Page 495 | FedScoop

The votes are in for the 2025 FedScoop.

Interior will implement CDM components under $54M contract

The Department of the Interior plans to implement several Continuous Diagnostics and Mitigation (CDM) program components over four years after awarding CVP a $54 million contract announced Wednesday.

The Information Management and Assurance Program Support (IMAPS) contract covers cybersecurity services for DOI‘s chief information officer and chief information security officer.

Specifically, technology consulting company CVP will optimize DOI’s risk management framework, as well as its information security and continuous monitoring.

“Aligning department-wide initiatives with agency-specific priorities requires change management expertise — not just next-generation technology expertise,” said CEO Anirudh Kulkarni in the announcement. “We look forward to partnering with the department as it looks to set the standard for cybersecurity in government.”

CVP will also streamline DOI’s system authorization lifecycle by integrating assessment and authorization into technologies.

The CDM program, housed within the Cybersecurity and Infrastructure Security Agency, deploys network monitoring tools to give agencies a better idea of who’s inside their network and why. Meanwhile, increased telework during the pandemic has agencies addressing new gaps in their cybersecurity.

CMMC board faces ‘passionate’ internal turmoil over new contract with DOD

The third-party board that the Department of Defense tapped to implement a new cybersecurity standards program is facing its most intense internal turmoil yet, with members questioning its leadership and the future of its relationship with the Pentagon.

Recent events have caused some board members to begin to lose confidence in their chairman and see the tensions with the DOD as reaching a potential breaking point, according to multiple sources familiar with the matter and communications reviewed by FedScoop, as the board expands its crucial work in developing and implementing the Cybersecurity Maturity Model Certification (CMMC) program.

The conflict boiled over, for some, in a “reset” meeting last Friday with DOD officials and board members. The cause of the tension centers on a new contractual relationship DOD wants the board to approve. The document would redefine the way the two work together only seven months into the board’s existence.

Some board members see the new contract, which has a new statement of work (SOW) outlining the board’s responsibilities, as a diminution of authority and an increase in liability for the all-volunteer group, according to external private communications reviewed by FedScoop and sources familiar with the matter. Multiple members have threatened to resign as others begin to privately express a loss of confidence in chairman Ty Schieber, according to communications reviewed by FedScoop and sources familiar with the matter.

The board is still “collaborating” and in a “joint education process” over how best to define the SOW, Mark Berman, the chair of the board’s communications committee, told FedScoop.

“It is not tension, it is passion,” he added of the internal dissent. “I passionately disagree with some of my peers and passionately agree with my peers on certain issues.” He said that talk of a loss of confidence in Schieber was a surprise, and he has not heard it discussed by board members.

CMMC — the program the board has been tapped to implement — is the largest change to defense contracting in years. If the program is successful, DOD will require all of its 300,000 contractors (with a small exception) to conduct a third-party cybersecurity assessment certifying that they meet a certain level of network maturity on a new five-level scale.

Implementing this transformation requires careful orchestration between the third-party board, the CMMC Accreditation Body (AB), and the small CMMC Program Management Office (PMO) in the Pentagon. In public statements, the AB and the DOD’s lead CMMC officials have consistently praised each other’s service and committed to close partnership. It’s a message reinforced by a DOD spokeswoman when asked to comment on this story: “We certainly have the utmost confidence in the AB’s ability and have a close partnership with them.”

Berman said the board’s relationship with the DOD remains close and strong and that during the recent meeting, the conversation was positive and DOD officials expressed their appreciation for the board’s volunteer work.

The Friday meeting was the first that Katie Arrington, the DOD’s lead CMMC official, had with the full board. Several sources familiar with the call described it as “rough” and said Arrington, officially DOD’s CISO for acquisition and sustainment, spent time accusing the board of “leaks” to news media. Berman said he wouldn’t comment on the specific conversations, but disclosures of information did come up.

The SOW would supersede the current memorandum of understanding that authorizes the AB to work on DOD’s behalf. A contract would be legally more enforceable and tighten the boundaries of the work each entity can legally do. For months there have been disagreements between members of the AB and DOD’s PMO office on which entity should work on what and how to answer basic questions on the program’s model and implementation, communications reviewed by FedScoop show and multiple sources familiar with the matter say.

The DOD spokeswoman said the SOW and contract would allow the DOD to sponsor security clearances for board members, if needed, and “provides a more binding relationship.”

The fissures and political infighting put the program at its highest risk yet and come at a critical time when contractors are waiting for regulatory guidance from the Office of Management and Budget, Eric Crusius, a partner with Holland and Knight, told FedScoop.

