July | 2010 | DorobekInsider

Archive for July 2010

DorobekINSIDER: NASA cyber-security chief Jerry Davis to join VA

Jerry Davis, the widely respected chief information security officer at NASA, is leaving that agency to join the Department of Veterans Affairs, the DorobekINSIDER has confirmed.

The move had been widely rumored for months, but was just made official when Davis accepted the offer from the VA on Friday.

While NASA has has its own share of cyber-security issues, the challenges at VA are daunting. Not only is VA the second largest agency in government, but it is the poster child for cyber-security problems dating back to that now infamous stolen laptop that was loaded with millions of names and personal information on vets.

Back in 2006, the data on 26.5 million active duty troops and veterans were on the laptop and external drive, which disappeared while in the custody of a Veterans Affairs data analyst in 2006.

While none of those data became public — and it wasn’t a result of a cyber-attack but rather a common house burglary, it has become the most discussed cyber-security event, even more than four years later. And the event cost the agency $20 million in a settlement.

Davis talking about that on Federal News Radio’s Federal Security Spotlight [July 1, 2010]… and on Federal News Radio’s Federal Drive about changing ways of measuring cyber-security [May 28, 2010]

From NextGov:

[Davis told] his staff on Tuesday to shift their focus from certifying that networks are compliant with a nearly decade-old law to monitoring systems for holes and real-time reporting of threats.
The change is a watershed moment for federal information technology managers, who since 2002 have been required to follow a law that critics say forces IT staffs to spend days filling out reports that confirm technology managers have followed certain security procedures. The law did not require specific actions to secure systems, said opponents of the Federal Information Security Management Act.

Jerry Davis, NASA’s deputy chief information officer for IT security, issued a memo to information system managers informing them they no longer need to certify every three years that their networks are compliant with FISMA, as called for by the law. Instead, they should rely on automated continuous monitoring to find holes that hackers could exploit. The process will remain in effect as long as agencies are required to submit annual status reports for networks and vulnerabilities detected during the monitoring don’t pose unacceptable risk.

Here is Davis’s most recent bio:

Jerry L. Davis is the Deputy Chief Information Officer (DCIO), IT Security for the National Aeronautics and Space Administration (NASA). Jerry’s role is to provide thought leadership and oversee all aspects of Information Security and privacy for the Agency to include the development and implementation of enterprise-wide IT security engineering and architecture, IT security governance and IT security operations capabilities. Jerry’s division also generates IT and data security solutions and services to the Agency’s Space Operations, Science, Exploration Systems and Aeronautics Research Mission Directorates programs and projects, while defending $1.8 billion in annual IT investments.

Previously, Jerry served as the DCIO for the Department of Education overseeing the day-to-day operations of the Department’s enterprise-wide IT infrastructure. During his tenure at the Department, Jerry also served as the Department’s first Chief Information Security Officer (CISO) and Director, Information Assurance (IA). In this role, Jerry’s teams proactively defended over $500 million dollars in annual IT investments, which supported the $400 billion dollar grants and loans portfolio.

Jerry was one of the principal thought leaders in the design, implementation and management of the District of Columbia’s first city-wide IT Security program and served as the Manager of Wide Area Network (WAN) Security Architecture. Jerry also held positions as a senior security consultant with several Fortune 500 consulting firms, serving clients in the Intelligence Community (IC), Department of Defense (DoD) and federal civilian agencies. Jerry held a staff position with the Central Intelligence Agency’s (CIA) Directorate of Operations (DO) for several years. Jerry is a combat veteran of the United States Marine Corps and trained as a Counterintelligence Specialist with focus on Human Intelligence (HUMINT) operations. He holds a masters degree in network security from a National Security Agency (NSA) Center of Excellence in Information Assurance and a bachelors of science in business with a concentration in IT security. Jerry has done doctoral work in the field of information systems and holds the Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP) certifications. Mr Davis won the People’s Choice Award at the 2009 Mid-Atlantic Region Information Security Executive of the Year and was selected as one of the 50 Most Important African Americans in Technology in 2009.

Written by cdorobek

July 26, 2010 at 8:04 AM

Posted in CIOs, Circuit, Management, Policy, security, Technology, Whose In and Whose Out, Workforce

DorobekINSIDER: OFPP recertifies NIH governmentwide contract

leave a comment »

The DorobekINSIDER has confirmed that the Office of Federal Procurement Policy has recertified the National Institute of Health Information Technology Acquisition & Assessment Center’sChief Information Officer – Solutions and Partners 3 (CIO-SP3), one of three governmentwide acquisition contracts.

There was widespread speculation that OFPP might not recertify the NIH contract — and Federal News Radio’s Jason Miller has been reporting that there has been a real focus whether there was a proliferation of multiple-award contracts. (See Federal News Radio 1500 AM’s special report — Contract Overload, which focused on the multiples of multiple-award contracts out there.)

