FITARA in the Senate, Eagle II protests, NASA access controls and more

Senate moving on FITARA, other IT measures

The Senate Homeland Security and Governmental Affairs Committee will take up legislation to change IT acquisition in government and give agency CIOs more authority over budgets and troubled projects.

The Federal Information Technology Acquisition Reform Act (FITARA) has been kicking around Congress for the past three years. The current incarnation of the bipartisan bill, backed by Rep. Darrell Issa (R-Calif.), chairman of the House Oversight and Government Reform Committee, and Rep. Gerry Connolly (D-Va.), passed the House in February.

The Senate panel is scheduled to take up the House bill June 25.

The committee, led by chairman Sen. Thomas Carper (D-Del.) and ranking member Tom Coburn (R-Okla.), is acting on the House measure rather than a version by Sens. Tom Udall (D-N.M.) and Jerry Moran (R-Kan.). The Udall-Moran bill covers the CIO authorities contained in FITARA, as well as control over commodity IT spending, but does not include a section on data center consolidation and other provisions in the House bill.

Federal CIO Steve VanRoekel has been consistently leery of the measure. At a Senate hearing on IT effectiveness held last month, VanRoekel said that IT acquisition and the role of the CIO in the public and private sector was evolving so rapidly that legislation might not contain the authorities that a CIO might need in the future.

The Homeland Security and Governmental Affairs Committee is also looking at a few other IT-related measures next week. The Federal Information Security Modernization Act of 2014 and the National Cybersecurity and Communications Integration Center Act of 2014 are also on the docket, but the bills have not been filed and no drafts are available. Under committee rules, any legislation that might be discussed must be included in a provisional agenda, which is subject to change.

Final Eagle II protest denied

Washington Technology reports that the last of the pending bid protests involving the Department of Homeland Security's Eagle II contract has been denied by the Government Accountability Office. GAO gave no details on why it rejected the protest filed by OASIS Systems. Earlier this year, DHS took corrective actions and added 53 more companies to Eagle II after its original 15 awards sparked a slew of protests.

GAO calls for clearer guidelines on who can access NASA tech

A Government Accountability Office investigation of technology access controls at NASA facilities questioned the space agency's record in enforcing rules limiting access by foreign nationals to sensitive technology.

NASA delegates the application of export controls to its 10 space and research centers. But allegations at two NASA centers questioned the agency's ability to protect its sensitive technologies, and GAO stepped in to take a look.

GAO found that instead of the center export administrator (CEA) having discretion for who has access to the centers, that decision usually lies with the center director.

However, GAO found that 7 of the 10 CEAs are at least three levels removed from the center director, which in some cases made it difficult for the CEAs to maintain visibility to staff, communicate concerns to the center director and obtain resources.

"NASA headquarters export control officials and CEAs lack a comprehensive inventory of the types and location of export-controlled technologies and NASA headquarters officials have not addressed deficiencies raised in oversight tools, limiting their ability to take a risk-based approach to compliance," the report said.

GAO recommended that NASA Administrator Charles Bolden develop guidance to better define the CEA function, and implement time frames to enforce foreign national access corrective actions, and assess results.

NASA agreed with GAOs findings and provided information on its plans to address the recommendations.

Northrop Grumman exec calls for cyber collaboration

Academia and the private sector need to collaborate more closely to bring cybersecurity technologies to market, Northrop Grumman Vice President Kathy Warden said June 17 at a UK government-hosted conference in London.

Northrop Grumman set up a cybersecurity research consortium in 2009 with Carnegie Mellon University, the Massachusetts Institute of Technology and Purdue University. Other large defense and IT firms have done the same. Science Applications International Corp. and the University of Maryland in 2010 agreed to share cybersecurity research, for example.

Warden hailed Northrop's research pact for "breakthroughs in machine learning, predictive analytics, secure mobility and advanced threat detection, among many others," according to a transcript of her speech. The Falls Church, Va.-based defense giant is in talks to partner with UK universities on cybersecurity research, she added.