“It is concerning, I hope they can work it out,” he said, adding that he has confidence in Schieber’s ability to manage the difficult situation.

One DOD official in the PMO described disagreements on the SOW as potentially terminal for the AB, according to a private external message reviewed by FedScoop. Berman said that there has been no indication that a fracture between the DOD and AB is imminent. He added that the AB and DOD officials discussed “increasing the cadence of meetings” between the two entities, a move that does not indicate separation, he said.

The private feelings of officials involved in the process are reflected by some outside observers watching the development of the program.

“It’s a good idea, but the management of it seems ham-handed,” Mike Hamilton, founder of CI Security, told FedScoop.

SOW still in question

The meeting did not resolve the issues on the SOW — another SOW-related meeting was scheduled for Wednesday evening — but it did bring up months of tension over fundamental questions of the models’ implementation. The meeting crystalized some members’ belief that DOD’s strategy is to leave the AB to own the “mess” of any potential failings of the program, sources familiar said.

Berman said that so far, the initial rollout has yielded enormous interest from industry and “excitement” from the DOD and AB. He said so far hundreds of applications to be involved in the ecosystem of assessors, trainers and consultants have been received. He described it as evidence of the AB’s initial success.

One of the central disagreements that has dogged the relationship between AB members and the PMO is around the CMMC “standard,” which according to the MOU, the AB creates. Details remain unresolved around how the SOW will divide authorities over the creation and maintenance of standards.

More contracts, more money

With a contract replacing the MOU, complaints and allegations of conflicts of interest would be more impactful, Crusius said. A recent CMMC government contracts alert from law firm Akin Gump Strauss Hauer & Feld also highlighted the conflicts the AB’s structure creates. If the AB signs on to a typical contract with the DOD, it would include compliance with the Defense Federal Acquisition Regulations, bringing added regulatory and financial burden to the organization.

“The significant role played by the directors in the AB’s guidance, training, accreditation and certification functions create significant potential for conflicts of interest,” the Akin Gump alert states. The AB has a code of ethics posted to its website that ban board members from advancing their personal interest.

More costs to the AB could further inflame tensions. Previously, board members dissented over talks of contracting with a marketing firm to rename and rebrand the AB before they had started taking in money for the training and accreditation process it will own. A contract also opens the door for complaints to be full-on protests that would only serve to slow down the process.

The debate over the SOW falls in the zone of government contracting where legal formalities and managing difficult relationships can conflict.

“As much as government contracting is all about formalities … is still a people business,” Crusius said.

OMB needs an enterprise risk officer to help protect infrastructure and supply chain, report says

Former senior federal officials recommended the Office of Management and Budget appoint an enterprise risk officer to address growing cyberthreats to both government and industry, in a report issued Tuesday.

An OMB enterprise risk officer could spearhead efforts to quantify threats to data, information technology and intellectual property, according to the American Council for Technology and Industry Advisory Council.

In its first report on critical issues ahead of the 2020 presidential election, ACT-IAC recommends the enterprise risk officer address threats nationwide, not just within federal agencies. In the private sector, the top risk-management official is sometimes called a chief risk officer or CRO.

“This strategy will provide risk management for a whole-of-nation perspective, looking at both physical and cyber risks to our government and critical infrastructure industries,” reads the report. “It will provide a mechanism for taking action to mitigate risks arising from overlap and duplication and uncoordinated silos, which create vulnerabilities and gaps, especially in the supply chain.”

Government has been too reliant on overseas suppliers for personal protection equipment (PPE) in responding to the pandemic, but an enterprise risk officer could coordinate the supply chain by inventorying supplies and medical devices, according to the report.

Outcome offices, acceleration strategy

Aside from making IT infrastructure more risk tolerant, ACT-IAC made three recommendations for making government more agile.

The report suggests that government make “outcome measure” data available by having agency deputy secretaries appoint temporary leaders to head up outcome offices that disband once their objectives are met. Outcome leaders would align resources, build partnerships, develop plans and reporting, and work together across agencies.

The government can make itself more agile by having the President’s Management Council create and oversee an acceleration strategy, according to ACT-IAC.

Such a strategy would outline the roles of chief information officers, chief technology officers, chief information security officers, chief experience officers, and business leaders. The strategy would also serve as an operational framework for U.S. Digital Service, the General Services Administration’s Technology Transformation Services, agency innovation centers, the Office of Personnel Management Lab, and Office of Federal Procurement Policy, according to the report.

ACT-IAC recommends the government establish a new workforce and leadership model that focuses on attracting and retaining employees capable of identifying emerging technologies, acquiring them faster and using them to drive agency change.

