17 Dec 15. Final CISA bill wrapped into omnibus package. Once again, lawmakers are using a year-end spending bill to pass the year’s most significant technology legislation.
Whereas last year the Federal IT Acquisition Reform Act (FITARA) was included in the National Defense Authorization Act, this year the Cybersecurity Act of 2015 — also known as the Cybersecurity Information Sharing Act (CISA) — is part of the 2016 omnibus spending package.
The final cybersecurity bill merges parts of the Senate-passed CISA and two bills that passed the House earlier this year, relying mostly on language from the National Cybersecurity Protection Advancement Act crafted by the House Committee on Homeland Security.
Legislators had been conferencing on a merged bill since late October and proponents in both chambers wanted to see the final version pass before the end of the year. With time running out and Congress facing a potential government shutdown, including the final version in the yearly spending bill was the only option.
The bill codifies an information-sharing framework by which the government and private industry can share data about known cyber threats in real time (or near real time, depending on who you ask), bolstering the security posture for both sectors.
The Department of Homeland Security will take the lead collecting and disseminating the information, as appropriate, as well as managing the creation of Information Sharing and Analysis Organizations (ISAOs). DHS has already awarded a grant to set up the standards by which the ISAOs will operate.
The measure is hardly a cure-all for the cybersecurity threat but can help organizations stay on top of emerging attack vectors, shining light on new zero-days as they pop up.
The legislation also includes mandates to strengthen government cybersecurity — both around information-sharing efforts and detection and response across all federal agencies — and bolster the cyber workforce. (Source: C4ISR & Networks)
17 Dec 15. Pentagon IT services juggling contracts in transition to joint agency. Earlier this year the Pentagon announced it would combine a handful of IT-focused but separate Defense Department organizations with the Defense Information Systems Agency as part of broader enterprise IT efforts. Now officials say progress is ongoing even as the separate agencies – which include the Army IT Agency and the Enterprise IT Services Directorate within the Office of the Secretary of Defense – award their own contracts for IT services.
Combining legacy contracts is one of the key parts of creating the Joint IT Single Service Provider-Pentagon (JISSPP), also known as Joint Services Pentagon or JSP. But in late November L-3 National Security Solutions announced that Army ITA had awarded them a five-year, $107 million contract to provide “next-generation information technology support for approximately 20,000 computing devices” for the agency.
On a media call between DoD CIO Terry Halvorsen and reporters in September, Barbara Hoffman, acting deputy director of the provisional JISSPP, said that the new joint agency reached initial operating capacity on July 20 and work was moving forward to merge contracts and services.
“We have been working on looking at contracts and contract consolidation, looking at how we can merge the two big previous service providers, ITA and EITSD, into a single organization,” Hoffman said. “We are still working some of our initial service consolidations for , service desk and the [Computer Network Defense – Computer Network Defense Service Provider]. That is all moving along nicely and we are now entering in the phase of how do we start prepping for when we go [full operating capability], which is an undetermined time, but we do have to start thinking about that and planning for that.”
That planning, of course, takes place as Pentagon IT requirements still remain and demand constant fulfillment. That’s why Army ITA went forward