation, the future of work will be rooted in innovation, scalability and collaboration. The bottom line is these challenges will produce positive side-effects across industries,” the report says.

OpenText is a leader in enterprise information management — a solution that provides a comprehensive view of all information within the enterprise environment, both on-premise and in the cloud.

Read more about future-proofing your enterprise in times of unprecedented digital transformation.

This article was produced by FedScoop and sponsored by OpenText.

Eric Hysen to return to DHS as CIO

The Department of Homeland Security is awaiting word from the White House to announce Eric Hysen its new chief information officer, according to a source with knowledge of the hiring.

For now, Hysen holds the title of senior adviser at the department, a DHS spokesperson told FedScoop. His announcement as DHS CIO, a politically appointed position, is imminent, a separate source said.

The White House appointment will see Hysen a member of the Biden-Harris transition team who focused on technology strategy and delivery — return to the department whose Digital Service he created as a wing of the larger U.S. Digital Service team.

Hysen fills the vacancy left by Karen Evans, who departed in January.

The role of DHS CIO sits inside the management directorate, overseeing IT coordination across the greater department and working with component agency CIOs, like Immigration and Customs Enforcement and the Transportation Security Administration. The CIO is in charge of IT security for the department, separate from the work of DHS’s Cybersecurity and Infrastructure Security Agency, whose mission is to protect the nation’s critical infrastructure from physical and cyberthreats.

During Hysen’s last stint at DHS, from September 2015 to March 2017, his team of 35 IT experts improved the U.S. Refugee Admissions Program through data analytics and predictive modeling, launched an online application for citizenship, and developed tools to streamline airport security.

When he departed Hysen called his time at DHS his “first tour of duty,” adding he was “hooked” on the impact.

More recently Hysen served as senior fellow of policy design and implementation at the National Conference on Citizenship, where he worked with the Penn Biden Center for Diplomacy and Global Engagement to recommend innovations in refugee policy, process and systems.

Hysen’s pending appointment was first reported by Federal News Network.

Kathleen Hicks to prioritize data as Pentagon No. 2

Kathleen Hicks, the nominee to be deputy secretary of Defense, told senators during a confirmation hearing Tuesday she wants to continue pushing the Department of Defense to be a data-driven organization.

Likely to be confirmed as the Pentagon’s No. 2 in the coming days, Hicks said she would take the job of the de-facto chief operating officer and lead by using data to inform business decisions. She also committed to continuing the push to modernize warfighting systems to be more data-centric in new operating concepts.

“As we move into an era of data, the department needs to move there too,” she told the Senate Armed Services Committee.

As deputy secretary, Hicks will likely oversee most Pentagon technology modernization and reform initiatives in place of her boss, Secretary Lloyd Austin, whose expertise lies more in uniformed military operations as a retired four-star general.

Many saw Hicks’ nomination as a counterbalance to Austin with her mastery of the “bureaucratic black arts,” as former Defense Secretary Robert Gates said introducing her during the hearing. Gates also praised her strategic analysis that included work on the recent National Defense Strategy, which pivoted the military to focus on great power competition with China.

“At a time of significant challenges internationally and great uncertainty surrounding defense budgets and programs, Dr. Kath Hicks is well qualified to assist Secretary Austin in realistically ensuring that budgetary decisions and military strategy are integrated,” Gates said.

Hicks expressed support for using data not only in business and budgetary decisions but also in military operations. She endorsed the military needing to move towards new “operational concepts,” a likely reference to the data-centric Joint All Domain Command and Control (JADC2) concept where battlefield networks are to be linked across domains.

Hicks previously ran the International Security Program at the Center for Strategic and International Studies where she authored and oversaw reports that called for a data-centric, internet-like system of warfare and bringing more technology talent in the DOD.

While she did not mention artificial intelligence during her hearing, in advanced written answers to policy questions she expressed support for the main AI hub she would oversee if confirmed — the Joint AI Center. The latest defense policy bill made the office a direct report to the deputy secretary.

