ProSource360 Receives Hewlett Packard Enterprise Mentor-Protégé Award

ProSource360 received a Department of Defense (DoD) Mentor-Protégé award where Hewlett Packard Enterprise will be the Mentor firm via the National Geospatial Agency (NGA).

ProSource360 Supporting U.S. Department of Health and Human Services (HHS)

ProSource360 is awarded with a contract at U.S. Department of Health and Human Services (DHHS), Assistant Secretary for Financial Resources (ASFR) and the Deputy Assistant Secretary of Office of Grants and Acquisition Policy and Accountability (OGAPA); the Associate Deputy Assistant Secretary for Acquisition, Division of Acquisition (DA).

ProSource360 will provide Program Management Support and perform as the Integrator for various department-wide initiatives for the Business Process and Procedures (BPP) and Standardized Contract Writing System (SCWS), a department-wide effort to consolidate HHS acquisition systems, integrate acquisition processes and achieve new efficiencies across the HHS operating divisions. ProSource360 will also provide efficient and effective expertise using new or innovative approaches proven by industry to delivery optimal results such as Agile, SCRUM and Lean Six Sigma, to drive quality improvements in the division related business processes and practices.

Multi-Billion Dollar DHMSM E-Health Record Contract Awarded

ProSource360 is part of the winning team lead by Leidos on the recent DHMSM e-Health Record Contract awarded by the DoD. This is a pinnacle for healthcare informatics deployment and adoption models in the United States.

Exclusive: Veterans Affairs Ramps up Security Readiness Program

A $50 million contract to ASM Research will support a new program office designed to improve VA’s security posture and audit readiness.


MAY 11, 2015 3:33 PM

The Department of Veterans Affairs awarded a $50 million contract this month to support its Continuous Readiness in Information Security Program and named a veteran federal chief information security officer to lead a new CRISP program management office, FedScoop has learned.

News of the contract and the appointment of Dan Galik as VA’s senior executive in charge of all CRISP activities comes as the department begins preparing for its annual security audit under the Federal Information Security Management Act, or FISMA. Despite what officials have characterized as significant time and effort dedicated to shoring up the agency’s IT security weaknesses, the department has failed the annual FISMA audit for the past 16 consecutive years.

But VA Chief Information Officer Steph Warren seems determined to change that record this year, charging Galik to define the focus areas of the new program office and to oversee a surge of expertise and technical support under a $50 million CRISP Support Services contract with Fairfax, Virginia-based ASM Research, a wholly owned subsidiary of Accenture Federal Services.

The CRISP program management office remains in the early stages of development, with only a handful of staff detailed to Galik from throughout the Office of Information and Technology. Galik, who oversees the VA Network and Security Operations Center and works directly for VA CISO Stan Lowe, will report directly to Warren on all CRISP initiatives. And while officials are still defining what issues the new office will focus on, the first order of business remains preparing VA for the annual FISMA audit.

“That’s directly to support cybersecurity mitigation and remediation,” Galik said in an interview with FedScoop.

One of the first things Galik is going to work on is developing a dashboard, or a scorecard, for each of the 150 VA medical centers and 59 Veterans Benefits Administration regional offices. The dashboard will contain a set of security metrics that will measure the security readiness of every major facility. Galik is taking a lesson from the State Department, which established a similar scorecard for its embassies.

“The challenge for me is that what went into the scorecard at the State Department was understandable by the embassy leadership. I’ve got to do the same thing here,” he said. “I have to make this complex area understandable. It has its own language and acronyms, it has a lot of various security technologies. I have to define the parameters of what goes into that scorecard. We’re still working on what the elements will be that will determine how you get an ‘A’ grade or a green status,” he said.

“When you get into the FISMA audit cycle you tend to ramp up site by site as the auditors work their way through the cycle. And then there’s a natural tendency to relax a little bit,” Galik said. “This program is basically intended to keep us at that high state of readiness throughout the year. I should be able to go to any site at any point in the year and they should essentially be ready for an audit.”

Dan Galik, associate deputy assistant secretary for security operations at the Department of Veterans Affairs

Galik brings decades of experience to one of the VA’s most pressing, high-profile challenges. A former acquisition program manager in the Navy, Galik has also recently served stints as the chief information security officer at the Nuclear Regulatory Commission, the IRS, and the Department of Health and Human Services.

“One of my goals also is to instill a sense of urgency,” he said, referring specifically to the VA’s security processes, such as patching systems for vulnerabilities. This latest effort under the CRISP program, which officially launched in 2012, is considered a follow-on stage to the continuous monitoring services that the Department of Homeland Security provides. “We want to move from the awareness that comes from continuous monitoring to action … mitigation and remediation,” Galik said.

One of the program’s goals is to be able to give local security managers enough insight into their security posture that they are able to answer questions from senior agency officials. “How would you answer if the medical director at a hospital asked you, ‘How are we on security today?’ What would you base your answer on? These are some of the things that we’re trying to crystalize,” Galik said.

Galik is keenly aware, however, of the balance he must strike between the desire to lock down the enterprise for security and the need to provide effective and flexible patient care. “We don’t want to lock things down too much to a degree where they impact patient safety and patient care. So we always have to have a proper risk management trade-off,” he said.

VA needs to get to the point where “we know what’s on the network, we’re accounting for everything on the network, we see suspicious activity on the network we jump on it, we contain it and we react,” Galik said. “Total and full accountability.”

Memorandum from VA Chief Information Officer Stephen Warren appointing Dan Galik as the agency’s senior executive responsible for the Continuous Readiness in Information Security Program (CRISP). The memo was signed on March 16.

VA’s security crisis

VA blocked more than a billion pieces of malicious software and nearly 358 million network intrusion attempts in March — a massive increase in the volume of attacks targeting VA that could eventually overwhelm the agency’s ability to effectively defend itself.

The volume of malware reported in VA’s Information Security Monthly Activity Report for March represents an 83 percent increase over the last six months. Likewise, the number of intrusion attempts recorded in March represents a 29-fold increase from six months ago. In October 2014, the agency reported slightly more than 206 million instances of malicious code and about 12 million intrusion attempts.

In congressional hearings late last year, Warren told lawmakers that VA could never be fully patched and secure given the sheer size and complexity of the organization. However difficult that might have been for members of Congress to understand, the situation has become significantly worse since then.

In his latest monthly call with reporters, Warren said if the volume of attacks continues to increase at their current rate, the agency could eventually be overwhelmed. “If you plot that chart out … we’re on an exponential growth rate,” Warren said. “At some point, if we’re not able to knock this back … I think any agency will run into the point where we may get overwhelmed.”

HUBZone Certified

We are pleased to announce that ProSource360 Consulting Services, Inc. has been approved and certified by the U.S. Small Business Administration as a qualified HUBZone small business. We are proud to represent this key program and help the U.S. Small Business Administration “create jobs where they are needed most!”