On July 2, the US Army held a ceremony to activate its Network Warfare Battalion. The goal is to centralize the Army's computer network operations into a provisional battalion ready to provide mission critical cyber support across the Army and DoD.

Considering the prevalence of cyber attacks and impact they could have on telecommunications, banking and finance, energy, transportation, human services, government, and military operations, the Army's efforts are welcome and necessary. However, the limited media coverage I've seen about the battalion skews towards a potential Army Network Warfare Battalion vs. Air Force Cyber Command smack down, with both trying to one-up the other to gain position as DoD's lead network warfare unit. One Network World article was titled "U.S. Army challenges USAF on network warfare"and began with the sentence, "The U.S. Air Force's Cyber Command might have some competition on its hands... ." Somehow, I think there will be enough work to go around and keep both organizations busy.

The issue is not who's going to be the DoD cyber master, but how well information sharing between the two will occur. It's no secret that there is a great deal of work to be done to strengthen information sharing (both technically and culturally) within the federal government. The Air Force Cyber Command head, General William Lord, had this to say about coordination with other military, intelligence, and government entities:

Right now, it's a loose confederation of people who know that this is important work for the nation, and have to find their lanes in the road. We know that DHS, DoJ and NSA have missions, just like DoD, but all are different. In this business, they have become closely related, so our relationships with one another are much better. Not that it was bad before, but in some cases it didn't have to be as close, but now it does, because of the nature of the speed at which these types of activities can occur. Our relationships are good, but nascent, with many. It's an eclectic crowd that has gotten much closer in the past few years.

Make no mistake, we are partners with the other sister services--the Army, Marines, Navy--as well as with DISA, NSA and Homeland Security to name a few. We're all in this together.

Ideally, the Air Force and Army will make a concerted effort to tighten up the "loose confederation" of people finding "their lanes in the road" so that we don't find ourselves with a cyber gap big enough for our enemies to drive a truck through.

I recently attended an ITAA event titled, "Defense 2.0: Transforming DoD Through the New Paradigm of IT." What was most interesting about this event was the difference in tone between Deputy Secretary David Wennergren and most of the presenters at this event. DoD Deputy Assistant Secretary/Deputy CIO David Wennergren has been very outspoken about the role of Web 2.0 for DoD, and is a very enthusiastic and impassioned speaker when he discusses how important and transformative it is (read this FCW article for the latest on Web 2.0 at DISA). On the flip side, many of the speakers at this event presented a more cautious and, some could say, discouraging picture of Web 2.0. Most of the ½ day event was spent talking about security, which clearly is a significant roadblock for agencies contemplating Web 2.0. Mitch Komaroff, DoD's Assistant Secretary of Defense, Networks and Information Integration (ASD-NII)/CIO discussed the conflict of operating in the cloud among criminals, terrorists, and nation states. DoD will need to perform certain functions in the cloud, but he sees it like the Wild Wild West, with no limitations.

There was so much focus on the problems, that one attendee asked (and I'm paraphrasing),"Will Web 2.0 ever happen in government? From everything we've heard here about the security issues, it sounds like Web 2.0 is a long shot for most agencies." In essence, he was asking what seemed to be a thought shared by many in the audience (or at least the people at my table), which was "Then what are we doing here?"

The answer to this question came in many forms:

There seems to be a dichotomy within government when it comes to Web 2.0. Some lead the conversation with Web 2.0 as not only a way to improve service delivery and meet mission objectives, but also as a way to attract the next generation of expertise. Others see it as Security Problem 2.0 (1.0 has yet to be solved).

In either case, whether government barrels full steam ahead into the Web 2.0 and 3.0 light, or is dragged into it begrudgingly, there is no denying that this is in its future. As with many innovations within government, the technology is the easy part - it's getting people on board that's the challenge.

Next Generation 9-1-1 is implemented in select cities across the nation, hoping to transform the way we utilize wireless emergency communication.

On June 16th, 2008, five cities across the United States began testing the first stages of the "Next Generation 9-1-1" (NG9-1-1) system, a Department of Transportation project funded by the Intelligent Transportation Joint Program Office. Selected from over 50 applicants, the Public Safety Answering Points or PSAPs, located in Rochester, NY; Seattle, WA; St. Paul, MN; Bozeman, MT; and Fort Wayne, IN will be essential in collecting data related to the feasibility of successful nationwide implementation.

The same 9-1-1 technology has been around for decades, with the 40th birthday of the first 9-1-1 call being celebrated earlier this year. While this technology has received minor facelifts to reflect major technology breakthroughs, this initiative would completely overhaul wireless emergency communication across the country. Current 9-1-1 technology is primarily compatible with only voice media. The NG9-1-1 system aims to facilitate the transfer of data and video media as well, reflecting the evolution of communication as a whole. The system also makes advances in the transmission of data related to an emergency through technologies such as advanced Automatic Crash Notification (ACN) and call locators for wireless and voice-over internet protocol (IP) based calls. IP based technology is positioned to be at the core of the future of NG9-1-1.

Continuing until November 2008, this initial test of the NG9-1-1 system will illustrate what lies ahead for U.S. call centers in the next 10 years. While the price tag for this entire transition could reach upwards of $60 billion according to a Booz Allen Hamilton representative, interoperability and long-term viability are the keys to its value. Currently, INPUT is tracking more than 20 opportunities related to consolidated, enhanced, or Next Generation 9-1-1 systems across the country. Successful completion, evaluation, and implementation of more test projects could mean more opportunities to build a public safety communication foundation flexible enough to survive in our ever-increasingly mobile society.

Last week, NASA announced a plan to pull together a NASA-wide integrated acquisition for IT Support Services, dubbed I3P for IT Infrastructure Improvement Program. This program includes portions of two of NASA's biggest IT Programs, UNITeS, and ODIN. The future status of these programs is uncertain at this time, since I3P includes a large portion, and possibly, the whole workload for these programs.

This acquisition underlines a growing trend in the federal market toward consolidating similar IT contracts to take advantage of economies of scale when buying agency-wide IT services. Required by the Office of the Chief Information Officer, this acquisition is a shift away from the traditional Mission Center oriented acquisitions.

Consolidation does have its critics, but some the advantages for Government appear to be as follows:

• Less cost administering a myriad of contracts that cover the same basic requirements
• Savings by leveraging economies of scale (NASA as a whole has more spending power than any one Mission Center)

The cons for contractors are:

• Less contracts/opportunities for competition
• More competition, larger acquisitions tend to attract more attention and more competition

I3P is in the planning stages and the pros and cons are all assumptions at this point, and their true nature will not been revealed until the acquisition strategy is determined. An Industry Day is already planned for July 23, 2008, and more details about this acquisition will be revealed to Industry after the initial Industry Day.

On June 30, 2008, the Connecticut Department of Information Technology (DOIT) released a Request for Proposal (RFP) for consulting services to help plan for the design and implementation of the Connecticut Criminal Justice Information System (CJIS). This RFP is part of a larger project coming out of the CT DOIT for the implementation of a Criminal Justice Information System. DOIT is also in the process of hiring an Executive Director to oversee the implementation and project direction.

The CJIS project was created under the State Criminal Justice Reform, Public Act 08-1, Sections 39 & 40. Section 39 created the CJIS Governing Board, which is comprised of criminal justice agencies. The Governing Board is co-chaired by the Lieutenant Governor and the Deputy Chief Court Administrator. The CJIS Governing Board also includes representatives from the Executive, Judicial, and Legislative branches, as well as a variety of municipal law enforcement agencies. Overall, the Board is concerned with justice information supportive of law enforcement and court functions involving apprehension, adjudication, incarceration, and supervision.

The goal of the CJIS Governing Board, stated in Section 40, is to create and implement a comprehensive, state-wide information technology system to facilitate the immediate, seamless, and comprehensive sharing of information between all state agencies, departments, boards, commissions, and organized local police departments. The system will be a central tracking and information database, central electronic document repository, and possess centralized analytical tools. The system will integrate with current information, electronic monitoring units, global positioning, and offender registries.

More information can be found on INPUT's Opportunity Report for this project.

Air Force Cyber Command announced yesterday that they will meet their staffing requirements by temporarily operating virtually across nine locations. The Air Force has made it clear with this and previous moves that Cyber Command intends to make the best use of already available resources. In the AFCC press release, General Lord states that a main benefit of a virtual command is that it will "minimize environmental impacts".

As operations get under way, we can expect to see how this interim set up will affect the final basing decision. The Air Force may decide to continue running Cyber Command virtually across more than one base or continue with plans to completely relocate staff to one base.

Announced Locations and proposed personnel positions:

• Barksdale AFB, LA: 36
• Scott AFB, IL: 69
• Langley AFB, VA: 58
• Lackland AFB, TX: 43
• Tinker AFB, OK: 5
• Davis-Monthan AFB, AZ: 20
• Wright-Patterson AFB, OH: 13
• Hanscom AFB, MA: 7
• Griffiss ANGB: 2
• Peterson AFB, CO: Tentative

Six of the announced locations (LA, VA, TX, OH, MA and CO) are among the bases that are under consideration as the permanent headquarters for the Air Force Cyber Command. If AFCC continues their conservative approach to establishing the new headquarters, we can expect that the permanent location will be one of these six bases.

Where do you think the Air Force will base Cyber Command?

According to the 202 people that took our online poll, Langley AFB (23%) and Barksdale AFB (22%) are the most likely choices followed by Hanscom AFB (14%) and Wright-Patterson AFB (13%). It will not be surprising to see these bases become the final four when the Air Force chooses the short-list this summer.

On June 16, 2008, the New York State, Department of Criminal Justice Services, released a Request for Proposal (RFP) for a Statewide Automated Biometric Identification System (SABIS). The goal of the new SABIS system is to replace the existing Statewide Automated Fingerprint Identification System (SAFIS), which is contracted through Sagem Morpho Inc.

DCJS released a Request for Information (RFI) in December of 2006 for information on replacing the current SAFIS which is used, in conjunction with other systems, to process ten print identification and latent print identification transactions. DCJS also requested information on additional biometrics to be used in a multimodal (palm, facial recognition, etc.) system. Interoperability with international, federal, state, and local automated biometric identification systems is a large requirement for the new SABIS.

DCJS envisions that the new SABIS will include, but not be limited to, such features as:

• Superior encoding and matching accuracy;
• Faster, more real time identification processing;
• Automated quality assurance checks that can operate efficiently with or without human intervention;
• Tailored and flexible workflows to meet the mission critical and changing business needs of DCJS, and to reduce dependency on the vendor for workflow changes;
• Palm Latent to palm print and palm print to palm latent processing;
• No single point of failure;
• A statistical reporting system; and
• A scalable design to allow for future growth and addition of other biometric identification systems.

INPUT estimates this project to potentially reach a value of $24 million. The FY 2009 State budget included $24 million of funding for fingerprint identification and technology. INPUT expects this contract to be highly competitive among many large identity solution companies, such as Sagem Morpho, L-1 Identity Solutions, NEC, and Cogent Systems. Proposals for this project are due August 15, 2008.

The Concept:

Trusted Internet Connections (TIC) one of the Federal Government's newest initiatives, is moving forward and formalizing a process to consolidate all internet gateways Government-wide (over 1000) to around 50 secured connections. The implementation would help create a much more robust, secure perimeter by establishing standardized processes for the Government, specifically DHS, to monitor internet connections going in and out of its networks.

The Plan of Action:

DHS has been hard at work putting together the definitions of what this will entail and how it can best be implemented, and GSA has been working with its Networx vendors to find how they can best be utilized to aid in this implementation. The idea would be to find out which Networx vendors (5 total) would be interested in establishing Contract Line Item Numbers (CLINs) under their existing contracts. From there, each participating Networx vendor would setup a competitive fixed price from which agencies could choose a vendor best suited for implementing their requirement. Essentially there would be no task order competition; agencies would just have to select the best vendor. The current milestone is to get TIC compliant services onto the participating vendor's contracts by November 15, 2008.

Collaboration Rising:

This initiative as part of the Information Systems Security Line of Business (ISS LoB) has strong ties to reducing security risks Government-wide and seems to have a high priority to get implemented as quickly as possible. In doing so, GSA and DHS are overseeing the early stages of this initiative - the procurement and requirement respectively. It is Office of Management and Budget (OMB) which has the oversight on making TIC a reality. TIC represents several agencies working together to provide the standards of a requirement, the mechanism to obtain a solution and turning the pressure back on other agencies to make a decision. Once TIC compliant services are established with the Networx contracts, agencies will then need to decide if Networx is the optimal choice or if procuring this need on their own is the smartest option.

Questions Looming:

With three major players in this and no real competition in the works, is this method of acquisition of solutions really the best answer? Or are time constraints driving this project? By adding TIC solutions to the Networx contract vehicle, GSA is implying those vendors are best positioned to supply a quality solution. It is unclear at this time which primes will opt to join the TIC CLIN but it is clear that teaming with other businesses, both large and small, is likely. But what we do know is that Federal Government is working towards fulfilling this serious security concern through a means (not competitive) that could end up being more efficient and less time consuming than a lengthy, protest-riddled procurement. Whether or not Federal Agencies decide to use Networx or obtain a solution on their own, the bottom line is the Government is well on its way to improving network security.

As discussed in a previous post, 18 states are vying to host the Air Force Cyber Command. The states still have over 3 weeks to reply to the Air Force, but our analysts have been hard at work and generated the following list of locations, based on Governor-endorsed locations and those that best fit the Air Force's basing methodology.

The top 6 picks:

• Barksdale AFB: Barksdale has an obvious advantage because they are currently hosting Cyber Command. Governor Jindal has made it clear, both publicly and financially, that he will do what is necessary to keep AFCC right where it is.
• Hanscom AFB: Hanscom's Electronic Systems Center already serves AFCC's acquisition needs. Governor Patrick discussed Hanscom's strengths during a press conference at the base on May 22 and emphasized the wealth of human capital in the area.
• Hill AFB: Looking at the data from FEMA, Hill is the shining star in the group as far as being able to promise continuity of operations. Of course, it also helps that Hill is the home of the Ogden Air Logistics Center and the base would be able to provide "ready-to-wear" facilities.
• Langley AFB: Similar to Hanscom, Langley already sits in the middle of a technology corridor and already hosts an arm of AFCC, the Global Cyber Integration Center. Also, the City of Hampton announced that Cox Communications is planning to upgrade the fiber optic network currently in place in the area.
• Tobyhanna Army Depot: As the depot website states, "The Air Force has designated Tobyhanna as its Technical Source of Repair for command, control, communications and intelligence systems." While not in an urban setting, Tobyhanna is close enough to be able to draw on Scranton, New York City and Philadelphia for resources.
• Wright-Patterson AFB: With the Air Force Institute of Technology on base, Cyber Command will be able to recruit high-tech talent without leaving home. WPAFB also serves as the headquarters for Air Force Materiel Command and Aeronautical Systems Center – two major IT consumers.

We raised our eyebrows when reading this article in the National Journal linking hackers in China's Peoples' Liberation Army to the 2003 black-out that affected much of the northeastern US and parts of Canada. A few colleagues of mine that served on the Black-out Task Force threw cold water on the theory that China's "cyber militia" had gained "access to a network that controlled electric power systems" and turned out the lights. Why would the Chinese government want to damage the economy that in many ways feeding its own, anyway?

The article does raise interesting points about (1) the nature of the actors who are behind coordinated cyber actions, (2) their motives, and (3) the blurring line between public sector and private sector when devising defensive and counter-strategies. The hype in increasing, but security is certainly the story in the government IT world these days.