DIA awards $12.6B enterprise IT contract
The Defense Intelligence Agency selected 144 vendors to participate in its $12.6 billion Solutions for Information Technology Enterprise (SITE III) contract.
Under the 10-year SITE III contract vehicle, contractors will vie for task orders to support DIA’s evolving enterprise IT needs. The National Geospatial-Intelligence Agency can also award work under the indefinite-delivery, indefinite-quantity contract.
Of the 144 vendors selected, 107 were small businesses, the agency announced Tuesday.
The list of large contractors is comprised of a mix of traditional IT, telecommunications and consulting firms — like Accenture, AT&T, CGI Federal, Deloitte, and Perspecta — and others more-known for their contracting in the national security space, such as BAE Systems, CACI and General Dynamics IT.
SITE III is the follow-on vehicle to second-generation contract E-SITE, which had a $6 billion ceiling and a five-year period of performance. E-SITE was awarded in 2015 to 25 large contractors and 25 small businesses.
The managed-services offerings sought under SITE III include a broad range of IT work, from basic planning and project management to application development, cybersecurity, connectivity and network services, and enterprise computing, storage and cloud services.
The contract is “directed towards improving integration, information sharing, and information safeguarding through the use of a streamlined information technology (IT) approach. The CIO expects innovation with common architecture, consolidated operations, and cloud environments in alignment with the Intelligence Community’s Information Technology Enterprise (IC ITE) as directed by the Director of National Intelligence (DNI),” the contract solicitation’s performance work statement issued last summer said.
DOD adds 6,000 new users to electronic health record system
The Department of Defense continues to onboard more physicians and providers to its modernized electronic health record system, MHS GENESIS.
The DOD added 6,000 new users in its latest deployment of the EHR at medical centers in California, lead contractor Leidos announced Tuesday.
The latest wave of new users and centers with access to the technology brings the total to 20,000 users at 20 facilities across the Military Health Service (MHS) — a more than 30% increase.
The new EHR modernizes many of the interfaces for how medical workers interact with patient data and migrates the DOD’s health records to a Cerner Millennium cloud system. The program’s rollout saw some snags early in the pandemic but has since corrected course.
“Now more than ever our military needs the most advanced healthcare delivery system,” said Liz Porter, president of the Leidos Health Group, the lead contractor on the program. “We remain diligently focused on meeting the implementation schedule for this vital program and are proud of the team’s ability to continue delivering during these challenging times.”
Wave deployments of MHS GENESIS are taking place in specific regions across the U.S. and often take several months for completion. Full deployment of the system is expected by the end of 2023, according to Leidos. This latest wave of deployments is centered in southern California, an area with a sizable military presence.
The same Cerner tech is also being rolled out across the Department of Veterans Affairs‘ medical facilities. Eventually, the two systems will be interoperable, creating medical IT synergies to ease the transferring of health records when service members transition into retirement.
The VA’s rollout has faced several delays and earned negative attention from congressional watchdogs. In a recent audit, the Government Accountability Office recommended the VA pause deployment of its system while it takes stock of technical issues.
The MHS GENESIS system has not faced the same larger snags so far.
“The progress to date demonstrates our team’s focus and commitment to ensuring we have the right people in the right places to get this done,” Holly Joers, acting program executive officer for the Defense Healthcare Management Systems (PEO DHMS), said in Leidos’ statement.
General overseeing JADC2 says industry solutions ‘not good enough’
The top leader orchestrating the military’s future network-of-networks operational construct called Joint All Domain Command and Control (JADC2) has not been impressed with the solutions industry has offered so far, he told an audience of mostly industry professionals Tuesday.
Joint Staff CIO Lt. Gen. Dennis Crall said his expectations were once high for industry, given its reputation for innovation, agility and using big data to build commercial solutions. But based on the pitches he received early on, he was forced to lower those expectations. And even then, the technology that companies offered to build for what will essentially be a sensor-driven, Internet of Things for the military still didn’t cut it, he said.
