This Cyber Working Group Packs a Punch

Photo of Steve Charlesby Steve Charles, Co-founder and Executive Vice President

It may sound dull ⎯ Executive Order 13636 DOD-GSA Section 8(e) Working Group ⎯ but it’s a group with a lot of leverage. It could dramatically change the complexion of federal IT procurement.

The Working Group is drafting a request for information from industry for how to eventually bake cybersecurity standards into federal acquisitions. Using the authority of the February executive order, the administration wants to get increased cyber protection any way it can, whether Congress acts or not.

Any company selling electronic products, software, or IT services to the federal government should read it. And get involved with your association. The initial RFI was drafted by a team of people not only from GSA and Defense, but also Homeland Security, NIST, and the Office of Federal Procurement Policy. A final draft is due any day now, and you’ll have until May 15 to comment.

The heart of the RFI consists of 37 questions grouped around three themes:

  • Is it feasible to incorporate cybersecurity standards into federal buys in the first place?
  • What are commercial procurement practices when it comes to cyber?
  • Would cyber-soaked acquisitions conflict with existing laws, regulations, or even common practices, and if so, what should we do about it?

No single company, much less any individual, can likely answer all 37 questions. It’s important to read them all, though, to get a thorough sense of where the administration might be going with this. For one thing, the working group points out a provision in the companion to the executive order (EO), namely Presidential Policy Directive 21. For governmentwide contracts for critical infrastructure systems, PPD-21 calls for GSA, DOD, and DHS to “ensure that such contracts include audit rights for the security and resilience of critical infrastructures.”

And, to insure governmentwide “consistency”, the workgroup is joining with another interagency task force led by DHS to implement the EO and PPD-21. To paraphrase the Chevrolet ads, this runs deep. And wide.

Consistency requires common language, and the federal parties involved want a “broad meaning” for the word cybersecurity “that includes…supply chain risk management, information assurance, and software assurance.”

It’s vital to future sales that your company helps shape whatever rules eventually emerge and that they don’t put all of the burden and liability for cybersecurity on industry–or freeze standards in contracting language when we are trying to address a threat that is evolving at light speed. To return to my first point ⎯ download the draft RFI, get your sales and business development teams together, and start penning some answers.

About Steve Charles
Passionate about technology and helping our clients help the government with the latest. I try to educate people on all the government's checks and balances that really seem likes hoops and hurdles so buyers and sellers can get to a meeting of the minds much more quickly without violating any rules.

One Response to This Cyber Working Group Packs a Punch

  1. Pingback: Federal Opportunity Alert: Cybersecurity Weaknesses at the Department of Transportation | Government Sales Insider

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: