Trending
HHS signs $2.5B telecom contract
The Department of Health and Human Services awarded a telecommunications contract for all of its component agencies with a ceiling value north of $2.5 billion. HHS signed the deal with Verizon Business Network Services under the General Services Administration’s governmentwide Enterprise Infrastructure Solutions (EIS) vehicle.
The HHS contract, which extends through July 2032 if all options are exercised, covers all 10 of the
department’s operating components and the Office of the Secretary, according to an Aug. 28 blog post by HHS Deputy Secretary Eric Hargan and Scott Rowell, assistant secretary for administration. They said
the arrangement combines what would have been 11 separate contracts “all operating independently of each other and creating an infrastructure that was complex and inefficient.”
Hargan and Rowell added that “if HHS had not consolidated into one contract, we would have needed to create separate multiple program management offices (PMOs) just to manage these numerous contracts.” The combined contract could save the department as much as $700 million over its life because of the increased efficiencies in services and management, they said.
HHS CIO Jose Arrieta, who recently announced that he would be stepping down this fall, told FCW last year that the department had issued its “fair opportunity” solicitation to contract vendors under EIS.
At the time, he said HHS would be able to award and implement EIS as a “single entity.”
— Mark Rockwell
1%
New rules for cybersecurity vendors?
is the amount of DOD’s annual budget that should be devoted to AI investments, or roughly $7 billion, says former Deputy Secretary Robert Work
The HHS contract covers all 10 of the department’s operating components and the Office of the Secretary.
8
September/October 2020 FCW.COM
Lawmakers are recommending new authorities for federal investigators to probe cybersecurity breaches of sensitive nongovernmental networks. The guidance is included in an appendix to the Senate Select Committee on Intelligence’s report on foreign interference in the 2016 election.
“While the committee understands FBI’s reluctance to force solutions on hacked victims, FBI should develop a clear policy to address how to esca- late victim noti-
fications within a hacked entity, particularly for those involved in an election, when it appears that entity has not successful- ly remediated a cyber breach,” the report states.
It also calls
for the FBI’s Cyber Division to devel- op a policy to pressure victims that don’t respond to investigators, which should include, “in narrow situations where the security of the election is at risk, the potential use of compulsory process.”
Furthermore, it urges Congress to consider passing legislation that would require third-party cybersecu- rity providers “to report indicators of nation-state compromise” to federal law enforcement officials.
Much of the report details the circumstances and players involved in the hack of the Democratic National Committee by Russia’s military intelligence service. Although the DNC made a public show of cooperating with law enforcement and hired cybersecurity firm CrowdStrike to
investigate, it’s clear from the report that there were some tensions and delays. It cites an interview with James Trainor Jr., who was assistant director of the FBI’s Cyber Division at the time of the hack, in which he said the bureau faced obstacles in obtaining information, including an unredacted copy of CrowdStrike’s analysis of the attack on the DNC.
“Trainor told the committee that he was not aware of any situation dur- ing his tenure in the Cyber Division
where the FBI ever used [text redacted] to secure victim coopera- tion,” the report states. Because of the redac- tion in that statement, it’s unclear how the FBI obtained coopera- tion from CrowdStrike and the DNC, but the Senate report appears to suggest that relying on voluntary coopera-
tion is not always in the best interests of law enforcement.
In its account of the hack, Crowd- Strike has stated, “We have never declined any request for information from the FBI related to this inves- tigation, and there are no pending requests for information by the FBI.”
The report calls for the bureau to “downgrade and share” classified infor- mation with network defenders where possible and to identify individuals with appropriate security clearances who can be briefed and debriefed for the purposes of incident response. Additionally, the report recommends that the FBI develop a set of best prac- tices for interacting with vendors hired by victim entities to conduct incident response.
— Adam Mazmanian
The Senate report appears to suggest
that relying on voluntary cooperation is not always in the best interests of law enforcement.