IRS Security Weaknesses Mean COTS Opportunities

Christopher Wiedemann_headshot-65 x 85by Chris Wiedemann, Senior Analyst

Tax day is tomorrow, but the IRS may have more to worry about than an explosion of last-minute returns: This Tuesday, Government Accountability Office (GAO) released a report identifying the agency’s internal control over financial reporting systems a “significant weakness.” This marks the second year running that the office has commented on material weaknesses in the IRS security posture, and while some progress has been made, there are still three critical areas where COTS vendors could help secure taxpayer data. Specifically, the GAO has called out weaknesses in:

Read more of this post

Every COTS Sale Cleared at the Very Top?

Christopher Wiedemann_headshot-65 x 85by Chris Wiedemann, Senior Analyst

To many, department-level CIOs are a little bit like the Wizard of Oz – a man in a castle far away, making pronouncements from behind the curtain while the rest of us just keep our eyes on the yellow brick road. But what if every COTS sale had to be cleared at the very top? After some recent developments in the House, it just might happen. Remember the Federal IT Acquisition Reform Act (FITARA)? The bill just passed again on a voice vote last Tuesday. A companion measure, called the Federal Information Technology Savings, Accountability, and Transparency Act (FITSAT), is awaiting a hearing in the Senate.

Read more of this post

Congress Votes to Raise Debt Ceiling

Christopher Wiedemann_headshot-65 x 85by Chris Wiedemann, Senior Analyst

The House passed a bill Tuesday to raise the debt ceiling, in a 221-201 vote marked by a distinct lack of the rancor that has accompanied similar legislation in the last two years. As of yesterday, the bill has also passed in the Senate, which eliminates any chance of default well in advance of the current debt ceiling (estimated to have been the end of this month).

Read more of this post

What to Know About the Omnibus Spending Bill

Christopher Wiedemann_headshot-65 x 85by Chris Wiedemann, Senior Analyst

The President signed an omnibus spending bill on Friday, January 17 – which means government will be dealing with all-new appropriations for the rest of FY14, instead of last year’s string of continuing resolutions. This is great news, since government now has fiscal certainty for the next 9 months and can finally start some of the projects that have been on hold, waiting for funding. That being said, here are some key points to know about the new appropriations bill:

  • This is a complete omnibus, which means that every government department has new appropriations this year.
  • Appropriations language is generally vague and almost never gets down to the IT level, so we don’t know how this bill will specifically affect IT spending. However, it’s a safe bet that most of our customers’ IT budgets will basically stay flat.
  • One exception to the point above is groups with a specific cyber security mission, which is receiving high priority in this bill. Keep in mind that more money doesn’t always mean more product purchases, especially on the DOD side – but still, we’re seeing growth in cyber spending when other areas are staying flat. Expect cyber-focused elements of DHS and DOJ, as well as USCYBERCOM at DOD, to receive increased funding in the rest of FY14.
  • Although we don’t yet know how agencies will divide their budgets between steady state (SS) and development, modernization, and enhancement (DME)  spending, recent trends suggest that SS levels will be slightly higher this year than last – and since IT top lines are mostly staying flat, government customers will have less DME funding than they did last year. However, because we have new appropriations, there will still likely be more new purchases this year – so get ready for a busy remainder of FY14.

You can also see an agency-by-agency breakdown of top-line funding levels below:

Agency FY14 Funding
Education $70.6B
Veterans Affairs $63.2B
Health and Human Services $62.5B
Homeland Security $39.3B
Justice $27.4B
Energy $26.5B
Agriculture $18.3B
Transportation $17.8B
NASA $17.6B
Treasury $13.02B
Social Security $11.7B
Commerce $8.2B
National Science Foundation $7.2B

Don’t Call It a Budget (Yet)

Christopher Wiedemann_headshot-65 x 85by Chris Wiedemann, Senior Analyst

With the Senate passage of the two-year Murray-Ryan budget deal, President Obama is on course to sign the first budget resolution from a divided Congress since 1986. This has caused Washington observers and members of industry some relief, since it looks like we can finally plan for a year and a half of relative budgetary certainty (the bill runs through the end of FY15). In fact, much of the coverage around the bill has suggested that it has solved some of our recent problems, and many in industry – and the general public – are treating this bill as though it gives our customers money to spend for the next 22 months.

