The Wrap: PQC’s $7.1 Billion Price Tag; DoD Hybrid Cloud Moves; GSA RPA Security Flag

Welcome to The Wrap for Wednesday, August 7!

From the newsroom at MeriTalk, it’s the quickest read in Federal tech news. Here’s what you need to know today:

?

PQC’s $7.1 Billion Price Tag

Federal agencies will need to spend about $7.1 billion in the coming years to transition their high-priority IT systems to post-quantum cryptography (PQC) that will become vital to cybersecurity as quantum science advances sufficiently to break through current data encryption methods. That’s the bottom line from a report issued last month by the Office of Management and Budget (OMB), which said that a large chunk of that estimated spending will be needed to cover the cost of replacing government technology that cannot support new PQC systems. OMB’s report was mandated by the Quantum Computing Cybersecurity Preparedness Act?signed into law?by President Biden in late 2022, and requiring agencies to provide a prioritized inventory of cryptographic systems to The White House by May 2023. The Biden administration’s post-quantum executive order signed in 2022 calls for the transition of cryptographic systems to quantum-resistant cryptography by 2035.

?

DoD’s Hybrid Cloud Move

The Defense Information Systems Agency ’s DISA J9 Hosting and Compute (J9 HaC) Center (HaCC) is reworking its approach to providing cloud services to mission partners by moving toward a more hybrid cloud mindset. That philosophy – and a lot of concrete moves to advance it – were top of mind for Jeff Marshall, who took over as acting director of HaCC earlier this year, during an Aug. 6 discussion at a Defense One event in Washington. Marshall talked about the United States Department of Defense ’s established Joint Warfighting Cloud Capability (JWCC) cloud contract and said, “now that it’s been out there for a while, it’s time for us to start looking at [whether] public cloud [is] the right vehicle for every workload.” To help with the mindset shift, Marshall said HaCC has formed a hybrid cloud broker office and is going out to mission partners to gather their demand signals for cloud solutions that are better tailored to their workloads and missions. At the same time, he said HaCC also is “looking at a prototype of retooling” its Stratus private cloud offering to addressing concerns including “if you do need boundaries that the public cloud can’t provide you, if you do need performance that you can’t get from there, if you do need white-glove service [and] you can’t get it.” Please do click through for the whole story.

?

GSA RPA Security Flag

The inspector general at the General Services Administration ( GSA ) said in a new?report that the agency’s work with robotic process automation tech has produced a lot of benefits, but also needs some significant security improvements to go along with that. GSA’s RPA program uses software “bots” to automate a host of tasks, but the inspector general said the ability of those bots to perform thousands of tasks at high speed “poses unique risks to GSA’s systems and data.” In findings that did not draw complete agreement from GSA, the inspector general report says that GSA should strengthen the security of the RPA program, and more specifically “we found that GSA’s RPA program did not comply with its own IT security requirements” to ensure that bots are operating securely and properly. Further, the inspector general said, “GSA also did not consistently update system security plans to address access by bots,” and instead of addressing those issues, “RPA program management simply removed or modified the requirements.” Despite pushback on some of the inspector general findings, GSA agreed with seven recommendations for improvement laid out by the watchdog.

?

New DARPA CIO

Congrats to Peiter “Mudge” Zatko, who is signing on with the Defense Advanced Research Projects Agency (DARPA) as the agency’s new chief information officer. He is returning to DARPA after a previous stint as a cyber program manager where he stood up the Information Innovation Office (I2O) as the agency’s cybersecurity office. “His track record of creativity in addressing critical cybersecurity and IT modernization challenges, as well as his experience as a former program manager, make him well-suited to our unique environment,” a DARPA spokesperson told MeriTalk. Zatko’s excited about the reunion, saying in an Aug. 6?post on X, “We all pulled off real magic the first time I was at DARPA … Let’s see if we can make an even bigger dent in the universe this second time around.”

?

Once again, let’s “call IT a day,” but we'll bring you more tomorrow. Until then please check the MeriTalk breaking news website throughout the day for the latest on government IT people, process, and policy. And finally, please hit the news tip jar [with leads, breaking news, or simply your two cents] at [email protected].