Upload
albert-mclaughlin
View
226
Download
0
Tags:
Embed Size (px)
Citation preview
Advancing Government through Collaboration, Education and Action
General Membership Meeting
February 25, 2014
Advancing Government through Collaboration, Education and Action 2
Agenda
Welcome & Chair’s Remarks 4:00 – 4:15pmProgram – Stan Kaczmarczyk 4:15 – 5:00pmProgram – Cybersecurity Updates 5:00 – 5:45pm Networking Reception 5:45 – 7:00pm Tickets Lounge
Advancing Government through Collaboration, Education and Action
Welcome and Chair Remarks
Jim Williams
Advancing Government through Collaboration, Education and Action
Upcoming Events
Feb 26th Commodity Buying of IT Executive Panel
March 19th ACT-IAC General Membership Meeting
March 20th Acquisition Excellence 2014
March 24th Excellence.gov Awards
April 24th SBC 2014
4
Acquisition Excellence 2014
Education and Training event attended by more than 600 Senior Government Executives, Contract and Program
Officers and their Industry counterparts.
Sessions:• Acquisition Panel with GSA/NASA/DHS/NITAAC• Acquisition of Agile IT Services• Leveraging Transparent Procurement Data• How Industry and Government Perspectives Differ on Acquisition Issues• Protecting the Nation’s Cyber Infrastructure• Lifting the Veil on Decision Making• Relationship Between Protests and Debriefings
Acquisition Excellence 2014
Keynote Speaker:Katrina McFarland, Assistant Secretary of Defense for Acquisition, Department of DefenseAdditional Speakers:Dr. Nick Nayak, Chief Procurement Officer, Department of Homeland SecurityRob Coen, Acting Director, National Institute of Health, National Institutes of Health Information Technology Acquisition and Assessment CenterMark Day, Deputy Assistant Commissioner, Office of Integrated Technology Services, Federal Acquisition Service, General Services AdministrationMichael Smith, Director, Strategic Sourcing Program Office, Department of Homeland SecurityJoanne Woytek, Program Manager, NASA SEWP Program
Advancing Government through Collaboration, Education and Action
Excellence.Gov Awards 2014
8
Registration Fees:
Government: $25.00IAC Member: $95.00Non Member: $130.00
For more information on Registration and Finalistshttps://actiac.org/groups/event/excellencegov-awards-march-24-2014
Small Business Conference 2014
Theme for this year: Connect, Collaborate, Commit
3rd Annual Smackdown: open dialogue focused on creating practical solutions
Federal Agency Workshops
New for this year: Small Business Advocacy Award and Matchmaking Sessions
Small Business Conference 2014
Confirmed Speakers include:
Dan Tangherlini, Administrator, General Services AdministrationKevin Plexico, Vice President, DeltekEugene Cornelius, Deputy Associate Administrator, Small
Business Association Sandra Broadnax, Director, Small Business Programs Office,
National Geo-Spatial Intelligence AgencyChris Dorobek, Founder, DorobekINSIDER.com
Advancing Government through Collaboration, Education and Action
ACT-IAC Academy UpdateUpcoming Academy Courses
12
March 19th Overview of the Federal – Industry Technology Partnership
March 25th Should your company have a GSA technology Schedule
March 26th Understanding the Federal Budget Process
March 27th Obtain a Working Knowledge of the FAR for IT Professionals
April 1-2 2014 Agile Project Management
Advancing Government through Collaboration, Education and Action
(11) IAC new courses for 2014 Data Information Sharing across federal agencies (best Practices) Working Knowledge of the FAR for IT professionals (acquisition) Basic understanding of federal technology acquisition (small business focus,
best practices) Cost and pricing for federal Technology contracts: bid no/bid decisions (best
practices) Technology Proposal Writing, Capture & development management (small
businesses focus, best practices) Overview of the Federal – Industry Technology Partnership. (Small business
focus, best practices) Effective Risk management in federal technology contracts (best practices) Understanding the federal technology budget process (small businesses focus,
best practices) Federal Technology Customer Relationship management. (Best Practices) Creating an Innovative Technology Environment. (Best Practices, leadership) Should your company have a GSA technology Schedule? (Small business
focus)
13
Advancing Government through Collaboration, Education and Action
Program Speaker
“Helping Federal Agencies Move to the Cloud”
Stanley Kaczmarczyk, Acting Director, Office of Strategic Programs, Federal Acquisition Service, Integrated Technology Service, General Services Administration
14
ACT-IAC Membership Meeting
February 25, 2014
Mr. Stanley KaczmarczykActing Director Office of Strategic Programs (OSP)Federal Acquisition Service (FAS)Integrated Technology Services (ITS)
16
Agenda
• Overview of GSA’s Office of Strategic Programs (OSP) Federal Acquisition Service (FAS) Integrated Technology Services (ITS)
• Lessons Learned - GSA’s cloud acquisition vehicles• GSA and Federal agencies’ ongoing exploration of the cloud
broker model• New Cloud Acquisition Vehicles - and the landscape for
acquiring cloud services
17
Program Offerings
GSA FAS ITS Office of Strategic Programs (OSP) key offerings include the:
• ITS’ Center for GWAC Programs•Center for Strategic Solutions and Security Services
The OSP manages Alliant, 8(a) STARS II, and VETS Government wide Acquisition Contracts (GWAC) as well as cloud contracts, SmartBUY, USAccess, and other strategic solution areas for government IT transformation.
