Archives page

Posts Tagged ‘GSA’

Lion’s Den Meeting with Kay Ely, Dep. Asst. Commissioner for OIT, GSA
Read More

Lion’s Den Meeting with Kay Ely, Dep. Asst. Commissioner for OIT, GSA

GTSC invites Lion Den members (companies with revenue between $25million – $1 billion) are invited for their monthly meeting, in-person, May 19 at Micropact in Herndon, VA.  Please RSVP to Vanessa Chander, IntegrityONE Partners.

Our special guest will be:

Kay Ely, Deputy Assistant Commissioner for the Office of Information Technology Category (ITC) in GSA’s Federal Acquisition Service (FAS)

Kay Ely
Deputy Assistant Commissioner for the Office of Information Technology Category (ITC) in GSA’s Federal Acquisition Service (FAS)

The Federal Acquisition Service provides buying platforms and acquisition services to Federal, State and Local governments for a broad range of items from office supplies to motor vehicles to information technology and telecommunications products and services. As an organization within FAS, ITC provides access to a wide range of commercial and custom IT products, services and solutions.

In her current role as Deputy Assistant Commissioner, Ms. Ely supports the ITC Assistant Commissioner in managing the largest fee-for-service information technology (IT) procurement and services operation in the U.S. government.  Ms. Ely shares responsibility for leading a highly-skilled and diverse workforce that manages more than 7,000 contracts, providing access to relevant and timely IT and telecommunications products, services and solutions to defense and civilian agencies, as well as to state, local and tribal governments.

Before coming to GSA’s ITC, Ms. Ely served as the Chief Learning Officer at the Office of Personnel Management where she developed and set the strategic direction of OPM’s learning and knowledge management program. During her tenure with OPM she also served as an Associate Director where she was responsible for providing Federal employees, annuitants and their families with a variety of quality benefits options, as well as retirement processing services. She managed OPM’s nationwide leadership programs, the USAJOBS® program, and the Presidential Management Fellows (PMF) program. Ms. Ely also served as OPM’s Deputy Associate Director for Contracting, Facilities and Administrative Services. In that role, she was a member of the Federal Acquisition Institute (FAI) Board of Directors and was the Chairperson for the Chief Acquisition Officers Council’s Competitive Sourcing workgroup. She is now serving her fourth term on the National Contract Management Association’s (NCMA) Board of Advisors.  She was selected in 2010 as a recipient for a Meritorious Presidential Rank Award.

Ms. Ely was selected for the Senior Executive Service (SES) in 2000 as the Associate Administrator for Acquisition Implementation in the Office of Management and Budget’s (OMB) Office of Federal Procurement Policy. She left the federal government for a five-year tour in the private sector with a small and growing acquisition consulting firm now known as ASI Government. Earlier in her contracting career, Ms. Ely worked as a senior-level contracting officer for the Internal Revenue Service. She began her contracting career as an intern at the Department of Defense (DoD), Office of the Secretary of the Army, spending most of her tenure at the Pentagon.

Ms. Ely holds B.S. and M.S. degrees in Speech Pathology from Phillips University in Enid, Oklahoma and a M.A. in Management from Webster University in St. Louis, Missouri.

 

GTSC Submits Comments on GSA-DOD Cybersecurity & Resilience
Read More

GTSC Submits Comments on GSA-DOD Cybersecurity & Resilience

GTSC working in collaboration with Brian Finch, of Strategic Partner Dickstein Shapiro and GTSC members Robert V. Jones, CEO of PReSafe Technologies, Larry Grant, CEO, EnProVera and Gary Daemer and Mark Dale, InfusionPoints submitted comments to the Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition.  GTSC’s comments focused on clear and achievable cyber requirements that will not provide a competitive disadvantage for small and mid-sized companies.  Additionally, GTSC highlighted that an “LPTA” environment is not conducive to robust cybersecurity and that procurements that seek best value are more appropriate.  Please email us if you’d like a copy of our comments.

A Perspective on the DoD-GSA Recommendations to Improve Cyber Security and Resilience through Acquisition
Read More

A Perspective on the DoD-GSA Recommendations to Improve Cyber Security and Resilience through Acquisition

The views expressed in this article are solely those of the author and do not reflect the opinion of the General Services Administration or the Department of Defense.

I always start out any discussion of cybersecurity by emphasizing the context of the problem.  In our increasingly hyper-connected world, cyber risks affect us all – governments, private sector organizations, and individuals.  Cybersecurity events have become commonplace, almost daily occurrences, and with the advent of the “internet of things,” they are only going to increase in frequency and magnitude.  It is a shared problem.  And it demands a shared solution.  We have an obligation to take actions in our personal and professional lives to help provide for our personal, national and economic security.  Changing how the federal government buys things using our tax dollars is an important part of the solution.

