Federal agencies are $3.3B short of data storage savings goals
Federal agencies have through fiscal 2018 to accrue the remaining $3.3 billion in savings from data center closures and consolidations they pledged to achieve as part of an initiative housed within the Federal Information Technology Acquisition and Reform Act.
As part of the Office of Management and Budget’s Data Center Optimization Initiative, agencies were tasked with saving $4 billion from fiscal 2016 though fiscal 2018.
Despite retiring nearly 4,400 data centers and making plans to shut down about 5,600 more by 2019, the 24 agencies participating in the DCOI reported only $656 million in data center-related savings since the start of fiscal 2016, according to a report released Thursday by the Government Accountability Office.
The most recent report builds on a history of failure in the agencies’ data savings efforts. In November 2015, the agencies claimed they had saved a collective $2.7 billion from closures and consolidation since 2012; however, in August 2016, they reported a total savings of only $2.3 billion between 2012 and 2016 — a $400 million decrease despite the additional nine months.
The report cites a disproportionate commitment by the agencies participating in DCOI as a barrier to progress. Of the $2.3 billion in savings and avoidances accrued between 2012 and 2016, for example, four agencies — the departments of Commerce, Defense, Homeland Security and Treasury — accounted for $2 billion, or 87 percent. Additionally, the departments of Agriculture, Defense, Interior, and Treasury accounted for 84 percent of all data center closures.
The GAO attributes the chasm between savings projections and results to the failure of agencies to develop reliable strategic plans and a lack of strict oversight by OMB. According to its report, only seven agencies submitted full plans for review, and the Defense Department failed to submit one at all.
Of the partial plans submitted to the GAO, 11 contained discrepancies in savings projections as compared to separate reports submitted to OMB. These inconsistencies totaled $1.5 billion.
The report calls on OMB to enhance its oversight of cost-saving measures.
OMB did not offer comment on the report.
Think of FirstNet as ‘ecosystem’ for software developers, board member Takai says
The $46.5 billion network being developed by AT&T and the First Responder Network Authority (FirstNet) will have apps and functionality that cannot even be envisioned today, one of its board members said Wednesday.
FirstNet board member Teri Takai, who has served as chief information officer for California, Michigan, and the Department of Defense, shared some of the project’s vision with an audience at the Public Sector Innovation Summit presented by VMware and produced by StateScoop and FedScoop.
“We’re putting together, now, an ecosystem — so there will be a developer platform, there will be testing and certification, there will be an app store, effectively, for distribution of applications, [and] a set of cybersecurity requirements,” Takai said. “So that ecosystem, that infrastructure is also going to be important.”
Innovative ideas are going to come “from big companies and little companies” alike, she said.
See more about the FirstNet “innovation platform” in Colin Wood’s coverage on StateScoop.
Veterans Affairs awards $19.6M for mobile scheduling system
The Department of Veterans Affairs announced Wednesday the award of a $19.6 million contract for a mobile-friendly patient self-scheduling application.
Document Storage Systems won the award April 14 to provide its commercial off-the-shelf ForSite2020 scheduling software, which will allow veterans to schedule appointments on a computer or mobile device.
The contract supports the Faster Care for Veterans Act of 2016, which requires the VA to “establish an 18-month trial program operational in at least three Veterans Integrated Service Networks (VISNs), under which Veterans can use a cell phone, tablet, computer or mobile device to schedule and confirm primary care, specialty care and mental health appointments,” according to a release.
“The VA is making critical improvements to Veteran health care, and will always look to leverage innovative tools that will put more capabilities in the hands of Veterans,” VA Secretary David Shulkin said in a statement. “Self-scheduling apps are widely used in the private sector and will help create a better experience for Veterans and their medical-care providers.”
According to the Florida health IT integrator, it will configure its software to “provide a VistA-integrated, Veteran self-scheduling portal with a powerful back-end module for configuring business rules” and incorporate “alerts that use VA rules to identify and prevent potential scheduling issues by indicating where prerequisite services are required for a particular patient.”
The application will allow veterans to schedule, modify or cancel appointments; view appointment availability in real-time; and receive reminders to schedule follow-up appointments at anytime of the day.
