The votes are in for the 2025 FedScoop.

See the winners!

DHS CIO pursuing $250M in cloud-focused ‘technical support services’

The Department of Homeland Security’s Office of the CIO is looking for “highly specialized technical support services” to better serve the department’s headquarters business units.

DHS issued a sources sought solicitation Aug. 1 for architecture, development and platform technical services, largely anchored around a move to modernized cloud computing capabilities.

This solicitation will likely result in the creation of multiple new BPAs worth up to $250 million, the department said.

“DHS has identified several requirements for new business applications that will support improved integration and overall efficiency of headquarters business units,” the solicitation said. “Additionally, DHS needs to modernize several of its existing business applications to migrate off unsupported platforms and improve the efficiency of OCIO’s application delivery functions. OCIO’s intent is to build these applications based on a suite of reusable services.”

DHS officials added that the new solicitation resulted from a need to re-compete multiple existing contracts under its Enterprise System Development Office BPA, set to expire next year.

The solicitation seeks cloud service providers and other vendors that can offer DHS a number of services, including:

The agency has been actively pursuing a shift to cloud computing since 2011, releasing its most recent data center optimization strategy in October 2016 in an effort to shrink its digital footprint and capitalize on cloud technologies.

New DHS CIO Richard Starapoli detailed his plans to modernize his office at FedTalks at Night earlier this summer, particularly in moving his department’s business units to the cloud at a hedge-fund pace.

“Why do we want to continue with months and years of debate about whether something is cloud-ready?” Staropoli questioned at the event in June. “I am not going to let that percentage of things that aren’t cloud-ready hold up DHS moving along and transitioning the things to the cloud that we use every day, which will result in greater productivity, more stability, greater security, and a tremendous financial savings in the long-run.”

Stakeholders will have until noon on Aug. 25 to respond to the solicitation.

Demand for the first edition of Coding it Forward’s Civic Digital Fellowship surprises even the founders

As recently as March, the precocious group of Harvard undergrads wasn’t sure it would work, but it did: Fourteen students are now in week nine of a 10-week internship at the U.S. Census Bureau as the first cohort of the Civic Digital Fellowship.

The idea was simple: What if we can find a way to get undergraduate computer science talent into interesting, meaningful tech internships in the federal government? Government internship recruitment, the comp-sci students found, isn’t targeted at them. But working in tech at federal agencies appeals to the likes of Chris Kuang, a rising sophomore at Harvard and one of the co-founders Coding it Forward, the organization that created the fellowship. And, well, the government would love to have them.

“The young talent in our network didn’t know they were being sought by the government,” Kuang said. The Civic Digital Fellowship was conceived as a go-between, recruiting young tech talent from across the country for a summer fellowship.

For this first edition of the fellowship the Census Bureau stepped up, offering the students paid summer positions in engineering, design, user experience and more.

Granted, the whole thing had some not-insignificant backing. The group’s champion on the inside was Jeff Meisel, a former Presidential Innovation Fellow who works as the chief marketing officer and division chief at the Census Bureau’s Customer Liaison and Marketing Services Office. Meisel pushed the bureau to secure funding and make room for the students.

“It took a monumental effort to pull it off” in such a short time, Meisel told FedScoop in an email. But seeing the students’ passion makes all that worth it, he said.

“We’ve been able to compete with Silicon Valley tech companies for STEM talent, which is not an easy thing to do as a federal agency,” he said.

Even with only grassroots advertising, the number of applications was overwhelming, Kuang said. Initially the fellowship had planned to admit eight students — but it ended up bringing 14 to D.C. The students are from schools across the country, including Harvard, MIT, the University of Texas at Austin and others.

The IRS and Environmental Protection Agency also expressed interest in the program, but couldn’t find the budget for it. Between them, these agencies did manage to bring eight unpaid interns in through Coding it Forward’s Pipeline Program, which is separate from the fellowship.

Taking on a life of its own

At the Census Bureau, the students are involved in all kinds of projects. Fellow Rachel Dodell, for example, is on a team working to redesign a website that makes census data available to small businesses. Another fellow is working to build a kind of data-science training platform that can teach citizens some new skills utilizing data from the census, Kuang said.

These aren’t just busywork, either. “It’s nice to know [our work] will continue to be used once we leave,” Dodell said.

Dodell and Kuang continuously cite the potential “impact” of their work in the government as what excites them most. This, interestingly, is in line with the pitch federal CIOs tend to make when trying to attract talent.

The founders have every intention of keeping the fellowship going, preferably with additional agencies. They’re excited to work with “any agency that recognizes the need,” Kuang said. “We’ve had quite a few agencies actually reach out to us,” Dodell added. The agencies will have to set aside resources, of course, but the team hopes they’re starting early enough this year to make budget room for 2018.

Finding another ‘no brainer’

Meisel told FedScoop that future Census Bureau participation feels like a “no brainer,” and that he would encourage other agencies to participate as well. “Agencies should consider the program as part of their overall talent strategy, as they think about the future of their workforce, and how to bring in next generation digital skills,” he said.

“While Census has invested in summer work programs for many years, the Civic Digital Fellowship is a first-of-its-kind program that focuses on many of the digital skills that are critical to the future needs of our agency,” including data science, software engineering, product management and user-centered design, Meisel said.

Have they found that college students, including those who may not have voted for Donald Trump, have any qualms about working in the federal government under the current administration? Not at all.

“I don’t think what we do is political,” Kuang said. “We’re here to innovate and modernize and bring a new perspective into government.”

Indeed, they’ve learned to separate government from politics, Dodell reflected. “A lot of it is just about delivering services,” she said.

“It’s such a valuable thing to have this experience as a student,” Kuang said.

GSA awards $50B EIS contract to 10 telecom companies

After almost two years in development, the General Services Administration has awarded its $50 billion contract that will impact the way agencies buy network and telecommunications products and services for the next decade and a half.

GSA officials said on FedBizOpps that the mega-contract was awarded to 10 telecommunications companies, including:

The 15-year Enterprise Infrastructure Solutions contract will serve as GSA’s premiere telecommunications contract beginning in 2020, following a transition from the Networx contract vehicle, which has been in place since 2007.

Initial requests for proposal for the contract emerged in 2015 to develop a replacement for Networx, which provided agencies more than $1.79 billion in telecommunications and network services in fiscal 2016.

“The award of EIS is a major milestone that demonstrates GSA’s continuing commitment to giving federal agencies forward-leaning and flexible contract solutions that are designed in collaboration with our industry partners and provide streamlined access to mission-essential, cutting-edge services,” GSA Federal Acquisition Service Commissioner Alan Thomas said in a statement. “I applaud the great work the EIS team did to get us to the finish line. This contract is essential to our customer agencies as they improve operations and citizen services into the future.”

Four of the awarded contractors — AT&T, Verizon, CenturyLink and Level 3 Communications — had previously provided services through the Networx contract vehicle.

The indefinite delivery/indefinite quantity (IDIQ) contract has a five-year base period with two five-year options and a contract ceiling of $50 billion.

Alan Chvotkin, executive vice president and counsel of the Professional Services Council, said EIS presents GSA and federal agencies “a huge opportunity” following a litany of telecommunications contracts that proceeded the massive contract vehicle.

“Any time you have a [$50 billion] with a 15-year period of performance, it’s a big deal,” he said. “And it is for GSA. This is continuing their work as the contracting agency of choice for government-wide telecommunications services.”

Prior to the EIS contract, federal telecommunications services had been channeled through a collection of contract options — Networx; Washington Interagency Telecommunications System 3 for federal entities in Washington, D.C., Virginia and Maryland; and Local Telecommunication Services — all of which will now be provided under the new IDIQ vehicle.

“Federal agencies need to be able to transform their communications and networking technologies from those that serve their needs today to those that will carry them into the future. EIS is a strong first step in that direction. This is a good day for government agencies,” Mike Maiorana, Verizon Enterprise Solutions’ senior vice president of public sector markets, said in a statement.

The transition to EIS is expected to be so extensive that GSA officials in decided to extend Networx, WITS 3 and Local Telecommunications Services contracts another three years to provide agencies time to shift their services ahead of a 2020 implementation deadline.

Speaking about the contract at a July 13 event, the GSA’s assistant commissioner for category management, Bill Zielinski, said agencies would need to start working on their shift to EIS now to stay on pace for the 2020 implementation.

“We’ve been working on this for over a year now,” he said. “So, whether you are an agency who’s working on their transition plans or you are one of our industry partners, the idea of being able to have a transition plan in place is very, very important.”

Part of those preparations includes a detailed inventory of the devices on each agencies’ network, providing a stronger insight into what services the contract can provide and shoring up its cybersecurity defenses by converging telecommunications solutions to reduce the cyberattack surface.

Chvotkin said given that each agency will require a varying degree of services offered under EIS, which makes the transition period critical, as agencies will be surfing not only a new suite of services, but also balancing their requests to meet mission deadlines.

“Think about this as a core-contract, an IDIQ contract of mega-propositions,” he said. “I would be very surprised if everybody took the entire menu. Not everybody is going to feel as hungry. Not everybody needs the broad sophistication that the contract might offer.”

Trump administration taps innovation expert to lead VA’s integration office

The White House has again gone to the private sector to bring innovation to the federal government.

President Donal Trump nominated Melissa Sue Glynn on Monday to serve as the Department of Veterans Affairs’ assistant secretary for enterprise integration and lead the agency’s Office of Enterprise Integration.

Glynn comes from consulting firm Alvarez & Marsal, where she served as a managing director of the firm’s public sector practice, working on operational efficiency and service delivery between government entities and related contracting companies.

Prior to that, Glynn served as a principal at PricewaterhouseCoopers, working with the VA on enterprise risk management, health care operations and other initiatives.

VA’s Office of Enterprise Integration is tasked with overseeing the department’s risk management, performance management, analytics and innovation efforts, which are areas the White House has focused on in its work to improve both VA operations and veterans user experience.

The office had been managed by Dat Tran, VA’s principal deputy assistant secretary and acting assistant secretary, through the early months of the Trump administration.

USDS and DHS built a tool to help Americans choose the best trusted traveler program

TSA Pre-Check or Global Entry? NEXUS or SENTRI? Have you even heard of the latter two?

The Department of Homeland Security runs a number of trusted traveler programs — programs through which low-risk individuals can use expedited lanes and other benefits when passing through airports. Each program is slightly different, includes a different fee and is best-targeted to slightly different users. So how do you know which trusted traveler program is best for you?

Until recently, the U.S. Digital Service found, you probably didn’t.

In a blog post published on Monday, USDS’ Lauryn Fantano details how one of its teams at DHS built the Trusted Traveler Comparison Tool. The tool, as its name suggests, allows users to answer a couple of questions about their travel habits and learn which trusted traveler program is best suited for them.

“The project kicked off when [Customs and Border Protection] asked USDS for help rethinking the Trusted Traveler application process,” Fantano wrote. “After an initial discovery sprint to see how people were interacting with these services, it was apparent that many real travelers were genuinely confused about the various programs available to them, which government agencies were administering them, and how to apply.”

The team found that while people are interested in applying for TSA’s Pre-Check or CBP’s Global Entry — these websites are among DHS’s 10 most visited — they often don’t know the difference between the two programs.

The comparison tool, released in April, makes answering this kind of basic question easy. The tool is live on the DHS’s website, but is also embeddable on other websites, like airline or travel sites.

“It sets an important precedent that government sites should display the information that’s most useful to user decision making first,” Fantano wrote. “This requires testing, ranking, and displaying data accordingly.”

Watchdog: Pentagon needs stronger guidance for IoT device security

A report from the Government Accountability Office has found that the Defense Department’s policies on Internet of Things devices aren’t sufficient enough to guard against potential security risks.

The July 27 report analyzed the agency’s guidance on IoT devices regarding cybersecurity, information security and physical security concerns, finding that they either didn’t address the devices — which include items like digital wearables and smart televisions — or failed to attribute security procedures for industrial control systems.

“According to the Director of National Intelligence, IoT devices are designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems,” the report says.

GAO officials found that while the agency has begun looking at the security risks posed by IoT devices, no one office oversees security policy for them. Rather, the policy is split between numerous offices, including the DOD chief information officer; the Office of the Assistant Secretary of Defense for Energy, Installations and Environment; the Office of the Under Secretary of Defense for Intelligence; the Defense Information Systems Agency and others.

The agency went as far as to identify a series of risk points in which an IoT device could be compromised — from malware installation during a device’s construction to lack of software patches that make it vulnerable to attack — and has developed mission assurance assessments to outline vulnerabilities from the devices.

While the DOD has policies for the IoT devices, those policies still have gaps where it concerns the potential of a compromised IoT device, such as a smart TV, the GAO noted.

“DoD officials told us that existing DoD policies and guidance do not clearly address security risks relating to smart televisions, and particularly smart televisions in unsecure areas,” the report says. “Officials from military services and other DoD components described smart televisions as a risk to operations security due, in part, to the ability of commercial providers to access the devices remotely—potentially eavesdropping on conversations or sending recordings of these conversations to third parties.”

Officials also acknowledged that the policies don’t address the sharing of data through apps added to DOD mobile devices, potentially allowing developers or hackers to capture data through unauthorized third-party apps.

The report also notes that the DOD’s core cybersecurity policies do not focus specifically on IoT devices, though the agency’s CIO does have policy recommendations centered on IoT security that could inform broader cybersecurity best practices.

The GAO did outline ongoing DOD efforts to address IoT security, including conducting an inventory of its industrial control systems, research and testing of device security by the Defense Advanced Research Projects Agency, and the formation of an IoT forum to examine the potential security risks of the devices.

The report offered three recommendations, including that:

DOD officials concurred with the recommendations and said it was in the process of or had already begun applying them.

18F working to overhaul the ATO process

The General Services Administration’s innovation arm has its sights set on changing the way the federal government decides what software it buys.

In a July 24 comment on its GitHub site, 18F officials said they are developing a plan entitled “Project Boise” to overhaul the authority to operate process by which an agency determines that products meet the security requirements needed to operate on federal IT systems.

