Securing Technology Collaboratively Across Government|
Editor’s note: This Op-Ed originally appeared for the Journal of African-American Innovation (13th Annual National Black Business Month Edition).
The mission of the General Services Administration (GSA) to deliver the best value in real estate, acquisition, and technology services to government and the American people often requires us to act as a critical nexus between private industry and federal government, in particular in helping agencies procure solutions that improve operations and meet unique mission needs. Integral to this effort, GSA has always been a key partner in optimizing federal cybersecurity. Due to our primary, government-wide roles in areas such as acquisition, technology, and shared services, President Obama has recently tasked GSA with playing a leading role in implementing many of the Administration’s highest priority efforts in this area.
Over the last few years, the government has taken a very proactive, aggressive effort to dramatically improve federal cybersecurity, especially by communicating the necessity of increasing our resiliency and responsiveness to adverse threats. This underscored the need for stronger prevention measures, better situational awareness, and a renewed focus on reducing vulnerabilities and improving cyber hygiene at a national level, rather than costing taxpayers millions of dollars in remediation and restitution.
In light of this becoming this reality in which we live, President Obama made an explicit commitment to the American people that improving federal cybersecurity, and rebuilding the trust citizens have in our ability to protect and store their data, would be a primary focus of this Administration. GSA plays a central role in this mission by working closely with our federal customers and private sector partners to better understand lessons learned during these incidents, help develop best practices to mitigate potential breaches, and to develop new acquisition and technology solutions to help our agency partners leverage new, proven products and services that will improve our ability to secure our IT systems.
The President’s fiscal year 2017 budget calls for a $19 billion increase in cybersecurity investments across government and outlines the Administration’s Cybersecurity National Action Plan (CNAP). CNAP’s goal is to take near-term actions and create a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security. GSA understands that improving cybersecurity is a government-wide issue that will require government-wide solutions, and we are ready to support a number of CNAP initiatives designed to bring better collaboration across the federal government.
A key CNAP element is a proposal, currently under consideration by Congress, to establish an Information Technology Modernization Fund (ITMF) that will allow for a dedicated and consistently replenished stream of funding to modernize, retire, or replace the most vulnerable and important systems in government. The executive branch and the legislative branch both agree that improving our costly and outdated federal IT systems is a key cybersecurity priority. Modernizing legacy infrastructure with newer, more secure architecture will not only help the government become more resilient to cyber threats, but will improve operating efficiency and customer service, while reducing costs in the long run. GSA’s technology incubator, 18F, has piloted modernization efforts with select agencies and is actively supporting the development of guidance from the White House’s Office of Management and Budget that will spur agencies to identify legacy systems for modernization and develop plans for implementation.
Another key cybersecurity initiative is revolutionizing GSA’s acquisition vehicles to ensure that the products and services we offer to agencies are rigorously evaluated and proven to enhance IT security. GSA is actively implementing an innovative acquisition strategy that will help industry meet government’s needs by providing resources like a new cybersecurity Special Item Number (SIN) that will expand agencies’ capacity to test their high-priority IT systems, more rapidly respond to incidents, and stop adversaries before they can impact our networks. In close partnership with other federal agencies, we are developing surge procurement support for risk and vulnerability assessments of the government’s high value information assets. All of these efforts are feasible because GSA has worked closely with the brightest security minds across government and in the private sector to make sure we are creating vehicles that adapt as threats change, while offering the most sophisticated testing and remediation capabilities that will help our system owners and operators more proactively address vulnerabilities. It is only when we combine the smartest solutions available in both the public and private sectors, and make implementation of these solutions easier and more uniform, that we increase the overall cybersecurity of the government.
In order to achieve success in the short term, while building a safer, more secure federal government in the long run, GSA is working to expand the pool of qualified, capable vendors – particularly small businesses – that are critical to providing the expertise, skills, and manpower needed to implement critical cyber solutions. Through our “Making It Easier to Work With Government” initiative, we seek to ensure that all enterprises offering relevant cyber-security-related products and services to the federal government have access to and understand how to navigate GSA’s schedules.
GSA has also focused on improving the functionality of the IT Category in the Acquisition Gateway – our centralized online acquisitions hub – and is working to better inform potential program managers and acquisition professionals about the cybersecurity vehicles and services offered across government.
At the General Services Administration, we believe that cybersecurity must no longer be approached as a discreetly IT matter; instead, we must see cybersecurity as an integral component of our mission. Whether on the acquisition side, or when it comes to implementing programmatic initiatives, GSA takes a strategic approach to improving government cybersecurity efforts. To this end, we are determined to bring together the smartest people and ideas in technology, security and acquisition, within government and between government and industry. We invite businesses and organizations of all sizes, as well as individual citizens, to join us, in service to the American people, to strengthen the integrity of our nation’s most vital assets.