Senate Dem queries OMB over cyber acquisition

Sen. Tom Carper (D-Del.), the ranking member of the Senate Homeland Security and Government Affairs Committee, has asked the Office of Management and Budget how the acquisition process can be improved to deploy better cyber defense tools to agencies.

In a letter to OMB Director Shaun Donovan, Carper expressed concern that "flaws in the federal acquisition process can limit the tools agency network defenders can obtain."

Carper wants to know within a month how OMB is encouraging agencies to use several existing acquisition authorities and programs, including the crucial continuous diagnostics and mitigation initiative, a cybersecurity contract vehicle with a $6 billion ceiling.

CDM offers a system of dashboards that give network managers a clearer view of vulnerabilities. But Carper is worried that "because of the complexity of the contracting process, [CDM] may not be able to offer new tools fast enough to keep up with the threat."

A recent meeting with small businesses made clear to Carper that "financial institutions, power companies, retailers, and other private critical infrastructure owners are able to quickly reap the benefits of the many new and innovative cyber defense products put on the market each year," he wrote.  "Yet it was not clear to [the businesses] that federal agencies are similarly able to rapidly acquire new and innovative cybersecurity solutions."

The Delaware Democrat cited a handful of laws at agencies' disposal for acquisition, including the Federal Acquisition Streamlining Act of 1994, which simplifies smaller purchases for agencies. That allows agencies to buy desktops and routers, he said,  but noted it was unclear to him how agencies use the law to acquire defensive cyber tools.

Carper welcomed a new General Services Administration initiative to get startups into the IT Schedule 70 acquisition vehicle, but also advised Donovan that agencies need detailed guidance to make use of it. Carper asked Donovan if venture capital firms should be encouraged to use Schedule 70.

Another end-around to traditional contracting, other transaction authority, drew Carper's scrutiny. He cited a January Government Accountability Office report as evidence that agencies' OTA implementation guidelines may be too burdensome.

Carper wants to know what OMB is doing to improve how agencies use these existing authorities, including through training contractors. He wants answers to a series of questions, including whether agencies are using acquisition pilot projects for cybersecurity to speed the process, and if OMB has examined difficulties startups face in doing business with the government.

The senator also probed OMB on how it works with the CIO Council and the Chief Acquisition Officers Council to find fresh ideas on cyber acquisition.