FCW Insider: Nov. 2

The Department of Defense is sending cyber teams to the Department of Homeland Security in advance of the Nov. 6 midterm elections. While DHS officials are quick to say the move isn't in response to a specific threat, the potential for disruption represents a kind of live-fire exercise for DOD teams more accustomed to training on simulations. Lauren C. Williams explains.

The newly launched supply chain security task force at DHS is looking to keep "lemons" out of the federal IT ecosystem. The group includes representatives from across industry and is planning to start work soon. Derek B. Johnson reports.

Can the Office of Personnel Management retain its independence even as it is led on an acting basis from the White House, and as an effort is afoot to shift some of its large transactional functions like insurance, payroll and annuity payments to another agency? Chase Gunter takes a look.

IBM's planned $34 billion acquisition of Red Hat is not aimed at bringing a quick hit to Big Blue in the federal market, but it does show the company is here for the long haul, as Washington Technology editor-in-chief Nick Wakeman explains.

Quick Hits

*** FCW's sister publication GCN has profiled this year's Public Sector Innovation winners. Look for profiles of the 2018 Rising Stars (in FCW) and Industry Innovators (in Washington Technology) next week -- and don't miss the chance to celebrate them all in person at the Nov. 8 Government Innovation Awards dinner. 

*** A recent GovWin report forecasts U.S. federal government cloud spending will rise from $4.6 billion in 2018 to $6.9 billion in 2023, an annual growth rate of 8.6 percent. The report found that demand is stronger for cloud on the civilian side than among defense agencies, and that spending on cloud engineering and infrastructure systems to support multicloud systems and application migrations are among the fastest-growing spending areas. Spending on Software-as-a-Service and Platform-as-a-Service offering comparatively lag.

The report also notes that federal agencies still lack personnel with skills to draft cloud requirements for procurements, and predicts that demand will grow for training on cloud procurement and management, representing an opportunity for industry. GovWin observed that the General Services Administration's Schedule 70 vehicle continues to show the most activity for cloud buys from civilian and defense agencies, although on the defense side innovation groups embedded in the services are still looking to Other Transaction Authority to jumpstart cloud migration efforts. Finally, the report advises vendors that FedRAMP High certification is increasingly becoming a requirement at the agency level.

*** Sen. Ron Wyden (D-Ore.) is looking to empower the Federal Trade Commission to police consumer privacy. In the discussion draft of proposed legislation, Wyden seeks minimum cybersecurity standards for private companies that host consumer data and looks to establish a steep schedule of fines and penalties -- up to 4 percent of annual revenues for companies and prison terms for senior executives -- in the event of violations. Wyden predicts the Consumer Data Protection Act will help create a new market for enterprise privacy services as companies begin taking data leaks more seriously. The bill also calls for hiring more staff at FTC and creating a national "do not track" system to support consumer requests that their data not be sold or shared.

*** When it comes to the use of artificial intelligence in government, "contracting is where we’re going to need to be focused on," said Karl Maschino, the chief administrative officer and chief financial officer of the Government Accountability Office. "I think there ought to be an inventory of where this is being implemented in the federal government," he said Nov. 1 at the National Academy of Public Administration conference. "In order for us to understand the true impact of it, we need to know where it is and how it's interacting."

*** The federal government released new guidance designed to improve and mature existing insider threat detection capabilities. The new document from the National Insider Threat Task Force, jointly operated by the FBI and the National Counterintelligence and Security Center, updates and expands on a 2012 White House executive order establishing minimum standards for the conduct of insider threat programs. 

The new "maturity framework" builds on the foundational standards to help make sure agencies have the appropriate personnel, procedures and information sources and analytical methods in place to identify potential security risks. On the technology front, the framework advises agencies to make sure that insider threat programs include tech in their budget, make sure programs allow for monitoring of government-issued IT endpoints, and that monitoring capability is included in IT planning and procurement.