A few years ago, the Defense Department drafted a legislative proposal to get rid of principal cyber advisor positions across all services.

While this idea didn’t make it out of the Pentagon, three-plus years later, Chris Cleary, the former principal cyber advisor for the Department of the Navy, said that was a good thing.

Cleary, who left government recently and joined ManTech as its vice president of its global cyber practice, said the impact of the principal cyber advisor in the Navy is clear and lasting.

“This is challenging because all the services in the very, very beginning wanted to get rid of the principal cyber advisors. There was a legislative proposition that was trying to be submitted and Congress came over the top and said, ‘No, you’re going to do this,” Cleary said during an “exit” interview on Ask the CIO. “So year one in the job, I make the joke, I was just trying to avoid getting smothered by a pillow because no one wanted this position especially after we just stood up the re-empowered CIO office so what’s a PCA? And what’s this person going to do for the organization? I was very attuned to that and ready that if the decision is to push back on this creation, and maybe do away with the PCA job, I was just going to go back to being a chief information security officer. I was being a good sailor and focused on whatever are the best needs of the Navy. I was prepared to do that.”

The move to get rid of the principal cyber advisors never came to fruition and, instead, the Navy, and likely other military services, now see the value in the position.

Cyber advisor wields budget influence

Cleary said one way the principal cyber advisor continues to provide value is around budgeting for cybersecurity. He said each year his office submits a letter on the “budget adequacy” to the Defense Department’s planning process, called the Program Objective Memorandum (POM).

“I found that the PCA office really became the champion for advocating and supporting programs like More Situational Awareness for Industrial Control Systems (MOSAICS), which was a thing we were doing for operational technology systems ashore, and another product called Situational Awareness, Boundary Enforcement and Response (SABER), which was its cousin and for OT stuff afloat,” he said. “What you found is both of those programs are being championed by hardworking, honest Navy employees that just couldn’t break squelch to get a properly resourced or funded or programmed for. The PCA was able to champion these things within the E-Ring of the Pentagon. Things like MOSAICS, as an example, I am very proud of, we worked very closely with the Assistant Secretary of the Navy for Energy, Installations and Environment, Meredith Berger. She very quickly recognized the problem, most of this fell kind of within her sphere of influence as the person responsible for resourcing all of the Navy’s infrastructure. She very quickly embraced it, adopted it and hired an individual within the organization to look at this specifically.”

Cleary said over the course of the next few years, he worked with Berger’s team as well as other cyber experts in the Navy and across DoD to do deep dives into how to secure OT.

When the Defense Department rolled out its zero trust strategy in November 2022, the services faced more challenges around operational technology than typical IT. Cleary said the PCA helped the Navy better understand the OT stack was more complex and the tools used for IT wouldn’t necessarily work.

“The further you get down closer to an actual device or controller you can’t just roll a firewall out against that,” he said. “They have their own vulnerabilities and risks associated with them. But they’re things that we haven’t traditionally looked at when you when I’m talking about OT, like weapon systems, defense, critical infrastructure, these massive foundation of things that not only enable what we do from an enterprise IT standpoint,  but we’ve got to keep the lights on and the water flowing, and the Aegis weapon system has lots of computers with it, but that isn’t an enterprise IT system so who’s looking at those, who’s resourcing those, it’s only been the last decade or so that we’ve seen a lot of these is legitimate target areas.”

Champion of attention, resources

Cleary said his office helped get the Navy to spend more money and resources on protecting operational technology because it wasn’t always a top priority.

The OT example, Cleary said, is exactly why Congress created the PCA.

“We didn’t do any of the work to create these things. We just champion them appropriately and ensure they got the attention they deserved. And then ultimately, the resourcing required so they can be successful,” he said.

Cleary said it was clear that after three-plus years as the principal cyber advisor for the Navy, the benefits outweighed any concerns.

He said with the cyber world becoming more convoluted and complex, the position helps connect dots that were previously difficult to bring together.

“I think Congress would come and ask a question and they would get 10 different answers from 10 different people. I’m not saying we got there. But the idea of the PCA was to get those 10 different answers from 10 different people and then try to consolidate that answer into something that made sense that we could agree upon and present that answer back to Congress,” he said. “I’m not going to say we fully succeeded there because there are a lot of ways around the PCA and the PCA offices, but I think as the offices get more and more established, organizations like Fleet Cyber Command for the Navy, the Naval Information Forces and others were seeing the benefit of the PCA’s job to be the middleman and deal with the back and forth.”

Continue to create trust

Cleary said toward the end of his tenure, these and other offices, including the Marines cyber office, started to work even more closely with his office on these wide-ranging cyber challenges. He said the principal cyber advisor was slowly, but surely becoming the trusted cyber advisor initially imagined.

“I use the analogy of a fishing line, when you start pulling out a fishing line and you’re not sure what the weight of the fishing line is, but if you break the line, it’s over. So the trick was to pull on it with just the right amount of tension without risking or breaking it,” he said. “I knew the PCA office was something new and if the relationships with those organizations became tenuous, or were cut off because of the PCA coming in and say, ‘Hey, you shall do this or that,’ it wasn’t going to work. The way I envisioned the role of PCA was not to tell anybody inside the organization how to operationalize their own environments. My whole job was to go to them and understand what it is they needed, based on their experience and their expertise, and then get them that. The more that I could be seen as a value and not here to check their homework and poke them in the eye about their readiness, the more successful I’d be.”

Cleary said for the principal cyber advisor to continue to be successful, they have to continue to establish trust, understand their role is personality driven and focus on getting the commands the money and resources they need to continue to improve their cyber readiness.

The post Why the principal cyber advisor ended up being a good thing first appeared on Federal News Network.

Zscaler makes a key hire of a former federal technology leader to expand its global reach and influence.

These are two of the most recent federal executives on the move.

Eric Hysen, the DHS chief information officer, announced on Monday that Hemant Baidwan will be the new CISO, taking over for Ken Bible, who retired on March 29.

“Hemant has been instrumental in enhancing the department’s cybersecurity posture,” Hysen wrote in an email obtained by Federal News Network. “His background spans both the public and private sectors, where he has excelled in IT development, agile application deployments and strategic expansion globally.”

Meanwhile, Zscaler is hiring Brian Conrad, the former acting director of the cloud security program known as FedRAMP, Federal News Network has learned.

Conrad, who left the General Services Administration on March 22, will be the new director of field compliance authorizing authority liaison.

“We want Brian to own all the relationships with all the FedRAMP-type of agencies or organizations across the globe,” said Stephen Kovac, the chief compliance officer and head of global government affairs at Zscaler. “Many countries have similar organizations like FedRAMP, which act as an authorizing agency. Many are going down the path of secure by design as well, which we think will be huge internationally, so you’ve got programs that are maturing and may not be where FedRAMP is today, but all are trying to mature their processes. Brian has worked with all these folks over the years, but has been more of a friendly coach to many of these agencies. By him joining, this will allow us to build out global practice and build those relationships.”

Kovac said companies ranging from Japan to Singapore to Spain to India to United Kingdom are maturing their cloud security oversight organizations.

He said Conrad can bring a technical acumen to the conversation that will benefit Zscaler as well as the organizations themselves.

“From the earliest days of the FedRAMP program, Zscaler has been an innovator, working to ensure the federal government can deliver modern digital government services, securely,” Conrad said in a release. “Implementing a zero trust cybersecurity framework is mission-critical for every organization, and we must stay focused on separating the signal from the noise. I’m excited to join a team that aligns with my vision of building a secure global digital ecosystem.”

Conrad’s decision to join Zscaler comes after he spent the last five-plus years working for GSA. He was the acting FedRAMP director for the last three years.

GSA is hiring a new FedRAMP director and held information sessions about the position on Monday and today.

Before joining GSA and FedRAMP, Conrad was an officer in the Marines Corps where he worked the Marines Systems Command, the Marines Corps College of Distance Education and several other commands. After retiring from the Marines Corps, Conrad worked at Booz Allen Hamilton before coming back to federal service.

Similar to Conrad, Baidwan joined the government after spending the early part of his career in industry.

Baidwan has been the deputy CISO at DHS since 2021 and has worked in the CIO’s office since 2015 in an assortment of cyber roles.

He also worked at the Immigration and Customs Enforcement directorate as the governance and risk management section chief.

With Baidwan taking on the new role, Hysen said Antonio Scimemi will be the acting CISO. Scimemi has overseen the CISO cybersecurity assessments division and led the effort to develop the agency’s unified cyber maturity model.

He also was the deputy CISO and acting director of IT operations at ICE.

The post DHS hires new CISO; Former cloud security lead lands new job first appeared on Federal News Network.

The National Institutes of Health’s BioData Catalyst cloud platform is only just starting to take off despite it being nearly six years old.

It already holds nearly four petabytes of data and is preparing for a major expansion later this year as part of NIH’s goal to democratize health research information.

Sweta Ladwa, the chief of the Scientific Solutions Delivery Branch at NIH, said the BioData Catalyst provides access to clinical and genomic data already and the agency wants to add imaging and other data types in the next few months.

“We’re really looking to provide a free and accessible resource to the research community to be able to really advance scientific outcomes and therapeutics, diagnostics to benefit the public health and outcomes of Americans and really people all over the world,” Ladwa said during a recent panel discussion sponsored by AFCEA Bethesda, an excerpt of which ran on Ask the CIO. “To do this, it takes a lot of different skills, expertise and different entities. It’s a partnership between a lot of different people to make this resource available to the community. We’re also part of the larger NIH data ecosystem. We participate with other NIH institutes and centers that provide cloud resources.”

Lawda said the expansion of new datasets to the BioData Catalyst platform means NIH also can provide new tools to help mine the information.

“For imaging data, for example, we want to be able to leverage or build in tooling that’s associated with machine learning because that’s what imaging researchers are primarily looking to do is they’re trying to process these images to gain insights. So tooling associated with machine learning, for example, is something we want to be part of the ecosystem which we’re actively actually working to incorporate,” she said. “A lot of tooling is associated with data types, but it also could be workflows, pipelines or applications that help the researchers really meet their use cases. And those use cases are all over the place because there’s just a wealth of data there. There’s so much that can be done.”