That’s a problem, Crall said at AFCEA Hawaii’s Indo-Pacific Tech Net virtual event. “I am looking for good enough and I have not found a good enough.”
Crall said the solutions he is looking for range from data management and tagging to identity, credential, and access management (ICAM). He still welcomes pitches from industry, but asked companies to step their game up.
“Everything we do from this point forward, it really is all about the data,” he said.
One big change Crall is looking to take is moving away from data standards — a “fool’s errand,” as he put it — and instead embracing the reality that military data coming off sensors in battle will inherently be messy and come in a diversity of formats, measurements and readability.
“There is going to be diversity; you have got to embrace the diversity,” he said. But how that diversity on a technical level becomes a strength for the U.S. military is a question Crall has yet to answer.
However, Crall is leaning toward “light” and “nimble” interfaces interlaced across a data lake that can help sift through and sort incoming information. “If industry wants to knock on our door and talk about that, I’m all game,” he said.
The general was equally candid with his assessment of DOD’s own technology chops when it has come to ICAM. In order to send, share and collaborate with data securely as part of JADC2, there must be solutions to verify the identities of users and data sources on a network. He said it’s one of the core building blocks for the military’s use of artificial intelligence, and at the moment one of its main roadblocks without an acceptable solution.
“We have struggled in the department for at least a decade,” Crall said. So far, no workable solution that can meet the scale and speed needed for JADC2 exists.
Strategy en route to the DepSecDef’s desk
A JADC2 strategy penned by Crall and his team should hit the desk of the Deputy Secretary of Defense Kathleen Hicks within the week. The strategy’s approval will trigger a posture review, gap analysis and new implementation policy, Crall said. The secretary of defense will also review it.
In February, the strategy was days away from being sent to Gen. Mark Milley, chairman of the joint chiefs of staff. It’s unclear if Milley has already received a copy ahead of the deputy secretary.
Part of the implementation of the strategy and continued development of data sharing practices are new data summits. The first summit took place in late January, where senior civilian and military leaders across the services and allied partners met at Aberdeen Proving Ground in Maryland to increase collaboration. The summits will continue every 60 days providing a place to work on the technology sprints the other parts of the military are focused on, Crall said.
Cybersecurity and IT top GAO’s High Risk List, yet again
Federal leadership regressed ensuring national cybersecurity the past two years, and IT acquisitions and operations continue to require “significant attention,” according to the Government Accountability Office.
Government’s leadership commitment to cybersecurity rating declined between 2019 and 2021 from “met” to “partially met,” according to GAO‘s biannual High Risk List report released Tuesday.
While the report doesn’t mention the massive SolarWinds hack that saw at least nine agencies compromised in 2020, it does flag missing components to the National Cyber Strategy and the unfilled national cyber director role.
“[A]nother silent battle is being fought in our IT networks by cyberattackers intent on stealing our intellectual property and undermining our national security,” said Rep. Carolyn Maloney, D-N.Y., during the House Oversight Committee’s hearing on GAO’s report. “The SolarWinds breach that came to light last December, as well as escalating and targeted cyberattacks that have drained millions of dollars from struggling hospitals, are just two examples of the threats we know about.”
The National Security Council‘s Implementation Plan, which accompanies the National Cyber Strategy, lacks goals and timelines for 46 of the 191 activities it recommends agencies undertake and fails to identify resources for 160 of them. Nor does the plan provide a means to monitor agencies’ progress, according to GAO’s report.
Of more than 3,300 cybersecurity recommendations GAO has made since 2010, 750 hadn’t been fully implemented as of December.
“[A]s the federal government responds to and mitigates the impacts of the recent SolarWinds attack, the effective cybersecurity leadership and coordination GAO calls for is critical,” Sen. Rob Portman, R-Ohio, ranking member on the Homeland Security Committee, said in a statement.
While the rating of IT acquisitions and operations remained unchanged since 2019 in the new High Risk List, the area continues to require “additional attention,” according to GAO’s report.