“If confirmed, the JAIC will be my primary tool for guiding and accelerating the integration of artificial intelligence into the Department’s missions and activities,” she wrote, committing to regular meetings with JAIC leadership.

Hicks also voiced support for the current cyber posture of “defend forward,” where cyber operators covertly breach foreign adversary networks to understand their position and get early warnings on potential attacks on U.S. networks. The concept has come under some scrutiny recently given the failure of the U.S. government to see a widespread supply chain breach in the SolarWinds Orion hack.

“I am supportive of the approach,” Hicks said, but added that she needs to examine “exactly how the authorities are being executed,” giving her some wiggle room to adjust her broad support in specific areas.

USPTO modernizing its trademarking process with $80M IT contract

The U.S. Patent and Trademark Office plans to modernize the IT for its trademarking process under an $80 million contract requiring developers to update applications across 20 systems.

REI Systems received the seven-year contract to improve the agency’s technology for reviewing and approving trademark applications. The agreement is part of USPTO‘s larger effort to consolidate IT projects from more than 150 to just 30 and allow staff to pick their teams, before filling gaps with contractors.

“This opens the door to what is possible through app modernization and emerging technologies” at USPTO, said Samidha Manu, senior director of REI, in a statement.

USPTO refers to its trademark and patent registration processes as separate “products,” given that the general public interacts with them in the same way it might use commercial services. Each product consists of systems and applications supporting every step in the trademark or patent process: application submission, attorney review, registration and continued use.

REI says its developers will use principles from behavioral psychology as well as change management techniques as they modernize USPTO systems.

USPTO used the General Services Administration‘s Alliant 2 governmentwide acquisition contract (GWAC), a best-in-class vehicle, to work with REI Systems.

 

Under new deal, NORAD gets new capabilities for defensive JADC2

Data company Kinetica inked a five-year deal with a $100 million ceiling to provide analytics and machine learning capabilities to the North American Aerospace Defense Command (NORAD), the U.S. military’s protector of North American airspace.

Kinetica will provide its capabilities to NORAD and U.S. Northern Command to monitor and defend U.S. airspace from unknown threats.

As such, the deal adds a defensive flare to one of the Department of Defense’s top emerging technology priorities: creating a military Internet of Things-like capability of connected sensors called Joint All Domain Command and Control (JADC2). Major JADC2 test events have so far focused on offensive capabilities with the new network-of-networks. NORAD has been one of the first to actually deploy new capabilities under the still-developing operational construct.

“The current work that we are doing under this pathfinder project is more defensive,” Jeff Kennedy, Kinetica’s federal sales director, said in an interview.

The Arlington-based company boasts the ability to analyze “massive” data sets with “trillions of rows” to project near-real-time risk assessments — the type of capability military leaders have been on the hunt for.

Kinetica first partnered with the military on this project through a year-long collaboration with the Defense Innovation Unit, the military’s Silicon Valley outpost. The company said it competed on weekly sprints, identifying new data-crunching techniques to solve defense challenges like targeting stolen aircraft in U.S. airspace.

“Most technologies today are not equipped to handle the volume of data along with the highspeed velocity flowing in from non-stop data feeds,” Amit Vij, president and co-founder of Kinetica, said in a release. “Usually the velocity of data breaks the latest technologies of today, and this presents a serious challenge to many organizations that require real-time actionable intelligence from multiple domains.”

The prototypes built by the company were transitioned to an other transaction agreement contract to support a NORAD “pathfinders” program that aims to use machine learning and recent expansions in computing power to replace legacy air monitoring systems.

“This effort is a technology leap forward for Homeland Defense command and control systems,” NORAD and U.S. Northern Command Gen. Glen VanHerck recently said.

NORAD and Northern Command have held other early tests of the JADC2 operational concept. At the outset of the coronavirus pandemic when Northern Command troops were deployed to field hospitals around the country, the command was able to pilot the tech to monitor COVID-19 infection spread.