This bill raises the sequester spending caps, so once the process is finished the government will have more money to spend than they thought. Unfortunately, the process isn’t quite finished yet.

Most of the confusion here comes down to the difference between a budget – what we have now – and appropriations, the process that actually grants departments and agencies (DOD, DHS, VA, etc.) the money they need to operate and, more importantly, purchase new products. The budget bill that we just got sets a top line number for total federal spending in the rest of FY14 and all of FY15, but it doesn’t divide that money up among the various arms of the government. It now falls on the appropriations committees to allocate funds, and for their recommendations to be rounded up into a spending bill called an “omnibus,” which will outline spending plans department by department.

The good news is that both the House and Senate appropriations committees already have FY14 bills, and although most of them never saw the light of a floor vote, there is already a basis for funding allocations through the rest of the year.

The bad news (sorry if this sounds familiar) is that Congress doesn’t resume until January 2nd. Since our current CR expires on January 15th, that means lawmakers will have twelve days to roll up their draft appropriations bills into omnibuses, reconcile the House and Senate versions (which will certainly be different), then pass the reconciled version through both chambers. That timeframe probably means that some agencies will have to deal with another CR – so the final package will be something called a “minibus,” where some agencies get new appropriations, while others have to work with last year’s numbers again.

The upshot here is that we’re not quite at the finish line yet. Luckily the agreement we have covers most of the areas that cause arguments in Congress. The House and Senate are likely to have different ideas about which agencies should be allocated what, but brass tacks discussions like that tend to be less contentious – and again, there is already a baseline to work off in the form of the FY14 appropriations bills that didn’t pass. All of that adds up to clarity – so even if your customers don’t get new appropriations, they will be able to operate for the rest of the fiscal year without worrying about their funding levels changing. The picture starts to become even rosier when we look at FY15 appropriations. Since the framework for total spending is already in place, it’s very possible that we will have a real budget – 12 separate appropriations bills that all pass into law – for the first time since FY08. If that happens, it would really be cause for celebration.

Three Things to Know about FY14 Civilian IT Spending

Christopher Wiedemann_headshot_7-23-2013

by Chris Wiedemann, Senior Analyst

It took sixteen days, dozens of press conferences, hundreds of breathless tweets, and their record-low approval rating dropping even lower, but Congress finally passed a Continuing Resolution (CR) providing FY14 funding…for the next three months. While it means we’re going to have to repeat this process again (hopefully without all the theatrics), it also means that we can finally start talking about FY14 priorities and target areas for IT spending. With that in mind, here are three things you should know about for the rest of this fiscal year:

1. CRs are the new normal

Although it is possible that the Supercommittee 2.0 will come to a deal and put out a real budget in December, the current political climate suggests that more CRs are the likelier outcome. With that in mind, there are some things to be aware of. First of all, five nondefense agencies – DHS, USDA, DOJ, NASA, and DOC – got new appropriations in last year’s CR, which means they’re dealing with FY13 numbers until January 15. The rest of the nondefense government did not, and so their appropriations are now tracking back to FY12. However, if you look through this year’s Exhibit 53 you’ll see that FY13 actuals don’t match up neatly with FY12 totals, which is because all agencies have at least some ability to move money around to meet new priorities (some more than others). What’s really important here is the budget justifications, which also roll over in a CR. Although agencies are still going to focus on their FY14 developmental goals, they’re going to have to use the language from their last real appropriation to justify their new purchases, and for most of the civilian government that means going back two years. You can really help your customers here by identifying those old needs and working with them to fit their current requirements into old language.