The government invests more than $90 billion in IT annually, and yet GAO found 21 of 24 Chief Financial Officers Act agencies haven’t fully addressed the roles of their chief information officers. Additionally, many agencies haven’t made IT modernization plans, or they’re missing accepted best practices.
Duplicative IT contracts abound, and the General Services Administration and the Office of Management and Budget lack the funds needed to lead the governmentwide movement to replace legacy systems. Although that could change with news that the Senate version of the American Rescue Act includes $1 billion for the Technology Modernization Fund.
More than 400 IT recommendations by GAO remain open.
Other areas of concern
Another area on the High Risk List that saw regression was the decennial census.
GAO cited the Department of Commerce’s request that the Census Bureau shorten data collection and response processing timeframes — despite COVID-19 halting operations for three months — for the rating downgrade.
“Compressing the time frame to collect data and process responses has increased the risk of compromised data quality,” reads the report. “The Census Bureau found data anomalies during the processing of census responses that have delayed the delivery of apportionment numbers, which as of February 2021 had not been delivered to the president.”
A new addition to the High Risk List is small business emergency loans, which the Small Business Administration continues to have trouble administering during the COVID-19 pandemic. Changing program requirements have forced SBA to adapt its E-Tran loan system with mixed results.
Hundreds of billions of COVID-19 relief funds have been provided by the Paycheck Protection Program (PPP) and Economic Injury Disaster Loans (EIDL) but not without “evidence of fraud and significant program integrity risk,” according to GAO.
At least 2 million approved PPP loans worth $189 billion were flagged as not in conformance with legislation, and more than 6,000 EIDLs worth $212 million were potentially made to ineligible borrowers, according to SBA’s independent auditor.
The Department of Justice is dealing with at least 90 cases of fraud tied to SBA’s COVID-19 loans — further proof more oversight and management is needed, according to GAO.
GAO Comptroller General Gene Dodaro recommended additional congressional action, commitment from agency leadership and involvement from OMB in High Risk List areas at Tuesday’s House hearing.
Government saw $225 billion in benefits from addressing High Risk List areas between 2019 and 2021, bit more resource investments are needed — as are regular meetings between the OMB deputy director for management, top agency leaders and GAO.
“[A]gency leaders need to do more to address the hundreds of open recommendations we have made to reduce the government’s high-risk challenges,” Dodaro said, in his House testimony. “OMB’s leadership role is especially important because many high-risk areas are government-wide or involve multiple agencies.”
Senate draft of COVID-19 relief bill proposes $1B for Tech Modernization Fund
A draft of the Senate version of the American Rescue Act includes $1 billion for the Technology Modernization Fund, according to a source familiar with the bill’s text.
The $1 billion injection would be a favorable increase over recent appropriations into the fund — a central pot of money that agencies can apply for to fund impactful modernization projects under the stipulation that they’ll pay it back within five years. In fiscal 2020, the TMF received only $25 million. It also comes after lawmakers considered completely removing the fund from the relief bill in early February.
Still, it falls well short of the $9 billion the Biden administration proposed for the TMF as a core driver for IT and cybersecurity modernization amid the nation’s response to COVID-19.
If the provision makes it into the final version of the Senate bill and is passed, it must also make it through negotiations before becoming part of the final bill handed to the president. Historically, it’s been the Senate that’s most wary of doling out TMF money.
The need for TMF funding was pushed hard by several Democrats last summer. In a letter, a group of tech-minded lawmakers urged congressional leadership to consider government IT reform as a critical part of pandemic recovery. Signees included top Capitol Hill tech advocates Reps. Gerry Connolly of Virginia, Ro Khanna of California, Robin Kelly of Illinois and Rhode Island’s Jim Langevin.
“The fate of the world’s largest economy and millions of American households rely on the ability of government IT systems to deliver in an emergency,” says the letter. “In many respects, those IT systems have not delivered during the pandemic and that should galvanize us all to action.”
The Senate also drafted other IT- and cyber-related provisions in its version of the bill, which FedScoop reviewed, including an additional $650 million for the Cybersecurity and Infrastructure Security Agency (CISA) for “cybersecurity risk mitigation.” The U.S. Digital Service would also get a $200 million bump.