The four recommendations were not only for unelected officials but Congress and advisors. OMB did not respond to a request for comment on whether legislation would be needed before it could act on ACT-IAC’s recommendations.

HHS, VA, Energy form data partnership for coronavirus vaccines and therapies

Three federal agencies agreed to coordinate and share data on potential COVID-19 vaccines and therapies as part of a pandemic response initiative announced Tuesday.

The departments of Energy, Health and Human Services, and Veterans Affairs formed the COVID-19 Insights Partnership, which will use DOE’s high-performance computing resources for research and data analysis.

COVID-19 virology will also be studied, with HHS and VA expected to announce research projects as they launch.

“The volume and quality of the data HHS has on COVID-19 has advanced by leaps and bounds in recent months,” said HHS Secretary Alex Azar in the announcement. “The Department of Energy’s world-class resources will help us derive new insights from the data we gather to help patients and protect our country.”

The new partnership builds on the work of the COVID-19 High Performance Computing Consortium, which is offering resources to global researchers.

Oak Ridge National Laboratory‘s Summit is one of the world’s fastest supercomputers and already running complex analyses on massive, integrated coronavirus datasets. Now it will be put to work by the COVID-19 Insights Partnership as well.

“Our nation’s understanding of COVID-19 has already benefitted greatly from our world-leading high-performance computing and artificial intelligence resources,” Secretary of Energy Dan Brouillette said in a statement. “And we look forward to continuing our coordination across Federal departments and agencies in the fight against this virus.”

Air Force selects pool for $400M ‘Skyborg’ contract for autonomous drone systems

The Air Force’s Skyborg Vanguard Program for teaming autonomous drones with human-controlled planes has chosen the pool of contractors that will compete for task orders on a $400 million indefinite delivery, indefinite quantity (IDIQ) contract.

Boeing, General Atomics Aeronautical Systems, Kratos Defense and Northrop Grumman all will be able to vie for work on the highly networked technology.

The program’s focus is on “attributable” aircraft — meaning that the autonomous drones should be relatively low-cost in a way that makes them expendable in a high-risk operation. The program is one of the Air Force’s most “far reaching” technology programs that aims to leverage artificial intelligence to support the autonomous network of drones and link to other emerging technology programs like the Advanced Battle Management System.

“We are at the very early stages,” Brig. Gen. Heather Pringle, commander the Air Force Research Lab, said during a virtual press conference Tuesday. “Ultimately, we are progressively adding to the autonomy” of the systems.

The Air Force has partnered Pringle’s research lab with other Program Executive Offices in the development of the program. The goal is to have an “open architecture” partnership across the department to link the Skyborg program with other emerging technologies that use autonomy and networks in battle.

Cybersecurity at the core

The program will have cybersecurity at the core of its development, Pringle and Brig. Gen. Dale White, who leads the Air Force’s program office for fighters and advanced aircraft both said. The generals said that “red teaming” and aggressive testing will be a critical part of experimentation on prototypes and eventual products that come from the IDIQ contract.

“You have to red team it, you have to challenge it, you have to try to break it and that is part of testing and that is a part of experimentation,” Pringle said.

The Air Force will be using offices across the DOD to work on hacking the system, White added. The Air Force also plans to start the authority to operate (ATO) process for the software early in experimentation in order to meet development timelines, White said.

“The process by which we do the ATO’s has not changed, the but the process in this program will be to bring early input,” he said.

The at times months-long process for earning an ATO has foiled software acquisition and updates in past programs. The companies selected will be expected to follow industry best practices for cybersecurity in their work with the military, the generals added.

CBP scores $15M TMF award to modernize import tracking system

Customs and Border Protection has received a $15 million Technology Modernization Fund award to help with the continued modernization of a COBOL-based platform it uses to track imported goods.

CBP will use the funding to breathe new life into its 30-year-old Automated Commercial System, a mainframe platform that runs on 3.9 million lines of COBOL code to track, control, and process everything imported into the U.S.

“I am thrilled to congratulate CBP on their award as one more example of the ability of the TMF to enable long-term modernization projects across the federal government,” said Deputy Federal CIO Maria Roat, who sits on the TMF Board.

The agency refers to the modernized platform as the Automated Commercial Environment. According to a release, “by the end of this project, CBP will have a cloud-based core collection system that will modernize both the underlying technology and the code base. CBP will also achieve operational efficiencies that will decrease its current software expenses and reduce other existing development and maintenance expenditures.”

The Automated Commercial Environment isn’t exactly a new project for CBP, however. The customs agency has been working to modernize the system through a $5 billion acquisition for the better part of the last two decades — a struggle well-chronicled by critical Government Accountability Office audits that refer to the project as high-risk.

This award is the 10th under the TMF program since 2018. In total, the board has doled out more than $116 million to seven agencies, which are expected to pay back the money within five years. In total, the fund has received $150 million in appropriations, despite the White House requesting significantly more.

House Democrats hope to give the TMF a significant boost of at least $1 billion in the upcoming coronavirus relief package. However, they must convince Republicans in the Senate, who have been wary of the TMF, that the fund is deserving of such a robust payday.

Marine Corps base gets military’s first look at ‘ultra wideband’ 5G

Another military base has been added to the growing list of fifth-generation wireless technology test beds, this time testing “ultra wideband” 5G, which can use lower energy levels over a wider portion of the radio spectrum to rapidly send data.

The testing, conducted in partnership with Verizon, will happen at Marine Corps Air Station (MCAS) Miramar near San Diego, which is home to 15,000 service members as well as the 3rd Marine Air Wing. The Marine Corps plans to test how 5G can enable future smart bases that are more protected, resilient, and supported by autonomous transportation vehicles. It is the first ultra wideband test on a military installation, according to the news release.

“We are excited to explore the art of the possible with 5G Ultra Wideband’s high bandwidth, fast speeds and low latency,” said Lt. Col. Brandon Newell, Director of Technology and Partnerships for the Marine Corps Installation Next program. “This is a critical step to accelerate the nation’s 5G aspirations. At Miramar, we are focused on collaboratively exploring 5G-enabled technology in the areas of energy management, connected vehicles, drones, and base security.”

The partnership with Verizon is similar to many others set up at bases across the country. This partnership was brought together through the NavalX SoCal Tech Bridge, a technology partnership program that recently expanded its locations on Navy and Marine Corps bases.

Linking private sector companies like Verizon with the military is a part of the Pentagon’s 5G strategy to counter the growth Chinese companies have had with developing the emerging technology.

“We’re thrilled to partner with MCAS Miramar to create a 5G test bed where we can work together to develop new uses cases that improve cybersecurity, enhance the use of unmanned ground systems and drone delivery, and more,” Andrés Irlando, senior vice president and president, Public Sector and Verizon Connect at Verizon, said.

The partnership will act as a “living lab” for 5G testing, Verizon said. A benefit to ultra wideband is its lower power use and high bandwidth data transmission, giving the Marine Corps opportunities to experiment with “energy management” of the technology.

SOCOM looks to combat disinformation in Africa on new governmentwide contract

Special Operations Command Africa plans to use IST Research’s Pulse Platform to combat disinformation about the coronavirus pandemic and other issues on the continent and identify those responsible.

SOCAFRICA’s is the first task order on a five-year, $66 million Phase III Small Business Innovative Research (SBIR) contract, awarded solely to IST Research by the General Services Administration last week.

The command wants to continually engage the African population where it’s operating, understand sentiment, and determine if its own efforts to communicate affect the information environment, IST CEO Ryan Paterson told FedScoop.

“There is an enormous machine of disinformation happening in that continent,” Paterson said.

Pulse Platform consists of three components, the first of which is population engagement. The concept emerged from Paterson’s time working with the Defense Advanced Research Projects Agency in Jalalabad, Afghanistan.

“We had no mechanism for robust, continuous U.S. communications with the population in a structured manner,” Paterson said. “So different levels of technical insertion, different levels of literacy.”

Pulse Platform allows for a coordinated, remote information campaign through polling and census work, surveys and behavioral change communications designed to reinforce concepts like the importance of hand-washing during a pandemic. A TV or radio advertisement can be followed with messaging on preferred regional apps like WhatsApp and Signal in western countries or LINE, WeChat and Weibo in eastern ones.

The second component of Pulse Platform is social listening, which amounts to understanding conversations, misinformation and disinformation on the internet surrounding issues like the pandemic or the protests of systemic racism in the U.S.

While none of IST Research’s customers specifically asked the company to monitor the protests, nor does it look inside the U.S. “all that often,” it does spend “a lot” of its own money engaged in the information environment, Paterson said. In this case, IST Research was interested in identifying voices “not organic” to the ongoing debate like trolls and bots, he said.

The final component of Pulse Platform is content discovery, basically running analytics on the data coming in from the first two components to identify connections.

“I don’t feel like, as a general population, we understand just how much external forces are driving the discourse in the information environment that makes us all yell and scream at each other on Facebook or whatever the channel,” Paterson said. “We can say it out loud: Russia, China, Iran, North Korea are all active in our information environment causing discord.”