Last week DoD and GSA released a report that provides six strategic acquisition reforms to improve cybersecurity.  I’m pleased that the recommendations have been well received by the federal acquisition community.   In my opinion, the report has been well received because it is a community product.  The recommendations reflect the views and expertise of a diverse set of stakeholders from sole proprietors and individual citizens to multinational corporations and government agencies.  The report does a decent job of articulating what needs to be done; now the hard work of figuring out how it gets done is in front of us.

As a threshold matter, it’s important to know that the order of the recommendations in the report is not indicative of their relative importance or the sequence of implementation.  The most important recommendation is actually number four.  Why is number four most important?  Because the other recommendations can’t be fully implemented until number four is.  For example, recommendation number one suggests including new “cybersecurity hygiene” requirements for appropriate contracts.  However, we won’t know which contracts are appropriate until the risk management strategy of number four is at least partially developed.  I’ll explain below.

Recommendation number four is titled:  “Institute a Federal Acquisition Cyber Risk Management Strategy.”

The goal of this recommendation is to develop a repeatable, scalable process for addressing cyber risk in federal acquisitions based on (1) the risk inherent to the product or service being purchased, and (2) the risk tolerance of the end user.

The first step is to develop a consistent method to measure cyber risk in the things the government buys.  Once we specifically identify which types of acquisitions present cyber risk, we can decide which types are “appropriate.”  From National Security Systems to paper clips – a primary question here is, which types of buying do or don’t present cyber risk?

Because we can’t possibly address all the types of acquisition at once, the next step is to prioritize the types of federal acquisition by risk so we can identify the right starting point.  The prioritization should probably consider cyber risk, mission-criticality of the function supported by the type of acquisition, and the amount of money spent on the type of acquisition annually, among other things.  Which other things should this prioritization consider?

After the prioritization is complete, starting with the highest risk type of buying, develop acquisition-cybersecurity “overlays” applicable to all buys of that type.  The overlays will include both procurement and information security practices – two very different and arcane disciplines.  Which security controls from NIST SP 800-53 revision 4 should apply to a type of acquisition?  Which acquisition practices should apply?  When should the government not use lowest-price-technically-acceptable source selection?

The DoD-GSA report gives us a good strategy, and it provides a solid frame of reference, but as the old saying goes – the devil is in the details.  Nothing could be truer about the next steps here.

The government has committed to continuing the collaborative process used to develop the recommendations as it develops the implementation plan.  In the next few weeks, the agencies will publish a request for comment on a draft plan for implementing the recommendations.  The draft plan will propose specific actions to accomplish the recommendations, starting with the cyber risk management strategy.

So, stay engaged.  And when the request for comment is published, do your part to help solve one of the most pressing issues of our time by submitting your suggestions.

By Contributing Author:  Emile Monette

emile monettesquareEmile Monette is a recognized authority in the legal and operational aspects of public procurement, cybersecurity supply chain risk, and supply chain sustainability.  His background includes domestic, international, and U.S. military experience investigating, negotiating, and managing multimillion-dollar contracts.  Emile is a fifteen-year veteran of procurement law and policy development, and he has served in various positions in the legislative and executive branches of the federal government.

DOD & GSA Issue Final Report on Improving Cybersecurity & Resilience through Acquisition
Read More

DOD & GSA Issue Final Report on Improving Cybersecurity & Resilience through Acquisition

On January 23, 2014, the Department of Defense (DoD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition (Working Group) submitted its eagerly anticipated final report on integrating cybersecurity requirements into all federal procurements. This report, which satisfies Executive Order (EO) 13636 and Presidential Policy Directive (PPD) 21, includes recommendations on the increased use of cybersecurity standards in all federal acquisition activities, including strategic planning, capabilities needs assessment, systems acquisitions, and program and budget development. 

The final report is perhaps most notable as another step toward an era where most every government contractor must satisfy baseline cybersecurity requirements. While the final report does not provide explicit guidance on the details of creating such a new procurement environment, in light of recent, imminent and forthcoming government activity, including the final rule imposing cybersecurity and reporting obligations on DoD contractors (issued November 18, 2013 and summarized here), the upcoming final cybersecurity framework of the National Institute of Standards and Technology (NIST) (to be released in mid-February), and the forthcoming final rule governing the safeguarding of government contractor information systems (likely finalized next year), we view this final report as a bellwether. Government contractors who ignore the final report and the course it has set do so at their own peril.

