Contracting

Bureau of Reclamation sprinting to patch

Shutterstock image: checking documents.

After the Office of Personnel Management data breach, agencies embarked on a governmentwide cybersecurity sprint that produced measurable improvements in two-factor authentication and, more recently, a new cybersecurity strategy.

But how are the finer details shaking out? The Interior Department's Bureau of Reclamation offers a peek at how the sprint's urgency has filtered down to smaller agencies.

Last month, the water management agency, with a large presence in the western U.S., justified awarding three contracts in September without competition on the basis of "urgent and compelling" cybersecurity needs.

"NuAxis is the only company that has local personnel and resources in place to start Oct. 1, 2015," a justification for a sole-source website-support contract states.

Another justification explains that NexGen Technologies is "extremely familiar" with the bureau's IT systems and was given a sole-source award for security work because "assuming the risk of keeping these systems online without current patches is not a prudent or judicious option."

The third justification notes that "through market research, it was discovered that no other contractor could provide [a cybersecurity] specialist in the time that ISYS [Technologies] could, and the required work could begin almost immediately."

Bureau officials said the contracts relate to patching vulnerabilities, which is in keeping with U.S. CIO Tony Scott's instructions to agencies during the sprint to patch critical vulnerabilities "without delay."

According to bureau officials, the contracts reflect the new federal reality of treating cybersecurity as an urgent, serious concern.

"We didn't pick companies out of the air," said Karla Smiley, the bureau's assistant director of information resources. All three companies were small businesses, including two that are woman-owned, she added. Furthermore, two of them had recently been competitively awarded work, and the third was from a small-business matchmaking event.

When asked if the urgency to award new work stemmed from the discovery of new vulnerabilities or intrusions, Smiley said, "I don't think we're going to answer that question."

Jeff Hoffman, manager of the bureau's IT Services Division, said much of the contractors' work will not involve direct patching but rather modernizing application middleware -- a necessary step to enable the patching to take place.

A spokesman did not provide hard numbers on the bureau's performance during the cybersecurity sprint, nor did he give dollar amounts for the awards, which Smiley characterized as modest.

Interior's Office of Inspector General did not respond to a request for comment.

However, bureau spokesman Peter Soeth told FCW that "no protests have been received, and there are no concerns within Reclamation."

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.