18
Infrastructure as a Service (IaaS) and Email as a Service (EaaS) Blanket Purchase Agreements (BPA’s)Over time we have gathered lessons learned from various acquisition vehicles that GSA has • These lessons learned fed directly into key initiatives as well as will feed into
new acquisition vehicles:
• A few examples are:
Allowing agencies to award tasks to vendors on the Email as a Service (EaaS) Blanket Purchase Agreements (BPA’s) not requiring the cloud service Providers (CSP’s) to hold an ATO first
Allow for on boarding and off boarding of CSP’s
Add an actual financial penalty or credit back for missed SLA’s
Lessons Learned
19
Email as a Service (EaaS) Cloud Orders
Agency Vehicle Award Date Award Amount
Smithsonian Astrophysical Observatory (SAO) EaaS BPA 12/16/2013 $233,570.00
Inter American Foundation (IAF) EaaS BPA 12/16/2013 $25,557.50
Commission of Fine Arts (CFA) IT Sched. 70 09/09/2013 $18,355.68
National Archives and Records Administration (NARA) IT Sched. 70 11/27/2012 $7,182,269.75
County of Ventura, CA IT Sched. 70 12/10/2013 $1,655,000.00
Department of the Army IT Sched. 70 09/26/2013 $1,452,000.00
Department of the Army1 IT Sched. 70 09/27/2013 $861,000.00
Subtotal - EaaS BPASubtotal - IT Schedule 70
Total
$259,127.50$11,168,625.43$11,427,752.93
1 = Army Task Award was made against the Army CHESS BPA made against Schedule 70.
20
Infrastructure as a Service (IaaS) Cloud Orders
21
Lessons learned - GWACs• Need to make it easier to onboard new vendors and to create a process for
successful small businesses to participate in the “other than small” GWACs
• Need to standardize labor categories and link to an authoritative source
• Need a more flexible fee structure to offer reduced rates for agencies/vendors who make greater use of GSA’s contracts.
• Need to give agencies more flexibility to structure orders to support complex, and long term projects such as a data center migration and subsequent operation
• Need to provide more overlap between contracts and to support longer period of performances.
Lessons Learned
22
Lessons learned – GWACs continued
• Actual “as a service” cloud orders typically represents 20-30% of acquisition – the devil is in the details.
• GWACs offer single acquisition to meet overall requirement with flexible CLIN structure and scope:
Inventory & Discovery Application mapping Migration planning Migration execution Decommissioning services & “green” disposal
• FDCCI/Cloud migration roadmap (gsa.gov/cloud)
Lessons Learned
23
• GSA Enterprise Email and Collaboration Services Unisys is prime – Google Mail Software as a Service $6.7M
• Treasury Consumer Financial Protection Bureau Cloud infrastructure and administration services to operate web based
applications in a cloud environment Smartronix $5.4M
• IRS Enterprise Managed Storage Services (>7.5Petabytes) Unisys $138M
Examples of GWAC Cloud/Data Center Orders
24
• GSA is exploring a next generation acquisition vehicle - potentially the “Cloud Services Broker” model.
• The intent - is to provide government agencies a broad range of vetted cloud computing services through a “single business and acquisition interface” that automates the management and provisioning of cloud services and enables reduced cloud procurement lead times.