Here is the OFPP decision:

On July 20, 2010, the OMB Director designated NIH as an executive agent for the Chief Information Officer Solutions and Partners 3 (CIOSP3) GWAC and the CIOSP3-Small Business GWAC. Each GWAC will offer a wide range of IT services, with a particular focus on health-related IT services.

In deciding whether to grant the designation, OMB carefully evaluated a business case NIH developed to justify the need and value of its proposed GWACs. To supplement this information, OMB conducted a significant amount of outreach with different stakeholders in the acquisition community, including agency users of NIH’s existing GWACs, agency managers of GWACs and other interagency contract vehicles, Chief Acquisition Officers and Senior Procurement Executives, trade associations, and Congressional staffers.

OMB approved the request based on several factors that promise enhanced value for the Government and our taxpayers. NIH’s proposed GWACs will fill an important need by agencies with health-related responsibilities, including those in the Patient Protection and Affordable Care Act. The programmatic expertise of its in-house scientists and medical experts will provide strong support for the award and management of its contracts. The new GWAC vehicles will also provide increased opportunities for small businesses in Federal contracting, allowing agencies to tap into the talents of this community as they work to achieve best value for their missions and our citizens.

Written by cdorobek

July 22, 2010 at 3:46 PM

Posted in Contracting, Industry, OMB, Policy, procurement, Technology

DorobekINSIDER: Chart of the day: DHS oversight

leave a comment »

Buried at the Homeland Security Department’s so-called “bottom up review” — a review of all DHS operations — is a very telling chart: The amount of oversight that Homeland Security undergoes

How is that for shocking!

Read the full report here. [PDF – note, the report is 72 pages] This is on the last page.

Read and hear Federal News Radio 1500 AM’s report on the bottom up review.

NextGov: DHS will establish consolidated intelligence portal

Written by cdorobek

July 19, 2010 at 9:30 AM

Posted in Congress, DHS, Homeland Security, oversight

DorobekINSIDER media notes: WTOP/Federal News Radio hires 1105’s Chris Bridgham

leave a comment »

I actually got scooped for news within my own organization. I just learned that WTOP/Federal News Radio 1500 AM has added Chris Bridgham to it’s sales team. Bridgham has been working at the 1105 Government Information Group.

The announcement from Ralph Renzi, WTOP/Federal News Radio’s director of federal sales:

Please join me in welcoming Chris Bridgham to the Bonneville DC Team!

Chris has more than 18 years of successful selling experience in advertising sales with…

– IT business-to-government
– IT business-to-business
– Consumer publications
– Trade show organizers
– Professional advertising agencies and consulting firms

He has held positions as Media Consultant, National Accounts Manager, District Sales Manager, Regional Sales Manager, Territory Manager, Regional Advertising Director and Account Representative.

The last 12 years he has been with 1105 Government Information Group and Post Newsweek Tech Media Group.

Chris has a very strong understanding of government marketing and overall market opportunities… He has been recognized for various sales achievements over the years and most recently was a part of the “2010 Sales Team of the Year” presented by the min’s B2B.

Chris is originally from New England, but grew up locally in Bowie, Md. He will also be cheering on the Terps as he is a graduate of the University of Maryland…

We look forward to having Chris’s solid knowledge and experience on our team.

Written by cdorobek

July 14, 2010 at 6:36 PM

Posted in Circuit, press, Whose In and Whose Out

DorobekINSIDER: Kempf named to head GSA’s Federal Acquisition Service

leave a comment »

Steve Kempf has been named to lead GSA’s Federal Acquisition Service.

Kempf has been serving the acting commissioner of GSA’s Federal Acquisition Service since the departure of Jim Williams in April.

GSA's Kempf

The Federal Acquisition Service is the big buyer for government. It oversees contracts such as the GSA schedule contracts, the multi-billion dollar Alliant contract, and the Networx telecommunications contract.

There were four finalists for the FAS job. Kempf was seen as the front-runner. That surprised that GSA Administrator Martha Johnson would select Kempf, selecting somebody from inside the organization.

That being said, Kempf is well respected both within the procurement community, in industry, and within GSA. And he won high praise for his performance at a recent hearing before the Senate Homeland Security and Governmental Affairs Ad Hoc Subcommittee on Contracting Oversight, which focused on the number of government multiple-award contracts.

In addition to naming Kempf as FAS commissioner, Johnson also announced that Jon Jordan will become the permanent deputy commissioner.

“Jon has worked in GSA and FAS’ budget programs for over 36 years and his deep operational knowledge, commitment to excellence and good stewardship of taxpayer dollars will be invaluable to FAS’ future,” Johnson said in a note to staff.

Here is the note Johnson sent to GSA staff:

To: GSA Employees
From: Administrator Martha Johnson
Subject: FAS Commissioner Announcement

Many of you have heard me speak of this as GSA’s moment. We have set aggressive goals and been challenged to play a leading role in key Administration priorities by the White House. We are on the frontline for championing sustainability, open government, acquisition performance, flexible workplace and more. Leadership and enterprise positioning will be key to our success.

Therefore, I am delighted to announce today that Steve Kempf has accepted my offer to be the next Commissioner of GSA’s Federal Acquisition Service, one of our most critical leadership positions.

As GSA steps forward, so, too, will FAS be facing a challenge. FAS has expertise, operational know-how, and extensive customer knowledge. Used well, these will position FAS to gain further market credibility by offering customer agencies real value as they strive to meet their missions under constrained resources. This opportunity is real, and it is now.

At this critical juncture in FAS’ history and as an 18 year veteran of FAS, Steve brings significant expertise to the Commissioner role having served as a contracting officer, lawyer, and business professional. Equally as impressive is Steve’s leadership style. He is collaborative, inclusive and
eager for change. I am confident that Steve will combine his deep roots, loyalty, and enthusiasm for FAS and transform it into our customers’ hands down, preferred, acquisition partner.

For starters, Steve has already made strides in:

•     Revitalizing FAS’ relationships with its customers;
•     Appointing an executive to champion innovation and transformation across FAS;
•     Driving forward on the Zero Environmental Footprint goal and other key enterprise objectives;
•     Building leadership prowess and a workforce positioned for success;
•     Completing and executing the FAS strategic reviews and implementation plans for key programs;
•     Deepening change management capacity; and
•     Communicating constantly with employees, customers, industry, and stakeholders to bolster FAS’ ability to perform with excellence.

In addition, I am delighted to announce that Jon Jordan will become the permanent Deputy Commissioner. Jon has worked in GSA and FAS’ budget programs for over 36 years and his deep operational knowledge, commitment to excellence and good stewardship of taxpayer dollars will be invaluable to FAS’ future.

Please join me in congratulating both Steve and Jon on their permanent appointments and pledge to give them the support they and FAS will need to turbo-charge its future.

Written by cdorobek

July 13, 2010 at 11:22 AM

Posted in Executives, GSA, Management, Policy, procurement, Technology, Whose In and Whose Out

DorobekINSIDER: Throwing elbows over cyber-security legislation

leave a comment »

It appears that the effort to pass a cyber-security bill is going to get a bit more tough then expected.

Late last month, officials from Cisco, IBM and Oracle sent a letter to the main sponsors of the Protecting Cyberspace as a National Asset Act, S. 3480 — Senators Joe Lieberman (DI-Conn.) Susan Collins (R-Maine) and Tom Carper (D-Del.). The letter raised concerns about some provisions of the bill:

While well intentioned, it ultimately puts U.S. critical infrastructure at increased risk by threatening the intellectual property of American companies that create the IT that operates the vast majority of U.S. government and private-sector critical networks and systems. The unintended result may be a weakening of the domestic software and hardware industry to an extent that could, ironically, leave the U.S. more dependent upon foreign suppliers for their critical IT systems.

The letter goes on to raise specific concerns about detailed provisions of the bill. You can read the full copy of the letter here.

The Senators issued a forceful response — a letter addressed specifically to the heads of those companies — and it was posted right on the Senate Homeland Security and Governmental Affairs Web site. In the response, they refer to the concerns as “mischaracterizations” of the bill:

This legislation is informed by years of oversight by this Committee and is the result of more than a year of drafting. Our staff spent considerable time working with industry representatives – including representatives from your companies – and the bill, as reported, addresses many of the concerns your companies raised during that time…

Your input on this important legislation is important to our Committee, and both our staff and yours have invested considerable time in this process. While we find the mischaracterizations of our bill in your letter inaccurate and disappointing, we welcome further discussion and hope that we can engage in a constructive dialogue going forward.

Again, you can read the full response here.

Meanwhile, Politico’s Morning Tech is reporting that the House version of the bill is having some trouble.

Staff representing the Senate’s top players in the cybersecurity debate – Rockefeller, Snowe, Collins, Lieberman, Carper – will begin huddling this week over ways to merge the chamber’s top two proposals. But the path forward in the House is still unclear.

The lower chamber’s version of the Lieberman-Collins-Carper plan, spearheaded by Reps. Jane Harman and Pete King, is still pending consideration by a slew of committees that all share jurisdiction. And the committee closest to the action – the House Homeland Security panel – plans to introduce its own bill soon, pitched by Chairman Thompson. Meanwhile, a Senate Dem aide tells Morning Tech that it is unclear whether Rep. Jim Langevin, another cybersecurity leader, is writing his own comprehensive legislation. Stay tuned.

IT WILL BE THE HOUSE SCI/TECH COMMITTEE that will take the first stab at cybersecurity once both chambers return from recess next week. The Technology and Innovation Subcommittee announced late Tuesday it had invited industry leaders from EPIC, the Institute for Defense Analyses, the Council on Foreign Relations and Ponte Technologies to its scheduled July 15 hearing – and it promises additional witness announcements to come soon.

Read Politico’s Morning Tech here.

Written by cdorobek

July 7, 2010 at 9:32 AM

Posted in Congress, Homeland Security, Industry, security, strategy, Technology