2. Big data in a big way

We’ve had a full year under the Digital Government Strategy, and federal big data requirements are starting to catch up. We’re predicting a lot of spending on data-related technologies this year, particularly in the areas of natural disaster preparedness and information sharing – basically, ways for the government to harness the data that it has and spread it to the people who need to have it faster. Analytics and other big data tools are going to have success if they can track back to the need to better share information. This is also an opportunity-rich environment for things like application integration, data integration, and middleware – one of the biggest roadblocks to federal information sharing is just getting systems to talk across (or even within) environments.

3.      Security, security, security

The other major focus area for this year is going to be cyber security, which if anything has become even more important as the government handles more and more PII and other sensitive information every day. The priorities here are always around national security (expect NPPD to be a big player) as well as protecting the nation’s critical infrastructure (you can learn more by checking out our cyber briefing from July). There’s some good news for vendors here: we’re hearing that cyber budgets are actually likely to grow this year and moving forward, unlike other areas which are staying flat at best. Look at agencies responsible for protecting critical infrastructure, especially DHS, to be big buyers of cyber security technologies this year.

To learn about additional IT product opportunities within the FY14 civilian budget view our recent on-demand Webinar.

COTS Opportunities within the Financial Management Shared Services Initiative

photo_Chris Wiedemann_65X85- one postby Chris Wiedemann, Senior Analyst

Last Friday, July 19th, Treasury’s Office of Financial Innovation and Transformation (FIT) held a teleconference discussing the financial management shared services initiative, and went over some ground that should prove very interesting to industry – particularly COTS vendors looking to sell financial management solutions.

The current federal financial management landscape makes for some surprising reading. According to FIT estimates, the total financial management spend across the government is somewhere in the neighborhood of $8.5 billion, most of which goes towards maintaining stovepiped legacy systems that were custom-designed for each agency. Not surprisingly, this means that past updates and modernizations (when they happen at all) have been both too expensive and suffered from schedule overruns. In fact, the situation is so dire that many federal agencies are unable to provide financial data for government-wide efforts, and have generally had difficulty making required enhancements to their legacy systems.

So what is the solution? According to a memo released by OMB in March, the days of custom-built core financial systems are over. From now on, any agency looking to modernize its financial management systems will be required to either use a shared service provider (SSP), or provide detailed justification explaining why they can’t. Moreover, according to FIT, current guidance indicates that federal SSPs will get preferential treatment in this process – an agency must first determine that every available federal SSP option does not meet their needs before reaching out to commercial SSPs. Expect to see agencies who operated Financial Management LOB shared service centers – DOI, GSA, and Treasury, among others – start to take on bigger roles as designated financial management SSPs moving forward.

What does this mean for industry? To put it bluntly, no agency currently has the technological capacity to provide the level of service being discussed. That means real sales opportunities for any COTS vendor with core financial management tools – technology to support accounts payable, accounts receivable, funds management, and reporting capabilities. Some SSPs will also be offering what FIT is calling “mixed services,” like grants management, procurement, and HR management. We’re still early on in this process, with FIT due to designate federal SSPs by spring of 2014, but it’s never too early to start having conversations with some of the groups that figure to be players in this space. We’ll be staying on top of this, and we think you should be too.

Federal Opportunity Alert: BI & Reporting Needs at OMB & GSA

photo_Chris Wiedemann_65X85- one postby Chris Wiedemann, Senior Analyst

If you’ve been following the progress of the Federal Data Center Consolidation Initiative (FDCCI), you might have seen a recent GAO report that contained some mixed messages about the program’s progress.

First, the good news: according to the report, agencies have already closed around 420 data centers, with another 968 planned for closure by December 2015. This will put the government 285 closures short of the original target for consolidation set by OMB – still, when compared to other large initiatives in federal IT, FDCCI looks more or less on schedule.

