Cyber Security Sales Opportunities Take Front Stage

photo_Stephanie-Sullivan_New_65x85by Stephanie Sullivan, Consultant

Agencies recognize that software vendors are the experts in the cyber security field, and they’re virtually begging for stakeholder engagement, so it’s really becoming more and more important to involve yourself in building out requirements, and to meet those voluntary but critical security needs.

Dr. Ron Ross, Senior Computer Scientist and Information Security Researcher at NIST, stressed at yesterday’s immixGroup cyber security panel the importance of building cyber security requirements into every step of the system development process, instead of developing a system first then trying to secure it afterwards, which is what revision 4 of NIST’s 800-53 Special Publication is looking to accomplish. Dr. Ross also mentioned he would like for security end users and developers to work together early in the system development process.

Matt McCormack who also sat on yesterday’s panel highlighted that America is the cyber security leader, overseas people want American quality cyber security solutions.

Despite the combination of continuing resolutions, sequestration, and budget cuts cyber security spend is expected to continue to grow across the federal government. Solution and products that can address resiliency of networks and systems will be a major focus in FY14. Other COTS needs for FY14 according to Jeff Eisensmith the CISO at DHS at a recent MeriTalk event, emphasized the need for solutions involving an intrusion kill chain, which involves 5 -7 links, and every link has to be broken in an intrusion, but the secret of a kill chain if any one of those links should hold during an attack won’t succeed, and the government will be able to gain intelligence using the kill chain links to improve network security. Each time the kill chain succeeds it costs the intruder more to attack the network, and it becomes easier to measure how many links are broken (the kill chain is how DHS will measure the success of continuous monitoring in the future).

To learn about specific cyber security sales opportunities check out yesterday’s briefing FY14 Cyber Security Trends and Opportunities.

The Evolving Needs of the Federal Government to Reduce Cyber Risk

photo_Stephanie-Sullivan_New_100x135by Stephanie Sullivan, Consultant

The National Institute of Standards and Technology (NIST) is developing a framework to reduce cyber risks to critical infrastructure as part of the Executive Order 13636. As part of the development process working groups have been formulated to gather feedback from industry and relevant stakeholders regarding the development of the framework in order to identify priority elements the framework must address.

NIST is also looking to utilize public-private collaboration to stand-up the first Federally Funded Research and Development Center (FFRDC) dedicated exclusively to addressing cybersecurity issues. This facility would carry out the goals of the National Cybersecurity Center of Excellence (NCCoE) to “identify, integrate and adopt cybersecurity solutions.” The proposed FFRDC would tackle a number of initiatives, including:

  • The facilitation of public-private relationships to adopt effective cybersecurity approaches that will address the security needs of IT systems
  • Research and development efforts to encourage industry investment in cybersecurity practices
  • Improve the technical expertise of the cybersecurity workforce

Framework adoption efforts are currently voluntary, but engagement efforts aim to spur industry and government collaboration on information sharing and defending networks. With major emphasis being placed on critical infrastructure protection, cybersecurity efforts are not so surprisingly becoming one of few areas where Obama and Congress agree on increased spending. Congress recommends more than $13 billion in cybersecurity spend according to the FY14 budget request, which would be approximately $1B more than current levels. Pentagon spending on cybersecurity operations would jump to $4.7 billion in fiscal 2014 from $3.9 billion the prior year. Analysts are also estimating that cybersecurity spend could surpass $14 billion by 2017.

Join us for an in-depth look at the cybersecurity landscape on July 30 at 8:30 a.m. to gain insight into:

  • How to align your sales strategy in the area of cybersecurity to meet the evolving needs of the Federal Government
  • How recent mandates, initiatives, and policy drivers are impacting major cybersecurity IT programs and department budgets
  • Which programs are rich with funding for cybersecurity related product procurement and what specific technology requirements are expected
  • Who makes the relevant  buying decisions on the program level

We will also be joined by thought leaders from across the federal government in a panel session:

  • Mr. Robert Jack, Deputy Director, C4, U.S. Marine Corps
  • Dr. Ron Ross, Senior Computer Scientist and Information Security Researcher, NIST
  • Mr. Matthew McCormack, Former CISO, Defense Intelligence Agency and Director of Cybersecurity Operations, IRS

DHS Prioritizes Virtual Desktop and Mobile Security

photo_Stephanie-Sullivan_New_65x85by Stephanie Sullivan, Consultant

AFCEA DC’s Mobile Apps Security Panel discussion held on June 24 highlighted some of the top priorities and challenges for DHS, as well as several other agencies including: DISA, DOD, GSA, and NIST. DHS continues to place emphasis on automating and authenticating applications, as well as a continued focus on their workplace-as-a-service cloud offering that aims to provide virtual desktop and mobile device management capabilities.

