FCW Insider: May 13

Ellen Lord, the Pentagon's top acquisition official, said the agency is looking for a way to share its software blacklist with the defense industrial base. As Lauren C. Williams reports, there are statutory restraints about what it can legally publish.

Smaller vendors on the $50 billion Enterprise Infrastructure Solutions telecom contract are worried that incumbents on the existing Networx vehicle might have an advantage when it comes to landing business. Mark Rockwell has the story.

The new House committee on modernizing the legislative branch is turning its attention to making internal operations more transparency through technology. Some long-sought features are nearing completion, Chase Gunter learned at a recent hearing, including a public facing track-changes function for legislative drafts.

The Air Force plans to migrate 100 applications to the cloud this year with as many as possible opting for the fast track authority to operate process. Lauren has more from her interview with the service's top tech official.

Quick Hits

*** David Redl resigned as head of the National Telecommunications and Information Administration on May 9. NTIA manages federally-held spectrum and is partner to the Federal Communications Commission which oversees commercial spectrum. The Department of Commerce announced that Diane Rinaldo will take over as NTIA Administrator on an acting basis.

*** Sens. Ron Johnson (R-Wis.) and Gary Peters (D-Mich.), the chairman and ranking member of the Senate Homeland Security Committee, introduced legislation May 10 to ensure feds who have responsibility over supply chain risk management processes receive adequate training against counterintelligence threats.

The bill tasks the heads of the Office of Management and Budget, the Office of the Director of National Intelligence, the Department of Homeland Security and the General Services Administration with developing a government-wide counterintelligence training program for executive branch agencies, focusing on threats in the procurement space and throughout the information and communications technology lifecycle. The bill would also require agencies to regularly update Congress on the program to inform future improvements.

*** A new watchdog report suggests Congress should consider empowering the IRS to set cybersecurity rules of the road for third-party private tax organizations who handle sensitive tax data.

While the IRS is required by federal law to protect financial and taxpayer data, the Government Accountability Office found that in 2018, 90 percent of individual taxpayers had their tax returns electronically filed by third-party paid preparers or used software to file their own taxes.

That means that no matter what protections the agency has in place for taxpayer data after they are fed into their systems, the vast majority could still be vulnerable on the front end when they're handled by companies or individuals who are not subject to nearly the same regulatory scrutiny when it comes protecting their IT systems.

Since IRS does not have explicit authority to set minimum baseline cybersecurity standards for how third parties should protect their IT systems and data, the GAO recommends that Congress consider legislation giving it to them, while also recommending IRS set up a formal structure for developing and communicating those standards.