Month: March 2020

Posted on

Freezing Modifications and Limiting Use of Extended Contracts

Timeline of the Planned Transition to Enterprise Infrastructure Solutions

In December 2018, GSA announced that we would extend the expiring Networx, Washington Interagency Telecommunications System (WITS) 3, and Regional Local Service Agreement (LSA) contracts to allow the necessary time for agencies to complete transition and modernize.

The successful transition to Enterprise Infrastructure Solutions (EIS), the federal government’s $50 billion, 15-year, Best-in-Class acquisition vehicle for telecommunications and networking, is a strategic priority for GSA’s Federal Acquisition Service.

Originally set to expire in 2020, GSA is extending the expiring contracts by an additional three years to May 2023. In extending these legacy contracts, GSA requires agencies to meet certain critical milestones to continue using services on the extended contracts.

Additionally, GSA is taking steps to curtail the growth of services on the extended contracts by freezing modifications and limiting use. These actions will minimize the impact of GSA having to maintain dual operations.

Freezing Modifications on Extended Contracts

Effective October 1, 2020, GSA will implement controls on its extended Networx, WITS 3, and LSA contracts by freezing all future growth on these vehicles. All new services should be provided under the EIS contracts.

Processing Modifications on EIS Contracts

GSA recognizes that many agencies have released their EIS solicitations and are waiting for EIS contract modifications to be evaluated and awarded by GSA. We are prioritizing modifications needed for agency awards.

Limiting Use of Extended Contracts

On March 31, 2020, GSA will begin to limit the use of its extended contracts for agencies that are not making progress towards transition. GSA will disconnect agencies, in phases, to meet the September 30, 2022 milestone for 100% completion of transition. The first phase will include agencies that have been “non-responsive” to transition outreach from GSA. Future phases will be based on each agency’s status at that time and the individual circumstances impacting that agency’s transition progress, such as protests or pending contract modifications.

Once a phase is complete, agencies identified will no longer be allowed to process any modifications or orders, will be ineligible for an exception, and will have their active services disconnected.

We applaud the agencies that are taking active steps to modernize and we will continue to monitor progress across the federal government. Taking steps to curtail growth on the extended contracts will encourage agencies to transition existing and new services onto EIS. GSA will continue to communicate with agencies at all levels, provide resources and support to agencies through transition, and pull all available levers in support of significant cost savings, greatly improved efficiencies, and enhanced cybersecurity— all achievable through EIS.

Questions? Contact Allen Hill, Executive Director, GSA’s Office of Telecommunications Services at allen.hill@gsa.gov or (202) 701-7891.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Posted on

Incident Response: Protecting Your Agency Before and After a Cyberattack

As cyberattacks increase in size and frequency, it is important for every agency to protect its network from incidents that can jeopardize the confidentiality, integrity, or availability of an information system. The Office of Management and Budget and the Department of Homeland Security determined that 74 percent of federal agencies participating in their 2018 assessment had cybersecurity programs that were either at risk or high risk.

While an agency can take proactive measures to prevent cyberattacks, an incident may still occur. When a cyberattack or other damaging incident occurs in an agency’s network, reactive measures such as incident response must be taken to preserve the integrity of the information system.

Incident response is the methodology an organization uses to respond to and manage a cyberattack. A data breach or cyberattack can wreak havoc and potentially affect employee security, intellectual property, and agency time and resources. Incident response protocol aims to reduce this damage and recover as quickly as possible.

Incident response protects organizations against four common types of incidents:

GSA’s Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) offers incident response services to help organizations with compromised systems. These services help to determine the extent of the incident, remove the adversary from systems, and restore networks to a more secure state.

HACS incident response services can also be used to proactively plan for future attacks. The benefits of preparing and maintaining an incident response plan helps agencies handle cybersecurity events and minimizes the impact of potential threats while strengthening an agency’s defenses against any future incidents.

Below is an example of an incident response plan:

Incident Response StepAction Taken
Preparation Create an asset list and system baseline.
Detection and AnalysisAnalyze events to determine whether they constitute an incident.
Containment, Eradication, and RecoveryPrevent further damage from an incident, and determine the cause of an incident so that the system can be returned to the previously known neutral state. Restore compromised system to operational status.
Post-Incident ActivityProvide final report of the incident identifying current procedures for efficacy and whether those procedures were followed properly.

Another benefit of the HACS SIN is that the vendors included under the incident response subcategory have passed a technical evaluation and can provide individualized incident response plans. If an agency already has an incident response plan, vendors can evaluate the plan and provide services that adapt to that individualized plan. Vendors use qualified resources to minimize the impact of cyber-attacks and avoid future incidents. Incident response services can also augment agency resources during a large scale incident.

For more information on incident response and how GSA’s HACS SIN can provide your agency with incident response services, please visit the HACS Homepage.

To learn more about the additional services the HACS SIN provides, watch our HACS Overview Video.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.

Posted on

Riding the Digital Wave of Transformation – Together

Emerging technologies such as Artificial Intelligence and Machine Learning (AI/ML) are paving the way to automate business processes and, in turn, free up the government workforce to focus on more complex work activities. As ITC’s Deputy Assistant Commissioner for Acquisition one of my main priorities is to ensure we have the acquisition resources that agencies need to help them smoothly ride the digital wave of transformation.

An important part of our strategy is to foster collaboration and engagement with government and industry stakeholders – this is key to our success.

International Best Practices

This type of engagement also includes the bi-directional sharing of best practices with our international colleagues. I recently attended an event hosted by the Ministry of Foreign Affairs of Denmark at the Danish Embassy in Washington, DC. Through a public-private partnership, Denmark has been focusing its government digitization on efficiency, citizen services, transparency, and employee satisfaction. They had a compelling presentation about the importance of understanding and improving the underlying processes related to the areas they want to digitize. ‘Process First, Technology Second’ is a key refrain in a Government of Denmark sponsored whitepaper.

Tejs Knudsen, CEO cBrain (Left), Keith Nakasone, GSA (Middle), H.E. Lone Dencker Wisborg, Danish Ambassador to the United States (Right)

Join the Conversation

There are a number of events coming up where we’ll be talking about AI, ML, and other important government acquisition topics. Chief among them is FAST 2020, where I’ll be participating in three separate sessions. Two in our IT Modernization, Emerging Technologies, and Innovation track; one on Artificial Intelligence and Machine Learning and another, Innovative Methods of Assessing Information Technology Contractors, Changes, Innovations and Best Practices. I’ll also be on a panel with Katie Arrington, Special Assistant to the Assistant Secretary of Defense for Acquisition, ASD(A), for Cyber to discuss the release of the Cybersecurity Maturity Model Certification, version 1.0.

Additionally, I’ll be speaking at the following events:

In This Together

In a recent blog post, our Assistant Commissioner, Bill Zielinski, talked about all of the great work we’ve done over the past year to improve the way federal agencies adopt, buy, build, and use technologies such as AI – you should check that out if you missed it.

Events like these give us an excellent opportunity to collaborate with our stakeholders. The lessons that we learn and the best practices we share will make all the difference as we ride the digital wave of transformation together.

Please follow us on Twitter @GSA_ITC and LinkedIn to join our ongoing conversations about government IT.

To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.