Two things you should be aware of:

  1. Federal “App Store” – According to Mr. Robert Palmer, Director of Information Assurance, Information System Development Office at DHS the agency is currently working with GSA to broaden use and come up with a collective effort for standards. Meaning agencies need to come up with standardized criteria to test applications, and align that criteria across the Federal Government, which could eventually allow for the stand up of a Federal “App Store.”
  2. The “Car Wash” – DHS is still in the proof-of-concept stage for its enterprise-wide mobile device management application process called the “car wash.” This process allows the agency to follow applications through their life cycle, including testing, vetting, and validating data. The car wash methodology allows for the data and code to be cleansed and become secure and trusted for exchange with other agencies or with citizens.

According to Keith Trippie, Executive Director, Enterprise System Development Office at DHS he finds car wash efforts to be an innovative approach combining continuous integration and development to speed mobile app development by automating security and usability scans as well as testing.

Mobile security needs for DHS could include: data tagging, automation tools, and application security solutions.

Watch Out It’s Going to be a Bumpy Ride

photo_Stephanie-Sullivan_New_65x85by Stephanie Sullivan, Consultant

Climate change could begin to increasingly affect some of the most traveled flight routes across the world. According to CNN “new research shows that climate change will cause more turbulence for transatlantic fliers by the middle of this century, and possibly lead to higher costs for airlines and passenger.” It’s estimated that turbulence could increase 40 – 170% along transatlantic routes, but so far only routes along the heavily traveled Atlantic corridor have been studied. In the future scientists hope to analyze other heavily traveled regions of the world and determine the effects of disruptive turbulence.

Intensifying turbulence could account for increased airport delays, increased fuel consumption, and higher ticket prices. According to Paul Williams, from the department of meteorology at the University of Reading, turbulence costs an estimated $150 million each year as a result of injured passengers and damage to aircrafts.

On a positive note atmospheric scientists are becoming better at predicting turbulence in advance, so that flights can be re-routed, but technology will play a critical part to improving flight routes.

According to British Airways “the technology and training to predict, avoid and mitigate turbulence has improved hugely over the past 20 years and we would expect that pattern to continue into the future.” The airline has already invested heavily in training their pilots and acquiring equipment to help predict turbulence patterns.

However, this is a definite opportunity for COTS vendors to provide the FAA and airlines predictive tools and capabilities to meet the needs of growing turbulence concerns.

Expected Impacts of the Affordable Care Act in 2014

photo_Stephanie-Sullivan_New_65x85by Stephanie Sullivan, Consultant

The Affordable Care Act (ACA) was signed into law almost three years ago in March 2010 by President Obama with the goal of decreasing the number of uninsured Americans and reducing the overall costs of health care. ACA has been cited as one of the largest regulatory overhauls to date, and in order to fit in line with its plans to improve healthcare outcomes and streamline the delivery of care every state will be expected to have a new consumer marketplace for health insurance by January 2014.

Each state will be given the option to expand their healthcare coverage for the poor, and would receive federal support to do so. ACA’s flexibility allows for individual states to decide how they would like to approach insurance coverage and are given the option to either create their own insurance exchanges, or let the federal government take charge.

States will be eligible to expand their Medicaid programs to cover everyone living below 138% of the poverty level, or they can choose to decline federal funds and leave people uninsured. People with an annual income of up to 400% of the poverty line (approximately $45,00 per individual) will get federal subsidies to help defray premium costs.

Approximately 15 million Americans (6% of non-elderly adults) currently buy coverage on the individual market, but just over half of individual plans do not meet ACA standards. In the fall, those individuals will be able to enroll in health insurance through these developing state-based exchanges with coverage taking effect in January.

Most individual plans next year will likely charge higher premiums, but costs plan to be offset by lower out-of-pocket costs and more comprehensive coverage. According to the Congressional Budget Office, by 2016 an estimated 24 million people will receive health insurance through exchanges, while another 12 million will receive outside individual coverage. Consumers buying individual plans will have a choice between four levels of coverage: platinum, gold, silver, and bronze. Those with platinum plans will pay the highest premiums but pay the lowest out-of-pocket expenses.