18F innovation specialist and developer Aidan Feldman — who is leading the Project Boise team with designer Andrew Maier and strategist Timothy Jones — said in the post that the plan aims to “reduce the burden (time, cost, and pain) and improve the effectiveness of the federal government’s software security compliance processes.”

There are already ATO reform efforts underway at the GSA-based Federal Risk and Authorization Management Program, where officials are developing multiple formats to streamline the authorization process for cloud service providers and give agencies more vendors to choose from.

FedRAMP released a new baseline for its anticipated Tailored service — a proposed software-as-a-service cloud solution would provide agencies with lower-risk security options — for public comment July 13, shortly after requesting information from industry on how it could automate some of its ATO processes.

To develop new policies, the 18F team will collaborate with stakeholders like the Department of Homeland Security’s Continuous Diagnostics and Mitigation group, the Office of Management and Budget, the White House’s Office of American Innovation, the National Institute of Standards and Technology, and FedRAMP.

While the plan is in its discovery phrase, Feldman added that the Project Boise would be reaching out to stakeholders in both the public and private sectors for feedback through the GitHub site on how to simplify the process, including chief information security officers, cybersecurity policymakers and companies crafting products surrounding security compliance.

In the first month, the Project Boise plan calls for the team to map ATO processes across federal agencies to determine the common paths and where they can be improved.

Nick Sinai, a former U.S. deputy CTO under President Obama and now a venture partner at Insight Venture Partners, explained the importance of improving the ATO process in a recent Medium blog post. As it stands, it can take a vendor more than a year to receive an authorization, deterring many innovative companies from even trying.

“We need innovative firms entering the federal market — like those that Insight Venture Partners invests in — to make our government more secure, more effective at delivering services, and more efficient for the taxpayer,” Sinai wrote.

He added: “If the Trump Administration is going to build on the Obama Administration’s efforts to modernize, it will need to transform how the federal government does security compliance.”

Bug bounty industry, helped by federal business, is growing up fast

The bug bounty industry — which basically hires and sells the services of freelance hackers who are paid to find weaknesses in systems or products — is seeing a period of rapid growth, in part because of early successes in the federal market.

Chris Bing of Cyberscoop takes a close look at the leaders of the three companies that are making the most noise in the niche industry: Bugcrowd, HackerOne and Synack. All three firms boast platforms that privately funnel information about software and hardware bugs to their customers so that affected parties can fix software flaws.

Over the last year, the three companies have each expanded in size and influence due to private investors betting big. Significant contracts with the Defense Department, General Services Administration, U.S. Air Force and Army, quickly popularized the disruptive industry, even though the premier brands are still in many ways developing their business strategies and identities.

Crowdsourced suggestions for passport process get a close look from State Department

Applying for a passport can be confusing and costly, but the Department of State is actively trying to figure out how to improve the user experience — and it’s taking suggestions straight from citizens.

State recently teamed up with USAGov to crowdsource suggestions on how the passport application and renewal process might get a citizen experience upgrade. The department and the federal information office used an unnamed “software tool” to create a website where they could solicit and collect citizen responses to one question: “How can we improve the [passport] application process to make it simpler and easier?”

Over two weeks in December 2016 the site collected nearly 1,000 responses and sorted them into general topic areas: on-demand support, renewal reminders, online applications and more.

From there State made several “decisions” — responses on how the department proposes to improve trouble areas. For example, State is in the process of developing an online passport renewal option. It’s also working to improve the plain-writing standards on Travel.State.Gov and find ways to reduce the fees associated with obtaining or renewing a passport.

According to a USAGov blog post, this partnership was the first time USAGov or State had used the unnamed software tool. It’s unclear whether either party intends to use the tool for future projects, but all published reports suggest that this pilot was a success.

Hybrid IT gives agencies ‘the best of both worlds,’ HPE exec says

Hybrid IT gives federal agencies “the best of both worlds,” allowing for the efficiencies of public cloud and the security of traditional on-premise IT.

Hybrid IT enables “us to operate as we’re comfortable and often as mission or security requires, and then [also] be able to share that data in a public form,” Jeff Lush, CTO of HPE federal, says in an interview with FedScoop TV.

And moving to such a model isn’t such a huge lift as one might expect.

“The nice thing about hybrid IT is it allows you to operate as you are today,” Lush says. “This notion of being able to rip and replace everything that you have — it just doesn’t work. There’s nothing about it that’s good. It’s costly, it interrupts the flow of business”

Rather, hybrid IT allows agencies to “truly embrace emerging technology but not have to wait around forever” to completely replace legacy systems.

In the end, hybrid allows agencies to avoid the costly interruption and security risks of completely replacing their critical systems while having the flexibility and savings found in modern cloud services, Lush explains.

Learn more about how HPE can help agencies’ modernization with its hybrid IT solutions.