Western Outdoor Times - Times Spent Outdoors: Priceless!

By Bob Steger

GSA ITS (Integrated Technology Schedules) Future Growth

This week I am going to write about an important trend I believe is occurring in the IT space within the Federal Government. A little over a year ago the President issued Executive Order 13636 which ordered the Department of Defense (DOD) and General Services Administration (GSA) to collaborate and make recommendations on the issue of cyber security, which is believed to be one of the greatest risks facing the United States today. The goal was to establish a framework for understanding current risks and threats and build a framework for understanding and reducing these threats going forward. The DOD and GSA’s recommendations were published in a Final Report–Improving Cybersecurity and Resilience through Acquisition–on February 12, 2014 a year after the execution of the Executive order. This report in its entirety is provided in the following link:

http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

One of the key findings in the report that is not overly surprising is that the Federal Government and its contractors, and subcontractors, at all tiers of the supply chain are under almost constant attack and are being targeted by an increasingly sophisticated and well-funded adversaries seeking to steal, compromise, alter or destroy sensitive information. In taking a cost benefit approach the DOD and GSA recommend a selective approach because all acquisitions do not present the same level of risk. Therefore the final report made the following recommendations:

1. Baseline Cybersecurity Requirements as a Condition of Contract Award:

Baseline Conditions are technical requirements for contracts such as updated virus protection, multiple-factor logical access, methods to ensure confidentiality of data, and maintaining current security software patches.

2. Require Contractor Cybersecurity Training

3. Develop Common Cybersecurity Definitions in the Federal Acquisition Regulation

4. Prioritize Cyber Risks for Acquisitions

The Final Report calls for a government-wide, risk-based acquisition strategy, aligned with the NIST Cybersecurity Framework, to balance cost increases against the severity of the cyber threat and to mitigate cost increases by adopting cybersecurity requirements across market segments.

5. Require Items Be Sourced from OEMs, Authorized Resellers, or "Trusted" Sources

The Report recognizes that governments purchase of products or services with adequate cybersecurity may have higher-upfront costs, but would reduce the total cost of ownership due to the reduction of additional costs due to cyber security breaches.

6. Increase Government Accountability for Cyber Risk Management

My personal take on this is that currently $23 Billion in Federal Spending is sourced through the GSA ITS Schedules (example is GSA Schedule IT 70). This represents approximately 25% of all Federal IT Spending. However with the DOD and GSA agreeing upon standards that need to be put in place and agencies being forced to follow these standards it is my belief that agencies will purchase more in the future from GSA ITS Schedules because it will be the easiest and most cost effective manner in which to deal with Executive Order 13636. Therefore the overall Federal Market Share of the GSA will increase over the next few years as these new security protocols are implemented. This will make buying from GSA Schedules the most cost effective way and secure way for agencies to meet these new requirements.

A GSA Schedule is your first step in entering the federal market place. If you would like for me to run an analysis for your firm to see what type of impact a GSA Schedule could provide your business, give me a call and I am always happy to discuss. Knowing the size of the federal marketplace in your industry is the first step in making a strategic decision as to whether you should view the federal government as a growth are for your business. Please feel free to give me a call at 303-810-4580.