Many other agencies would see funding increases for tech, like the $25 million would be made available to the Department of Agriculture to improve the technology used in distributing food relief and Supplemental Nutrition Assistance Programs (SNAP) benefits. Several educational funding boosts also include technology allocations.
Meritalk was the first to report news of the draft.
Catalog management leads GSA’s planned federal marketplace updates for 2021
The General Services Administration is set to acquire a web interface for managing and improving the quality of data collected for GSA Advantage! customers in the spring.
The pre-solicitation for the Common Catalog Platform (CCP) will seek information from the 12 contractors on the current Chief Information Officer Modernization and Enterprise Transformation (COMET) blanket purchase agreement, followed by a request for quote.
CCP is part of the Federal Acquisition Service‘s effort to improve catalog management so customers can more easily search, compare and buy needed offerings on GSA‘s online purchasing service, called GSA Advantage!, and elsewhere.
“We’re continuing to streamline and improve how we manage data associated with the more than 50 million products and services offered through the federal marketplace,” wrote Sonny Hashmi, commissioner of FAS, in a blog post Monday.
CCP will also reduce the time it takes suppliers to manage their catalogs by replacing the Schedules Input Program for Multiple Award Schedules (MAS) contract holders. And FAS workers will have an easier time reviewing and approving catalogs.
Catalog management is one of the four pillars of FAS’s Federal Marketplace (FMP) Strategy, a framework for making continuous improvements to GSA’s buying and selling experience. Numerous updates were announced in an FMP Strategy winter release.
Another catalog management improvement is faster catalog load times for suppliers via an Authoritative Catalog Repository, which also ingests data for new MAS produces for CCP.
And GSA continues to onboard manufacturers to the Verified Products Portal (VPP), containing specifications for commercial-off-the-shelf products. GSA will update the MAS solicitation in April to allow authorized resellers of VPP products to use that data without providing a letter of supply. The changes are intended to help customers avoid buying counterfeit or noncompliant products, standardize contractor catalogs, reduce the burden on resellers and FAS workers find and remove unauthorized products.
SAM.gov
Also part of the FMP Strategy is the improvement of the Integrated Award Environment (IAE), at the heart of which is beta.SAM.gov. The website will eventually be a one-stop shop for all federal award information, and will lose the “beta” part of its moniker this spring when the original System for Award Management (SAM) is merged into the IAE.
“This is exciting for many reasons, not the least being suppliers and buyers will find it easier to get things done,” Hashmi wrote. “No longer will you have to log on to two sites to conduct business; everything will be housed on the new SAM.gov.”
That business includes registering to deal with government, find exclusion records, search for contract opportunities, find wage determinations — all under a single sign-on.
Expect changes to the look and feel of beta.SAM.gov shortly before the merger, Hashmi wrote.
T-Mobile brings 5G to Miami VA medical system
The Department of Veterans Affairs has added another 5G hospital to its growing list of medical facilities enabled with the next-generation wireless network.
T-Mobile announced it has deployed its Ultra Capacity 5G service “in and around” the Miami VA Healthcare System, providing in-building coverage with average speeds of 300 Mbps and peaks at 1 Gbps.
This allows medical providers in the hospital to “quickly access high bandwidth files such as imaging results, labs and medical charts without having to be tethered to a computer,” T-Mobile said in a release. T-Mobile claims to have the “fastest 5G network of any provider.”
“We set out to do good with our 5G network and right now healthcare is more important than ever,” said Mike Katz, executive vice president of T-Mobile for Business.
The Miami VA Healthcare System is no tiny hospital. It serves veterans in Miami-Dade, Broward and Monroe counties in southern Florida, with an estimated veteran population of 149,704, providing 372 hospital beds, according to the VA. The Bruce W. Carter Department of Veterans Affairs Medical Center, the main facility, sits on 26 acres of land and is connected to several outpatient medical facilities and counseling centers.