Cloud Broker Initiative
25
Cloud Broker Proof of Concept (POC)Overall Approach and Progress to Date
Concept Development Analysis Proof of Concept (POC)Identify Business Issues, Conduct Market Research, and Engage Government and Industry
Analyze RFI Responses, Acquisition Planning for Proof of Concept (POC)
Launch Comparative Evaluation of Cloud Broker Platforms, Assess Decision to Move Forward with Full Operating Capability (FOC)
Key Activities
• Engage Cloud Computing Government Leaders Through Brainstorming Sessions
• Engage Industry through Request for Information (RFI) Development and Publication
•Gain Approved Funding for FY13 Activities
•Analyze RFI Responses•2 Rounds of Vendor RFI Follow-up
Meetings •Develop Statement of Objectives
(SOO) for POC •Develop Acquisition Documentation
and Issue Request for Quotation (RFQ)
•Re-engage with Brainstorming Group & secured Early Adoption Customers – DHHS and DHS
•Draft POC Use Cases
•Award POC Contract• Launch POC•Conduct Iteration Testing •Continued Involvement of Early
Adoption Customers DHS and DHHS
•Complete POC Summary Report and Findings
• Evaluate POC Findings and Impacts to FOC
Expected Outcome
s
•RFI is Published•High Level Requirement Areas
Identified• Funding secured for GSA FTE
• RFI Responses are Compiled and Analyzed
• Decision to Launch POC is Made • POC Uses Cases are Developed
•Proof of Concept is Executed • Summary Report and Findings
Completed1
Phase 1 Phase 2 Phase 3Jan ‘12-Sept ‘12 Oct‘12-Sept ‘13 Sept ’13 - Mar‘14
1-Determination to pursue FOC is still under consideration
“Go/No-Go” Decision
26
Cloud Broker Proof of Concept (POC) Project Schedule
• POC Base Period:
– Period of Performance: Sept 2013 – March 2014
– Purpose: Evaluating 3 of 5 platforms• Enstratius, Gravitant and Jamcracker – Under evaluation• CA & RightScale
– Current Status:
• Nearly 50% complete from a timeline perspective
• On schedule, on budget
• Completed 3 out of 6 iterations for 2 platforms
• Planning to add a 3rd platform for evaluation through the end of March 2014 based on findings from use cases 1-3 of 2 platforms
27
Cloud Broker Proof of Concept (POC) Preliminary Observations
1. Cloud Broker Platform use as a cloud procurement tool for contract/task order establishment is not recommended due to:• Insufficient platform software maturity• Disparate federal and agency procurement practices
2. Single cloud broker platform supporting multiple agency customers simultaneously not feasible: • Customer agencies have specific requirements • Inconsistent broker software implementation models
3. Align next steps to meet motivated customer agency demand:• Strong interest and engagement with GSA during POC • Customer agencies seek a flexible and complete contracting
solution to procure cloud technologies and services
28
Here is who is playing in that space today:
Defense Information Systems Agency (DISA) • In a memo issued by the DoD CIO on June 26, 2012, DISA will act as
Enterprise Cloud Service Broker (ECSB) for DoD.
Department of Energy (DOE), National Nuclear Security Administration (NNSA) • Implemented the Cloud Services Broker model “YOURcloud
State of Texas - Department of Information Resources (DIR)• Implemented the Cloud Services Broker Pilot leveraging Gravitant’s
technical cloud broker platform.
The National Aeronautics and Space Administration (NASA) • Jet Propulsion Laboratory (JPL) turned to cloud services four years ago, the
lab's IT department became the de facto cloud brokerage for NASA.
Cloud Brokers – Agencies in the Space Today
29
GSA’s GWACs have been very successful, but all follow similar trend of rapid growth and rapid decline over their 10 year life cycle
Alliant II
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018$0
$500,000,000
$1,000,000,000
$1,500,000,000
$2,000,000,000
$2,500,000,000
$3,000,000,000
$3,500,000,000
$4,000,000,000 *FY14 – FY18 are forecasted obligations.
FAS 8(a) STARS II GWAC FAS 8(a)STARS GWAC FAS Alliant GWACFAS Alliant Small Business GWAC FAS ANSWER GWAC FAS Millennia GWACFAS Millennia Lite GWAC FAS VETS GWAC
30
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
1 2 3 4 5 6 7 8 9 10 1 2 3 4 5- 167% 99% 59% 31% 9% -9% -25% -38% -49%
Base Alliant Contracts Option 1 Alliant Contracts Alliant Task Order POP
Contract Year
2016 2017 2018 2019 2020 2021 2022
1 2 3 4 5 6 7
Award Alliant II & Alliant Small Business II*
* POP of new contracts TBD
Historical year to year business volume variation
Current Alliant and Alliant Small Business Period of Performance
How ITS is helping? - New vehicles – Alliant II
Provide more overlap between expiring Alliant Contracts & Alliant II Contracts to mitigate business volume declines.
Register on GSA Interact to obtain information and provide comments on Alliant II
31
GWAC Dashboard – Active GWACs business volume updated nightly at GSA.gov/gwac
GWAC
32
GWAC Prices Paid Portal – high, low, and average prices paid on Alliant’s 80 labor categories.
Available to government project teams and contracting officers preparing independent cost estimates and price reasonableness determinations.
GWAC
strategicsourcing.gov
33
Streamlined acquisitions
In support of the Federal Data Center Consolidation Initiative (FDCCI) GSA FAS ITS Cloud Computing Services Program Management Office (CCS PMO) assisted in the creation of five (5) Statement of Objective (SOO) templates:
• GSA's Multi-Agency Working Group developed sample SOOs that can be found at: www.GSA.gov/CloudIT
• This is an attempt to help agencies realize cost savings quicker through increased efficiency, agility, and innovation, that will require less time to close data centers.
• The sample SOO templates support two key administration priorities — Cloud First and data center consolidation.
Cloud Migration Phase Cloud Sample SOO Templates
1. Inventory2. Application Mapping3. Migration Planning
Cloud Migration Services SOO template phases 1 - 3
4. Migration Execution Cloud Migration Services SOO template phase 4
5. Decommissioning Services,Equipment Disposition, andFacility Disposition
Cloud Migration Services SOO template phase 5
How ITS is helping? - Streamlined acquisitions
34
Streamlined acquisitions
IT Solutions Navigator Tool - Was set up to help agencies evaluate GSA’s IT and telecommunications solutions• The IT Solutions Navigator displays the most suitable contract vehicle(s)
matching an agencies selections and responses• The tool also provides online help so that an agency can select and use GSA’s
contract vehicles• The tool walks a user through three (3) basic steps
Step 1 - Select whether you are a federal or tribal, state or local government organization
Step 2 - Select your Information Technology and Telecommunications needs
Step 3 - Select your acquisition requirements
How ITS is helping? - Streamlined acquisitions
Websites and Points of Contact
Point of Contact: Stan Kaczmarczyk [email protected]
Learn more about all of GSA’s cloud offerings at: http://www.gsa.gov/cloud
Register on GSA Interact to obtain information and provide comments on Alliant II
35
Advancing Government through Collaboration, Education and Action
Updates in Cybersecurity
Bradley Nix, Director, Chief Information Security Officer, Office of Information Technology, Information Security Office, Food and Nutrition Service, Department of Agriculture
Leo Wong, Deputy Chief Information Security Officer, Office of Information Technology, Information Security Office, Food and Nutrition Service, Department of Agriculture
Jonathan Addelston, Principal, UpStart Systems
Don Johnson, Office of the Secretary of Defense USD (AT&L) – DASD (C3 & Cyber)
36
Advancing Government through Collaboration, Education and Action
Cybersecurity Shared Interest Group
Bradley Nix
Cybersecurity SIG GAP Member
Advancing Government through Collaboration, Education and Action
Mission Statement
38
The Cybersecurity SIG provides opportunities for government and industry executives to collaborate on identifying and overcoming obstacles to help secure the cyberspace and
critical infrastructure on which the nation depends
Advancing Government through Collaboration, Education and Action
Current Initiatives
• Task Force created to address Priority Area Leader (PAL) request for support in developing a taxonomy of cybersecurity terms that can be incorporated into acquisition documents
• Task Force created to address training required to adopt a risk-based approach to cybersecurity
• Supporting a PAL request on threat information sharing standards
• Continuing to foster Cybersecurity SIG Speaker Program39
Advancing Government through Collaboration, Education and Action
Next Cybersecurity SIG Meeting
• Date – March 5, 2014• Location – ACT-IAC Headquarters, Fairfax, VA• Speaker – Emile Monette, GSA
“Improving Cybersecurity Through Acquisition”, Mr. Monette will provide an overview of the report’s recommendations and discuss what’s next in developing an implementation plan.