As a result, agencies and the military need to push counter-communications and monitor the information environment in real-time, he said. SOCAFRICA did not respond to a request for comment by the time of publication.

The Phase III SBIR contract is IST Research’s first governmentwide contract and opens the door for other agencies like the State Department, U.S. Agency for International Development, Department of Homeland Security, and Department of Justice to place task orders as well. Previous IST Research contracts were always with a Pentagon holder, like a five-year, $50 million contract with Army Contracting Command.

While face-to-face survey work remains the “gold standard,” that’s tough right now with coronavirus travel restrictions in place — making Pulse Platform a better “gap filler” than ever, Paterson said. IST Research conducted a COVID-19 survey that touched 300,000 people across about 40 countries and eight languages in five days.

The company made $11 million in revenue last year and estimates that number will be closer to $25 million in 2020, with U.S. agencies getting their “butts kicked” by Russia in the information space, Paterson said.

“We are not as divided as everybody would like us to think we are,” he said.

Pentagon planning for the next 25 years of cybersecurity

The Department of Defense isn’t just focused on the cybersecurity of today — it’s looking 25 years into the future.

The Pentagon’s undersecretary of research and engineering — essentially the department’s CTO — issued a request for information late last week, asking for help building out a roadmap of science and technology activities related to advances in cybersecurity over the next two-and-a-half decades in line with the 2018 National Defense Strategy.

The solicitation asks interested parties to help inform the Pentagon’s future cybersecurity guideposts by sharing “their R&D projections, technical capabilities, and demonstrated experiences in cybersecurity and cyberspace operations,” the RFI says.

The 2020 National Defense Authorization Act directs DOD to develop the roadmap in consultation with department’s CIO, the secretaries of the military services, commander of U.S. Cyber Command, director of the Defense Information Systems Agency, director of the Defense Digital Service and other top Pentagon leaders.

Subsequently, the Office of the Undersecretary of Defense for Research and Engineering — currently headed by U.S. CTO Michael Kratsios, who is on a detail from the White House — will be required to submit annual reports on cyber S&T starting in fiscal 2021.

Developed under the leadership of Daniel Ragsdale, principal director for cyber in the R&E office, along with a DOD cybersecurity community of interest, the roadmap will focus on three timeframes of cyber development: 2020-25, 2025-30, and beyond 2030. However, DOD is “most interested in cybersecurity and cyber operations technologies that will affect cyber S&T investments in the 2025-2030 timeframe (mid-term future),” the RFI says. The idea is the roadmap will give the department a well-rounded look into the future of defense cybersecurity, with an emphasis on those capabilities a few years down the road.

The department is interested in information around cybersecurity in a variety of areas, like national security systems, weapon systems, business systems, critical infrastructure systems, and enterprise and network systems.

Interested parties must submit any questions by Aug. 7. Final responses are due Aug. 21.

NOAA improving unmanned maritime systems development through 10-year partnership

The National Oceanic and Atmospheric Administration plans to improve unmanned maritime systems research, assessment and acquisition through a partnership with the Scripps Institution of Oceanography announced Wednesday.

First the Office of Marine and Aviation Operations will establish the structure, staffing and training for its recently created Unmanned Systems (UxS) Operations Program based on recommendations from the institution at the University of California, San Diego.

The Coastal Observing Research and Development Center at Scripps will also design and test an unmanned surface vessel outfitted with a payload for collecting meteorological and oceanographic data in an initial project.

“Innovative use of unmanned systems will benefit many NOAA programs, augmenting data collection often at lower cost, increased safety and reduced risk — especially in remote or extreme environments,” said retired Navy Rear Adm. Tim Gallaudet, deputy NOAA administrator, in the announcement.

The 10-year agreement between OMAO and Scripps allows them to collaborate on specific UxS projects and move the technologies into operational platforms for environmental data gathering, said Rear Adm. Michael Silah, who directs the office.

NOAA‘s UxS operation will be based out of a new facility in Gulfport, Mississippi.

The Commercial Engagement Through Ocean Technology Act of 2018 requires NOAA UxS research and development with the Navy, other federal agencies, industry and academia. NOAA received $12.7 million in fiscal 2020 from Congress to create the UxS Operations Program, part of its UxS Strategy document.

“Innovative new technology to observe the ocean and to gather data is essential to understand and predict the ocean,” said Margaret Leinen, director of the Scripps Institution of Oceanography, in a statement. “Unmanned systems allow us to observe the ocean more regularly and at greater scale.