VA’s flawed scheduling systems have long been the criticism of lawmakers and watchdogs, stemming from technical glitches and deliberate manipulation of the scheduling system that resulted in veterans not receiving timely care and even dying while awaiting care. There’s also been concern over the lack of an adequate self-scheduling tool.
The department does have a self-scheduling application, called the Veterans Appointment Request app, but it’s currently available at 99 select locations. The VA says it will continue use and development of the VAR system.
PATCH Act looks to codify vulnerabilities equities process
A new bill introduced Wednesday would add transparency to a controversial oversight framework currently used by federal agencies known as the Vulnerabilities Equities Process.
The Protecting Our Ability to Counter Hacking Act, or PATCH Act, looks to codify the VEP into law and answer some of the tough questions that surround the current framework, including who sits on the multi-agency review board responsible for decisions and when public disclosure is appropriate.
Sens. Brian Schatz, D-Hawaii, Ron Johnson, R-Wis., and Cory Gardner, R-Colo., and Reps. Ted Lieu, D-Calif., and Blake Farenthold, R-Texas, sponsor the bill.
The PATCH Act also offers a brief decision-making criteria and broadly describes certain considerations that must be weighed by board members, including the Secretary of Commerce and the Directors of National Intelligence.
Find more about the new legislation in Chris Bing’s coverage on CyberScoop.
Acting U.S. CIO touts 2015 cyber sprint as agencies go unaffected by WannaCry
Had it not been for the 2015 federal cybersecurity sprint, it’s very possible federal agencies would have been hit by the WannaCry ransomware, the acting head of U.S. federal IT said Wednesday.
Acting U.S. CIO Margie Graves said the cyber sprint the federal government undertook after the Office of Personnel Management breaches two years ago emphasized agencies’ abilities to “scan your environment almost immediately and report back within 24 hours … to know that vulnerability existed in advance.”
The 30-day sprint, issued by then U.S. CIO Tony Scoot, required agencies to immediately patch vulnerabilities, accelerate the use of multifactor authentication and deploy other security protocols provided by the Department of Homeland Security.
“How would that have helped you last weekend” when the WannaCry ransomware infected more than 200,000 people and organizations in more than 150 countries, Graves asked Wednesday at the the Public Sector Innovation Summit presented by VMware and produced by FedScoop and StateScoop.
“Well, I tell you, it did help the federal government, because to date, I have not heard of a federal government victim of this particular incident,” she said to a round of applause from the audience.
“We picked the things in the cyber sprint for a reason, because they were primary threat vectors, and we knew we needed to fix them,” Graves added.
After her keynote, Graves told reporters she had a “swell of emotion” knowing the federal government, at least so far, was able to escape the havoc of WannaCry.
“We looked at our assets, we got vulnerabilities out,” she said. “Not that something else can’t happen, because there always zero-day attacks. But we started to march down this pathway and it’s starting to show results. Some things are starting to come to fruition.”
Graves and her federal IT colleagues understand, though, that there is no end in the race to secure systems against cybercriminals and hackers, and therefore their work continues.
“It’s never done … you’re never really done, but you have to understand what the prioritization is and just keep marching down that path and eventually try to get ahead of that curve,” she said — particularly when “the bad guy’s job, unfortunately, is getting easier and cheaper.”
So another cyber sprint isn’t out of the question.
“[W]e certainly can run one again — thought I wouldn’t wish that on anybody trying to do all of that in 30 days,” Graves said.
Federal employees get the green light to expense ridesharing
In the culmination of a years-long bipartisan effort to give flexibility to government employees who travel for work, President Donald Trump on Tuesday signed the Modernizing Government Travel Act, which paves the way for federal workers to receive reimbursement for official travel on Uber, Lyft and even Capital Bikeshare.
“Today, we showed that despite tremendous partisanship and gridlock in Washington, progress is still possible,” said Rep. Seth Moulton, D-Mass., sponsor of the bill. “This bipartisan bill will make government travel more efficient and, as a result, save taxpayer dollars.”
Federal employees have long enjoyed travel subsidies for personal vehicle travel and mass transit, but until now ridesharing apps have been either excluded or left in largely ambiguous terms, leaving a convenient and relatively inexpensive transportation option off the table.