However, significant obstacles to tracking FDCCI progress still remain. Most notably, OMB and the GSA Program Management Office have not been tracking actual cost savings caused by data center closures, which calls into question their ability to demonstrate $3 billion in savings by 2015 – another key milestone of the original data center consolidation mandate. In fact, the latest memo on the topic did not mention a cost savings goal, which further reflects the difficulty of quantifying FDCCI savings. This could open the door for business intelligence vendors, particularly those with tools that can analyze and report on large amounts of data. If you have the tools to help GSA and OMB demonstrate cost savings through FDCCI, you’re likely to find a receptive audience right now.

Federal Opportunity Alert: Cybersecurity Weaknesses at the Department of Transportation

photo_Chris Wiedemann_65X85- one postby Chris Wiedemann, Senior Analyst

If you’ve been following our blog lately, you will have noticed a heavy focus on cybersecurity coming out of the government at a very high level, as mentioned by both Steve and Tom in the last few weeks. It’s not surprising that federal executives at the highest levels are dedicating renewed energy to this topic – there have been a number of high-profile and successful cyber attacks against federal systems lately. However, while attempts to solve sweeping issues at the level of legislation and executive policy are admirable, the fact remains that many (possibly all) government departments and agencies have real issues at the ground level that contribute to government-wide vulnerabilities. The good news for us is that many of those issues can be solved with COTS security technology.

To illustrate the point, let’s take a look at the Department of Transportation (DOT), which handles the fifth-largest civilian IT budget at a little over $3 billion. Although the department is best known for the NextGen program at the Federal Aviation Administration (FAA), it also handles a huge infrastructure – all of which needs to be secured. According to an Inspector General (IG) report from November, however, there are real deficiencies across DOT’s security posture, which can largely be described in three categories:

  • DOT networks are not sufficiently covered for the purpose of detecting and reporting incidents to the Department of Homeland Security (DHS);
  • Reported incidents are not remediated properly;
  • Configuration baselines and configuration changes are not appropriately managed.

That last point is particularly serious. In fact, the IG report went on to estimate that only 63% of DOT computers were compliant with departmental security policies. In other words, there is a real configuration management challenge being faced here, and it represents an area of priority for DOT cybersecurity personnel. The department is also severely delayed in terms of response to identified incidents, and it still trying to determine how many medium-risk vulnerabilities are present in its security architecture, which makes DOT a great target for vulnerability assessment & remediation. Finally, continuous monitoring tools are a big requirement. Now that the continuing resolution is in place and agencies finally know how much money they have to spend for the rest of the fiscal year, we expect to see movement on quickly addressing some of these issues, both at DOT and in other departments.

Federal Opportunity Alert: IRS Affordable Care Act Administration

photo_Chris Wiedemann_65X85by Chris Wiedemann, Senior Analyst

As Stephanie mentioned in her post last week, the Patient Protection and Affordable Care Act (PPACA) has created substantial new regulatory burdens for the Department of Health and Human Services. However, expanded mission requirements are not limited to that department – unsurprisingly for such a large piece of legislation, regulatory and enforcement authority rests in several different places across government. Outside of HHS, however, the single largest instance of new regulatory authority resides with the Internal Revenue Service.

For evidence of the size and scope of IRS’s involvement with the Affordable Care Act (ACA), look no further than the Treasury’s section in the Exhibit 53. The second largest investment there, referred to simply as “Affordable Care Act Administration,” is in fact a $300M bucket of new Development, Modernization & Enhancement money intended to stand up an entirely new system to support IRS’s increased data collection and tax enforcement requirements. Although the investment is still in the early planning stages, the bureau has already started contracting out program management and development services to prime holders of the TIPSS 4 contract. As we enter the home stretch of this fiscal year and move into FY14, be on the lookout for a wide range of commercial off the shelf requirements coming out of IRS to support this investment, including data management, business intelligence, fraud & waste detection, and cyber security requirements.

To learn more about the IRS’s ACA Administration investment, as well as other key initiatives and programs in the Treasury, be sure to register for immixGroup’s upcoming Market Intelligence Briefing on April 24 at 11:00 am ET.


Get every new post delivered to your Inbox.

Join 463 other followers

%d bloggers like this: