The companies that landed awards under Interior’s Foundation Cloud Hosting Services II contract are Accenture Federal Services, IBM, CGI Federal, SAIC, Cognosante, Zivaro and Smartronix. Those seven vendors will compete for task orders under the greater indefinite-delivery, indefinite-quantity contract. 

The announcements of the seven awards detail Interior’s statement of work for the contract, requiring cloud license and support services for infrastructure, platform and software in a cloud environment. 

This contract comes as the initial iteration of the Foundation Cloud Hosting Services vehicle is set to expire later this year. Awarded in 2013 to 10 contractors, the initial contract has a $10 billion ceiling.

In the department’s initial statement of work, it wrote about the latest contract: “This follow-on FCHS contract is shifting to multiple service provider focus and integration among our solutions and a hybrid model hosting environment vision. Providing interoperability and data integrations between multiple technologies and services across the Department bureaus and offices.”

It also complements Interior’s $1 billion cloud contract award to Peraton last year for its Cloud Hosting Solutions III acquisition, which enlists the IT contractor to manage the department’s portfolio of cloud services.

The post Interior awards $2 billion cloud hosting contract to 7 vendors appeared first on FedScoop.

During panel discussions Wednesday at the Scoop News Group-produced Amazon Web Services Innovate Day, chief information security officers downplayed the Sept. 30 deadline on targets called out in the Office of Management and Budget’s zero trust architecture strategy, expressing both confidence that they will hit the goals and readiness to turn the page on the January 2022 memorandum. 

“The status of OPM zero trust is pretty darn good,” said Office of Personnel Management CISO James Saunders. While there’s work to be done at OPM on the data pillar of the Cybersecurity and Infrastructure Security Agency’s zero trust maturity model, Saunders said that “overall, I think we’re on track and on target to hit the end of this fiscal year goal.”

The Department of the Interior — and its 11 bureaus and eight offices — may not have had quite so smooth a path, but CISO Stan Lowe said the agency is in a good position with its adoption of “practical zero trust.”

“We’re always going to live in a hybrid environment where I’m going to have legacy applications,” Lowe said. “It’s an ongoing, continuous thing. It’s not a destination, it’s a journey, because technology is going to change.”

The “ongoing” nature of meeting the White House’s zero trust benchmarks was on display at Interior with its work on implementing phishing-resistant multifactor authentication — a callout under the identity pillar of the strategy. 

When Lowe, a Federal Trade Commission and Veterans Affairs alum, took over as Interior’s CISO in 2023 after several years in the private sector, he was greeted by “a lot of legacy stuff … floating around the department.” He quickly discovered that what worked for one bureau might not for another — at least in those early stages of MFA adoption.

“The requirement says ‘phishing-resistant MFA.’ Well, that wasn’t necessarily possible [for some offices], so my position on that in the beginning, until we got to the point, was any MFA is better than no MFA,” Lowe said. 

Tackling the zero trust architecture pillars has been filled with trade-offs and shifting strategies of that kind for agency CISOs. Saunders, for example, said funding was the “biggest challenge” for OPM early on, especially coming off an August 2021 OMB memo on logging that “did not come with extra money” for agencies.

A $9.9 million investment from the Technology Modernization Fund to OPM in September 2021 ultimately proved to be a game-changer in fueling the agency’s zero trust work.

Still, a lesson in budgeting and prioritization was learned. “For a lot of these new cybersecurity investments, we need to engage with our business [counterparts] because TMF is only going to support us for so long,” Saunders said. “And that’s a continuous conversation; continuous engagement was not something that was necessarily a strong suit of the cybersecurity organization at the time.”

Shane Barney, CISO at U.S. Citizenship & Immigration Services, described zero trust as “the world’s biggest unfunded mandate for a lot of organizations.” That changed for USCIS when “all of [the Department of Homeland Security’s] different director heads” got in a room and “actually prioritized it first — and it’s not a small amount of money,” Barney said.

“They recognized the connection between security and the business being successful,” he said, adding that zero trust essentially amounts to good “cyber hygiene.”

For any CISO given a mandate to implement agency-wide technical change, internal cultural resistance is a frequent roadblock. Lowe joked that the security organization within Interior has a reputation of putting “the ‘no’ in ‘innovation.’’ 

But Lowe is entering the zero-trust sprint to the end of fiscal 2024 feeling “pretty optimistic.” After Interior weathered the Ivanti VPN vulnerability earlier this year, the veteran CISO said he’s ready for whatever comes next in the federal government’s cybersecurity journey.  

“Having worked in organizations that are fully zero trust and having gone through that journey with those organizations, I know this is possible,” Lowe said. “It’s just gonna take some intestinal fortitude and some hard decisions along the way to be able to get this done.”

The post Agency CISOs aren’t sweating a looming zero trust deadline appeared first on FedScoop.

While many of these actions are still preliminary, growing focus on the technology signals that federal officials expect to not only govern but eventually use generative AI. 

A majority of the civilian federal agencies that fall under the Chief Financial Officers Act have either created guidance, implemented a policy, or temporarily blocked the technology, according to a FedScoop analysis based on public records requests and inquiries to officials. The approaches vary, highlighting that different sectors of the federal government face unique risks — and unique opportunities — when it comes to generative AI. 

As of now, several agencies, including the Social Security Administration, the Department of Energy, and Veterans Affairs, have taken steps to block the technology on their systems. Some, including NASA, have or are working on establishing secure testing environments to evaluate generative AI systems. The Agriculture Department has even set up a board to review potential generative AI use cases within the agency. 

Some agencies, including the U.S. Agency for International Development, have discouraged employees from inputting private information into generative AI systems. Meanwhile, several agencies, including Energy and the Department of Homeland Security, are working on generative AI projects. 

The Departments of Commerce, Housing and Urban Development, Transportation, and Treasury did not respond to requests for comment, so their approach to the technology remains unclear. Other agencies, including the Small Business Administration, referenced their work on AI but did not specifically address FedScoop’s questions about guidance, while the Office of Personnel Management said it was still working on guidance. The Department of Labor didn’t respond to FedScoop’s questions about generative AI. FedScoop obtained details about the policies of Agriculture, USAID, and Interior through public records requests. 

The Biden administration’s recent executive order on artificial intelligence discourages agencies from outright banning the technology. Instead, agencies are encouraged to limit access to the tools as necessary and create guidelines for various use cases. Federal agencies are also supposed to focus on developing “appropriate terms of service with vendors,” protecting data, and “deploying other measures to prevent misuse of Federal Government information in generative AI.”

Agency policies on generative AI differ

The post How risky is ChatGPT? Depends which federal agency you ask appeared first on FedScoop.

The “smart parks” concept would potentially use Microsoft’s HoloLens, a goggle-like tool that projects images in a user’s visual display, to allow visitors to view things like historical reenactments, dinosaurs, or aliens while in the park, Andrea Brandon, deputy assistant secretary of budget, finance, grants, and acquisitions at Interior, said on a panel at FedScoop’s FedTalks Thursday.

Other federal agencies have adopted Microsoft’s HoloLens to support emerging tech mission sets, including the U.S. Army, which awarded the company a nearly $22 billion contract to produce its Integrated Visual Augmentation System based on the HoloLens. The Army plans to acquire about 120,000 sets over the coming years.

While Brandon said that idea is still “aspirational,” it’s one example of how she said the agency is looking to “boldly” move forward with innovations, such as artificial intelligence, holographics, or chatbots.

Brandon also said the DOI has been focusing on artificial intelligence “very heavily.”

The agency put in a proposal to the Technology Modernization Fund, which is operated by the General Services Administration, for a pilot that would develop an artificial intelligence to assist acquisition professionals.

That tool would be able to help train acquisition employees and collect information for management about skill gaps where additional training might be needed, Brandon said. They chose to begin with acquisitions for the proposed pilot because their process is already standardized and mandated across the government, she said.

The post Interior eyes Microsoft’s mixed reality tool for national parks tours appeared first on FedScoop.

Awarded by the Interior’s U.S. Geological Survey, the $1 billion indefinite-delivery, indefinite-quantity contract will enlist Peraton to “manage a portfolio of cloud computing, storage and application services across multiple vendor offerings, supplying DOI with a flexible solution for the delivery of those cloud services,” per the solicitation’s request for quotes issued last November.

“Cloud services provide a wealth of benefits that DOI can leverage to provide the right services, at the right place, at the right time in service to our country needs,” contracting documents read. “Cloud services will enable the Bureaus to improve efficiency, align with administration goals and provide a sound technical platform for our future. DOI needs a consistent approach to reviewing, securing, managing and procuring cloud services to ensure optimized coordination and integration between vendors, which provides the best value for the taxpayer. A partnership between portfolio managers with DOI processes, will rapidly provide the benefits DOI needs for success.”

It added: “The Cloud Hosting Solutions (CHS) III acquisition puts DOI bureaus in control of how, when, and where they wish to receive service.” 

Specifically, Interior called out in acquisition documents that it wanted a partner to build a “Virtual Private Cloud” environment. Overseeing that, the cloud broker will “procure ‘third-party’ services from vendors that provide services on a rental or ‘pay as you go’ nature that are designed to enhance or complement the CSP environment associated with the award.”

The contract has a five-year base period of performance with three two-year options to extend.

This award comes as Interior’s Foundation Cloud Hosting Services contract, awarded to a group of 10 contractors in 2013 with a total ceiling of $10 billion, will expire this year. That contract saw a lengthy bid protest process led by losing bidder Centurylink.

Peraton’s win follows a similar large cloud contract it was awarded by the Department of Homeland Security in the fall of 2021 to shift the department’s data center operations to the cloud.

The company also won a place on the U.S. Postal Service’s $2.7 billion Information Technology Solutions (ITS) contract vehicle with 10 other vendors this year.

The post Interior awards $1B cloud contract to Peraton appeared first on FedScoop.

Ash, who stepped into the top IT leadership role at Interior in September last year, is focused on modernizing the IT infrastructure of the agency and moving department’s various agencies to a hybrid cloud environment. 

“What holds federal agencies back often is on the front end with policies, processes and information systems that are antiquated,” Ash said at the U.S. Chamber of Commerce’s Digital Transformation Summit. “Then they try to solve this by purchasing custom made technology that will work with our old problematic policies and processes.”

“It’s a big issue and we need to change our policies and processes on the front end to be smarter and up-to-date, so then the technology we build will make sense and be more effective,” he added.

Ash has previously held a range of technology leadership roles across government, including as chief information officer of the Nuclear Regulatory Commission between 2007 and 2016.

He was formerly the associate CIO and deputy associate CIO at the Department of Transportation, and earlier in his career worked as a program analyst at the Department of Treasury.

Speaking with this publication at the event, said that his focus within Interior is currently on migrating the agency to Enterprise Infrastructure Solutions (EIS), building out its data centers, and improving its IT infrastructure. 

He said that a “heavy heavy dose of collaboration” will be needed within Interior and with other federal agencies to solve the IT issues facing the agency.

Ash added that he is focused on eliminating the use of paper within the agency, especially for the federal records of land owners and tribal communities.

The post Interior CIO says outdated policymaking hampering adoption of new tech appeared first on FedScoop.

The department’s inspector general found during a recent investigation that out of all active users, 4.75% of them used a password derived from some variation of the word “password.”

Within the first 90 minutes of testing conducted for the report, watchdog staff were able to crack passwords for 16% of the agency’s user accounts.

However, this represents a slight improvement on results from previous oversight projects when the IG was able to crack between 20% and 40% of passwords captured, according to the report.

In addition to concerns over password complexity requirements, the latest watchdog probe found that Interior did not consistently implement multi-factor authentication, including for 89% of its high-value assets. 

High-value assets are defined as assets that could have serious impacts on the department’s ability to conduct business if compromised.

According to the report, the Interior Department’s password complexity requirements were outdated and ineffective. It also failed to disable inactive accounts in a timely manner or to enforce password age limits.

As a result of the findings, the watchdog has made eight recommendations, including that the agency immediately adopt multifactor authentication across its systems and implement a process for tracking its implementation across all departments.

Interior’s IG has also recommended revamping the agency’s security protocols to require more complex passwords and establishing procedures to ensure that inactive accounts are disabled within a defined period of time.

In a response to the report signed by Interior Chief Information Officer Darren Ash and acting Chief Information Security Officer John Clink, the agency agreed with the recommendations and said it was working to ensure full compliance with an August Office of Management and Budget memo requiring federal agency application owners to move to multifactor authentication within a set timeframe.

It said: “This report fundamentally asserts that passwords as lone credentials for authentication are not sufficient for modern information systems. The Department agrees and is committed to implementation of requirements specified in Executive Order (EO) 14028, Improving the Nation’s Cybersecurity and related policies and directives.”

The post Interior Department watchdog finds 5% of active credentials at agency use word ‘password’ appeared first on FedScoop.

In a solicitation document published on SAM.gov, the agency set out requirements for an indefinite-delivery, indefinite-quantity contract, which is known as Cloud Hosting Service III (CHS III).

It comes after the U.S. Geological Survey in May issued a wide-ranging draft solicitation. Through the procurement, the Department of the Interior is seeking to obtain virtual private center cloud services that will support cloud and managed service requirements.

Interior hopes to support its core priorities of migrating technology services to the cloud and consolidating its data centers. The contract will have five-year base and three two-year options to extend. It has a minimum value of $10 million and a ceiling of $1 billion.

Throughout the proposed solicitation, the department has stressed the importance of moving agencies across Interior to a more standard, shared services IT experience away from local data centers while also providing flexibility for each of those agencies’ distinct IT needs and environments, as directed in the 2019 federal Cloud Smart policy.

This new CHS III acquisition comes as Interior’s Foundation Cloud Hosting Services contract, awarded to a group of 10 contractors in 2013 with a total ceiling of $10 billion, is set to expire next year. That contract saw a lengthy bid protest process led by losing bidder Centurylink.

At the same time, the General Services Administration is working on a governmentwide cloud blanket purchase agreement called Ascend as a part of the agency’s larger effort to develop a “Cloud Marketplace” for the federal government. With the eventual BPA, GSA wants to “provide a streamlined method for government agencies to acquire and implement secure, integrated commercial cloud service solutions, including cloud focused labor services.”

The post Interior Department launches cloud solicitation with up to $1B ceiling appeared first on FedScoop.

He takes up the post after previously serving as CIO of the Farm Service Agency at the Department of Agriculture.

Ash steps into the top IT leadership role at the Interior Department (DOI) following the departure of Bill Vajda earlier this year, who left to become chief information officer of Wyoming. Deborah Hartley had been serving in the role in an acting capacity since then.

A spokesperson for DOI confirmed Ash’s arrival to FedScoop and said he starts in the new role today.

Ash has previously held a range of technology leadership roles across government, including as chief information officer of the Nuclear Regulatory Commission between 2007 and 2016.

During his tenure at NRC, Ash worked with trade group ACT-IAC to issue a set of recommendations to help agencies implement the Federal Information Technology Acquisition Reform Act.

Prior to that, he was associate CIO and deputy associate CIO at the Department of Transportation, and earlier in his career worked as a program analyst at the Department of Treasury.

The Interior Department is currently developing a cloud contract that would offer a single public cloud service provider up to $1 billion to help move the department’s various agencies to a streamlined hybrid cloud environment. 

Interior’s U.S. Geological Survey in May issued a draft solicitation for its departmentwide Cloud Hosting Services III contract. 

Details of Ash’s new job were first reported by Federal News Network.

The post Interior Department hires Darren Ash as chief information officer appeared first on FedScoop.

Interior’s U.S. Geological Survey issued a draft solicitation Friday for its departmentwide Cloud Hosting Services (CHS) III contract. Under the indefinite-delivery, indefinite-quantity contract, Interior looks to “establish enterprise cloud services brokers to manage a portfolio of cloud computing, storage and application services across multiple vendor offerings, supplying DOI with a flexible solution for the delivery of those cloud services.”

“This will result in profound changes in the DOI computing environment, technology refresh and leverage existing efforts, forging a path on how to move pieces of the enterprise to full cloud adoption, significantly improving DOI’s delivery of enhancements to each of DOI’s unique bureaus and service delivery programs, driving down information technology (IT) sustainment costs, and enabling resources to fund high priority emerging requirements,” says the draft request for quotes.

Specifically, Interior wants a partner to build a “Virtual Private Cloud” environment. Overseeing that, the cloud broker will “procure ‘third-party’ services from vendors that provide services on a rental or ‘pay as you go’ nature that are designed to enhance or complement the CSP environment associated with the award.”

The contract will have a five-year base and three two-year options to extend.

Throughout the proposed solicitation, the department stresses the importance of moving agencies across Interior to a more standard, shared services IT experience away from local data centers while also providing flexibility for each of those agencies’ distinct IT needs and environments, as directed in the 2019 federal Cloud Smart policy.

This new CHS III acquisition comes as Interior’s Foundation Cloud Hosting Services contract, awarded to a group of 10 contractors in 2013 with a total ceiling of $10 billion, is set to expire next year. That contract saw a lengthy bid protest process led by losing bidder Centurylink.

At the same time, the General Services Administration is working on a governmentwide cloud blanket purchase agreement called Ascend as a part of the agency’s larger effort to develop a “Cloud Marketplace” for the federal government. With the eventual BPA, GSA wants to “provide a streamlined method for government agencies to acquire and implement secure, integrated commercial cloud service solutions, including cloud focused labor services.”

Feedback on Interior’s draft solicitation is due by June 24. Prior to that, the department will hold an industry day on June 15.

The post Interior preps cloud acquisition worth up to $1B appeared first on FedScoop.