The new bill clarifies the broad circumstances under which ridesharing can be expensed and makes permanent the effects of a previous bill passed in January, the Transit Benefits Modernization Act, which sanctioned ridesharing reimbursement through 2018.
The latest bill applies to a slew of modern transportation options, defined as “Innovative Mobility Technology Companies.” According to the bill, an organization fits this description if it “applies technology to expand and enhance available transportation choices, better manages demand for transportation services, or provides alternatives to driving alone.”
“This bill will help our government keep pace with the private sector and save taxpayer dollars,” said Rep. Will Hurd, R-Texas, chairman of the House Oversight and Government Reform Subcommittee on IT. “Modernizing government into the 21st Century is something that we all can agree on and I am grateful that my colleagues on both sides of the aisle and the White House for lending their support.”
Lawmakers have voiced repeated calls for permanent ridesharing reimbursement legislation as the Washington Metropolitan Transit Authority, whose ridership is composed of 40 percent federal workers during peak hours, has faced increasing closures and delays due to its SafeTrack program — a yearlong, $60 million project to repair large swaths of the D.C. metrorail system.
Lawmakers also have pointed to the potential cost-savings and environmental benefits of ridesharing when compared to alternatives like taxis or personal vehicles, which are typically lower-occupancy.
“We need more examples of Democrats and Republicans coming together to get things done for the American people,” Moulton said.
Virginia governor calls on Congress for bipartisan cybersecurity plan
The governor of Virginia urged Congress Wednesday to see past part politics to create a meaningful cybersecurity plan for the good of the nation.
“I have been very public in my displeasure with the Congress,” Gov. Terry McAuliffe said at the VMWare Public Sector Innovation Summit, produced by FedScoop and StateScoop. “I think this is the biggest threat that faces the United States of America.”
McAuliffe criticized Congress for not having a dedicated committee in either chamber dedicated exclusively to cybersecurity — instead, the cybersecurity oversight and rulemaking responsibility is split between many different panels. He also called on Congress to act on building a national plan for cybersecurity that includes states, cities, counties and the federal government.
“Put all the partisanship aside and come together to come up with a comprehensive plan,” McAuliffe said. “[States] need more funding to do what we need to do. We understand where we are collectively.”
Read more form McAuliffe’s keynote in Jake Williams’ coverage on StateScoop.
NIST introduces latest draft of cyber framework
The latest version of the National Institute of Standards and Technology’s Cybersecurity Framework will be “backwards compatible,” a NIST official said Tuesday.
It means organizations already using version 1.0 will be able to seamlessly adopt the new draft, NIST’s Matthew Barrett told attendees.
As a result, he said, there would be less flexibility to tinker with the higher level concepts in the framework, like the five key functions that make up its core: identify, protect, detect, respond and recover. But each function is divided and subdivided and there’s more flexibility to add or delete concepts at those levels, Barrett explained.
Read more on the new draft and its implications in Shaun Waterman’s coverage on CyberScoop.
Revised modernization bill passes House, heads to Senate
The House passed the Modernizing Government Technology Act by voice vote Wednesday, with the expectation that this year it will have an easier path in the Senate.
Supporters of the bill, sponsored by Rep. Will Hurd, R-Texas, touted it as “common sense” and “bipartisan” legislation that will help prevent federal systems from falling victim to massive cybersecurity breaches, pointing to the WannaCry ransomware that wreaked havoc over the weekend as evidence of how imperative it is for agencies to modernize their systems.
“Over the past several years, we have all witnessed the chaos and havoc that sophisticated cyberattacks can and do wreak on our nation and around the world,” said Rep. Gerry Connolly, D-Va. “Just this past week there was a massive ransomware attack that hit 200,000 victims in 150 countries, and those numbers are expected to grow exponentially.”
Hurd’s revised bill takes the framework of his bill from last Congress — proposing again to allow agencies to put money saved through IT efficiencies into working capital funds as well as a centralized IT modernization fund — but limits the amount that can go in the centralized fund to $250 million per year for the first two years. The last bill died in the Senate after it received a devastating $9 billion five-year budget estimate from the Congressional Budget Office.