40
Advancing Government through Collaboration, Education and Action
Cybersecurity SIG & GAP Leadership
• Chair – Bob Post,
Crossroads Cyber Solutions• Vice Chair – Cheryl Soderstrom,
HP Enterprise Services• Communications – Mike Agrillo,
OnPoint Consulting• Program Chair – Carrie Boyle,
Grant Thorton• Knowledge Capture - Vacant
• Gary Galloway, State• Christopher Garcia, FAA• Adrian Gardner, NASA• George Jakabcin, Treasury• Sean Lang, Library of Congress• Chuck McGann, USPS• Emile Monette, GSA• Brad Nix, USDA
41
Advancing Government through Collaboration, Education and Action
Cybersecurity ForumImplications of Privacy to Cybersecurity
Leo Wong
Advancing Government through Collaboration, Education and Action
Overview
• On January 28, 2014 the Cybersecurity Forum was held at the Grand Hyatt, Washington, DC
• Over 70 registered attendees• Speakers
– Peter Miller, Chief Privacy Officer, FTC (Keynote)– Naomi Lefkovitz, Senior Privacy Policy Advisor, ITL, NIST– Justin Somaini, Chief Trust Officer, Box– Brad Nix, Chief Information Security Officer (CISO), FNS, USDA– Leo Wong, Deputy CISO, FNS, USDA– Maria Horton, President, EMESEC – Bob Post, President, Crossroads Cyber Solutions– Ron Lichtinger, FierceMarkets (Planning Committee)
43
Advancing Government through Collaboration, Education and Action
Breakout Working Sessions
• Track 1: Shaping the concepts of privacy– Differing perspectives on privacy (generational, regional, cultural)– Opt In/Opt Out– Technical Data Collection and Impact on Defining Privacy
• Track 2: Technicalities of Privacy in the Face of Everything– Privacy By Design– Data Ownership and Accountability– Use of Data/Who owns data/repackaging of data
44
Advancing Government through Collaboration, Education and Action
How often terms entered into the conversation is demonstrated below
45
Advancing Government through Collaboration, Education and Action
Community Privacy Initiatives
• Cybersecurity Framework Volume 1.0 deleted the Privacy Annex due to lack of consensus
• NIST is hosting a Privacy Engineering Workshop on April 9-10, 2014 in Gaithersburg, MD
46
Advancing Government through Collaboration, Education and Action
Object Management Group (OMG)Cybersecurity Threat Model
Work-in-Progress
Standards Coordinating Council
C&T SIG Information Sharing Committee
Cybersecurity SIG
Jonathan Addelston & Don Johnson
Advancing Government through Collaboration, Education and Action 48
Joint Activity across ACT-IAC
• Standards Coordinating Council• Collaboration and Transformation (C&T) Shared Interest
Group (SIG) Information Sharing Committee (ISC)• Cybersecurity SIG
Advancing Government through Collaboration, Education and Action
Standards Coordinating Council
• Advisory Working Group to White House Interagency Policy Council• Members:
– OMG– IJIS– AFEI– ACT-IAC– Organization for the Advancement of Structured Information Standards (OASIS)– Global Justice Information Sharing Initiative - DOJ– National Information Exchange Model (NIEM) - DHS
49
Advancing Government through Collaboration, Education and Action
Related Activities
• Standards-Based Acquisition white paper update by C&T SIG ISC
• ISE Interoperability Framework (I2F) by PM-ISE and SCC• NIEM 3.0 by DHS• NIEM Uniform Modeling Language (UML) Standard by OMG
50
Advancing Government through Collaboration, Education and Action
OMG Cybersecurity Threat Model
• Part of the SCC effort to develop and use industry-driven information exchange standards
• Focused on modeling the information which should be shared across industry and government to aid cybersecurity, starting with threats
51
Advancing Government through Collaboration, Education and Action
Current Activities
• Use existing standards, like MITRE’s Structured Threat Information eXpression (STIX) to define basic concepts like– Indicators– Threat actor– Kill chain
• Analysis of the business processes for attackers, defenders, and other “actors”
• Emphasis on deriving the model through specific use cases (scenarios)
52
Advancing Government through Collaboration, Education and Action
No Current Common Information Model
53
PhysicalThreatModel
STIX
SNORT
IODef CAP
IntrusionDetectionSystems
CommonAlertingProtocol
IncidentObject
Description and
Exchange Format
Data Conversions require ~N2
versions
Advancing Government through Collaboration, Education and Action
Semantic InteroperabilityCommon Meta Model
Meta Model
STIX IODef CAP SNORT
Physical
Threat
Model
54
Data Conversions require ~N versions
Advancing Government through Collaboration, Education and Action
Call for Action
• We are working on cross-collaboration across existing ACT-IAC organizations and activities with interests in cybersecurity
• We need volunteers to work on the Cybersecurity Threat Model and related Information Sharing and Safeguarding approaches
55
Advancing Government through Collaboration, Education and Action
SAVE THE DATE:Next Membership Meeting
March 19, 2014
Advancing Government through Collaboration, Education and Action
Networking Reception
Tickets Lounge