GSA, DOD team up to bolster cyber protections

Even though President Barack Obama did not mention wholesale federal acquisition reform in his State of the Union address as some had hoped, the day after yielded a joint six-point plan from the Defense Department and the General Services Administration to update the system's cybersecurity protections.

In the days before Obama's Jan. 28 speech, White House advisers met with officials from associations that represent the acquisition community to talk about possible reform efforts in the wake of HealthCare.gov's high-profile technical and management problems. The website's flawed launch in October has shone a light on acquisition management problems and fueled hopes for wider reform of federal policy.

In his address, however, the closest Obama came to federal contracting rules was the mention of an executive order that would stipulate that new contractors pay their federally funded employees $10.10 an hour.

The day after the speech, GSA Administrator Dan Tangherlini and Defense Secretary Chuck Hagel unveiled details of a plan put in motion a year ago that would require contractors to incorporate baseline cybersecurity protections. The plan is not directly related to HealthCare.gov's complications, but it is one of the efforts specified in the earlier presidential executive order on critical infrastructure cybersecurity.

In the GSA/DOD report, publicly released on Jan. 29, officials outlined six recommendations for aligning the federal processes for managing cybersecurity risk and acquisition:

• Instituting baseline cybersecurity requirements as a condition of contract awards.
• Including cybersecurity in acquisition training.
• Developing common cybersecurity definitions for federal acquisitions.
• Instituting a federal strategy for cybersecurity risk management in acquisition.
• Including a requirement to buy from original equipment manufacturers, their authorized resellers or other trusted sources.
• Increasing government accountability for cybersecurity risk management.

In a joint statement, GSA and DOD officials said the report was created by a group of subject-matter experts from across the federal government and with a "high level of engagement from public and private stakeholders."

They added that the report provides realistic recommendations that could be integrated with ongoing supply-chain cybersecurity projects such as threat assessment and anti-counterfeiting efforts.

"The ultimate goal of the recommendations is to strengthen the federal government's cybersecurity by improving management of the people, processes and technology affected by the federal acquisition system," Tangherlini said. "GSA and the Department of Defense will continue to engage stakeholders to develop a repeatable process to address cyber risks in the development, acquisition, sustainment and disposal life cycles for all federal procurements."

Officials said a request for public comment on the draft implementation plan will be published in the Federal Register in February.

Although Larry Allen, president of Allen Federal Business Partners, called the recommendations "a step in the right direction," he said they could run afoul of one of GSA's other objectives. "This may mean GSA might not be able to buy rock-bottom-priced items anymore," he said.

Left speechless

The absence of any mention of acquisition reform in the State of the Union address did not faze the contracting community, despite hopes that the president might address the topic in that high-profile venue.

"We heard some rumblings early on about a week before the speech [that] there might be a mention of reform," said Mike Hettinger, TechAmerica's senior vice president for the public sector. But he added that U.S. CIO Steven VanRoekel said during an industry meeting on Jan. 24 that acquisition reform would not make it into the speech.

That doesn't mean nothing will happen, however.

"We're still more likely to see some kind of IT acquisition reform now than any other time since the 1990s," Allen said. "For sure in a year to 18 months, there will be new rules for the IT market."

But Hettinger said one aspect of the speech was something of a disappointment.

"What did surprise me about the speech was not to hear about how technology has become an enabler for government," Hettinger said, adding that Obama missed an opportunity to showcase how the federal government's growing IT capabilities have a direct effect on larger policy issues such as immigration, trade and the budget.