This time around, the bill’s CBO score was a fraction of that, just $500 million.
Now with his bill headed to the Senate — where it has an identical companion bill sponsored by Sens., R-Kan., and Tom Udall, D-N.M. — Hurd told reporters Wednesday that he didn’t have any worries as MGT moves forward.
“This is what we’ve been doing the past couple of months, having conversations with [the Senate] to see what their concerns were…to make tweaks in the legislation, to deal with the CBO score,” he said after a luncheon keynote at the Public Sector Innovation Summit presented by VMware and produced by FedScoop. “I feel very good in having Moran and Udall championing this on this side.”
“I feel good with the tweaks that we’ve made, that we’re going to see this move there,” Hurd said.
Udall praised the passage of Hurd’s bill, say it “will help federal agencies to retire old systems and invest in new and critical technologies.”
“Maintaining old IT systems is a security risk and costs taxpayers billions of dollars each year,” Udall said. “In the Senate, I’ll fight to pass this bill and see it signed into law, to ensure that our government is getting better service at a better value for American taxpayers.”
Federal IT vendors and trade groups also praised the House vote.
“As recent cyberthreats have shown, time is of the essence to upgrade our government’s critical IT infrastructure,” said CSRA President and CEO Larry Prior. “Today’s passage in the House is an important step.”
Trey Hodgkins, senior vice president for the public sector at the IT Alliance for the Public Sector, called on the new bill to “break the cycle that traps the government in funding outdated IT systems.”
“We hope the House’s strong bipartisan approval of the bill and the CBO score validating the MGT’s potential compels the Senate to pass this important national security measure,” he said in a statement.
OMB to take central role implementing cyber executive order, acting U.S. CIO says
This story first appeared on CyberScoop.
The White House Office of Management and Budget will be at the center of the Trump administration’s move to modernize and secure federal computer networks, the government’s senior-most IT official said Wednesday.
The agency is at the hinge where several important IT initiatives meet the federal budgeting process, explained acting federal CIO Margie Graves. Not only does it help implement the Federal Information Security Modernization Act, or FISMA, but it also has new tasks under the cybersecurity executive order signed recently.
Under the EO, every federal agency or department has to conduct a risk assessment using the Cybersecurity Framework developed by the National Institute of Standards and Technology, and then submit it to the OMB director and the Homeland Security secretary.
That process, she told the Public Sector Innovation Summit presented by VMware, was the essential underpinning for both security and modernization efforts because it identifies the areas where investment is needed. It also had the added benefit of highlighting where operational needs might have to be overridden by security considerations while modernization is pending.
“Understanding your [IT] assets and understanding your [IT] environment … is the very foundation to be able to make those risk-based decisions and those tradeoffs that you make in operational situations on a daily basis,” she said.
“Even though operational effectiveness and cyber are side-by-side,” she added, “Sometimes you have to thread that needle.”
Modernization would proceed, she said, hand in hand with shared services — buying email or storage systems for instance for several departments at once.
“IT modernization and shared services … reduce our attack service … [and] enable us to protect whatever we do with the latest capabilities,” she said.
But it is in the budgeting process that the risk assessments will really add long term value, she explained, and put the OMB at the center of balancing security and resources.
“We’re really key to this,” she said, “not only in terms of managing the FISMA process, the technology side of the equation, but OMB has the power to connect the FISMA requirements and the gaps and the vulnerabilities that we identify [in the risk assessment] — and the solutions that we want to bring forward —back to the federal budget.”
Among the questions the assessments would help the OMB answer, she went on, was “how do we understand the magnitude of the problem in dollars and how do we march down the risk-based approach of buying down that risk with every dollar that we spend.”
“The executive order on IT modernization also feeds into this,” she said, referring to the May 1 document that established an American Technology Council of senior Cabinet-level officials to drive modernization of federal IT.
But the risk assessments, she said, would help officials decide “What should go first.”
“The identification, through the risk management proposals that the agencies are going to turn in, to show us where we should go … which shared services are going to be most advantageous and which cloud services we should pursue first.”
“To have our approach to [IT modernization ] informed by that [risk management reporting] is huge … because the two of these have to work together. Modernization … has to be informed by what the risk ultimately is,” she concluded.