For NIH, the users in the research and academic communities are driving both the datasets and associated tools. Lawda said NIH is trying to make it easier for the communities to gain access.

NIH making cloud storage easier

That is why cloud services have been and will continue to play an integral role in this big data platform and others.

“The NIH in the Office of Data Science Strategy has been negotiating rates with cloud vendors, so that we can provide these cloud storage free of cost to the community and at a discounted rate to the institute. So even if folks are using the services for computational purposes, they’re able to actually leverage and take benefit from the discounts that have been negotiated by the NIH with these cloud vendors,” she said. “We’re really happy to be working with multi-cloud vendors to be able to pass some savings on to really advanced science. We’re really looking to continue that effort and expand the capabilities with some of the newer technologies that have been buzzing this year, like generative artificial intelligence and things like that, and really provide those resources back to the community to advance the science.”

Like NIH, the Centers for Medicare and Medicaid Services is spending a lot of time thinking about its data and how to make it more useful for its customers.

In CMS’s case, however, the data is around the federal healthcare marketplace and the tools to make citizens and agency employees more knowledgeable.

Kate Wetherby, the acting director for the Marketplace Innovation and Technology Group at CMS, said the agency is reviewing all of its data sources and data streams to better understand what they have and make their websites and the user experience all work better.

“We use that for performance analytics to make sure that while we are doing open enrollment and while we’re doing insurance for people, that our systems are up and running and that there’s access,” she said. “The other thing is that we spend a lot of time using Google Analytics, using different types of testing fields, to make sure that the way that we’re asking questions or how we’re getting information from people makes a ton of sense.”

Wetherby said her office works closely with both the business and policy offices to bring the data together and ensure its valuable.

“Really the problem is if you’re not really understanding it at the point of time that you’re getting it, in 10 years from now you’re going to be like, ‘why do I have this data?’ So it’s really being thoughtful about the data at the beginning, and then spending the time year-over-year to see if it’s something you should still be holding or not,” she said.

Understanding the business, policy and technical aspects of the data becomes more important for CMS as it moves more into AI, including generative AI, chatbots and other tools.

CMS creating a data lake

Wetherby said CMS must understand their data first before applying these tools.

“We have to understand why we’re asking those questions. What is the relationship between all of that data, and how we can we improve? What does the length of data look like because we have some data that’s a little older and you’ve got to look at that and be like, does that really fit into the use cases and where we want to go with the future work?” she said. “We’ve spent a lot of time, at CMS as a whole, really thinking about our data, and how we’re curating the data, how we know what that’s used for because we all know data can be manipulated in any way that you want. We want it to be really clear. We want it to be really usable. Because when we start talking in the future, and we talk about generative AI, we talk about chatbots or we talk about predictive analytics, it is so easy for a computer if the data is not right, or if the questions aren’t right, to really not get the outcome that you’re looking for.”

Wetherby added another key part of getting data right is for the user’s experience and how CMS can share that data across the government.

In the buildup to using GenAI and other tools, CMS is creating a data lake to pull information from different centers and offices across the agency.

Wetherby said this way the agency can place the right governance and security around the data since it crosses several types including clinical and claims information.

The post Understanding the data is the first step for NIH, CMS to prepare for AI first appeared on Federal News Network.

Up until about a year and a half ago, the 16,000 employees who make up the Office of the Secretary of Defense were the biggest technology user base in the Defense Department that didn’t much resemble an IT enterprise. Collectively, the organization is bigger than the Space Force and many large DoD agencies, but from an IT perspective, the nearly two dozen entities that comprise OSD were largely left to their own devices — figuratively and literally.

But an enormous amount has changed since October 2022, when DoD created a new CIO position to unify 17 OSD staff assistant offices and four agencies into a coherent IT management structure. Most recently — just this month — everyone involved signed a memorandum of agreement to make clear all assigned roles and responsibilities.

“Over the past 10 to 15 years of IT efficiency and consolidation drills, there was a lot of movement of money and resources, but nothing was written down,” Danielle Metz, OSD CIO said during Federal News Network’s DoD Cloud Exchange 2024.

“Since we weren’t really united and no one viewed themselves as part of a collective, everyone had different expectations, different thoughts. And because we didn’t have a memorandum of agreement that articulated the common services that were going to be delivered by the service provider — and the price points and metrics associated with that — there wasn’t an understanding of whether what was being delivered was considered good, what was considered not so good and how to correct that. All of that needed to be sorted through. And so just getting that baseline is what we’ve endeavored on in the past 18 months.”

The service provider is the Defense Information Systems Agency, which has been delivering IT services to tenants inside the Pentagon and the National Capital Region through its joint service provider since 2015, when DoD ordered an earlier consolidation of its IT service providers.

Buying, managing IT services at an enterprise level

But until recently, each OSD organization has been on its own when it comes to ordering and implementing those services, depending on their needs, and figuring out for themselves how to use them.

“We’re now acting as an enterprise instead of individual fiefdoms, and that it works two ways,” Metz said. “One is that we have collective buying power, but we also are able to advocate for the resources that we all need and not just the piece parts by those who were able to navigate the Planning, Programming, Budgeting and Execution process on their own, which is what was happening. There were a lot of organizations that were struggling, and the whole point of a CIO is to democratize access so that we don’t have winners and losers.”

In its initial stages, beyond creating usage, spending and user experience baselines, Metz’s new office — part of the Pentagon’s Directorate of Administration and Management — has had some early wins in deploying common services to the parts of the DoD “fourth estate” that fall within the new OSD enterprise portfolio.

For unclassified email and collaboration services, all 21 of the organizations have now moved to DoD 365, the Pentagon’s cloud-based implementation of Microsoft 365. As of this month, all but one of those organizations has also migrated to their secret-level systems to the new classified version of DoD 365, eliminating the need for a hodgepodge of aging information sharing tools at Impact Level 6.

Migrating those systems to a single cloud environment also helps mitigate the network fragmentation DoD organizations have been creating for the last several decades.

“It doesn’t make those fragmentation issues irrelevant, but it helps us prioritize the fact that we do need to do some network simplification, both on our unclassified and classified networks. That’s what DISA has been leading with what they call DoDNet,” Metz said. “We’re working with DISA to accelerate their plans to have that in the Pentagon, so that you don’t have like a Pentagon local area network that’s kind of sandwiched in between all these other various networks, whether it’s classified or unclassified. We really do need to streamline and simplify the network because we have a lot of network outages. We have performance issues.”

Moving toward a single budget for OSD IT

Another major objective: figuring out how to create a unified IT budget for nearly two dozen organizations with widely varying missions, expertise and needs.

Metz said the most sensible way to provide for each organization would be to create a single working capital fund for the entire enterprise’s IT expenditures, rather than forcing each of them to plan their technology budgets via DoD’s arduous and rigid PPBE process.

“In that model, you’re using your crystal ball to assess what is the technology that we need to be able to implement, and then you have to get a lot of details to be able to come up with a funding profile over five years — but you’re doing it two years out, and you’re going to be wrong. And even if you have it programmed, if you’re operating under a continuing resolution, you don’t have access to those dollars. It really slows your ability to drive the important changes that need to take place. In a working capital fund or fee-for-service model, you’re able to make those capital investments and technology insertions a lot more gracefully instead of having to do big bang approaches — which we know in technology never ever works.”

Discover more articles and videos now on Federal News Network’s DoD Cloud Exchange event page.

The post DoD Cloud Exchange 2024: OSD’s Danielle Metz on moving from ‘fiefdoms’ to coherent IT enterprise first appeared on Federal News Network.

A year after a scathing report from the Defense Business Board found general unhappiness with the user experience with technology across the Defense Department, the chief information officer’s office is taking a simple approach to fix the computers.

A big part of this effort came earlier this year when DoD’s CIO created a customer experience office, led by Savanrith Kong, who now serves as the senior advisor for the user experience (UX) portfolio management office (PfMO).

Leslie Beavers, the principal deputy CIO for DoD, said the overarching philosophy behind this improved CX approach is putting the user and their mission first.

“I always lead off with, it’s got to be functional first. If it’s so secure that we can’t connect, we’re going to go around it and that’s not good,” Beavers said on Ask the CIO. “We have to be able to scale it. That’s the other big challenge that we have in the department. Not just internally, but we have to be able to scale to international allies and partners into the commercial world.  Then the third piece is we have to be secure, and in this case, it’s with the zero trust. It’s tagging the people, tagging the data and doing the audit so that we know what’s happening and we can identify intrusions.”

The DoD CIO’s office got the message multiple times about function over form when it comes to why the user’s experience is so important.

The first time happened in the “fix my computer” post by Michael Kanaan, the director of operations for the Air Force – MIT Artificial Intelligence Accelerator in June 2022 that went viral.

The second moment of truth came from the Defense Business Board in February 2023. The DBB released survey results showing 80% of survey respondents rating their user experience as average or below average. Out of about 20,000 respondents, 48% rated their experience as “worst,” and 32% fell into the category of average.

Over the last year, the DoD CIO’s office has been addressing both process and technology.

DoD’s holistic perspective

DoD CIO John Sherman said last summer that the idea is to bring some standardization to the refresh cycle across all of the military and ensure user experience is a part of every technology initiative.

Beavers said now that Kang is on board, he is shaping DoD’s user experience effort.

“We’re looking at it from a holistic perspective because user experience is more than just having the latest equipment. It is all around the functionality and in the department, it’s different than in the commercial world,” she said. “If you think about an F-35, it’s a flying interoperable networked computer with the pilot. So the user experience is from the warfighters’ perspective. But whether you’re sitting in an operations room or behind a desk or out in a plane or on a ship, does your IT and your communications equipment work together and can you stay secure? The department is also standing up a big effort to get after the IT for the warfighter.”

Through this initiative, Beavers said the challenges are much different, ranging from a huge install base to legacy technology not designed to be interoperable and a limited budget.

At same time, Beavers said there’s a lot of opportunity to make some improvements to the user experience.

“We should make a concerted effort to look at where our policies are standing in the way of the interoperability. Where do we need an engineering solution? And where do we need just a process change?” she said. “The department is really pretty good at buying big things over long periods of time and buying quick things and bringing them when there’s an imperative like a war. But it’s not ingrained as part of the standard operating procedure in the department as much as we would like so we’re working on building that piece out, to help bring in the new technology and also to improve the customer experience.”

DoD, VA collaboration

Beavers added DoD is using the Lean Six Sigma business process improvement approach to help sort through the potential changes and to better understand the broader impacts of process and policy revisions.

Some recent work with the Veterans Affairs Department is a customer experience win, Beavers said.

At the North Chicago Veterans Medical Center, VA and DoD staff have worked closely together for the past decade or more. But their systems and networks were separate and data sharing was basically non-existent.

She said in some cases, it would take around 36 mouse clicks to send an email between the DOD and the VA.

“We spent the last six months pivoting to Office 365 in the cloud and turning on some business functionality,” Beavers said. “This really was a cooperation problem where the security folks on both sides had to decide to configure the clouds the same way to enable that interoperability. We are rolling that out now to the people working in less than six months.”

The post DoD’s approach to fix its computers is function over form first appeared on Federal News Network.

CBP is recognizing not only the time and cost savings, and more importantly the safety to officers that small, unmanned aircraft can provide.

Quinn Palmer, the National Operations Director for small unmanned aircraft systems at CBP in the Homeland Security Department, said the use of drones has evolved across the agency’s mission sets.

“Small drones are really filling a critical niche between fixed surveillance systems and crewed aviation or manned aviation assets because of their range, because of their price point and the quick deploy ability,” Palmer said on Ask the CIO. “They can offer us surveillance over a much larger area on the border, like for search and rescue where we can cover broad swaths of territory very quickly. But another interesting piece of that is the nature of the drone, meaning its covertness, that’s been a hugely impactful component to how why drones are so valuable to us and to our agents in the field. What I mean by that is having the ability to surveil a target or a law enforcement situation covertly or silently allows our folks that situational awareness, that critical time element, to prepare more smartly to position themselves to make that initial engagement, which lends itself to officer safety, but also to the effectiveness of the law enforcement resolution.”

This type of impact is true across many CBP mission sets. From border surveillance and related missions to facility and tower inspections to creating training videos, using drones, for internal communications, the agency is using these unmanned small aircraft systems in more ways than ever imagined.

CBP flew 100,000 sorties in 2023

To that end, Palmer said CBP has grown its drone pilot crew to about 2,000 strong operating more than 330 systems from just half a dozen systems and 20 operators a about five years ago. It plans to grow to more than 500 assets and continue to train and hire operators in 2024.

“The response by the field, by the folks that are out there on the front line, are really engaging in and advocating for this capability in this technology. The leadership now see the value too,” Palmer said. “It’s always a trade off when you’ve got a workforce that’s stretched amongst many competing requirements and commitments, adding one more thing to do is something we’ve got to be very conscious about. It can be a distraction. It can be a negative to the labor cost of conducting a border security mission. But drones have not been that. It’s been a labor saving capability. We see an effect at the ground level, but not just in the price tag but in the time it takes to resolve law enforcement situations.”

In 2023, CBP flew about 20% of all of the direct air support missions for ground agents of the border patrol. From those flights came 48% of all apprehensions and seizures, Palmer said.

“We’re putting out about 25% of the output, but yielding about 50% of the outcome. That’s due to the proliferation of more drones being more places than manned aviation, but also the nature of the drone being covert and the effectiveness it lends its self to that interdiction aspect,” he said. “We apprehended about 42,000 folks crossing the border illegally. In fiscal 2020 through 2023, about 2,800 pounds of narcotics were seized, 95 vehicles seized and 13 weapons seized. That resulted from about 100,000 sorties about 50,000 hours flown.”

Sustainment plans for drones

All of those efforts in using drones instead of manned aviation in 2023 resulted in about $50 million in cost avoidance. Palmer said that money can be put back into mission and operational priorities helping the agency extend its limited budget.

“We’re actually benefiting not just from the cost savings associated with deploying drones versus some of these other more expensive surveillance capabilities. But we’re also benefiting because we’re able to control that interdiction much more efficiently, which translates into savings on the ground level because the labor costs associated with and the time associated with accomplishing that interdiction, and that resolution is minimized,” he said. “In many different ways, we found that drones are impacting and it’s not just from the budgetary standpoint, but they’re impacting the tactical advantage in the field.”

As with any new technology, CBP is learning how to manage the drones and educating the industry.

For example, the agency runs drones in austere environments whether cold, heat, dust or precipitation in a way that many manufacturers didn’t intend the systems to run in.

“We are using our equipment a lot compared to some of the other drone users in the United States. We’ve had industry partners say we never intended to fly this this much. We’re like, ‘well, don’t sell it to us,” Palmer joked.

Palmer said this means having a strict sustainment plan is more important than ever to keep the drones flying.

“This gentlemen at the National Transportation Safety Board (NTSB) told me this, and I’ll share it with you because I was thought it was very relevant. Drones are engineered to do very sophisticated things. But they’re engineered also at the same level as the toaster on your kitchen counter. So we do very intricate and very sophisticated things with drones, but they are consumable, for lack of better term,” he said. “We do have for our higher costing assets have sustainment plans and lifecycle plans associated to those acquisitions We do our due to our hard work to make sure that that that battery rotation and those kits are tracked and the motor arms and the propellers are replaced per manufacturer specifications. We’re doing all those kinds of things on the ground. But ultimately, small drone is should be considered as a consumable. They’re just not built to sustain.”

At the same time, Palmer said the marketplace is moving so fast that CBP or any organization could move to the next generation fairly quickly and inexpensively outweighing the cost of long-term sustainment plans.

The post Drones becoming central to a variety of CBP’s mission sets first appeared on Federal News Network.

When it comes to adopting secure artificial intelligence capabilities, the General Services Administration is doing all it can to make sure the government isn’t late to the game.

The draft Emerging Technology Framework from the cloud security program known as FedRAMP could be a key piece to that effort, especially if industry and agencies help drive the new approach.

Eric Mill, director of cloud strategy in the Technology Transformation Service in GSA, said the draft framework, for which comments are due March 11, is helping to ensure agencies get the expected benefits of using secure AI and large language models.

“This is strategically important for the program because what we’re doing here is FedRAMP is prioritizing its work around the strategic goals that the government has. It’s not just a first in, first out program. We are breaking a little bit of ground for the program,” Mill said on Ask the CIO. “It is that something we think is a good thing. As we engage in a prioritization process where FedRAMP is really important for what FedRAMP does, we have to make sure it’s well understood, that we are transparent to stakeholders, that it is fair and clear. That’s the foundation we’re trying to lay with this framework.”

GSA released the draft framework in late January as part of its effort to meet the requirements of the AI executive order President Joe Biden signed in October. In the document, GSA says it’s initially focused on emerging technology capabilities that use large language models (LLMs) and include chat interfaces, code-generation and debugging tools and prompt-based image generators.

Mill said the framework will help prioritize and manage the excitement around AI and LLMs.

“How do we strike the right balance? And, then, how do we operationalize that? How is it that we are prioritizing this thing in effect and that means having to come up with things like limits?” he said. “So part of what you see in the framework is the proposal that we stop at three. When we have three services that are based around chatbots, for example, using generative AI, and we’ve prioritized three of those things, we’re going to stop prioritizing that until we come back around and think again about what the priorities of FedRAMP should be. That is making sure that when we say prioritize, we’re actually prioritizing, and we’re not just focusing on AI as a program. FedRAMP is a program for the entire cloud market. But we want to be able to support this initiative so this is important strategically for figuring out how we answer those kinds of questions that are not at all totally AI specific.”

GSA to manage concerns over backlogs

That prioritization and limits to the number of cloud services is exactly why Mill said GSA is pushing vendors and others to comment on the draft framework.

He acknowledged the limitations, especially around AI, could cause some heartburn for vendors. FedRAMP already is seeing a lot of interest from vendors and agencies alike around AI and LLM services in the cloud.

“We definitely are seeing some services that are have already been in the marketplace that have added AI capabilities. We’re seeing things come in through the agency review process. We’re expecting that to go up,” Mill said. “We’re not responding to an abstract thing, but the things that we actually see coming in front of us.”

One of the big issues GSA still must address is what are the metrics or benchmarks it should use to determine if a technology fits into one of the three priority categories.

Mill said GSA is aware of possible backlogs building of vendors asking for their AI capability to go through the review process, and then that creating a bigger backlog for more typical cloud services.

“We very much are intent on making sure that the urgency that we see around accelerating the government’s use of emerging technologies doesn’t compete with those other things. That it doesn’t worsen the problem,” he said. “That is part of what we mean when we talk about the prioritization process and some of the limits associated. That’s how we’re ultimately going to make sure that the program stays responsive. We’re very engaged on short and long term structural changes to make sure that the program is operating at the pace that it should. We are treating speed as the security property that we know that cloud providers and agencies all believe in as well. That’s the spirit that you should see from us. And we’ll have a lot more to say later this year.”

More on tap for FedRAMP

Mill said he couldn’t speak to the timeline to get the version 1 of the framework out. He said he doesn’t expect GSA to sit on the comments and any updates from those comments for a long time. But, he said, it also will depend on what people say about the framework and how much GSA got correct already.

“I think we’re very much expecting for this to be an iterative process. This is not going to be the only bite at the apple for engaging with the FedRAMP team about this framework. Folks should feel absolutely feel free to reach out and suggest how we can do better on that,” he said. “We did put we put a lot of effort into that [blog] post to sharpen those questions. We absolutely encourage folks to go read the announcement and on this questions. Chief among them is, this question of are we are we measuring this right? I think the concept of prioritization means making some kind of hard choice somewhere, so when the agency does that, we want to know that, at the very least, everybody understood why we would make that decision and what factors went into that.”

Mill said beyond the finalizing the framework in the coming months, other priorities for FedRAMP center on improving the customer experience, both agency and industry users, and understanding the costs involved in obtaining approval.

Mill said GSA is trying to make sure it is on the same page with vendors about the time and cost to get through the security process.

“What we think it takes, is it the same as what the cloud providers think is one of the exercises that we’re going to be engaged on this year. We are updating what some of the key metrics are around that and talking pretty directly with stakeholders before we finalize those things. We will be keeping a feedback loop so that we are really orienting ourselves formally as a customer oriented program in that way,” he said. “I think you’ll see us engaging in that in a more in a pretty public way, maybe in a more tangible, mechanical sense. We’re definitely focused on speed as a security property. We’re definitely very interested in in identifying cloud providers that want to want to pilot different ways of working. There’s never been a more open mind to looking at process changes and piloting different approaches that don’t lower the bar for security, but allow us to focus the review energy on the process and on the items that we all understand are the most closely tied to security.”

Of course, Mill said once the draft memo from the Office of Management and Budget is finalized, a whole new set of priorities will open up.

“I hope folks see there is a sense of energy and responsiveness where the program wants to hear where it can change and where it can do a better job of threading that eternal needle of speed, security and everything else people want from the system,” he said. “It is not trivial, but it is the whole job of the program. I think there’s going to be not just this Emerging Technology Framework, but a pretty good series of feedback opportunities over the course of the year. I really encourage folks who come at that with the spirit of improving these processes, and feel please bring up things that maybe died on the vine a few years ago. But let’s not let the past foreclose the future. There’s not been a more open minded period of time in the program than I think what’s there right now.”

The post GSA’s emerging tech framework is a priority setter for AI first appeared on Federal News Network.

From the Education Department to the Homeland Security Department to the Air Force to the Defense Information Systems Agency (DISA), federal leaders are retiring or heading to new opportunities in the private sector.

Starting with the Education Department, Luis Lopez, the chief information officer since December 2022, is leaving on March 22 for a job with INOVA Healthcare.

An Education Department spokesman confirmed Lopez is leaving for the private sector.

“We are preparing for a smooth transition by posting the position before he departs,” the spokesman said.

It’s unclear who will be acting CIO when Lopez leaves. Education already put out the job announcement to hire a new CIO. Applications are due by March 14 so only a two-week opening.

Federal News Network has learned Lopez will be vice president of IT operations for Inova Health Care Services.

Lopez has worked in federal service since 2008 and been with Education since 2017.

In his short time as CIO, Lopez said in a recent interview that he set up a customer advisory council last summer to help explain to non-IT executives why the 2014 law matters to them and it’s more than just a technology priority. He also led the effort to consolidate and standardize the number of video teleconferencing and collaboration tools used by Education Department employees.

Along with his work at Education, Lopez also worked at the Defense Health Agency and the Walter Reed National Medical Center.

Joining Lopez in heading to the private sector are two other technology leaders.

Federal News Network has confirmed Drew Malloy, the technical director for DISA’s Cyber Development Directorate, and Robert Wood, the chief information security officer at the Centers for Medicare and Medicaid Services, also are leaving for new positions outside of government.

Malloy, who has been with DISA for 14 years and served in government since 2003, will join a small systems integrator.

Malloy has led DISA’s cyber directorate since 2020 where he oversaw the agency’s portfolio of cybersecurity capabilities, including identity and access management, the Joint Regional Security Stacks, cybersecurity situational awareness and zero trust.

He wrote on LinkedIn that he also “developed the modernization strategy for our network and security architecture in accordance with zero trust principles resulting in Project Thunderdome for the DoD enterprise.”

It’s unclear when Malloy’s last day will be or who will replace him even on an acting basis.

In addition to running the cyber directorate, Malloy ran DISA’s services development directorate and was the chief engineer for the Cyber Situational Awareness and Analytics Division.

He also worked at Naval Research Laboratory before coming to DISA.

CMS CISO Wood taking new role

As for Wood, who has been CMS CISO since November 2020, he will join a new venture with Sidekick Security, while also continuing to invest in and grow the non-profit Soft Side of Cyber.

Federal News Network has learned that CMS deputy CISO Keith Busby will be stepping up to lead the program until a permanent CISO is hired.

During his time at CMS, Wood focused on improving the culture at CMS around cybersecurity, building a security data lake to break down silos and advancing the technology strategy through cyber enablement.

Before joining CMS in 2020, Wood spent most of his career in the private sector working in cybersecurity positions with Cigital, Simon Data and N95.

Retirements at DHS, Air Force

Two other federal technology leaders decided it was time to call it a career.

Ken Bible, the Department of Homeland Security’s chief information security officer, and Eileen Vidrine, the Air Force’s chief data and artificial intelligence officer, have submitted their retirement papers.

Bible said his last day will be March 29 and has no firm plans for his post-federal life.

“I am looking forward to taking some time to enjoy my home in Charleston, S.C. and perhaps engage in helping in both the education arena as well as helping at the state and regional policy levels in the future,” Bible said in an email to Federal News Network.

He has been DHS CISO since January 2021 and worked in government for almost 39 years. Bible, who received a 2023 Presidential Rank Award,  started his career in 1985 at the former Charleston Naval Shipyard, where he rose to be a nuclear qualified engineering supervisor for three engineering branches.

During his time at DHS, Bible launched a pathfinder last summer to begin evaluating existing contractors with cyber hygiene clauses in their contracts and focused on addressing broader supply chain risks through a strategy.

Before coming to DHS, Bible served under the headquarters Marine Corps Deputy Commandant for Information as the assistant director for the information command, control, communications and computers division (IC4). He also served as the Marine Corps’ deputy CIO and CISO. Additionally, he worked at the Space and Naval Warfare Systems Command (SPAWAR) for almost two decades.

Vidrine is retiring on March 31 after 38 years of federal service.

She has been the Air Force chief data officer since 2018 and CDO/CAIO since January 2023 when she returned to the service after a one-year detail serving as the senior strategic advisor for data to the Federal Chief Information Officer in the Office of Management and Budget.

Last March, Vidrine told Federal News Network that her new title reflects the central role data has in getting AI projects off the ground.

Vidrine said AI readiness for the department comes down to establishing a baseline set of data and AI skills for airmen and guardians, as well as making sure they have access to the digital infrastructure and tools needed to advance breakthroughs in AI research.

Vidrine began her government career in 1986 as an enlisted member of the Army where she received her commission in 1987 through the U.S. Army Officer Candidate School Program as an Army transportation officer.

From 2006 to 2012, Vidrine served in various positions of leadership at the Office of the Director of National Intelligence culminating as the chief of staff for the Assistant Director of National Intelligence for Human Capital.

Army PEO-EIS leader moving to new agency

Finally, one federal executive who isn’t leaving federal service, but is on the move to a new role.

Rob Schadey, the acting deputy program executive officer for the Army’s PEO-Enterprise Information Systems (PEO-EIS), is joining the Defense Counterintelligence and Service Agency (DCSA) to be the program manager of the National Background Investigation Services.

Federal News Network has learned Schadey’s last day will be in March and it’s unclear who will take over for him even in an acting role.

Before stepping into the acting deputy PEO-EIS role in January, Schadey served as the assistant program executive officer and as the director of the business mission area, both at PEO-EIS.

As the program manager for NBIS, Schadey will have to continue to modernize the systems that help federal employees obtain security clearances.

OMB recently approved the Personnel Vetting Questionnaire (PVQ) in November, according to the third quarterly update on the “Trusted Workforce 2.0” initiative from the Performance Accountability Council. The questionnaire consolidates the SF-86, “Questionnaire for National Security,” along with several other vetting questionnaires used for federal jobs, including public trust and non-sensitive positions.

DCSA is now working on plans to integrate the PVQ into the new “eApp” web portal for background investigation applications as part of its NBIS.

The post Education, DHS among agencies seeking new IT leaders first appeared on Federal News Network.

Since September, the Office of Management and Budget has been working in policy overdrive. Six draft or final memos came from OMB’s Office of the Federal Chief Information Officer.

On Sept. 23, OMB issued the long-awaited digital services memo to implement the 21^st Century IDEA Act.

About a month later, OMB offered draft updates to the cloud security initiative called Federal Risk Authorization and Management Program (FedRAMP) for the first time since 2011.

A week after that, the draft guidance for implementing the executive order on artificial intelligence detailed a host of new requirements for agencies.

Then there is the annual Federal Information Security Management Act (FISMA) guidance that dropped in early December with a specific focus on operational technology and internet of things devices.

And finally, OMB offered an early Christmas present in the form of the new requirements to ensure agencies are meeting the accessibility standards under Section 508.

Hopefully, the OMB staff took a breadth and some time off after that sprint.

Two months into calendar year 2024, OMB is revving back up to finalize many of these policies.

Federal News Network checked in with Federal CIO Clare Martorana to see what stood out to her in 2023 and what her priorities are for 2024. The following email conversation is edited only for style and clarity.

FNN: 2023 was a busy year for the Office of the Federal CIO. What are some of your office’s efforts that may not have received as much attention or notice, but will have a big impact on federal IT sector in the years to come?

 Martorana: Above all else, our north star is delivering for the American people. We need to ensure that Americans’ experience with government matches the quality and experience of the private sector — and I think we have made great progress on this.

One of the things I’m most proud of is the work we’ve done in partnership with other federal offices — that’s how we can make a big lasting impact on federal IT, which benefits how Americans interact with government. For example, the Executive Order on Improving the Nation’s Cybersecurity was released early in the administration and it called for a transformation of federal cybersecurity, based on universal adoption of strong authentication, encryption and zero trust principles across the government. As a result of the efforts of my office, our partners at the Office of National Cyber Director and the Cybersecurity and Infrastructure Security Agency (CISA), we are seeing significant cultural and technological change across the federal enterprise to strengthen our cybersecurity posture.

We also partnered with CISA on CyberStat, a holistic program which strengthens agency defenses by addressing individual agency challenges, reducing the potential for successful attacks, and bringing risks to the attention of executive leadership when necessary, all while maximizing limited OMB and CISA resources. With over 6,000 attendees across 16 engagements in 2023, we provided agencies with the information and tools necessary to achieve specific security outcomes in a more consistent manner.

My office also works closely with the General Services Administration’s Technology Modernization Fund (TMF) Program Management Office (PMO). The TMF works in complement with the appropriations process, allowing agencies to quickly access capital to tackle the IT modernization needed to keep up with the fast pace of changing technology. In fiscal 2023, the TMF invested more than $177 million in 18 projects that improve how the federal government provides services to the American people, increasing public trust and making it easier to get the services they need.

Over the past year, we worked closely with GSA Technology Transformation Service (TTS) to ensure an integrated approach to tackling our biggest IT challenges. We continue to meet with GSA leadership on a weekly basis and our teams are engaging daily to support the implementation of our policies, such as helping develop and provide agencies access to tools that will help them deliver a digital-first experience to the public.

Lastly, I want to highlight the strong connection my staff has established with our budget colleagues to ensure funding and resources are aligned so that agencies can best secure their infrastructure and be on the road to digital transformation.

FNN: Of the policies/guidance your office did issue in 2023, which ones do you think will have the biggest impact in 2024 and why?

Martorana: Building off the customer experience executive order and the President’s Management Agenda Customer Experience Priority Area, in September, we released digital experience guidance to help agencies move faster to deliver the simple, seamless, and secure experience that the American people deserve. Some 430 federal agencies and sub-agencies provide information and services to more than 400 million individuals, families, businesses, organizations and local governments each year.

Digital is increasingly becoming the primary way that the public interacts with government and accesses the information and services they depend on. In order to provide the best possible customer experience — we must fix the digital experience.

Right now, everyone is talking about artificial intelligence and the power and potential that it yields. Our pending FedRAMP guidance will significantly scale the size and scope of the FedRAMP marketplace.

Another piece of guidance issued in 2023 that is having an immediate, positive impact in 2024 is our Digital Accessibility guidance, which is based on the idea that all Americans should have equal access to government. Sixty-one million adults in the United States have a disability, an estimated 15 million or more people have a temporary disability, and an estimated 40 million people are caregivers who provide support to a person with a disability. There is nothing more heartbreaking than someone being unable to use accessible technology to complete what should be a basic task. That’s why our Digital Accessibility guidance is so important; it helps build and sustain an accessible Federal technology environment that delivers for everyone.

FNN: What are your top 3 priorities for 2024 and why?

Martorana: Strengthening Office of the Federal CIO’s foundation to enable our staff to grow and thrive. They are working on the front lines across the Federal ecosystem to drive progress and positively impact the way services are delivered to the public each and every day. And while there is a lot of external attention on our policies, there is often little discussion on the people behind the policy. As I look at 2024, I’m so excited by our team and what we will be able to achieve together.

Supporting agencies in operationalizing the policies we issued over the past few years. Every agency is at a different place on their journey — our job is to ensure they have the executive support, shared services and tech talent needed to deliver results.

Ensuring continuity so agencies and tech teams across government can continue making progress in modernizing technology. We’ve delivered and we’ve built a strong foundation of tech policies that will span from year to year and across administrations. The American people deserve good government every day. Technology is critical to delivering a government that meets today’s expectations — and we must continue moving forward.

FNN: There is a lot of excitement around artificial intelligence in the public sector, how is your office trying to balance the excitement with all the challenges that come with AI?

Martorana: AI presents tremendous opportunities to improve public services, such as making it easier to access benefits, preventing drug shortages, or fighting wildfires. While we harness AI’s power for good, we also need to protect people from its potential risks. My goal as the Federal CIO is ensure the federal government is a leader in both using AI and managing its risks. That’s why we’re issuing extensive guidance to federal agencies on their use and governance of AI, which will be finalized this spring.

In the meantime, the AI EO directed agencies to name a chief AI official (CAIO), a senior agency representative responsible for driving consistent implementation of AI practices across their agency. I recently convened and [led] the first meeting of the CAIO Council, a new executive council that will coordinate the development and management of AI across agencies. We know that innovation relies on great minds coming together to rethink what is possible. Ensuring that the U.S. is a world leader in AI will require all of us — across government, academia, civil society, and industry — to be successful.

FNN: There is a lot of excitement over the special salary rate for IT/cyber workers, but agencies are struggling to implement and fund it. How is your office, with your partners in OMB, addressing this opportunity to use the SSR to help agencies recruit and retain the best talent?

Martorana: Now more than ever, we need technologists at the table to collaborate with our nation’s leaders and provide expertise on how best to launch products and services that are secure by design, digital by default, and accessible to people of all abilities. There are many entry points to federal government and we are continually trying to reduce barriers.

Late last year, we launched a new page on CIO.gov to serve as a “front door” into government for technologists at all levels. When you navigate to CIO.gov, you will see a banner with a call to action to join us.

If you are thinking about a career in civil service, I encourage you to check it out and consider putting your tech superpowers to work for your families, friends and neighbors.

FNN: What is your message to non-technology federal IT leaders, such as those in the finance or acquisition or mission areas?

 Martorana: Technology today is deeply integrated into nearly every facet of our federal operations and services. It presents both opportunities and threats that we cannot afford to overlook. All leaders — regardless of background — need to make technology a core priority. We can deliver a government that rivals our favorite consumer brands.

What it takes is a C-Suite — leaders beyond CIOs, CISOs, and chief data officers (CDOs) — it will take chief human capital officers (CHCOs), chief acquisition officers (CAOs), CFOs, general counsels and public affairs teams to align their efforts to support an agency’s technology journey map to modernize how they deliver products and services. They’ll reduce administrative burden for their workforce, improve employee engagement and inspire others to join us in the effort.

FNN: What is your message to federal IT vendors?

 Martorana: Read our final guidance to understand the federal government’s requirements and our draft guidance to understand where we are heading.

Know where agencies are on their IT modernization journeys and sell them the appropriate tools, technology and solutions — meet them where they are.

Let’s collaborate: we get the best ideas when we share lessons, challenges, and opportunities for delivering faster.

The post Federal CIO Martorana’s top 3 priorities for 2024 first appeared on Federal News Network.

There may be no one facing the continued workforce and technology challenge more than Air Force’s intelligence community.

The move to new and emerging technologies like the cloud are directly clashing with the Air Force’s obligation to keep current systems running.

That is why Col. Michael Medgyessy, the chief information officer of Air Force Intelligence Office, said initiatives like the Air Force and Space Force’s Digital University are so important.

He said it’s more critical than ever to ensure his digital savvy airmen and women don’t get frustrated and leave.

“There are definitely new hires coming into the Air Force already digital savvy. They’re coders. They have a strong data understanding. And it’s this new workforce that we got to make sure it doesn’t get frustrated and leaves by enabling them to be able to do these types of things at the edge, enabling them with different technologies like low code, no code, automated workflows, being able to do scripts and things, and be able to understand that the lexicon is different,” Medgyessy said on Ask the CIO. “When do scripts become apps? When do data platforms that have user defined operational pictures on them that have names become apps that need accreditations? A lot of people will use the word app to describe a lot of different things that aren’t really, in my mind, actual, full stack applications. Then you go down these roads of, well, who’s approved this thing to be used? So enabling the workforce by ensuring that the lexicon is clear, and that they are empowered to do certain things is important.”

That also means, Medgyessy, who also is the cyber authorizing official and chief data officer for the intelligence office, said, defining user privileges and capabilities, relying on automation to help make those determinations faster and easier and protecting data and applications from intended or unintended problems.

Clearing Air Force obstacles

At the same time, by opening up these types of platforms to more airmen and women, they can solve problems more quickly, drive decision making to the edge and move faster in a secure manner.

And, Medgyessy said, “try not to frustrate them as much as possible and get them into paths that will let them use their skills and grow them.”

Limiting that frustration also means finding a way to say “yes” to new ideas. Medgyessy said he’s aware of the technology and process obstacles that can arise.

“The digital infrastructure needs to shift the mindset because every time we add new work, it’s not necessarily more cost, more resources and bodies to the person saying ‘yes,’ because the way we do this is a fully burdened cost model. So as a service, we scale elastically and the people asking for the permission to do something are coming with the funded requirement, which is actually scaling out not only the technology, but the workforce on the back end. The dynamic has shifted,” he said. “So actually, the more funded requirements we get on these capabilities, the more others can scale them out and get benefit from them. It’s a complete flip. Cybersecurity wise, we have to really take a culture and shift it from flat file repositories and reviews of those capabilities on a periodic basis into live data, and people that understand how to read code and go into the code repositories and understand where the production is getting spun up from under what policies and audits of those policies to ensure that they’re actually happening to the specifications we expect, but more so in a live manner, a dashboard manner, in a manner that understands that the production environment is in flux constantly.”

Medgyessy said his office is implementing those toolsets through continuous integration, continuous delivery (CICD) pipelines in the cloud, and leaning into reciprocity of other office’s or agency platforms.

“If we understand how a pipeline is built and the body of evidence has been approved, that they’re doing this to the specifications we also require, then those pipelines should also be able to provide a certificate that we accept and can move those containers to another environment to be able to be used without having a lot of security on top of that done, and move that in a very seamless fashion,” he said. “The only way we’re going to be able to do that at scale is not with humans, but with automation, and so our cybersecurity workforce really has to get into this world and understand it, as do the authorizing officials. The authorizing officials cannot be stuck in doing things the old industrial age way.”

Working across the community

To that end, the Air Force Intelligence Office has accepted three platforms from the National Geospatial and Intelligence Agency, the National Reconnaissance Office and from the Air Force’s Platform One. Additionally, the intelligence platform, ODIN, can bring on containerized applications from the Air Force Kessel Run and Space Force’s Gravity platforms “with very little cybersecurity rework and it’s very automated,” he said.

The access to and use of platforms is one major reason why Medgyessy said cloud office governance is a big deal for 2024.

He said with the emergence of the Joint Warfighting Cloud Capability (JWCC) vehicle and the continued use of the C2E program for the intelligence community, the governance process will help ensure users follow the guardrails the Air Force built for using cloud services.

“The shared inherited controls that you get when you using this way, the visibility and security cognizance of what’s going on in commercial cloud at any given time by the CIO is super important to trying to tame the Wild West, while not having to slow people down,” he said.. “We have to have an understanding that when you do come through the cloud office, yes, there’s going to be guardrails in place, but you’re also getting to go faster and you’re going to be more successful long term.”

That idea of going faster and being more successful also fits into Medgyessy’s goal of migrating successful agile pilots into sustainable programs.

He said the Air Force Intelligence Office is looking at moving to an “as-a-service” type of model to help get customer capabilities in place more quickly.

Air Force Intel Office to get new CDO

“We have a customer base that is larger than any normal program office’s customer base because normally that program office will have a certain finite set of users that they’re focused on. In this case, we have customer funding from all over the place, which is really been the goal for IT services. People have been wanting this forever, but we don’t actually have an institutional way to deliver what people have been wanting,” he said. “I’ll give you an example of like, we have a cost model, it’s fully burdened. So I can take customers as a multi-tenant cloud environment from anywhere and it will not cost the Air Force or the intelligence community any more money than what we were spending on supporting ourselves initially to get that capability running. But I’m scaling it out to all these customers who don’t have to duplicate the effort from scratch, and can just buy into what they need to scale it out to them. It actually helps us that model of doing business is very different.”

Medgyessy said a final priority is focused on data and improving the platform the information resides on. The good news for Medgyessy is the Air Force Intelligence Office is hiring chief data officer, for which applications closed Feb. 26. This means Medgyessy will wear one less hat.

“We have a lot of work happening with classified cloud at the edge and extending it really in two prongs. One prong is how do I get sensor data ingested into classify cloud in a low latency, high bandwidth fashion. It’s kind of like an internet of things model, where I’m doing processing at the edge, and I’m also redistributing some of that data to the regional nodes, and then bringing that back into classify cloud,” he said. “Then there’s also the data platform and how can we do replication and resynchronization when it’s reconnected across secret and top secret instances? Some of the difficulty and challenge there is regional cross domain solutions, and how we can actually move between the classifications of our data locally without having to come back to the continental United States to do it. That’s one big part there and furthering the standards for data sharing.”

The post Air Force Intelligence CIO finding ways to get to ‘yes’ first appeared on Federal News Network.

Lily Zeleke, who became the deputy DoD chief information officer for information enterprise in 2022, “took over new responsibilities” in the DoD CIO’s office on Thursday, Cmdr. Tim Gordon, a Pentagon spokesman told Federal News Network via email. He did not specify what those new responsibilities are.

Bill Dunlap, who had served under Zeleke as the information enterprise office’s principal director, is now the acting deputy CIO for information enterprise, Gorman said. Dunlap previously served as CIO at the Defense Advanced Research Projects Agency.

Zeleke herself held that same acting title for most of 2022 before formally taking the deputy CIO role last December. During that time, she oversaw the relatively trouble-free awards of the Defense Department’s first ever enterprise-wide cloud computing contracts, the Joint Warfighting Cloud Capability to Amazon, Microsoft, Google and Oracle.

The reasons for her departure from the deputy CIO position remain unclear. Zeleke did not immediately respond to questions sent via LinkedIn on Friday.

The post Zeleke departs deputy DoD CIO role, reasons unclear first appeared on Federal News Network.

SAN DIEGO — Like almost all agencies, the Department of the Navy does a good job of buying and replacing old technology. Where the DoN, and most others struggle is how to sustain that application or system over the long term.

Jennifer Edgin, the assistant deputy chief of naval operations for information warfare, said her office is leading a perspective shift to ensure technology is onboarded quickly and is always modernized.

“It used to be you would buy a system, a box that was contained with hardware, software, all different types of things and use it until its end of life. Then you replace it with the next best thing,” Edgin said in an interview with Federal News Network at the AFCEA West conference. “As cloud computing and other cloud-based technologies have come online, it changes that model. The Defense Innovation Board had a great quote. It said software was never done. So when we talk about sustainment, we are talking about the iterative updates, the update of software, the update of different capabilities and new things that come online. That’s a mindset shift. That’s what you see kind of permeating across a lot of the conference talks that we’re having out here and a lot of the perspectives that we’re trying to drive as a resource sponsor. Changing our mindset from a buy and replace to a buy and sustain so that our sailors can get updates when they need them, how they need them to face whatever they may be facing at sea.”

The mindset comes from initiatives like the Navy’s Black Pearl software development platform. It comes from the success of Operation Flank Speed to give more than 600,000 sailors, seamen and civilians access to modern workplace applications in a secure cloud.

Jane Rathbun, the DoN chief information officer, said giving sailors, seamen and civilians access to platform- and software-as-a-service that meets the Defense Department’s zero trust requirements through Operation Flank Speed underlies this new approach.

“We are encouraging and driving to the optimal use of that platform so that we can get out of on-premise servers and get out of shared drives and things like that. We really want to take advantage of the cloud platform that is so agile for us and will allow us to maneuver in places that we have not been before,” Rathbun said in an interview on Ask the CIO. “We’re testing out Flank Speed on a ship. We put a hyperconvergence infrastructure stack on the ship so that we could drive to, what the secretary would like to see, is email for life for our sailors. I think you’re probably well aware that today when you’re going to ship, you get a new email address. If you’re the commodore of multiple ships, you have multiple email addresses. It seems maybe not one of the most important priorities that we could be working on, but I think if we’ve got the technology, the technology is demonstrating that it can work, we should start evolving and improving the experience of the sailor.”

The aircraft carrier the USS Abraham Lincoln will test the hyperconverged infrastructure version of Azure, using different connections including low-earth orbit satellites or other access methods.

Navy modernizes records management

Rathbun said the Operation Flank Speed is an evergreening approach, meaning because it’s updated all the time, understanding how it works afloat is important.

“We also are looking at what unclassified applications could we store in that environment that could be leveraged on the ship? Think personnel training and logistics kinds of capabilities,” she said.

Rathbun said Operation Flank Speed is more than just email. The Microsoft Azure platform will let users develop applications at no or low cost, which is much different than the old way that relies on program managers and acquisitions.

A recent example that the DoN CIO implemented recently is around records management.

Rathbun said the Marines Corps started using Office 365 suite tools to manage a majority of their records and the DoN CIO saw that success and expanded the mandate to all of the Navy.

The new approach replaces the DoN Tasking, Records and Consolidated Knowledge Enterprise Repository (TRACKER). The Program Executive Office Digital worked with the Naval Network Warfare Command to test out a minimal viable product moving more than 20 million records to the new system.

Once the National Archives and Records Administration (NARA) confirmed the MVP worked, the DoN CIO made this new approach the only way forward.

The Navy is considering using a Microsoft capability called Form Recognizer, which relies on artificial intelligence technology that lets users upload files and extrapolate text, whether handwritten or types, from forms, to further expand the records management capabilities.

Breaking up requirements

The move of records management to Office 365 is also a good example of another piece of this change that Edgin is pursuing. She said separating the functional requirements from the technical requirements is also part of this effort.

“When you say things like no code, low code, those are design parameters or technical requirements that we can put in place. The functional requirements are from a user’s viewpoint. I’m a sailor on a surface vessel, and I need to be able to accomplish A, B and C. That’s a great functional requirement,” she said. “If we look today, all of those things are integrated together. One of the things that we’re doing from our role as a resource sponsor is separating them because low code, no code could be what we use today, but maybe there’s a great computer advancement a year from now. The functional requirement is still valid, but how we meet that requirement could change. That’s where separating these two things will allow us to iterate very, very fast.”

Generally speaking, functional requirements remain relatively stable, while the technical side can change rapidly. Edgin said that is why having a good governance process with the technical side, the user community and industry also is key.

Edgin said the Navy needs to create an ecosystem that can support not only the separation of the technical and functional requirements, but also the ability to iterate software capabilities faster.

She said that ecosystem must be based on application programming interfaces (APIs) and driven by the people, processes and technologies.

The Navy recently addressed a key piece of the ecosystem by updating one of its main cyber policies last year.

Edgin said the old policy didn’t specify the role that everybody played in this modern technical ecosystem.

“We spent some time last year getting that policy right. I like to say we invited everyone to Thanksgiving dinner and put the place cards out, and now everybody’s really seated at that table,” she said. “Things from the technical side of our acquisition arm, where do they come into play here? Where does our fleet come into play here? How do we look at cybersecurity compliance and then the authority to connect? So where does the network owner, the platform owner come into this? We spent some time really getting that right, getting a governance structure right for how we make decisions and how we interact. The next hurdle that we’re climbing over is the playbooks. How do these work? How do we define those business process? That’s what we’ll be releasing in the next year.”

The post Navy seeks to break its buy, replace technology model first appeared on Federal News Network.

From new authorities to an updated organizational structure, the State Department’s acquisition office is going to look much different in the next few years.

State is reorganizing its acquisition efforts around four lines of business:

• Diplomatic security
• Overseas buildings and construction
• Technology, cybersecurity and artificial intelligence
• Professional services

Michael Derrios, the senior procurement executive at the State Department, said the goal of the reorganization is to help agency customers get services from a consolidated and expert group of contracting professionals.

“It helps me with category management. How do we aggregate the demand?” Derrios said at the recent ACT-IAC AI Acquisition Forum. “I love the fact we have the best-in-class vehicles. We use those. But that is not the panacea for category management. Where the rubber really hits the road and where we really save money is when I can go to 10 customers that, in real-time, have a need and a procurement action that is coming in the next couple of months or weeks and say, ‘hey, let’s talk about that. Is there an opportunity smartly aggregate that demand?’ We can approach industry in a means where we can leverage our buying power.”

While that new structure comes into place, Derrios also is giving State’s acquisition workforce new tools and creating new governance bodies to help reduce time to contract award.

One new acquisition approach that all of these new organizations will be able to take advantage of in the coming years is the use of State Department specific federally-funded research and development centers (FFRDCs).

Derrios said State received approval in October to enter into sponsorship agreements and establish direct relationships with FFRDCs.

“It gives us another tool in the toolbox that we just don’t have today. Today we have to go to other agencies and try to get access to their FFRDCs. Now we will be able to have our own suite of FFRDC contractors,” Derrios said in a recent interview on Ask the CIO. “We just didn’t have our own indefinite delivery, indefinite quantity (IDIQ) vehicles with the MITREs, LMIs or RANDs of the world. They provide great service in niche areas. The State Department’s mission is evolving. We are now doing things that the department wasn’t asked to do in year’s past. I think that is the case across the board in all aspects of our mission. The research aspect, especially of R&D, is something we could benefit from.”

State seeking OTA authority

State’s office previously could use other agency’s, such as the Department of Defense, contracts with FFRDCs as long as it met the scope requirements.

But Derrios said scope was only one challenge. Agencies tend to protect the contract ceilings of their FFRDC vehicles so that too limited access.

“The other agencies is going to, and rightfully so, protect the ceiling on their vehicles and when other agencies are eating into that ceilings a bit too much, they back off and say, ‘hey, you need to go somewhere else and get that support,’” he said. “We could be right in the middle of something, and frankly it happened, and had to start over. We want to try to alleviate this problem by having access to our own suite of vehicles.”

Along with FFRDCs, Derrios remains optimistic that Congress will grant State another important acquisition tool: The authority to use other transaction agreements (OTAs).

He said State has asked Congress for permission two years in a row, and would like to see OTAs expanded to all agencies.

“I think the State Department has some very unique needs that we could benefit from OTA authority,” he said. “In our diplomatic security portfolio, for example, the ability to accelerate development of a particular security related product could absolutely help our mission set. The ability to do that with a vendor who may be doesn’t know anything about federal procurement, and, frankly, may not even care about federal procurement, but they would be happy to develop something that they may be using elsewhere, we would love to have that capability more at the Department of State. I’m going to keep at it and see where it goes.”

New governance over large projects

The new acquisition tools and the reorganization are pieces of a larger effort to improve how the State Department manages acquisition more broadly.

Over the last year, Derrios said his office launched an Executive Business Review Council (EBRC) to look at acquisition from the mission and contracting sides.

“We really want to shore up both sides of the house there, and we’re requiring folks at a particular dollar threshold to come forward and talk about their program plans and the infrastructure that they’ve established, including their budgeting, how prepared are they for us to enter into a big contract for them, their acquisition support needs and is there a good acquisition strategy attached to it?” he said. “This EBRC is in a pilot phase right now. We’ve already had a couple of programs go through it successfully, I think, and it’s sparked really good dialogue with a set of executives that have shared equities and the department’s acquisition program.”

The executive council is led by Alaina Teplitz, State’s assistant secretary of the Bureau of Administration and chief procurement officer, and Douglas Pitkin, State’s director of the Bureau of Budget and Planning and program management improvement officer.

Derrios and other senior leaders like Kelly Fletcher, State’s chief information officer, also sit on the council.

“The BRC is a big one for us. It’s a flagship effort to really start to think about how we do major acquisitions differently,” Derrios said. “The threshold [for review] is $250 million and over. So it’s pretty high. We don’t want to clog the system with everything. It’s risk based. At that dollar threshold, we’re expecting program offices to have a more formalized plan and approach for program management. The procurements at that level are usually for systems, which are very complex and/or major services. It’s aimed at catching those things and not creating a bottleneck with lower dollar things.”

State will be putting more large-dollar projects through the ECRB in 2024, capture lessons learned and sharing them across the department.

Derrios said he hopes the benefit of this approach is accelerating acquisition planning and time to award.

State’s new forecast to industry

The other significant governance change that started in 2023 and will expand in this year is around procurement planning.

Derrios said State is doing two things. First, it’s redesigning their forecast tool to make it much more robust. He said industry should be “pretty excited” for the forecast tool’s redesign.

Second, State is putting more thought and efforts in its procurement planning conferences. Derrios hopes to create easier and more often opportunities for program managers, contracting experts and industry to get together to talk about their upcoming needs.

He said, too often, those discussions don’t happen for an assortment of reasons and program folks end up missing out on potential innovations.

“We’re trying to drive that in a formalized process so that all of our customers are getting that same experience. We have very good planning, unfortunately, sometimes it’s in pockets. We’re not leveraging that, I think, to the extent that we should be,” he said. “All of that upfront work needs to happen in order to populate a better forecast for industry to see. We’re trying to build an acquisition ecosystem at the department where it all fits in together. I’ll make the distinction between acquisition planning and procurement planning. Procurement planning is what are the vehicles that we need to put in place for you to meet your needs? The acquisition planning is, ‘hey, so you’re going to be going after a big contract that is delivering capability for the department’s mission, and this program is integral to mission success and the contracts that we’re going to award.’ It’s all connected.”

The post State Dept reshaping acquisition organization, processes first appeared on Federal News Network.

It wasn’t that Rep. Gerry Connolly (D-Va.), co-author of the 2014 law and ranking member of the Oversight and Accountability Subcommittee on Cybersecurity, IT and Government Innovation, didn’t let others speak, though he is prone to enjoy the microphone like most lawmakers.

It was that he was the only legislator at the FITARA 17 roundtable last Thursday.

Subcommittee Chairwoman Nancy Mace (R-S.C.), for a second time since September, didn’t agree to hold a formal hearing so Connolly was left to host a roundtable that had no Republican participation.

“First, I want to mention how disappointed I am that our Republican majority has turned its back on the FITARA scorecard,” Connolly said in his opening statement. “The scorecard has been a bipartisan oversight project for more than eight years with Republican champions like [Reps.] Mark Meadows (R-N.C.), Will Hurd (R-Texas) and Darrell Issa (R-Calif.). It has helped save nearly $30 billion, closed 4,000 unnecessary data centers, expanded the use of working capital funds as flexible vehicles for IT modernization funding, almost doubled the percentage of federal IT projects using incremental development to deliver functionality and empowered agency Chief Information Officers (CIOs) with greater budget and procurement authority and a more direct reporting relationship to agency leadership. The scorecard sits at the heart of this subcommittee’s mandate to oversight federal IT.”

There now has been no formal FITARA hearing since December 2022, the 15^th iteration of the scorecard.

A House Committee on Oversight and Accountability spokesperson pushed back on Connolly’s notion that the majority has “turned its back on FITARA.”

“FITARA is a law concerning federal IT management and acquisition. Ms. Mace’s subcommittee has held a dozen hearings in the past year concerning not only federal information technology management and acquisition, but also pressing issues surrounding artificial intelligence, and cybersecurity. These hearings have been a critical vehicle for substantive oversight and the development of significant legislation,” the spokesperson said in an email to Federal News Network.

Mace held 12 hearings in 2023 looking at federal technology and cyber issues, with artificial intelligence receiving the most attention. She did hold hearing on legacy federal IT, the problems with Login.Gov and the continued struggles with the Defense Travel System program — all of which fall under the FITARA umbrella of oversight of federal IT projects.

Exactly why Mace will not hold a FITARA hearing is unclear. Maybe it’s not a “sexy” enough topic, like AI or ransomware, for her? Maybe it’s something different.

Either way, not holding a traditional hearing on FITARA is a missed opportunity for lawmakers, for agencies and for the overall goal of improving how agencies manage, spend and account for the nearly $100 billion spent on federal IT.

But getting away from the big “P” politics playing out between Mace and Connolly, the roundtable provided some important and new updates to federal IT oversight and progress.

Here are my three takeaways from FITARA 17:

EIS under review

The Government Accountability Office is dusting off the cobwebs from its “why did this transition take so long?” probing tool. GAO will begin looking this spring at the continued delays agencies are having in moving to General Services Administration’s Enterprise Infrastructure Solutions (EIS) contract.

“We’ll be able to really dig in deep and ascertain progress and the reasons why agencies are not able to make this transition on time,” said Carol Harris, GAO’s director of cybersecurity and IT, in an interview with Federal News Network after the Feb. 1 roundtable. “We’ll also dig into the missed cost savings as a result as well because that’s a huge component of this. But when you take a look at the progress that’s been made, certainly over the past two years, agencies have done their best and but still we still have, I believe, 14 agencies that did not meet the deadline.”

GSA gave the departments of Justice and Homeland Security until May 2026, while 80 other agencies have until May to complete their transitions.

Of the four agencies that participated in the roundtable, the Office of Personnel Management, the Nuclear Regulatory Commission and the U.S. Agency for International Development all completed transition. The Department of Housing and Urban Development reached the 80% mark as of December, according to GSA’s EIS transition progress dashboard.

As a reminder, the transition from FTS 2001 to Networx took 33 months longer than planned and cost the government an estimated $395 million, according to an analysis by GAO in 2014.

It’s clear this Networx to EIS transition may not meet the 33 month record, but the cost will exceed $395 million.

Cloud grades vs. cloud progress

The string of “Fs” filling the cloud computing category showing a lack of progress is striking when you first look at the FITARA scorecard. Of the 24 agencies, 16 received the lowest grades and six others received “Ds.”

As GAO’s Harris and Connolly said during the roundtable, the grades are supposed to be low given it’s a new category.

“[We are] introducing a new category and a new grade, therefore, we were expecting that we started at a lower base. The object here is to move up. So whatever we started with, we will be measuring it,” Connolly said. “We need to put that into perspective that it’s not like every federal agency just regressed in the last few months because they took large holiday breaks. It’s because we are introducing metrics that really matter. We’re starting at an uneven point with a lot of federal agencies.”

The cloud category is measuring agency progress against several of the areas the Office of Management and Budget outlined in its 2018 federal cloud computing strategy.

These include:

• Whether agencies are ensuring that the CIOs are overseeing modernization, Agencies have cloud service level agreements (SLAs) attached to all of their cloud deployments,
• Agencies have standardized SLAs

Harris said GAO is currently reviewing how agencies are meeting these requirements and used the results of that work to give agencies initial grades.

“What we’re seeing is uneven progress across the agencies. None of the agencies have fully implemented the five categories with the exception of the Defense Department,” she said. “That’s something that we need to see improved progress in. When I cited the 47% average [for SLA compliance]. That’s what we’re not seeing across the agencies in the implementation of this area.”

At the same time, what the FITARA scorecard isn’t measuring, which may be equally important, is the actual use of cloud services.

Take the Office of Personnel Management for example. Guy Cavallo, the agency’s CIO, said over the last two years, OPM has deployed over 35 new cloud-based applications that were previously on-premise. OPM also migrated over 100 business applications to the cloud that previously ran in data centers.

“Our goal is to have the majority of OPMs applications operating in the cloud by the end of this year,” Cavallo said.” Now, one of the benefits of utilizing cloud computing is the implementation of enhanced cybersecurity capabilities, such as data encryption, real-time security updates and patching, centralized monitoring and robust access controls. Today, all of those are improving the security of OPM’s applications, data and cybersecurity. We’ve had a number of successes there by leveraging machine learning and artificial intelligence to enhance our cybersecurity capabilities, allowing us to have real-time situational awareness, which allows us to quickly respond to and defend against threats. We also implemented data driven cloud-based dashboards to provide better visibility into our cyber status.”

Cavallo said OPM is far from done in moving to the cloud. But it’s clear that OPM’s “F” grade doesn’t entire reflect the real goal of moving data and applications out of data centers.

The same can be said for USAID, which received a “D”, and the Department of Housing and Urban Development and NRC, both of which received “F” grades.

NRC’s Feibus said the agency is transitioning legacy technology to the cloud.

“We’re developing solutions that focus more on current and future technologies, including artificial intelligence, machine learning and process automation to keep the agency innovative,” he said. “The NRC has also worked with the General Services Administration on a financial operations pilot. It is implementing the recommendations and best practices we learned to further enhance management of our cloud services. We have been able to locate additional workflows to the cloud to provide an additional layer of resilience to our technology operations.”

USAID’s Gray said by moving to the cloud, the agency has reduced the number of data centers from 87 to 2.

“Even technology refresh is something that historically would take weeks or months to do major upgrades. In my prior agency [Education], we were able to upgrade an entire data center over a weekend, that would never happen. There would’ve be a disruption, but that did not happen because of the cloud,” Gray said.

It’s clear that agencies need to improve how they oversee and manage cloud services, but let’s not confuse that area with the real impact of cloud services on IT modernization efforts.

Working capital fund compromise

If the Technology Modernization Fund (TMF) was the icing on top of the Modernizing Government Technology (MGT) Act cake, then the IT working capital fund (IT-WCF) is the cake itself.

Everyone can “ooh and aahh” over the icing, but when you dig into the MGT Act, authorizing IT working capital funds is what holds the act together and gives agencies hope that IT modernization is an achievable goal.

For the previous 16 iterations of the scorecard, Connolly and GAO graded agencies on whether they were meeting the spirt and intent of the MGT Act by implementing a specific IT working capital fund. Agencies received some partial credit for already having another fund that provides money for technology modernization.

For the 17^th iteration, one of the major changes is giving agencies credit for having any working capital fund that supports IT modernization.

After nearly a five years, Connolly realized that it’s not the agencies who didn’t want the IT working capital fund, it’s the appropriators who were less than excited to approve them. Sen. Maggie Hassan (D-N.H.) had planned to try to fix the MGT Act with a technical amendment in 2021, but that bill never moved.

Only a handful of agencies, including OPM and the Small Business Administration, have received approval from Congress to set these up. Others like the departments of Treasury, Labor and USAID have requested Congress give them the green light, but had no luck so far.

HUD is the latest agency to try to run the appropriator’s IT-WCF gauntlet.

Sairah Ijaz, HUD’s deputy CIO, said not having access to a working capital fund has impeded their ability to modernize technology as quickly as they would’ve liked.

“We do see some hope of that coming into the fiscal 2024. We’re hopeful that is something that we will be able to leverage in order to be able to quickly address some of the issues that are part of our long underlying strategies,” Ijaz said.

Like several other agencies, HUD does have a working capital fund out of its CFO office, but it doesn’t specifically support technology modernization.

“We are working to be able to begin the use of that working capital fund, and that’s part of the conversations we’ve been having with all of our counterparts about looking toward that in future appropriations. Currently, our appropriations do not allow for the use of a working capital fund,” Ijaz said. “It has hindered our ability to be able to be flexible, and be able to work toward modernizing our platforms. We’ve had to look towards other areas in order to be able to support our ability to fund some cyber needs. We’ve gone to the TMF and received some funding there to be able to manage that. Then we looked at reallocating some other costs in order to be able to support our cyber needs because that is most important at the moment.”

The post 3 takeaways from the FITARA 17 scorecard roundtable first appeared on Federal News Network.

The General Services Administration’s (GSA) third attempt to modernize the catalog management system running on its Advantage! program seems to have finally hit the right mark.

GSA is expanding the number of users of the new FAS Catalog Platform (FCP) after a successful test run over the last year with vendors under the Office Supplies 4 contract.

Mike Shepherd, the director of the catalog management office in GSA’s Federal Acquisition Service, said industry sellers and agency buyers will see a stark change when using the FCP from the previous catalog management system, called the Schedule Input Program (SIP), under GSA Advantage!.

“The FCP, in its most basic form, is replacing SIP with a new web-based user interface. It’s going to bring in some really new key enhancements that are going to benefit both our suppliers as well as our acquisition workforce and customers,” Shepherd said in an interview on Ask the CIO. “On the Advantage! side, it’s an intuitive web-based application. When you log in to FCP, you will quickly realize this is very different from that desktop SIP application. But really, it’s more than that. It’s a capability that’s going to be integrated with e-modification in such a way where we’re going to be able to capture catalog information during the modification process. What this means for our suppliers is we’re going to be able to automate publishing to GSA Advantage!. We’re going to speed up that time to get catalog changes down to the Advantage! platform.”

The time it takes to modify a catalog has been a major and long-standing pain point for industry for the last two decades.

GSA says the new platform automatically publishes modifications to GSA Advantage!, saving an average of 34 days for vendors adding new products to their catalogs. GSA also says it publishes catalog deletions within 1-to-2 days of a modification submitted by the contractor.

Shepherd said it used to take more than 10 days to be able to delete products.

In addition to addressing long-standing pain points, GSA says the new platform also features several other modern tools.

• Automated data validation checks.
• A central hub to review all catalog actions and statuses.
• Access to catalog history.
• Shared user interface between contractors, contract specialists and vendor support center staff.

As part of the platform’s expansion, GSA will add more users and begin a pilot covering professional services.

Shepherd said the initial pilot included 32 companies on the OS4 vehicle. GSA asked contractors last year about their interest in joining the expanded pilot to use the FCP.

“We’re going to scale up about five times, so to about 150 new users onboarding in this next tranche. From there in January, we’re going to plan to bring in more and continue to bring in a few hundred per month through the end of fiscal 2024,” he said. “What that means for us in terms of our target as a program is that we’re going to move the majority of Advantage! catalogs into this new platform by the end of the fiscal year so that users can benefit from these new features.”

GSA to expand to services

Shepherd said GSA plans to expand the catalog platform to services contractors later this year.

“How can we make it easier for suppliers to submit labor categories and rates? As part of this year ahead, we are targeting a limited pilot for services, a minimum viable product (MVP), much like the MVP we have for products today by the end of the fiscal year,” he said. “The initial services MVP will allow us to collect structured data for services. That means labor categories and rates. Once we have that, structured data is really going to be foundational to allow us to feed the CALC-Plus tool. So for contracting officers today, if you work in GSA, you are uploading to CALC-Plus through a fairly manual two-step process. But through FCP, by taking in labor categories and rates, we will be able to feed that data directly into CALC-Plus as one of the use cases.”

GSA has tried to modernize the SIP system at least two other times over the last decade, but fell short of expectations.

Shepherd said GSA took the lessons learned from those failures and applied them to this current effort, including, for possibly the first time, having a dedicated office and employees for the catalog platform modernization initiative.

“One big difference between the legacy SIP program and what we’re doing now is I am here as the director of the catalog management program at GSA. That is no small thing. What that should signal to all of our stakeholders is catalog management matters: Coming up with more efficient, cleaner way to process catalog information and then improving the advantage experience on the front end for our customers,” he said. “It matters enough where we’re going to establish a catalog management office to do that work.”

Long-term modernization effort

The new catalog is part of a broader and long-running effort to modernize GSA Advantage!. GSA consolidated the schedules program from 24 to 1 and has been modernizing its user tools and the back-end systems that both run and feed Advantage!.

Shepherd said GSA will continue to keep industry and agency customers in the loop on its next steps. For example, GSA sends out a survey to contractors who have been using the new catalog after so many months.

“If a user happens to hit a friction point in their journey, they can fill out a survey then and give us that feedback in real time,” he said. “We are also very focused on meeting with users in small groups once they’ve been in the application for a few months, working with them to understand what’s good, what’s bad and where do we need to focus some energy going forward. We’re going to continue to do that throughout this user transition moving into the fall. So far, at least, the survey results are positive. But we recognize, as we scale this, certainly new challenges will emerge and we’re ready for those challenges.”

The post GSA marks key milestone in schedules modernization effort first appeared on Federal News Network.