Lawmakers Question Defense's Cloud, the President's Phone and BTW, TL;DR

Orhan Cam/Shutterstock.com

Those unresolved Government Accountability Office recommendations could haunt agencies during budget time.

House Oversight and Government Reform Committee lawmakers on Wednesday pressed the Defense Department’s new chief information officer to shift the agency from FITARA Scorecard laggard to leader—and slipped in questions about the agency’s controversial cloud contract.

Defense earned the government’s only overall F+—its third in a row. FITARA Scorecard grades dropped across the government mainly due to three compliance categories: whether they have software license inventories, set up working capital funds, and have CIOs who report directly to the agency leader.

“There’s nothing you’re asking for here that any good CIO organization shouldn’t just fundamentally do,” Defense CIO Dana Deasy—who had been on the job for 13 days—told lawmakers.

Near the end of the hearing, IT Subcommittee Chairman Will Hurd, R-Texas, questioned Deasy about the department’s cloud strategy and what he thinks about multi-cloud environments.

“It is my belief that that in a cloud world, there is no such thing as one solution that’s going to solve for all,” Deasy said. “You’re going to always have a need when you build anything where you’re going to have specific requirements they’re going to be best served by unique providers.”

Hurd also asked for an update on the Defense’s Joint Infrastructure Enterprise Initiative but Deasy couldn’t discuss any contracts due to his ongoing financial disclosures. Assistant Secretary of Defense for Acquisition Kevin Fahey told the panel the team is still working through details and affirmed that the CIO plays a role in that process.

A final draft JEDI request for proposals was expected May 15 but has yet to be posted.

About Those Open GAO Recommendations …

Unresolved Government Accountability Office or agency inspector general recommendations could come back to haunt agencies during budget time. House Oversight on Wednesday advanced the Good Accounting Obligation in Government, or GAO-IG Act, which would require agencies’ budget justifications to include those unresolved recommendations, the status of high-priority items and explanations if they aren’t complete.

Those inclusions could be long: GAO’s May 28 FITARA Scorecard testimony noted agencies had yet to fully implement 49 percent of more than 800 IT management recommendations the office made from 2010 to 2015.

The committee also advanced the Too Long; Didn’t Read Act, mandating agencies to include clear actions items at the top of communications to citizens.

Speaking of TL;DR

Tucked into the House version of the National Defense Authorization Act is an amendment that would require civilian agencies track the amount of time between when agencies issue solicitations or task orders and when contracts are awarded. The Procurement Administrative Lead Time amendment is similar to language that passed in the last NDAA but only applied to the Defense Department.

“Such tracking will help federal agencies ensure they are soliciting and acquiring goods and services in an efficient manner and help congressional overseers identify agencies that are underperforming in this area,” Rep. Gerry Connolly, D-Va., said when he introduced it.

The House passed its version Thursday of the more than $700 billion bill with cuts to Pentagon’s fourth-estate agencies intact and many cyber provisions, including one to ban Chinese telecoms ZTE and Huawei from federal networks. The Senate’s version advanced out of committee and also has significant cyber policies, such as requiring any tech company that does business with Defense to disclose if it allowed foreign governments to review its source code.

First, Identify the Problem

President Trump on Tuesday signed the Securely Expediting Clearances Through Reporting Transparency, or SECRET, Act. The law requires the National Background Investigations Bureau to issue quarterly reports on the security clearance backlog and current wait times. The backlog has reached more than 700,000 prospective employees and contractors waiting for clearances, and some Defense contractors have waited as long as 534 days to be approved for top-secret work.

Wyden Sharpens his Pen

Sen. Ron Wyden, D-Ore., a frequent writer of concerned, critical and outraged letters to federal agencies, was at it again last week.

In one letter to the Pentagon chief information officer, Wyden noted the fact numerous Defense Department websites are long past due to be protected with HTTPS encryption.

In another letter to FBI Director Christopher Wray, he sounded off about news the bureau drastically overstated the number of instances in which encryption prevented it from accessing digital evidence.

The FBI has long sought a legislative fix that would grant it access to those devices. “The FBI is struggling with basic arithmetic—clearly it should not be in the business of dictating the design of advanced cryptographic algorithms,” Wyden quipped.

Carper Follows Up on Trump’s Phone

Sen. Tom Carper, D-Del., meanwhile wrote a letter of his own to Defense Secretary Jim Mattis expressing concern about a report the president may be refusing to cooperate with efforts to secure his smartphone from hackers.

Carper and Sen. Claire McCaskill, D-Mo., initially asked for guarantees the president’s phone was secure more than a year ago in February 2017, but the Defense Department, which manages top-level White House cybersecurity, never responded.  The current letter requests a report by June 7.

Parlez-Vous Privacy?

While tech companies are rolling out a slew of new privacy protections for Europeans they might considering extending those protections to Americans too, Sens. Ed Markey, D-Mass., and Dick Durbin, D-Ill., suggested in a Senate resolution introduced Thursday.

Europe’s General Data Protection Regulation, which significantly raises privacy requirements on tech firms, came into force Friday.