There is a clear division in which states plan to build their own insurance exchanges based on political affiliation. The majority of Democratic states (18 out of 20) plan to build their own exchanges either individually or in partnership with the federal government (Montana and Missouri are the Democratic outliers and are letting the federal government lead the charge). The majority of Republican states (24 out of 30) are defiantly refusing to participate in the development of a health insurance exchange, but it could actually make it easier for the federal government to standardize exchanges in those states.

Sequestration’s Looming Furlough Implications

photo_Stephanie-Sullivan_New_65x85by Stephanie Sullivan, Consultant

Federal employees and contractors have been waiting on bated breath about the impact of looming furloughs…but it looks like the wait is nearly over. Federal agencies have already begun doling out memos with grim announcements that resemble one released by the Department of Justice, “DOJ proposes to furlough you no earlier than 30 days from receipt of this notice.” You can read the full memo here. The National Labor Relations Board is another agency that has already released a formal furlough announcement.  FedNewsRadio has even launched their own Guide to Agency Furloughs to track how each specific agency is impacted by the sequester.

Several large agencies don’t anticipate releasing formal notices until mid-March, which includes parts of DOD (which is also expected to implement furloughs beginning the 3rd week of April) & DHS. The government is mandated to provide a 30 day notice requirement to employees, and according to the DOJ memo furloughs are anticipated to take place as early as April 21, 2013 and run through September 30, 2013 not exceed 14 workdays.

In a Commissioner’s Broadcast released last week to all SSA employees, the agency cited alternative measures it would take to help reduce the impact of sequestration on its employees. These measures include “making some very difficult decisions and taking necessary steps to mitigate our budget risks this fiscal year — including steps such as restricting hiring, limiting overtime availability, delaying purchases, and limiting agency travel. We will also be restricting our spending to mission critical activities. By taking these actions, we are hopeful the funds available to us will allow us to operate without furloughs.”

The majority of government personnel are still somewhat in the dark about how many furlough days they could face, but according to a recent Washington Post article 22 days is the highest number expected by parts of DOD and DOT. Pay will be reduced proportionately for each pay period in which an employee is furloughed.

For more resources on how to work through sequestration and protect your federal sales, download immixGroup’s new Guide to Sequestration.

The Road….Blocks Ahead for Health IT

photo_Stephanie-Sullivan_New_65x85by Stephanie Sullivan, Consultant

In 2005 the rapid adoption of health IT products and solutions was projected to save the United States more than $81 billion dollars annually according to a team of RAND Corporation researchers. However, the latest data from a 2012 follow-up Rand analysis published in the journal Health Affairs suggests that annual health care expenditures have ballooned by $800 billion to $2.8 trillion. So have innovative health IT products and solutions helped to offset growing health care costs? According to researchers…sort of. There are several reasons contributing to why there has been a stunted return on investment with health technology, including:

  • Sluggish adoption of health IT systems
  • Systems that are neither interoperable nor easy to use
  • Failure of health care providers and institutions to re-engineer care processes to reap the full benefits of health IT

Rand researchers “believe that the original promise of health IT can be met if the systems are redesigned to address these flaws by creating more-standardized systems that are easier to use, are truly interoperable, and afford patients more access to and control over their health data.”

An increase in health IT awareness and innovation could also contribute to a more widespread consumer use of electronic health-related tools, according to a report from the Bipartisan Policy Center. The report cites a lack of internet connectivity, low health literacy, and unmet technical or information support needs, as well as the lack of current usefulness and usability of many of these tools and concerns about privacy and security.  One suggestion made by the report to combat these issues was an increase in federal and state incentives to speed the adoption of electronic tools and increase consumer engagement to improve healthcare.

Federal agencies and technology companies need to continue to communicate pain points and address health IT roadblocks to spur longterm cost savings, and improve patient care.

FAA’s Shared Services Organization

photo_Stephanie-Sullivan_New_65x85by Stephanie Sullivan, Consultant

Steve Cooper, FAA’s Deputy CIO spoke at an ACT IAC FAA Federal Executive Session on December 10th,  highlighting FAA’s  new shared services organization headed by Victoria Wassmer. The component organizations that roll up to create the shared service organization include:

  • Finance
  • Procurement
  • Acquisition
  • Regions and Center Operations
  • IT

Each of the component organizations except for the IT arm has fully transitioned into the new organization.