Cybersecurity issues will increasingly affect agency standard setting, coverage issues and incentives, government audits and investigations, security breach litigation, and other business drivers. Government contractors and other companies that handle government information or supply components that could be compromised electronically must begin, to the extent they have not already done so, to think both strategically and pragmatically about developing an integrated approach to these cybersecurity issues.

Background

On February 12, 2013, President Obama issued EO 13636 – Improving Critical Infrastructure Cybersecurity. Section 8(e) mandated that the Working Group, in consultation with the Department of Homeland Security (DHS) and the Federal Acquisition Regulatory (FAR) Council, “make recommendations to the President . . . on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration.” Section 8(e) also directed the Working Group to “address what steps can be taken to harmonize and make consistent existing procurement requirements related to cybersecurity.”

On May 13, 2013, the Working Group published a request for information (RFI), inviting public comment on the appropriate cybersecurity measures and parameters for federal procurements (summarized here). The Working Group also consulted with representatives from the DoD, GSA, DHS, FAR Council, the Office of Federal Procurement Policy, NIST, and others before issuing the final report.

Working Group Recommendations

The final report makes six recommendations, including that the federal government and/or contractors, as appropriate, should:

(1) institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions;

(2) address cybersecurity in relevant training;

(3) develop common cybersecurity definitions for federal acquisitions;

(4) institute a federal acquisition cyber risk management strategy;

(5) include a requirement to purchase from original equipment or component manufacturers (OEM), their authorized resellers, or other trusted sources, when available, for appropriate acquisitions; and

(6) increase government accountability for cyber risk management.

For contractors, the most helpful recommendations ask the government to clarify, with more specificity, the standards to which contractors will be held accountable. For example, the first recommendation correctly observes that, “[o]ften, cybersecurity requirements are expressed in terms of compliance with broadly stated standards and are included in a section of the contract that is not part of the technical description of the product or service the government seeks to acquire.” This, the report concedes, “leaves too much ambiguity as to which cybersecurity measures are actually required in the delivered item.” Accordingly, the report recommends expressing baseline cybersecurity requirements as part of the acquisition’s technical requirements and including performance measures to ensure the baseline is maintained and risks are identified. The final report also recommends common cybersecurity definitions, which if adopted would dramatically advance anxiety about contractors’ and the government’s current and near-future cybersecurity obligations.

Though the recommendations are instructive, the final report does not actually mandate specific baseline requirements or propose common cybersecurity definitions. Nor does it propose a cyber risk management strategy or otherwise attempt to identify the acquisitions in which baseline requirements or OEM limitations are “appropriate.” Instead, the final report “intends” that others will harmonize these recommendations with ongoing rulemakings, cybersecurity standards, and statutory frameworks. In short: stay tuned.

Takeaways

First and foremost, change is coming. Although the final report recommendations are directed more toward government program managers and acquisition decision makers than industry, the harmonization of such recommendations with recent and forthcoming regulations, mandatory contract provisions, and other statutory requirements and protections will affect the industry directly and significantly.

Other critical points for government contractors to consider as the final report’s recommendations are implemented include:

  • What cybersecurity terms will be defined, and what will those definitions look like? Considering that the definitions will be used government-wide, it is imperative that contractors provide feedback lest a definition be issued that is contrary to their interests, much less defies common sense;
  • What topics will be covered in the cyber education program for the procurement work force? If procurement officials are not properly educated on a variety of threats, then they may fail to incorporate standards and requirements that are necessary for information protection;
  • How will federal risk management strategy be developed? And will it be flexible enough to account for the rapidly evolving threat environment?;
  • Are contractors prepared to fight back against cybersecurity requirements in federal acquisition programs that are being used to exclude otherwise acceptable vendors and technologies?; and
  • How deep will these requirements reach into federal contractors’ business? In other words, will the cybersecurity obligations be limited just to public-contracting programs, or will they effectively become company-wide requirements regardless of the buyer?

The final report is a clear signal that mandatory baseline standards, training protocols, and other risk-based requirements are on the horizon. Those standards will likely be based on the NIST framework or, in specialized areas, even stricter protocols. Government contractors and other companies that handle government information must implement an integrated strategy that mitigates the risks associated with these cybersecurity issues, and where viable, the opportunities that these changes might create.

