GSA RFI Requires O&M, Middleware & Hosting Support

Mohamad Elbarasse_headshot_7-23-2013_For WordPressby Mohamad ElbarasseAnalyst

GSA recently extended the response date for the Pegasys Hosting and Operations and Maintenance contract to August 5, 2014. GSA’s primary goal is to find application and support models that will lower the overall hosting and O&M costs of Pegasys, GSA’s version of Momentum Financials and core financial system. Pegasys supports funds management (budget execution and purchasing), credit cards, accounts payable, disbursements, standard general ledger, and reporting at the GSA.

Read more of this post

Data Services Opportunity at the FAA

Mohamad Elbarasse_headshot_7-23-2013_For WordPressby Mohamad ElbarasseAnalyst

The FAA released an RFI for data services under the Aeronautical Communication Services (ACS) contract on June 10. The solicitation calls out services supporting the exchange of data between various FAA systems and facilities. Responses are due on July 10, 2014.

The contract would support the transfer of data products to and from the following networks and systems:

  • National Airspace Data Interchange Network (NADIN)
  • Tower Data Link Services (TDLS)
  • Traffic Flow Management System (TFMS)
  • Advanced Technologies and Oceanic Procedures (ATOP)
  •  Dynamic Oceanic Tracking System (DOTS)
  • Meteorological Data Collection and Reporting System (MDCRS)

The prospective vendor would be required to comply with the International Civil Aviation Organization (ICAO) Standards and Recommended Practices, International Air Transport Association (IATA) Addressing Standards, FAA Procedures, and the Federal Communications Commission (FCC) requirements as needed.

Read more of this post

Verizon Investigative Report Uncovers Most Common Cyber Incident Patterns

Mohamad Elbarasse_headshot_7-23-2013_For WordPressby Mohamad ElbarasseAnalyst

Verizon recently released its annual Data Breach Investigations Report with security incident information from 49 organizations across 95 countries. Though the report is not a comprehensive account of security incidents that occurred in 2013, it is a representative sample of security incidents to date. This is the tenth year that Verizon has conducted such analyses; it showcases the results of historical security data with the most common overall threat patterns, actors, victims and affected industries.

Read more of this post

RFI Released for Networx Contracts Replacement

Mohamad Elbarasse_headshot_7-23-2013_For WordPressby Mohamad ElbarasseAnalyst

The General Services Administration is looking to replace and improve upon its’ Networx contract vehicle. GSA released an RFI for the Network Services 2020 Enterprise Infrastructure Solutions (NS2020 EIS) initiative asking for input on its’ acquisition strategy and comments on the proposed strategy, responses are due by May 8, 2014.

Networx is a set of contracts for civilian telecommunications and is split up into two vehicles: Networx Universal and Networx Enterprise. The primary difference between the two is the program ceiling, which is $48.1 billion for Networx Universal and just $20.1 billion for Networx Enterprise. Networx saved American taxpayers $678 million in 2013 alone, with agencies saving between 30% and 60% on services when compared to commercial rates.

Read more of this post

Big Data Opportunity at NOAA

Mohamad Elbarasse_headshot_7-23-2013_For WordPressby Mohamad ElbarasseAnalyst

The Office of the Chief Information Officer (OCIO) at the National Oceanic and Atmospheric Administration (NOAA) is requesting information from industry to decide whether it can and should move its voluminous data holdings to the cloud with easy access to computing, storage, and advanced analytical capabilities.

The agency posted the RFI on February 21 and responses are due by 5 p.m. (EST) on March 31. The RFI goes on to elaborate that much of NOAA’s data is hosted on public servers or websites and they have had great difficulty integrating the data. This has impeded their ability to improve their analyses and beef up their decision making by limiting the number of sources or type of data that can be used to make inferences.

Read more of this post

Public Sector CIO Interviews Unveil Tips for Big Data Vendors

Mohamad Elbarasse_headshot_7-23-2013_For WordPressby Mohamad ElbarasseAnalyst

As big data tumbles closer to the “Trough of Disillusionment,” CIOs are fighting an uphill battle when it comes to the perception that big data is a passing fad, according to the IBM Center for The Business of Government. For their latest release of the Using Technology Series, Realizing the Promise of Big Data: Implementing Big Data Projects, IBM interviewed 28 CIOs at the federal, state, and local levels and compiled a list of findings that will help you to sell your analytic solutions to the government.

The most telling findings are that:

Read more of this post

Malware Threats Growing and Becoming More Complex

Mohamad Elbarasse_headshot_7-23-2013_For WordPressby Mohamad ElbarasseAnalyst

The United States Computer Emergency Readiness Team, or US-CERT, within the National Protection and Programs Directorate at DHS, recently released its inaugural edition of a series of annual reports on cybersecurity trends. The US-CERT Security Trends Report: 2012 in Retrospect identifies the most prevalent malware, the means by which it entered a network or device and what the infected device was used for in 2012. Cybersecurity vendors should take heed to what the report calls out as the “single biggest conclusion” that can be drawn from the data and analysis presented in the report, which is that the prevalence of malware is growing and it is becoming more complex.  Cybersecurity is one of the few growth areas in Federal IT and the better informed you are of the current threats to government networks and devices, the better you’ll be able to sell your solution.

Data was collected from both public and private sources, including DHS’ EINSTEIN system, and showed that about 8% of consumer grade users experienced a malware infection in 2012, with one in five of those infections caused by the user clicking and installing the malicious software. The most common way malware was introduced to a device was through vulnerabilities in programs such as Microsoft Office, Adobe Reader, and Java. The majority of these infections could have easily been avoided by practicing proper patch management. Updates for vulnerable programs are released regularly and if your software is not up-to-date, your device is still at risk.

Topping the malware prevalence charts is Sality, at 56% prevalence, with Zeus (and its 26 identified variants) following closely at 54%. Sality has been used to relay spam, proxy communications, exfiltrate data, and carry out Distributed Denial of Service (DDoS) attacks to name a few of its uses, while Zeus has been utilized to compromise financial and banking transactions all over the world.

To get an idea of how much the federal government intends to spend on beefing up their cybersecurity posture, let’s take a look at where they want to spend their cybersecurity dollars. Below is a table of the FY14 and FY13 budget numbers that are tied to specific Business Reference Model (BRM) categories across federal government agencies. As you can see, the majority of cybersecurity related BRM categories are seeing an increase in requested dollars in FY14, though, since we are currently operating under a Continuing Resolution (CR), agencies will likely receive amounts closer to that of FY13 numbers. The FY14 numbers are still informative in that they reveal the federal government’s priorities in terms of where they want to spend the most money, even if they don’t get all that they asked for. Though we probably won’t see a full budget, we will likely have an omnibus spending bill that will break some agencies out of the CR cycle that we have been experiencing.

Budgeted Cyber Spending by Business Reference Model (BRM) Category

BRM Category Sum of Total IT Spending
FY14 ($ M)
Sum of Total IT Spending
FY13 ($ M)
Threat and Vulnerability Management



Continuity of Operations



Data Integrity and Privacy Management



Continuous Monitoring



Access Control



Identification and Authentication



Incident Response



System and Network Monitoring



Data Recovery



Grand Total



%d bloggers like this: