Jump to content

FAR Trivia: Cyber in Acquisition


Recommended Posts

"Cyber" (a word relating to computers and the internet) is a hot topic in government circles these days. Just out of curiosity I decided to see how often cyber appears in the 50 titles of the Code of Federal Regulations. The word appears in 245 locations in the CFR.

Guess what set of regulations contains the most locations.

The word cyber appears in 73 locations in Title 48, The FAR System. That's more than in any other title of the CFR. The next most locations are in Title 31, Money and Finance𑁋Treasury. It appears in only 14 locations in Title 32, National Defense.

I do not know why this is the case.

Link to comment
Share on other sites

19 minutes ago, Vern Edwards said:

"Cyber" (a word relating to computers and the internet) is a hot topic in government circles these days. Just out of curiosity I decided to see how often cyber appears in the 50 titles of the Code of Federal Regulations. The word appears in 245 locations in the CFR.

Guess what set of regulations contains the most locations.

The word cyber appears in 73 locations in Title 48, The FAR System. That's more than in any other title of the CFR. The next most locations are in Title 31, Money and Finance𑁋Treasury. It appears in only 14 locations in Title 32, National Defense.

I do not know why this is the case.

No indepth research to support this thought.   Could it be an era thing?  The FAR is relatively new, maybe as a hot topic the FAR uses it in the new era more than other regulations.  Yes, probably a dumb comparison but I bet the FPR did not have a lot of cyber in it.

Link to comment
Share on other sites

I’m certainly no cyber expert but I’ve been around a lot of system development.  I think the FAR coverage is due to senior officials and politician's thinking the government needs to tell contractors what to do.  Those same believe the government knows how to take care of itself.  Cyber is covered in lots of memorandums, operating procedures, and agency policy.  But a lot changed and It because a hot issue with all the Russia and Chinese hackers accessing government systems including domestic hackers stealing data.  But not much of the direction makes it into CFR.

Link to comment
Share on other sites

@C Culham

16 hours ago, C Culham said:

Yes, probably a dumb comparison but I bet the FPR did not have a lot of cyber in it.

Carl, by "FPR" did you mean FIRMR, the Federal Information Resources Management Regulation, 41 CFR Part 20?

If so, then for the information of others the FIRMR was established on May 17, 1984 (see 49 Fed. Reg. 20994, May 17, 1984) and "abolished" effective August 8, 1996 (see 61 Fed. Reg. 38450, July 24, 1996). The word cyber did not appear in the last edition of the FIRMR. The word cyber did not appear anywhere in the Code of Federal Regulations in 1996. The word cyber made its first appearance in the CFR in 1999, in Title 12, Banks and Banking.

According to the Oxford English Dictionary, the first recorded use of the word cyber (adjective) was in 1992 in the San Diego Business Journal. It's undoubtedly older than that. In its combinatorial form (cyber-) it dates back to at least 1948 and the word cybernetics.

Link to comment
Share on other sites

Maybe FPRS, Federal Procurement Regulations System for Civilian Agencies, which was replaced by the FAR? 

Link to comment
Share on other sites

Just now, joel hoffman said:

Maybe FPRS, Federal Procurement Regulations System for Civilian Agencies, which was replaced by the FAR? 

The word cyber did not appear in the old Federal Procurement Regulation System (FPR), Title 41 of the CFR, which was canceled in 1984 after the FAR took effect. The word cyber was not in general use until almost a decade later.

As I said above, the word cyber did not appear in the CFR until 1999.

Link to comment
Share on other sites

The first substantive mention of cyber in the Federal Register (i.e., other than as a product model name) was on June 15, 1996, in Executive Order 13010, "Critical Infrastructure Protection", 61 FR 3734, issued by President Clinton:

Quote

Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. These critical infrastructures include telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services (including medical, police, fire, and rescue), and continuity of government. Threats to these critical infrastructures fall into two categories: physical threats to tangible property (“physical threats”), and threats of electronic, radio-frequency, or computer-based attacks on the information or communications components that control critical infrastructures ("cyber threats”). Because many of these critical infrastructures are owned and operated by the private sector, it is essential that the government and private sector work together to develop a strategy for protecting them and assuring their continued operation.

Emphasis added.

Link to comment
Share on other sites

On 7/14/2024 at 6:00 AM, Vern Edwards said:

Carl, by "FPR" did you mean FIRMR, the Federal Information Resources Management Regulation, 41 CFR Part 20?

I was out and about for a few days.   The continued discussion  has filled in the gaps for me and touched on your question.   I am good if you are.   

Otherwise you have raised some interesting followup on my own.   Cyber is an interesting "word"----cybernetics, cybersex, cyberspace, cybersecurity, cyber bullying, cyber Monday and the list goes on.........

Link to comment
Share on other sites

I got curious and searched “cyber” on the Cybersecurity and Infrastructure Security Agency (CISA) site.  I got 23,000 hits.  The word is also mentioned a lot as cybersecurity, cyber threats, and cyber incidents in the implementing guidance for the Federal information Management Security Act (FIMSA) and Federal Risk and Authorization Management Program (FedRAMP).  Both those heavily impact the acquisition process.  In fact an agency cannot acquire cloud resources without an Authorization to Proceed (ATO) from GSA.

Link to comment
Share on other sites

Keep in mind that there are two forms of word cyber. Cyber, by itself, is an adjective, as kin cyber threats and cyber incidents. Cyber- (with the hyphen) is a combinatorial form, from which you get words like cybersecurity. I searched FAR for cyber (adjective). I did not search for combinatorial words. They generally came later.

The place to look up the etymology is in the online Oxford English Dictionary, www.oed.com.

Link to comment
Share on other sites

Yes.  I knew that but didn’t think about until I saw your post, Vern.   What surprised me is the huge amount of information on CISA’s site.  The agency was only formed five years ago.  But trying to understand cyber and security processes, procedures, policies and overall guidance is challenging not just from CISA but overall in the government. 

Link to comment
Share on other sites

My take from my personal history with "Cyber":

The oddly prominent use of the term 'cyber' in acquisition/contracting related world stems from two leaders.

National Institute of Standards and Technology (NIST).   Many of the acquisition regulations using 'cyber' directly reference NIST, especially the obscure but important NIST SP 800 series about cybersecurity.   NIST was using the term 'cyber' as understood today as far back as 2000.  

Next, "Cyber" was popularized as a term of art for "related to government IT security" with the naming of U.S. Cyber Command in 2010.  The civilian federal government came later and copied DoD.  I think USCYBERCOM was the first prominent 'cyber' named agency (although intelligence community was using the term before then).

 

 

Link to comment
Share on other sites

  • 2 months later...

Between this thread and the other one about excessive regulations (FAR Facts), it got me thinking that perhaps Elon Musk's Neuralink brain chip will solve the issue and all of us acquisition types will become cyborgs, and we will have all the FAR, CFR, USC, legal decisions, OMP and OFPP memos, agency regulations, directives, and guides and anything else we need to know already in our brain, rather than just at our fingertips.

Link to comment
Share on other sites

One of the few books I inherited from my father is Cybernetics: Or Control and Communication in the Animal and the Machine 

It was his college textbook when he took Professor Wiener's class at MIT.

Published in 1948.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...