“Groundbreaking collaborative partnerships like this play an important role in our success moving forward and we are grateful to T-Mobile for their continued commitment to the partnership with VA,” Deborah Scher, executive advisor to the VA secretary, said in a statement.
T-Mobile has also partnered with the VA to provide 70,000 lines of wireless service to doctors, nurses and staff and free unlimited access to online telehealth for veterans, a service that has surged during the COVID-19 pandemic.
Last month, the VA announced a similar partnership with AT&T at the VA Puget Sound Health Care System in Seattle to pilot 5G and multi-access edge computing in its facilities. A Silicon Valley VA hospital has also been experimenting with 5G provided by Verizon to power augmented reality visualization.
The Department of Defense too is trying to get a head start on bringing 5G to some of its bases around the country through a series of commercial-driven pilots focused on providing services like smart warehouses, virtual reality and more.
Air Force turns to VR for suicide prevention training
The Air Force is turning to virtual reality technology to train its airmen to recognize and help others at risk of self-harm.
The service is using VR training to put airmen in life-like situations to practice how to get a distressed person help. With social distancing requirements, in-person training and face-to-face conversations pose a greater risk for COVID-19 transmission, a risk reduced by VR training with users communicating through a headset.
The Air Force has also embraced VR for other training, like flying and maintenance.
The rate of airmen dying by suicide has increased in the past few years, up from a 2018 rate of 18.5 per 100,000 to 25.1 per 100,000 in 2019, according to recent DOD data. Conclusive data on the rate in 2020 is not available, but initial reports indicate a further increase during the first months of the coronavirus pandemic.
“We are excited and highly motivated to be the catalyst for this innovative suicide prevention program,” Brig. Gen. Norman West, Air Mobility Command surgeon general, said in a release. “The VR scenario is very realistic and this is the type of training we need to save lives in the real world. One life lost to suicide is too many.”
The technology was recently used in a training session at Travis Air Force Base in California at the behest of the Air Mobility Command leader, Gen. Jacqueline Van Ovost. New modules were tested featuring clips of actors and on-screen prompts for what trainees should say, according to a video posted by the Air Force. Other modules are in development for instructors and other members of the Air Force working on suicide prevention.
The technology works by guiding airmen through a training session and then into a role-playing scenario where they speak directly with an actor who displays distress signs. A coach listens in on the session, and if trainees are not following procedures, they are reminded of specific questions they are supposed to ask, like “Do you have a gun in the house?” or “Are you thinking about harming yourself?”
“We believe this training will not only save lives but prepare our Airmen for tough conversations that will build a more resilient force,” said Victor Jones, AMC Suicide Prevention program manager.
Leaders overseeing the program are also using the tech to pick up on subtleties in how airmen interact with the VR experience.
“[W]hen someone needs to say something tough, they don’t say it as loud as the rest of what they say,” according to the release. That’s a data point trainers are using to encourage airmen to be confident in getting others help.
Spouses of airmen are also being offered the training and it is expected to continue as more modules are created by Moth and Flame, the VR studio contracted to make the content.
If you or someone you know needs help, call 1-800-273-8255 for the National Suicide Prevention Lifeline. You can also text HOME to 741-741 for free, 24-hour support from the Crisis Text Line.
Basic cybersecurity standards must start with procurements, experts say
Government must do a better job of setting minimum cybersecurity standards when buying IT to avoid more breaches like the ones agencies suffered after the SolarWinds hack, say cyber experts.
Large procurements, in particular, should be used to drive modern security architectures that better protect entire systems, said Jeanette Manfra, director of government security and compliance at Google and a former top official with the Cybersecurity and Infrastructure Security Agency.
If agencies consider the risks of introducing software like SolarWinds Orion to their networks during the procurement process, they’ll also avoid introducing vulnerabilities.
“The government is a very large consumer,” Manfra said during a Center for Strategic & International Studies event Friday. “They need to be driving what those security standards are that they want to see through their procurements.”
While the government should also establish minimum cybersecurity standards for the private sector, experts agreed they should be voluntary and not become a check-the-box activity for companies.
The SolarWinds software supply chain attack began in March and was massive in scale at nearly 18,000 intrusions. At least nine federal agencies were compromised, with the extent of the damage still being assessed.
While the hack was detected in December and widely reported to have been committed by Russia, the reality is that true attribution is ongoing, said retired Lt. Gen. Ed Cardon, senior counselor at the Cohen Group.
All of this points to gaps in information sharing between government and the private sector.
“Info sharing is a pretty broad term,” Cardon said. “Just simple things like worldwide collection of DNS logs, it’s amazing how if we would just do that we could do a lot with attribution. But often those are missing; they’re not collected.”
CISA, which Manfra left in November 2019, continues to make inroads with companies to determine who has the information it needs to avoid specific cyberattacks, she said.
The agency was established to be the central clearinghouse on the civilian side for threat information from the private sector, said Rep. Michael McCaul, R-Texas.
The ranking member on the House Foreign Affairs Committee said he’s planning to introduce legislation establishing a mandatory breach notification system. Breach data could be easily anonymized to protect the companies involved and liability protection ensured, so companies wouldn’t withhold information for fear of lawsuits, McCaul said.
“Some companies don’t report this at all,” McCaul said. “And it’s important we have that threat information to share it not only with the private sector, where 80% of this resides, but across all departments within the federal government.”
DISA’s Vice Adm. Norton retires
Vice Adm. Nancy Norton left one of the military’s top IT jobs Friday as she retired from her directorship of the Defense Information Systems Agency and command of Joint Forces Headquarters-Department of Defense Information Network (JFHQ-DODIN).
Lt. Gen. Robert Skinner of the Air Force replaced Norton at a change of command and directorship ceremony Friday.
Norton leaves at a critical time for DISA as it prepares to issue an $11 billion IT services contract, lead a major consolidation of support agency IT networks and continue investigating the SolarWinds hack. DISA will also maintain its own pivot to maximum telework and continue supporting DOD’s adoption of the Commercial Virtual Remote environment.
“We have done an amazing job,” she said during a virtual roundtable with reporters Thursday. “The thing that was most important, is how we have treated each other as people.”
Supporting the military’s shift to telework was not the first major crisis she steered DISA through. Under her watch, DISA was almost eliminated by Congress in 2018, a move she helped thwart. She said that “telling the DISA story” and increasing the transparency of the agency was what helped save it from the chopping block.
“It is pretty amazing if you think about what would have happened in 2020 if that had happened,” she said of the potential cutting of DISA’s funding.
Amid the response to a global pandemic, Norton also helped oversee the response to the recent SolarWinds breach. As commander of the Joint Forces Headquarters-Department of Defense Information Network, Norton leads the operation and protection of the military’s IT networks, which were targets of the suspected Russian hackers who led the larger cyberespionage campaign. DISA said it did not find any bad actors on DOD networks, but investigations remain ongoing.
Norton joined the Navy as an officer in 1986 and rose to become the first female director of DISA in 2018. While leading the DOD’s IT support agency, she pushed for more diversity and inclusion in the military technology community.
Network consolidation
DISA’s plan to make itself the single service provider for defense support agencies, dubbed the Fourth Estate network optimization initiative (4ENO), is a massive undertaking involving technical consolidation, personnel shifts and workforce restructuring. With Norton at the helm, DISA broadened its mission with the project.
The process is already underway with the Defense Technical Information Center already transitioning help desk and IT personnel into DISA, Norton said. More migration is expected to happen under Skinner’s directorship.
A part of the migration will be the award of the Defense Services Enclave (DES) contract for a single vendor to help with the technical integration of disparate networks — a deal that’s worth up to $11 billion.
The contract will be an indefinite-delivery, indefinite-quantity vehicle with task orders issued for specific work. The agency anticipates a 10-year work period, but the contract will have an initial four-year base with three optional two-year extensions.
“The concept of making DISA the single service provider is really something new,” Norton said. “That is really exciting.”