RE: OPM Data Breach - Whitehouse Petition - Help Wanted

["Naslund, Steve" <SNaslund () medline com>]

Wrong.  I was a government (US Air Force) network engineer for over 10 years (not a contractor, a full time employee).  
There is an O&M budget created for the day to day operation and maintenance of IT systems.  This is approved along with 
your department's budget annually.  If you classify updating equipment as an O&M function (which it routinely is) then 
you have no issues.  You purchase your equipment off pre-existing purchasing agreements in place with your agency or 
the GSA.  If your purchases exceeds certain threshold or the amount available under your O&M funding, then you need to 
go out and negotiate a project and contract it out.  Trust me I know how this works, I was also a contracting inspector 
for communications systems during my time with the US Air Force.

For example,  I want to connect one new building to my infrastructure including the installation of fiber to the 
building and purchasing network switches and routers.  The organization that wants to do this can eat that cost under 
their IT O&M budget without issue or breaking any rules.  It could also be contracted under the buildings construction 
project if it is new construction.  If I want to replace an existing failed or obsolete firewall with something under a 
current GSA schedule, I can do that as well.  The only thing that matters here is that I do not cross certain dollar 
thresholds (which vary per department) and that I can absorb the cost into my O&M funding.  These all comply with 
existing contracting law.

Let me give you another example.  The Air Force Pacific Command wanted to unify several disparate TDM Voice/Video/Data 
networks into a single ATM switched infrastructure on fiber rings.  The cost of that project ran to over 50 million 
dollars and was done with any additional congressional approval.  Air Force Pacific Commander absorbed the entire cost 
under their existing authorization for maintenance of command and control systems.  The construction of manholes and 
duct work was put out for bid to local construction companies under the Air Force Contracting Regulations.  If fact, 
the DoD was told this was being done (since it modified the engineering of some existing systems) and they agreed to 
commit some of their O&M dollars to it as a prototype for other commands.  None of that work required GSA or 
congressional scrutiny because it was all conducted under pre-existing authorizations.  Project went from concept to 
full production in under two years.

If you want new PCs, the Department of Defense negotiates contracts that you can purchase off of agency wide.  It is a 
common misconception that everything has to go out to bid every time.  Things that are purchased routinely (PCs, 
printers, routers, switches, etc.) are negotiated in large multiyear contracts that are already available to the 
purchaser.

You only need to go back to Congress is you are looking for money that is not already appropriated to you.  If my 
budget appropriation includes $10 million for IT security, I can go ahead and spend that money on IT security devices 
and services without any more approval through the existing procurement system.

In my experience it is more about some government wonk that would rather tell you to launch a $100 million project 
rather than get off his ass and do something small and useful.  Rather than work, just make it so hard to start that it 
never happens.

Steven Naslund
Chicago IL




> > > This is only possible when you take all the policies developed to comply with both the law and executive orders and 
> > > chuck them right out the window. At that point you're operating with no authority and all of the responsibility, 
> > > > > > which is grounds for termination even if what you do actually works. Especially if you're a contractor as the 
> > > majority of operations folks in the Federal government are.

> > > Regards,
> > > Bill Herrin