By Contributing Authors:   Brian FinchJustin Chiarodo, and Daniel Broderick from GTSC Strategic Partner Dickstein Shapiro

Brian Finch

Brian Finch, a partner in Dickstein Shapiro’s Washington, DC office, is head of the firm’s Global Security Practice. Named by Washingtonian magazine in 2011 as one of the top 40 federal lobbyists under the age of 40, Brian is a recognized authority on global security matters who counsels clients on regulatory and government affairs issues involving the Department of Homeland Security, Congress, the Department of Defense, and other federal agencies.  Dickstein Shapiro is a Strategic Partner of the Government Technology & Services Coalition.   You can reach Brian at [email protected] (202)420-4823. 

Justin C


Justin Chiarodo represents clients in all aspects of federal, state, and local procurement law. Named by Law360 in 2013 as a “Rising Star” in Government Contracts, Justin has extensive experience in government contracts litigation, compliance, and regulatory matters, with particular expertise in the defense, health care, technology, and professional services sectors.

broderick
Daniel Broderick is a Washington, DC-based associate in Dickstein Shapiro’s Energy Practice. He focuses on regulatory and project development matters affecting clients in the electricity industry, including electric market design, municipalization, compliance, certification, and power purchase agreements. 

Nov. 19: GTSC Annual Member Meeting
Read More

Nov. 19: GTSC Annual Member Meeting

Members of the Government Technology & Services Coalition for our third annual member meeting to learn about all the services of GTSC, provide your input on our letter to incoming DHS Secretary Jeh Johnson and share your feedback for our 2014-2015 priorities!

Emile Monette, the Senior Advisor for cyber security policy for the U.S. General Services Administration (GSA), will join us to discuss the agency wide and interagency implementation of cyber security initiatives related to government facilities and acquisition. Linda Mathes, CEO of the American Red Cross in the National Capital Region, will talk about the American Red Cross Ready Rating program and its importance to GTSC’s Designation of Leadership Excellence. Jose Arrieta, DHS Ombudsman, will discuss the year ahead at DHS.

Given sequestration, budget cuts and possible future government shutdowns, GTSC is committed to exploring every business opportunity possible for your success. From the Small Business Collaboration Group to forming vigorous Action Groups and developing the Contracting Officers workshop, we’ve accomplished a lot over the past year and we’re excited to keep moving!

Please note: this is a GTSC Member only meeting. Thank you!

Agenda

I. Welcome and overview of GTSC’s 2012-2013: Discussion of Lion’s Den, Mentor and Workgroup activity.

  • Kristina Tanasichuk, CEO, GTSC
  • Jon Ostrowski, COO, GTSC
  • Workgroup Chairs
    • Chair, International Initiative: RADM Donald P. Loren, CEO, Old Dominion Strategies
    • Chair, Human Capital and Learning: Dr. Sheri Dougherty, President & CEO, DAI
    • Co-Chair, DHS Engagement: Sara Kindsfater0-Yerkes, Managing Partner, The Big Brain Co.

II. A View of the Year Ahead

  • Jose Arrieta, Ombudsman, DHS

III. Meeting the Challenges

  • Emile Monette, Senior Advisor, Cyber Security Policy, GSA
  • Linda Mathes, CEO, American Red Cross in the National Capital Region
  • Bruce Davidson, Director, SAFETY Act Office, S&T, DHS

IV. Government Relations

  • Incoming Secretary Jeh Johnson
  • Hill Activity
    • Michelle Mrdeza, Partner, Cornerstone Government Affairs & GTSC Founding Strategic Advisor
    • Chani Wiggins, President & Founder, Winn Strategies & GTSC Strategic Advisor
  • Broadening our Base

V. Business Development

  • Overview of procurements and focus areas for business development
    • Bill Carroll, Senior Partner, Strike Force Consulting
    • Andrea McCarthy, Senior Director NTT Data
    • Tony Sacco, Former Vice President, SAIC

VI. What do you see as our top priorities for 2014-2015?

Register now

Benda, McNamara & Wilkinson join GTSC as Strategic Advisors
Read More

Benda, McNamara & Wilkinson join GTSC as Strategic Advisors

Washington, D.C. – October 31, 2013 – The Government Technology & Services Coalition (GTSC) announced today the addition of Paul Benda, former director of the Homeland Security Advanced Research Projects Agency (HSARPA) at the U.S. Department of Homeland Security (DHS) and partner and chief technology officer at GSIS; Jason McNamara, former chief of staff, Federal Emergency Management Agency (FEMA) and vice president of Obsidian Analysis, Inc.; and Molly Wilkinson, former general counsel to the Homeland Security and Government Affairs Committee in the United States Senate and senior vice president at Regions Financial Corporation, to its prestigious panel of Strategic Advisors.

“GTSC is honored to attract the support and intellectual capital of such distinguished and accomplished leaders in our community. Their advice, counsel and understanding of our federal partners’ missions contributes to a better working relationship between the public and private sector by increasing our mutual understanding,” said Kristina Tanasichuk, CEO of GTSC.

“After years at HSARPA, I am excited to join GTSC to help small, innovative firms understand the federal process, the keys to a successful strategy and why many firms with great ideas fail,” said Benda. As director of HSARPA, Benda managed a budget of nearly $450 million within the Science and Technology Directorate (S&T) of DHS. As chief of staff for S&T, Benda oversaw staffing, organizational plans, budget execution, and strategic plan development and implementation. Previously at the Pentagon Force Protection Agency, Benda oversaw the design, implementation, testing and commissioning of all security systems on the Pentagon Reservation and started his federal civilian career as a program manager at the Defense Advanced Research Projects Agency (DARPA).

“At FEMA we worked with numerous small businesses on response and recovery efforts and to improve communications, alert systems and other vital FEMA missions; I look forward to continuing to improve their success and increase their understanding of how the public and private sector can work together to further advance our nation’s preparedness, response and recovery,” said McNamara.

McNamara directly impacted FEMA’s transition toward emphasizing survivor outcomes and incorporation of the Whole Community in delivering response and recovery solutions while serving as administrator Craig Fugate’s chief of staff. His successes include developing the Sandy Recovery Improvement Act and the five-year reauthorization of the national flood insurance program. McNamara now directs the disaster recovery program area as well as services for state and local clients for Obsidian.

“I am excited and energized to re-engage with the small business community-particularly on behalf of the homeland and national security mission. I learned from years on the Hill and in the SBA that small companies really do provide a fresh take on age-old problems and that their insights can lead to tremendous cost savings and efficiencies,” said Wilkinson.

During her time on the Homeland Security and Government Affairs Committee in the United States Senate, Wilkinson played a critical role in getting the Federal Acquisition Institute Improvement Act through the committee. Before working on Capitol Hill, she spent time as chief of staff at the U.S. Small Business Administration (SBA), chief acquisition officer at the U.S. General Services Administration and associate deputy secretary for management at the U.S. Department of Labor. Her broad range of experience includes homeland security legislation, acquisition management and government relations. In 2009, she was awarded as a Federal 100 winner for improving SBA’s efficiency, including the Business Development Management Information System that allows small businesses to file online applications for 8(a) status.

A full list of GTSC’s board of strategic advisors, members and mentors is available at www.GTSCoalition.com.

-###-

GTSC is a nonprofit, non-partisan 501(c)(6) association of companies that create, develop and implement solutions for the federal homeland and national security sector. Our mission is two-fold: first, to provide exceptional advocacy, capacity building, partnership opportunities and marketing in the Federal security space for small and mid-sized companies. Second, to support and assist our government partners achieve their critical missions with the highest integrity; best and most innovative technologies; and results-based, quality products and services to prevent, protect against, mitigate, respond to and recover from any terrorist attack or natural disaster. For more information on these mentors and the Government Technology & Services Coalition, please visit www.GTSCoalition.com.

For more information, please contact Kristina Tanasichuk, CEO, by phone or email: 703-201-7198 or [email protected].

Download this and other press releases here.

Key Cybersecurity Issues for Government Contractors
Read More

Key Cybersecurity Issues for Government Contractors

Dickstein Shapiro LLP and the Government Technology & Services Coalition (GTSC) held a webcast, “Key Cybersecurity Issues for Government Contractors.” This interactive program, of particular interest to government contractor compliance officers, CIOs, CISOs, General Counsel, and any other C-suite members, discussed how the federal government is planning on fundamentally altering its acquisition policies to make the cybersecurity of its contractors a top priority.

The discussion included:
– Proposed Federal Acquisitions Regulation (FAR) changes relating to President Obama’s Cybersecurity Executive Order;
– Planned changes to procurement requirements based on independent agency actions;
– Congressionally mandated cybersecurity requirements; and
Ways contractors can prepare for these changes

Speakers included:

Brian Finch, Partner, Global Security, Dickstein Shapiro LLP

Justin Chiarodo, Partner, Government Contracts, Dickstein Shapiro LLP

Emile Monette, Senior Action Officer for Cyber Security Policy, Government Services Administration

Kristina Tanasichuk, CEO, Government Technology & Services Coalition

View the slides here or watch the webinar by clicking the link below.

Screen Shot 2013-10-09 at 2.21.39 PM