Cooper discussed areas of opportunity for vendors within FAA, and called out infrastructure being a prime target because of the budget pressure to reduce costs. He also explained that people and IT services contracts make up the two largest buckets of expenses in the operating budget, and even though there is a need to reduce costs there will be no impact on the National Airspace System (NAS) budget. Other areas of opportunity for vendors include big data, data storage architecture, mobility and cloud solutions. Cooper wants to understand how data can be stored and retrieved in an actionable, useful, timely and accurate manner.

GAO Calls for Additional Oversight of O&M IT Dollars

photo_Stephanie-Sullivan_New_65x85by Stephanie Sullivan, Consultant

GAO was recently asked to find out which federal agencies analyze the performance of steady state investments in accordance with OMG guidance. GAO reviewed the five largest spenders on steady state systems in a report published in October 2012, but not posted online until November 15th, according to FierceGovernmentIT. The report investigated DOD, HHS, DHS, Treasury and the VA, which reported spending $4.6 billion annually on major steady state investments and compared their FY11 OAs to OMB criteria.

On a more comprehensive scale, the 26 key federal agencies that report to OMB on their IT investments reported spending approximately $79 billion on a wide variety of IT systems in FY11. Of this amount, agencies reported spending $54 billion on O&M for existing steady state investments; with $53 billion in speculated O&M spending in FY12.

Current OMB guidance calls for agencies to develop an operational analyses (OAs) policy and perform such analyses annually to ensure steady state investments continue to meet agency needs. The guidance also includes 17 key factors, which addresses areas such as:

  • Cost
  • Schedule
  • Customer satisfaction
  • Innovation

According to an article published by FierceGovernmentIT, GAO auditors found that DoD, Treasury and VA did not conduct the analyses while DHS and HHS had policies in place for their annual completion but didn’t always get around to doing them all. DHS analyzed 16 of their 44 steady state investments, while HHS managed to do seven of its eight steady state system analyses.

DOD and VA officials cited not completing analyses of their O&M IT investments because of the mandate to annually submit a business case for IT systems in the form of an Exhibit 300. OMB officials do not consider the Exhibit 300’s a substitute for the steady state analyses because a 300 does not require identifying alternatives or other matters, such as identifying lessons learned.

However, current OMB guidance does not provide mechanisms that ensure the OAs are completed and allow public transparency into the results of the assessments. GAO’s recommendations state that until agencies address these shortcomings, there is increased risk that these agencies will not know whether the multibillion dollar investments fully meet their intended objectives.

These concerns are becoming increasingly justified in lieu of growing IT budget cuts, with government agencies putting serious emphasis on cost savings,  eliminating redundancy, and increasing program efficiency.

Federal IT Spending Drops Slightly Against 2012 Requests

by Stephanie Sullivan, Consultant

Federal IT spending requests overall have dropped $1 billion over FY 2012 levels. The 2013 Federal IT budget request is approximately $78.9 billion—down slightly from last year’s $79.7 billion—but the continuing resolution and potential sequestration will most likely lower IT spend to between $73 to $74 billion.

Agencies are emphasizing cost savings through value measurement, process improvement, elimination of redundancy, and new technologies to improve operations. The budget reductions can be attributed to a government-wide shift toward enterprise agreements and IT management reform.

As a result, a few key drivers have emerged in civilian agency spending: the Digital Government Strategy and cloud computing.  Under the Digital Government Strategy, agencies are becoming more information-centric and are shifting from managing “documents” to managing discrete pieces of data and content. There is an additional emphasis on shared platforms to reduce costs, streamline development, standardize practices, and ensure consistency. This will allow for a more customer-centric environment where end-users can shape, share, and consume information as they want. The aforementioned initiatives introduce security and privacy issues to which contractors have become increasingly sensitive.

Cloud computing is also continuing to gain momentum throughout government. Agencies are working to implement policies and contracting procedures to enhance its ability to move services such as email, data storage, and customer analytics to the cloud. The Office of Management and Budget is requiring agencies to itemize their cloud computing initiatives in fiscal 2014 budget plans.

If you would like to learn more about the FY13 budget request for civilian agencies, you can watch an on-demand replay of a recent briefing I conducted: the FY13 Civilian Budget Briefing. It contains details on major funded programs, budget requests, and key contacts within the agencies. The information provided in this on-demand recording is critical to anyone selling to civilian agencies.

%d bloggers like this: