Defense Department and General Services Administration officials plan to institute federal cybersecurity acquisition reforms through executive action. (Agence France-Presse)
WASHINGTON — Following up on President Barack Obama’s State of the Union theme of executive action regardless of congressional approval, the Defense Department (DoD) and General Services Administration (GSA) announced late Wednesday they were moving ahead with six “planned” reforms to improve cybersecurity in the federal acquisition system.
The announcement of the reforms coincided with the release of “Improving Cybersecurity and Resilience Through Acquisition,” a joint DoD/GSA report dated November 2013. That report outlines suggestions for training and accountability for cyber to make sure security is baked into products, but most importantly, includes the idea of instituting “baseline” security requirements for contractors.
DoD has flirted with adding language to the defense specific federal acquisition regulations to create security requirements, but industry has been resistant to the changes. Congress also dabbled in the requirements game, with former Sen. Joe Lieberman, I-Conn., leading the charge to create basic security standards in sweeping cybersecurity legislation, but his repeated attempts to pass a bill were thwarted by aggressive lobbying from businesses through the US Chamber of Commerce, which described the cost associated with cybersecurity as burdensome.
Just as Obama is looking to raise the minimum wage for federally contracted workers, skirting congressional reluctance, the announcement suggests the White House is moving forward with cybersecurity in a similar manner. Changes to acquisition requirements can be done without Congress passing a bill.
DoD acquisition chief Frank Kendall was quoted in a press release that characterized the changes as “planned reforms,” describing the administration’s commitment to implementing the suggestions.
“Ensuring we have fully implemented the recommendations of this report will be instrumental in addressing the growing cyber risks we face,” he said.