• Digital transformation at FEMA
• Shifting FEMA to the cloud
• Edge computing for the future
• Employing artificial intelligence
• Industry analysis

The post Ask the CIO: Federal Emergency Management Agency first appeared on Federal News Network.

These are the fourth and fifth awards since Jan. 1 and continues the board’s focus on cybersecurity and application modernization.

“It is our responsibility to protect high-priority systems and enable our federal workforce to deliver on their agency’s mission seamlessly and securely,” said Clare Martorana, federal chief information officer and TMF Board chairwoman in a release. “These TMF investments demonstrate the diversity and reach of the TMF in driving innovation and impact forward for the American public – from strengthening NASA spacecraft control to supporting injured and ill workers through DOL’s Office of Workers’ Compensation Programs.”

Labor’s award from the TMF of $42 million is among the larger investments over the last few years.

Labor’s Office of Workers’ Compensation Programs (OWCP) will use the money to accelerate the replacement of its outdated Integrated Federal Employee Compensation System (iFECS).

Currently iFECS is built on technology from 20 years ago and runs 98 different applications with what it calls “elaborate and archaic workflows,” according to the TMF website. “This adds significant friction to case management which can overwhelm claims examiners, delay processing and interrupt tasks.”

In fiscal 2023, the system provided services to more than 2.5 million workers, with over 200,000 new cases processed.

“This initiative aims to revolutionize services and benefits for injured and ill workers, making processes faster, more efficient, and less prone to cybersecurity, operational, and financial risk,” the release from the TMF Board stated. “TMF has allocated $42 million to support this endeavor and aims to overhaul iFECS by transitioning to a modern, cloud-based architecture and leveraging automation technologies. This shift promises to reduce claim adjudication times, enhance customer interactions and bolster data security, particularly crucial given the sensitive nature of federal employee health records and annual claims.”

Labor’s sixth TMF award since 2018

“IFECS services the entire federal government as the processor of all workers’ compensation claims filed by federal workers,” said Nancy Griswold, the deputy director of OWCP, in the release. “As such, improvements in iFECS that will allow for the faster processing of claims will have an impact not only on the claimants themselves, but also their federal employers, as studies have shown that faster payment of claims results in a faster return to work for many claimants.”

Labor’s first award came in 2018 and the department has won a total of more than $77.3 million from the TMF over the last six years.

NASA’s first award is for $5.8 million that will accelerate cybersecurity and operational upgrades to its network. The board said the money will be used for specific initiatives including automating network management, modernizing legacy infrastructure, standardizing network configurations across all NASA locations and collecting additional telemetry data to align with federal cybersecurity mandates.

“NASA’s IT infrastructure plays a critical role in every aspect of NASA’s mission, from enabling collaboration to controlling spacecraft to processing scientific data. Therefore, protecting and effectively evolving NASA’s information technology infrastructure remains a top agency priority,” said Jeff Seaton, the NASA CIO, in the release. “This TMF funding will help the agency to accelerate critical cybersecurity and operational upgrades two years earlier than originally planned.”

NASA’s inspector general highlighted the space agency’s need for additional attention around cybersecurity in its August report on compliance with the Federal Information Security Modernization Act (FISMA).

Auditors said “NASA’s information security program and practices were not effective” in fiscal 2023. The IG made 27 recommendations across the five functional areas: identify, protect, detect, respond and recover. NASA’s overall maturity came in at 2.48 out of 5 for its maturity across the core FISMA metrics and 2.86 out of 5 across the 2023 supplemental metrics.

TMF board has less money in 2024

Along with the awards to Labor and NASA in calendar year 2024, the board made three investments in January worth $70 million for modernization projects at the Justice Department, the General Services Administration and the Armed Forces Retirement Home.

The board continues to allocate funding from the $1 billion it received in the American Rescue Plan Act in 2021. Since that appropriation, the board said it has used that funding to invest in now 43 projects.

It’s unclear how much of the $1 billion the TMF received from the American Rescue Plan Act remains. President Joe Biden’s fiscal 2025 budget request shows about $790 million left in the TMF that is unobligated for 2024, but that also includes money awarded to agencies, but not yet sent out the door.

But going forward, the board faces less available funding as the Senate in the 2024 appropriations rescinded $100 million from the ARPA windfall.

The post NASA, Labor receive extra funding for IT modernization first appeared on Federal News Network.

Download this exclusive Federal News Network Expert Edition now!

The post Securing the Nation: Deep dive into federal SOCs first appeared on Federal News Network.

The Air Force is out with a new multiple award solicitation to modernize all of its base network infrastructure.

The request for proposals uses the phrase, “enterprise IT-as-a-service” only a handful of times, but for all intent and purposes, this potentially 10-year contract with a $12.5 billion ceiling is considered Wave 2.

The new RFP calls for a group of large and small businesses to “modernize, operate and maintain the network infrastructure on all Department of the Air Force locations, to include Guard and Reserve bases.”

The Air Force is planning to award at least five contracts to 8(a) firms as well as a minimum of three awards to HUBZone companies, women-owned small businesses, service-disabled veteran-owned small business firms and other small businesses not in a socioeconomic program.

“This effort takes lessons learned from the EITaaS risk reduction effort network-as-a-service effort as well as lessons learned from existing base IT infrastructure modernization efforts to modernize the future base area network (BAN) offering at Air Force bases worldwide,” the RFP states. “This effort intends to modernize the Non-Secure Internet Protocol Router (NIPR) and Secure Internet Protocol Router (SIPR) BAN through an as-a-service model utilizing contractor provided networking services.”

The Air Force says its goal through the BIM vehicle is to obtain standardized, innovative and agile IT services, increase integration through a modern streamlined network and to be an investment for future mission sets.

Air Force to reduce data centers

Winston Beauchamp, the deputy chief information officer at the Air Force, said the goal is to award the multiple award contract later this spring with the first set of task orders going out before the end of the fiscal year.

Beauchamp said the Wave 2 EITaaS RFP comes as the Wave 1 effort is picking up steam.

“They started by essentially absorbing the bases that were part of our risk reduction experiment originally, that preceded the acquisition, and they are right now delivering common central services that will be applicable to all bases,” Beauchamp said in an interview with Federal News Network after speaking at the AFCEA NOVA Space IT day. “We’re talking about things like a centralized helpdesk automation so that folks can do certain things on their own, like resetting passwords, and answering tier zero help desk type questions. Then also to come there’s field services. The option for folks to use our contract to put people in the field to support them at the bases of all that for centralized security and help desk services.”

The Air Force is using the base infrastructure modernization contract as a key piece to its centralization strategy. Beauchamp said not every IT service needs to be an enterprise service, but there are a wide variety of opportunities for the Air Force to improve how it delivers technology to its users.

For example, across the 185 Air Force and Space Force bases there are about 1,000 data centers running.

Beauchamp said the CIO’s office is making a big push to move applications to the cloud, where it makes sense.

“We fully expect that more and more applications will be moving into our cloud architecture. That’s called CloudOne today, and that contract is up for renewal. It will be re competed, and it will be calling it CloudOne Next, but the intent is that it will be just the next evolution of the CloudOne program,” he said. “The interface between that and the Joint Warfighting Cloud Capability (JWCC) our intent to leverage that contract to the maximum extent possible by buying cloud services capacity through JWCC, and then managing it under the CloudOne contract. The expectation is that we would continue to acquire cloud through JWCC, where it’s cost effective to do so in bulk and then we would provision it with security services that DevSecOps and the other layers of services that we’ve built up over the years on the under the CloudOne contract.”

Three cloud contracts in the works

The Air Force released its request for information for CloudOne Next in September and just in March, it offered more details on its acquisition strategy.

The Air Force expects to release three solicitations for CloudOne Next in the third quarter of 2024 and make the award in the fourth quarter of this year. It will be three single-award blanket purchase agreements on top of the schedules program run by the General Services Administration.

The three BPAs will focus on:

• Cloud service provider (CSP) reseller and software management
• Architecture and common shared services
• Enterprise application modernization and migration

Beauchamp said the Air Force is evolving from siloes of excellence where every system built its own technology stack to a series of enterprise capabilities where the burden to sustain, modernize and secure is shared.

“We really have is an opportunity to look at the degree to which there may be commonality between those approaches, either in factor or in potential, and where we can either use collective buying strategies to reduce the overall cost collective across the Air Force and collectively across DOD, to get the best possible deal through economies of scale,” he said. “If there’s an architectural approach that perhaps could leverage an existing enterprise service, we want to make sure that we have the ability to see them and to make those recommendations to really free up the time and resources so that those dollars can be applied towards more effective mission capability.”

This approach to IT portfolio management is one of the six lines of effort Air Force CIO Venice Goodwine outlined in her strategy.

Other lines of effort include the acceleration of cloud adoption, the future of cybersecurity, including zero trust, workforce development and training, software management and data and artificial intelligence.

Beauchamp said IT portfolio management, or line of effort 4, is one of the most exciting opportunities for the Air Force. He said IT portfolio management can create leverage across the entire department that can result in both savings and money redirected toward mission needs.

“Overall, I think that each of the sub objectives within line of effort four are going to contribute in some way in that direction. Everything from implementing a capital planning and investment control (CPIC) approach within the Department of Air Force, which we are piloting this year, to improving our monitoring of the user’s experience, which really enables us to target our modernization efforts on those areas where folks are suffering the most will allow us to make better use of the resources that we have for free enterprise IT,” he said. “One of the things we’re going to have to do is really reexamine how we’re implementing CPIC. When I say the pilot, what we’ve done is we’ve selected a major command and a couple of functional areas, where we’re going to put a more rigorous capability in place to really meet not just the letter of the law, but the spirit as well, and apply the data to actually make business decisions. That’s the key. If you if you’re going to go to the trouble of collecting all this data about your programs, you might as well use that data for informing your decision making.”

The post Air Force begins phase 2 of enterprise IT service delivery first appeared on Federal News Network.

Understanding NaaS through the “Three O’s”

NaaS, at its core, revolves around three fundamental principles known as the “Three O’s”: ownership, operation and outcome. It departs from traditional ownership models, involves operational and service elements, and aligns with customers’ business or mission objectives.

• Ownership – In an as-a-service offering the customer is paying for access to something that they do not own. NaaS departs from traditional ownership models and should not be confused with acquiring assets over time like customers would in a conventional leasing model.
• Operation – In an as-a-service offering there is some level of operations or services being done for the customer. NaaS offerings involve a spectrum of operational and service elements, such as platform management, infrastructure oversight and network optimization.
• Outcome – In an as-a-service offering, the model is aligned in some way to the customer’s business or mission outcomes. The essence of NaaS lies in its alignment with customers’ mission or business objectives. It delivers results, whether through service level agreements, consumption tracking, or other metrics tied to achieving critical goals.

NaaS applies these “Three O’s” to a delivery model for network functionality. Based on this philosophy, it delivers an outcome to customers so that they don’t own the burden of building and managing their own networks, mirroring what cloud service providers accomplished with cloud-based data centers. NaaS also goes beyond what legacy network managed services providers (MSPs) did in the past with focusing primarily on operation & management services (O&M).

The promises: Reducing technical debt, accelerating modernization, and simplifying lifecycle management

For many agencies, NaaS can be a solution to pressing issues, such as reducing technical debt, accelerating modernization, and simplifying lifecycle management. Yet, while it holds substantial promise for addressing federal government challenges, several concerns can hinder its adoption.

Technical debt refers to the backlog of outdated technology and infrastructure. NaaS offers an effective solution to address this challenge by providing a predictable, all-inclusive operational expenditure (OPEX) cost model. This model can help remediate technical debt more quickly while alleviating budget constraints, a significant contributor to the accumulation of technical debt across the federal government.

When it comes to government modernization efforts, the primary focus often centers on upgrading networking hardware, software and licensing. However, the modernization of network configurations, designs and architectures tends to receive less attention. NaaS presents a unique solution that encompasses both aspects. It can be used to optimize and modernize network designs and architectures with the guidance of industry experts. This inherent capability within NaaS offerings allows federal customers to stay at the forefront of technology adoption.

NaaS offerings also help to offload the burden of lifecycle management from the customer to the NaaS provider, while providing better asset visibility and shorter refresh cycles so you have the newest technologies without the need to worry about aging assets.

The challenges: Ownership of hardware and maintaining control of mission-critical networks

For all its many promises, NaaS does have some important challenges it must overcome to be appropriate for all federal networks, especially those that are highly sensitive.

NaaS operates on the premise that customers pay for hardware use rather than ownership. This poses questions about how federal customers handle scenarios like “termination for convenience” clauses in federal contracts, especially when that hardware is essential for critical missions and cannot be removed from its environment.

Due to the sensitive nature of federal networks, a full-scale NaaS offering may be overkill. In mission-critical scenarios, agencies and departments still need to retain control over the operation and management of these networks. The comprehensive operation and management services typically associated with NaaS may not align with the specific requirements of certain environments.

Enter Hardware-as-a-Subscription (HWaaS)

HWaaS focuses on the core NaaS capabilities that resonate most with federal customers while addressing the terms and conditions necessary for federal contracts and resolving concerns related to hardware ownership.

HWaaS operates on an all-inclusive operational expenditure (OPEX) pricing model, covering critical components such as networking hardware, software, licensing, installation services (Day 0), modernized deployment services (Day 1) and asset management services. Notably, HWaaS does not encompass managed services (operations and maintenance), allowing federal customers to retain control over their operational and sustainment activities while benefiting from other vital NaaS features.

Additionally, HWaaS offers comprehensive network assessments, design and optimization services to ensure that your network architecture remains up-to-date and modernized. Knowledge transfer and training services are also provided to facilitate a seamless handover to your operational teams.

The advantage of HWaaS for federal government

The HWaaS offering is built in a way that incentivizes the NaaS provider to implement the offering as quickly as possible, in coordination with an agency’s network operation teams, ensuring a swift and efficient deployment across the entire enterprise.

HWaaS can offer significant value and benefits to federal customers, including:

• Faster tech debt reduction: HWaaS offers a single subscription-based consumption model that consolidates hardware, software, licensing, and Day 0 and Day 1 services into a predictable annual cost, allowing for the quicker elimination of technical debt.
• Flexible modernization options: Based on your specific needs and requirements, HWaaS offers modernization options for areas like wireless, software-defined networking (SDN), automation and security including solutions like comply-to-connect.
• Optimized and modernized architecture: The offering focuses on optimizing architecture to eliminate oversized hardware footprints and facilitates the rapid adoption of new technologies.
• Simplified lifecycle management and asset management: HWaaS includes a contractor-managed lifecycle management program with a predictable and reliable technology refresh cycle every five years. It also provides enhanced visibility into asset deployment on your network.

Overall, HWaaS represents a significant step for federal agencies on their journey towards aligning network consumption models and outcomes with the seamless experiences delivered by similar as-a-service offerings, like cloud services. The strategic decision-making process between NaaS and HWaaS allows federal IT leaders to tailor their approach to IT modernization, ensuring efficiency, flexibility and continuous advancements in government enterprise networks.

Wade Lehrschall is principal strategic architect at Iron Bow Technologies.

The post Navigating federal IT modernization: choosing between NaaS and HWaaS first appeared on Federal News Network.

VA officials say they’re building on lessons learned from a rocky rollout of the new Oracle-Cerner EHR that started in October 2020.

Since its first new EHR go-live, VA’s inspector general office has documented instances of the new system contributing to patient harm. The watchdog, in a report released last week, also linked problems with the new EHR to the 2022 death of a veteran in Columbus, Ohio.

Under Secretary for Health Shereef Elnahal told reporters at a press conference on Tuesday that VA’s rollout of the new EHR at Capt. James A. Lovell Federal Health Care Center (Lovell FHCC) in North Chicago has been “the most successful deployment we’ve had.”

“We’re going to watch this closely, and we’re going to be on top of it, not just in the next few weeks, but in the coming months, when we start to roll back the direct support and get to normal operations at Lovell,” Elnahal said. “We’ll be watching closely about what these trends are. We’ll be very transparent when problems arise, and we’ll jump on any issue to fix it.”

The VA remains in a “reset” period and won’t schedule any additional go-lives until sites already using the new EHR return to pre-rollout productivity levels.

Elnahal said the five other VA sites using the Oracle-Cerner EHR are “getting closer and closer” to predeployment productivity levels.

“We’re seeing tickets filed when problems are noticed, with quick action. And we’re seeing patient safety incident tickets filed when problems arise,” he said.

VA Secretary Denis McDonough said the department is closely monitoring the performance of sites using the new EHR to “make sure that everything is in good standing.”

“There’s a reason we’re in reset. And these are hard-learned lessons. We’re going to stay in reset until we are confident that we are making the system work in a way that improves veteran outcomes and improves the provider experience in those five sites before we go live any farther,” McDonough said.

VA’s fiscal 2025 budget request seeks $894 million for the VA’s ongoing rollout of a new Electronic Health Record from Oracle-Cerner. For context, the department received a $1.3 billion EHR budget from Congress this year — $529 million less than what the department requested.

The 2025 budget request doesn’t include any funding for additional deployments. The funding would go toward contract payments to Oracle-Cerner, and infrastructure support for VA sites already using the new EHR.

VA officials, however, say the request funding levels are not indicative that a pause of EHR go-lives will continue through 2025.

“We’re not looking to jumpstart and do any fast movements here,” McDonough said. “I think you see that in our budget request. We’re very eyes-wide-open. We’re trying to make sure that we are rolling forward, consistent with what the experience of our providers and of our veterans at those five important go-live sites tells us.”

A successful EHR rollout at the Lovell FHCC would give the VA an opportunity to move on from problems that have hampered the multi-billion dollar project for years.

As a reminder of those persistent challenges, VA OIG released three reports on March 21, highlighting several problems VA facilities have experienced with the new EHR.

VA OIG, in one report, found a scheduling error with the Oracle-Cerner EHR and “inadequate mental health care” at the VA Central Ohio Health Care System contributed to a veteran’s death.

The IG office found a veteran in his 20’s, flagged as a high-risk for suicide, died from an accidental inhalant overdose about seven weeks after he missed an appointment at the VA Central Ohio Healthcare System in Columbus, Ohio.

The IG office confirmed that a system error in the Oracle-Cerner EHR led to VA staff not following up with the veteran 14 days after he missed a VA mental health appointment.

The OIG found that when the patient missed his appointment, although it was updated to no-show status, the EHR didn’t prompt schedulers to follow up with required rescheduling efforts.

“The OIG concluded that the lack of contact efforts may have contributed to the patient’s disengagement from mental health treatment and ultimately the patient’s substance use relapse and death,” the report states.

The veteran had received mental health treatment from the VA since spring 2018. According to the IG report, the department flagged the veteran as a high-risk for suicide, after a suicide attempt in spring 2019.

Elnahal told reporters on Tuesday that the Columbus VA Medical Center has done a “deep dive” into the IG office’s findings, conducted a root cause analysis, “and have made already significant changes to our processes as we interface with the new Electronic Health Record to prevent this from ever happening again.”

“Every single time this happens, we have to learn from it,” Elnahal said.

It’s not the first death linked to the new EHR. Members of the Senate VA Committee said at a March 2023 hearing they were briefed on “six catastrophic events” related to the Oracle-Cerner EHR, four of which resulted in patient deaths.

VA Press Secretary Terrence Hayes said in a statement that when VA became aware of this veteran’s death, “VA began taking action to reduce the risk of tragedies like this from happening in the future.”

“We have fixed the technical issue and the EHRM system now provides appropriate follow-up reminders to VA staff, and VA is further evaluating and standardizing its current policies and procedures for scheduling mental health appointments,” Hayes said.

“There is nothing more important to VA than providing high-quality mental health care to veterans — especially veterans in crisis — and we are deeply saddened by the loss of any veteran who dies by suicide,” he added. “Patient safety concerns are of the utmost importance to VA, and we fully concur with the OIG’s recommendations.”

VA OIG  found, in a second report, that the new EHR impacted medication and allergy safety checks for veterans who receive care from more than one VA facility.

The VA watchdog released its full report on March 21, but testified before members of the  House VA Committee on its findings in a hearing last month.

VA OIG found the department couldn’t automatically check for drug interactions or allergies when patients at VA facilities using the new Oracle-Cerner EHR later sought treatment at another VA site using its legacy EHR system.

Deputy VA IG David Case told lawmakers that about 250,000 veterans since September 2023 have received medication orders or medication allergies documented in the new Oracle-Cerner EHR.

Hayes said in a statement that “to date, there has been no patient harm identified due to this issue.”

“This issue has been fixed for all new medications prescribed since April 2023, and all historical medications will be corrected by the end of August 2024,” Hayes said. “Many medications have already been updated, and our VA providers are conducting manual interaction checks as needed to ensure patient safety until the issue has been fully resolved.”

Hayes added that, “out of an abundance of caution,” the VA is communicating with VA patients at the affected facilities to encourage them to bring their medications, or medication lists, to all in-person and virtual appointments.

VA, he said, encourages veterans to alert their providers if they visit more than one VA facility, have received care through a non-VA facility, or if they have a specific drug allergy.

“These steps are to support quality care so that VA providers can conduct manual order checks as needed,” Hayes said.

VA OIG, in a third report, warned that scheduling system challenges at VA facilities using the new EHR may be exacerbated at larger, more complex medical centers.

VA OIG states the new EHR provides one scheduling system for patients, providers, and schedulers, and was expected to increase scheduler efficiency and reduce scheduling errors.

While some VA clinicians told VA OIG that scheduling appointments in the new EHR is more user-friendly,  the report found schedulers at the three VA medical facilities that have been using the new EHR the longest billed for more than 13,000 hours of overtime last year.

“Although other reports and this memorandum call attention to the problems experienced during the transition to the EHR scheduling system, VHA staff anticipate that positive outcomes are still achievable if facilities take the time to learn from previous deployments, applying lessons learned to either alleviate challenges or better manage them, thereby decreasing the impact to staff and patients,” the report states.

Hayes said in a statement that VA is developing a standard process, outlining the steps VA staff should take to carry out and improve scheduling efforts.

“VA is committed to addressing all issues with the federal EHR system, including scheduling-related functions. Veterans remain the center of everything we do. They deserve high-quality health care that is safe, timely, veteran-centric, equitable, evidence-based and efficient,” he said.

The post Recent VA EHR rollout ‘most successful’ so far, but IG outlines recent problems first appeared on Federal News Network.

Up until about a year and a half ago, the 16,000 employees who make up the Office of the Secretary of Defense were the biggest technology user base in the Defense Department that didn’t much resemble an IT enterprise. Collectively, the organization is bigger than the Space Force and many large DoD agencies, but from an IT perspective, the nearly two dozen entities that comprise OSD were largely left to their own devices — figuratively and literally.

But an enormous amount has changed since October 2022, when DoD created a new CIO position to unify 17 OSD staff assistant offices and four agencies into a coherent IT management structure. Most recently — just this month — everyone involved signed a memorandum of agreement to make clear all assigned roles and responsibilities.

“Over the past 10 to 15 years of IT efficiency and consolidation drills, there was a lot of movement of money and resources, but nothing was written down,” Danielle Metz, OSD CIO said during Federal News Network’s DoD Cloud Exchange 2024.

“Since we weren’t really united and no one viewed themselves as part of a collective, everyone had different expectations, different thoughts. And because we didn’t have a memorandum of agreement that articulated the common services that were going to be delivered by the service provider — and the price points and metrics associated with that — there wasn’t an understanding of whether what was being delivered was considered good, what was considered not so good and how to correct that. All of that needed to be sorted through. And so just getting that baseline is what we’ve endeavored on in the past 18 months.”

The service provider is the Defense Information Systems Agency, which has been delivering IT services to tenants inside the Pentagon and the National Capital Region through its joint service provider since 2015, when DoD ordered an earlier consolidation of its IT service providers.

Buying, managing IT services at an enterprise level

But until recently, each OSD organization has been on its own when it comes to ordering and implementing those services, depending on their needs, and figuring out for themselves how to use them.

“We’re now acting as an enterprise instead of individual fiefdoms, and that it works two ways,” Metz said. “One is that we have collective buying power, but we also are able to advocate for the resources that we all need and not just the piece parts by those who were able to navigate the Planning, Programming, Budgeting and Execution process on their own, which is what was happening. There were a lot of organizations that were struggling, and the whole point of a CIO is to democratize access so that we don’t have winners and losers.”

In its initial stages, beyond creating usage, spending and user experience baselines, Metz’s new office — part of the Pentagon’s Directorate of Administration and Management — has had some early wins in deploying common services to the parts of the DoD “fourth estate” that fall within the new OSD enterprise portfolio.

For unclassified email and collaboration services, all 21 of the organizations have now moved to DoD 365, the Pentagon’s cloud-based implementation of Microsoft 365. As of this month, all but one of those organizations has also migrated to their secret-level systems to the new classified version of DoD 365, eliminating the need for a hodgepodge of aging information sharing tools at Impact Level 6.

Migrating those systems to a single cloud environment also helps mitigate the network fragmentation DoD organizations have been creating for the last several decades.

“It doesn’t make those fragmentation issues irrelevant, but it helps us prioritize the fact that we do need to do some network simplification, both on our unclassified and classified networks. That’s what DISA has been leading with what they call DoDNet,” Metz said. “We’re working with DISA to accelerate their plans to have that in the Pentagon, so that you don’t have like a Pentagon local area network that’s kind of sandwiched in between all these other various networks, whether it’s classified or unclassified. We really do need to streamline and simplify the network because we have a lot of network outages. We have performance issues.”

Moving toward a single budget for OSD IT

Another major objective: figuring out how to create a unified IT budget for nearly two dozen organizations with widely varying missions, expertise and needs.

Metz said the most sensible way to provide for each organization would be to create a single working capital fund for the entire enterprise’s IT expenditures, rather than forcing each of them to plan their technology budgets via DoD’s arduous and rigid PPBE process.

“In that model, you’re using your crystal ball to assess what is the technology that we need to be able to implement, and then you have to get a lot of details to be able to come up with a funding profile over five years — but you’re doing it two years out, and you’re going to be wrong. And even if you have it programmed, if you’re operating under a continuing resolution, you don’t have access to those dollars. It really slows your ability to drive the important changes that need to take place. In a working capital fund or fee-for-service model, you’re able to make those capital investments and technology insertions a lot more gracefully instead of having to do big bang approaches — which we know in technology never ever works.”

Discover more articles and videos now on Federal News Network’s DoD Cloud Exchange event page.

The post DoD Cloud Exchange 2024: OSD’s Danielle Metz on moving from ‘fiefdoms’ to coherent IT enterprise first appeared on Federal News Network.

An employee at the Federal Acquisition Service in the General Services Administration suggested using modern technology like 3D scanners to improve the maps of federal buildings to benefit emergency responders and others.

And two federal employees at the departments of Veterans Affairs and Commerce’s Census Bureau submitted an idea to translate ethical artificial intelligence principles into technical steps by developing processes to assess AI at every level, from inception to development, production and continuous performance evaluation.

These are just three of the 16 ideas from 10 agencies that GSA’s 10x program is considering for possible funding in 2024.

“Our fiscal 2024 investment priorities centered on ideas for reimagining public engagement and promoting equity in delivery. We also emphasized ‘Moonshot’ ideas: the biggest, boldest and most ambitious ideas to transform digital public services,” GSA wrote about 10x in a new blog post. “This round, ideas for artificial intelligence projects emerged as a standout category. Nearly one fifth of all the submissions we received were related to AI.”

GSA launched the 10x program in 2015, and it is now part of the Technology Transformation Service, as a venture studio where they ask federal employees to send ideas and then makes small investments with the goal of improving federal digital experiences.

GSA 10x to begin analysis

For the 2024 funding opportunity, 10x received almost 200 ideas from more than a dozen agencies. Along with AI, other topics included accessibility technology, public-to-agency communications and improving data sharing.

10x now will move these 16 projects into phase one of the program where cross-functional teams of technologists will try to answer the simple question, “Is there a there there?”

“They investigate the problem, get a sense of how and if this idea could impact the public, and explore whether a technology solution is possible,” GSA wrote. “We use the phase one findings to guide our investment decisions as we decide whether or not to move a project into subsequent phases.”

In a phase two, the 10x team analyzes the idea to decide if it’s ultimately a technology problem or not. If it’s more of a people, policy or funding challenge, 10x will not invest more resources in developing a product or service.

In phase three, the 10x team makes sure the solution integrates with the agency partner’s existing priorities and technology capabilities. The team is reviewing workflow processes and how the agency can continue to sustain and support the technology. Most 10x projects end after Phase 3, when the product is handed off to its agency product owner.

Then in phase four, 10x and the agency sponsor look to scale the technology to support different use cases across agencies and programs that drive the biggest impact with an ultimate goal of transforming digital services for the public.

10x says most ideas never make it to phase 2. For instance in 2022, of the 25 ideas that made it to phase one, only seven received funding for phase two. Additionally, 10x says fewer ideas actually make it to phase three and four where the team scales the solution to the public.

The notify.gov project is an example of a 10x funded program that made it to phase four.

Another example is the site scanning platform that offers real-time intelligence to help agencies improve website performance and compliance with government mandates by providing web managers with a customizable, automated scanning service.

The post GSA’s 10x to take deeper look at 16 ideas submitted by feds first appeared on Federal News Network.

Military and civilian agencies have long struggled to make the jump to cloud computing. Deciding on the right cloud approach and strategy that best aligns with their mission needs for today and tomorrow is no easy task. But more important, agencies continue to struggle with modernization efforts amid concerns about potential security gaps and vulnerabilities the cloud introduces. 

“It’s a tricky balance. The reason why it’s tricky is because organizations rely on various IT and security architecture applications and legacy systems implemented for their specific mission support. Another challenge is that many agencies struggle with having so many tools, having an influx of data coming in from various logs across all these disparate legacy systems  — and they don’t integrate well. They don’t talk to one another,” said LaLisha Hurt,  public sector industry advisor at Splunk.

Cloud security concerns persist for most federal agencies for a reason, Hurt said during Federal News Network’s DoD Cloud Exchange 2024.

In its 2023 CISO Report, for example, Splunk found that chief information security officers identified that cloud applications and infrastructure have the biggest security coverage gaps across industries, with cloud impacting business services, healthcare and technology at 71%, 64% and 64% respectively. Cloud security impacts manufacturing at 64%. 

To address that problem within DoD, the Pentagon awarded the multibillion-dollar Joint Warfighting Cloud Capability contract to establish a common and secure cloud infrastructure. Last year, Chief Information Officer John Sherman instructed the military services to prioritize JWCC for their cloud modernization efforts. So far, less than 2% of the $9 billion contract has been utilized as concerns around security linger. 

Transferring to cloud, however, is essential to modernization efforts. Hurt noted that, in the end, it all goes back to the mission. 

The California statewide automated welfare system, for instance, needed to ensure it delivered benefits for Californians in a highly secure and uninterrupted manner. The agency was able to replace three disparate legacy systems with one single cloud-based platform, which saved over $30 million in taxpayer dollars.

“While they also improved productivity and reduced risks, that’s really the mission that this particular entity was trying to solve for” — safe, consistent access to benefits,” Hurt said. “And I think it’s similar for other agencies. They have their mission, and they’re looking for help to deliver on that.” 

No transformation happens without collaboration

Cloud transformation starts with a strategy and gaining the support of various stakeholders to deliver on the strategy.

“I know that sounds simple, but people want to jump to the capabilities or technologies. But what’s that strategy that you’re trying to align to? And do you have buy-in from not only your leadership but the people that are going to be implementing it — your employees — which I think is equally important,” Hurt said.

Determining the model will depend on each agency or organization’s unique mission needs and ensuring that the model can be scalable and increase as the demands grow. 

“So many customers are going cloud only. Some remain on-prem for unique mission needs. And then there are others that actually operate in a hybrid environment,” Hurt said. “And I don’t think there’s a right or wrong approach, as long as it serves your business needs. And also, as long as it allows you to scale in the future. That’s important.”

She continued: “The other thing I would say is to take a risk-based approach and ensure you have a strong inventory of assets, systems and classification prior to the migration. You might find that everything does not necessarily need to go to the cloud.”

Splunk spends the most time with customers conducting business value assessments to understand the pros and cons of moving to the cloud versus staying on premise, Hurt said.

“It goes back to the mission. What are the things that are mission-critical to your agency? What are the things that you care about most? And where do you want to house them? And what levels of security do you want to put around them? That will dictate whether you keep things on prem versus move to cloud,” she said. “Where are you trying to gain and obtain more efficiencies?”

It’s also important to expand participation in these conversations and bring in “not only your cyber teams but your infrastructure teams, your chief technology officer, your chief information officer,” Hurt said. “It’s really a cross-functional effort that should be considered when you’re building that cloud strategy.”

Discover more articles and videos now on Federal News Network’s DoD Cloud Exchange event page.

The post DoD Cloud Exchange 2024: Splunk’s LaLisha Hurt on achieving digital resilience first appeared on Federal News Network.

The U.S. Transportation Command isn’t new to cloud services. The command has put workloads and applications in off-premise compute and store instances since 2016.

Despite its time and experience using cloud, USTRANSCOM continues to take a measured approach in how it expands the use of these capabilities.

Michael Howard, engineering and digital transformation division chief at USTRANSCOM, said about 60% of the command’s working capital fund programs are currently in the cloud, mostly though an infrastructure as a service approach.

Over the coming next few years, the goal is to combine process with technology to become a more agile organization, Howard said during Federal News Network’s DoD Cloud Exchange.

An important step in that direction is an upcoming update to the agency’s memo guiding IT modernization .

“The memo helps us set the tone for all of our IT efforts. It really shows the strategic level importance of modernization in an organization like USTRANSCOM that really needs to strive at being at the leading edge of the transportation industry,” Howard said. “We’re not only shifting our software development processes to be more agile, but at an organizational level, we’re also shifting to be more agile-minded. The modernization memo really projects some goals over the next 12 to 18 months.”

Improving USTRANSCOM’s IT management

USTRANSCOM also wants to further expand its DevSecOps platform and end the use of the waterfall development methodology, he said. It also wants to create a continuous authorization to operate process that is coupled with the agency’s software architecture and containerized microservices.

“We really will finally get after what we know today is as the way things communicate through ports and protocols, and really adopting application programming interface-based communication,” Howard said. “The key ingredient to it is something we added this year when the chief financial officer joined the chief information officer as a signature authority. We’re synergized from a business perspective, and we want to be cost-informed as we strategically move through this memo, certainly over the next 12 to 18 months.”

With the CFO actively involved with technology planning and implementation, Howard said command leaders can better answer questions about the cost to develop and sustain IT programs as well as the prioritization of these initiatives.

“To quote our CFO, she says, ‘One of my biggest problems is managing our IT portfolio.’ It’s the same problem, I think, across the entire DoD. The fortunate thing for USTRANSCOM is we are a working capital fund, whereas the appropriated combatant commands have to demonstrate a lot more scrutiny. We have some flexibility, but we also know that flexibility needs to have some responsibility,” he said. “Our memo before missed an opportunity where we could be more cost-informed. The other thing that does is it now provides some audit capability of that cost, schedule and performance — and then helps us be good stewards of taxpayer dollars as we maneuver through the cloud.”

New USTRANSCOM cloud initiative

A new initiative called USTRANSCOM Anywhere illustrates this more integrated approach to cloud.

The command wants to use Microsoft Azure for cloud hosting to gain some of the capabilities that come with the disconnected Microsoft Azure stack hosted on premise today. Through the Azure stack, USTRANSCOM would deploy capabilities as microservices so the right person could access data at the right time from anywhere through the unclassified network, Howard said.

“What we realized is that once we achieve a platform as a service capability of microsegmented, data-containerized applications, the next thing would be is how can that microsegmented data exist in a denied, degraded, intermittent or limited — DDIL — environment,” he said. “USTRANSCOM Anywhere has a focus to utilize our current [unclassified network] that we provide today and to segment that capability in a continuous integration, continuous delivery fashion.”

The agency will roll out USTRANSCOM Anywhere in a three-phased approach over the next three years.

Howard said this first year is focused on creating the “landing zone” to determine what services users will need most in the environment.

“That culminates with a beta test. Today, I think we looked at about 25 uses. That might increase as we learn more about the environment. It also culminates with 70 of 91 zero trust target-level activities,” he said. “Phase 2 looks like a deployment phase. We will look at the migration of on-premise services that we provide today and house them in the Azure cloud capability. Then, Phase 3 looks like the test and use cases in the disconnected state. We will look to the Azure stack capability to provide some of the microsegmented data in certain parts geographically to try to get it to as close as to what we would provide the warfighter tomorrow.”

Scalability, reliability of cloud services

Howard acknowledged this would be a major culture shift from how USTRANSCOM operates today and has for decades.

As part of the USTRANSCOM Anywhere initiative, the agency expects to introduce a virtual desktop infrastructure and a disconnected capability through the cloud.

“First and foremost, I suppose it’s an understanding of how this will work for global logistics. We wouldn’t want to rush to that,” Howard said. “Secondly, I would say that in the first year, this is really a proof of concept. We, again, with our CFO, are in line to prove out in that first year that this is really something that we want to do, instead of saying, ‘Yeah, we’re all in, and we have no points of return.’ The phasing really helps us get to some decision points to ensure that this is exactly how we want to proceed forward.”

Through all of these updated memos, new procedures and technology pilots, Howard said one of the most important goals is to improve how the command takes advantage of the scalability and reliability of cloud services to improve logistics, especially in a contested environment.

Getting warfighters the data necessary to make better and faster decisions is the most important metric underlying these efforts, he said.

“What’s nice is, today, with our modernization memo, we’re able to somewhat forecast what the probability is of cost, schedule and performance for an application to migrate, whether lift-and-shift or migrate through a DevSecOps platform. What’s nice about that is we are tied in with our enterprise IT portfolio mission area manager or our chief operating officer that’s listed on our modernization memo. And we give quarterly updates. Those quarterly updates actually go into an update to our CEO,” Howard said.

“We’re describing the benefits of a fully modernized platform as a service, where you have microsegmented containerized applications that exist for business function, have immutable code and are really, for lack of better words, defendable. The end state is truly that capability to be business-focused. It’s not that you do zero trust. It’s how you use it, and this is the same thing: It’s not that we’re doing the cloud. It’s how we’re using it.”

Discover more articles and videos now on Federal News Network’s DoD Cloud Exchange event page.

The post DoD Cloud Exchange 2024: USTRANSCOM’s Michael Howard on becoming a more agile-minded organization first appeared on Federal News Network.

After a months-long hiring freeze, the Social Security Administration is once again facing even further declining staffing numbers.

But with agency spending now determined for the rest of fiscal 2024, and hiring now unfrozen, SSA Commissioner Martin O’Malley is readying the agency’s plans to rebuild its workforce as quickly and efficiently as possible.

Currently, SSA is at its lowest staffing levels in 27 years, while serving more customers than ever before, O’Malley told lawmakers on the House Ways and Means Committee during a hearing last week. As a result, customer service has worsened — there are longer wait times on phone lines, and longer delays in receiving decisions on disability applications and appeals.

The perfect storm of challenges, largely due to years of continuing resolutions and hiring freezes, is leading to overworked employees who often leave their jobs within just a year or two, O’Malley said during the joint hearing of the Social Security and Work and Welfare subcommittees.

“We need to do better by them,” O’Malley said. “They’re overwhelmed, stressed out — but still, every day, they’re trying to make it work.”

In the 2024 spending agreement Congress reached last week, SSA received $14.2 billion for its administrative expenses. It’s a slight increase over SSA’s enacted budget of $14.1 billion for 2023.

“It’s a lot better than a cut — and I know cuts were on the table,” O’Malley said.

Spending proposal for 2025

A couple years back, SSA was successful in boosting its staffing numbers — at least for a short time. But the agency quickly faced attrition, particularly in teleservice centers and state disability determination services (DDS), as a result of overworked, overwhelmed employees who didn’t receive enough training to do their jobs effectively.

Although SSA’s latest hiring freeze has ended, there have already been net staffing losses as a result of a months-long string of continuing resolutions — landing the agency once again at the lower staffing levels it had a year ago.

“Unfortunately, we expect that backlogs and wait times will grow in 2024 due to the hiring freeze and minimal overtime,” SSA said in its 2025 budget request justification document. “While we expect to process more cases this year, we will have significantly less staff at the end of the year than at the beginning.”

O’Malley called the declining staffing numbers a “severe setback.”

Right now, SSA employees “are understaffed, and they are overwhelmed,” O’Malley said. “Not surprisingly, when somebody’s been on hold for an hour, they come off that call hot. We right now have an attrition rate of about 24% in our teleservice centers.”

Much more is necessary for the agency to improve staffing, and by extension customer service, for years to come, O’Malley said. The Biden administration is requesting $15.4 billion for the Social Security Administration’s 2025 budget.

The goal is to bring the agency back above the end-of-year staffing levels from 2023 — aiming to reach nearly 60,000 employees, and at the same time, begin to process more cases.

The request would invest in more SSA staffing across the board — with a proposed $269 million for field offices, $85 million for processing centers, $89 million for hearing centers, $79 million for teleservice centers and $2.8 billion for DDS.

More plans to rebuild staffing

To try to make the proposed investments worthwhile, O’Malley is outlining a specific, targeted hiring plan for the agency, aiming to improve not only hiring, but also retention of employees.

“We need to change our strategy as an agency,” O’Malley told lawmakers. “I think we target too much on college graduates and not enough on high school and community college graduates. And with proper training, that could really be an investment that holds for a long time.”

After the Senate confirmed O’Malley as commissioner in December, he spent his first few months on the job visiting Social Security Administration offices across the country to learn about the challenges staff face on the job and to look for possible solutions.

As the agency looks to rebuild, taking into consideration conversations with staff, O’Malley detailed plans for how the agency will hire for the long-term, aiming to avoid attrition and mitigate high turnover rates SSA has historically experienced.

Over the next year, SSA is planning to focus in part on veterans hiring, training and retention, while also partnering with universities and institutions that work with underserved communities. SSA is also requesting funding to hire 1,500 interns in 2025.

“We are increasing the use of social media platforms to recruit students, recent graduates and direct hire applicants and attract top talent from anywhere in the country,” SSA said.

Concerns remain in Congress

Still, some lawmakers, including subcommittee Chairman Drew Ferguson (R-Ga.), called on O’Malley to target improvements for the Social Security Administration in the immediate short-term.

“My free advice is to get the existing workload under control — get it back on track before we go dumping more cases into it,” Ferguson said during last week’s hearing.

A few other lawmakers also pointed to the importance of IT modernization as a way to ultimately improve workforce performance and morale.

“We improve people’s work experience by investing in these technologies to make their job satisfaction go up,” Rep. Blake Moore (R-Utah) said. “You get better productivity out of them, and we’ll see better hiring come from this type of stuff.”

Even so, O’Malley said, currently 90% of SSA’s IT budget goes toward simply maintaining outdated, legacy systems — and not toward actually modernizing SSA.

“Think, if you will, about the city of Jerusalem being built up over years, except this is cobalt and green screens,” O’Malley said during the hearing. “Only 10% of [the budget] goes to modernization.”

The budget request for 2025 includes $1.7 billion to invest in IT modernization. The funding will in part go toward efforts to expand online services and provide SSA employees with more user-friendly systems and tools to perform their work.

The Social Security Administration has the next 90 days to provide a report to congressional appropriations committee members with details on full-time employees, new hires in each agency component and retention rates of staff.

The post O’Malley outlines plans to rebuild Social Security Administration workforce first appeared on Federal News Network.

Rank Korie Seville among the Defense Department’s go-to guys for cloud computing smarts.

Seville’s title at the Defense Information Systems Agency might sound a bit cryptic: deputy chief technology officer for compute and senior technical adviser for J9 hosting and compute. But he’s clear about his two-hatted role helping Defense Department agencies succeed in their cloud deployments.

At the J9 — Joint Operations and Plans Directorate — level, “I basically act as an integration point between DISA’s hosting and compute directorate and the rest of the agency from a cloud computing perspective,” Seville said during Federal News Network’s DoD Cloud Exchange 2024.  “At the external level, I basically work with other agencies’ CTO- level engineers and leaders within different agencies to advise them on their cloud portfolios, their migration strategies and their overall hosting and compute strategies.”

Seville said that cloud computing, as agencies move from simply hosting applications to reworking them into microservices, has enhanced DoD’s capability to distribute workloads and create greater resiliency. The evolution also improves computing outside the continental United States (OCONUS), a critical DISA and DoD challenge  generally.

Defense users gain “the capability to expand and get better services, no matter where they are across the world,” he said.

Tapping cloud effectively OCONUS

Asked about DISA’s signature cloud computing contracts, known collectively as the Joint Warfighting Cloud Capability, Seville said the program supports OCONUS needs by easing the buying process for cloud. JWCC “is just an acquisition vehicle,” he said. “It’s a way to purchase cloud, but it doesn’t necessarily by itself solve the OCONUS problem.”

Contractors on JWCC, though, do provide a variety of tactical edge platforms, ranging from modular data centers to backpack-sized computing units.

It’s in how teams want to use the cloud and transform how they deliver the mission that’s an intense focus for DISA and Seville. For instance, what if say two deployed teams focused on the same area of responsibility want to be able to collaborate, he said. How would that happen? How could it be done as an operational expense “instead of having to put a large capital investment in to utilize these cloud capabilities?” Seville said

One answer is Stratus, a government-owned cloud product DISA has deployed in Hawaii, he said. A second option is DISA’s joint operational edge product that uses public clouds. Seville said DISA partners with the DoD chief information officer “to push public cloud capabilities to the OCONUS user community.” A new instance of that capability is under development for Japan and a couple of other locations.

Basically, it consists of one of the commercial cloud services providers, in this case Amazon, providing its hardware housed in DISA secure facilities and operated by government employees. Seville said DISA plans to add the other JWCC suppliers “to be able to get their enterprise-grade deployable solutions, put them in our facilities and have them there for consumption.”

Seville said his group partners closely with DISA’s program executive office for transport, which manages the network connections needed for computing nodes to communicate with one another.

“Their technical director and myself stay very connected. We basically sit together and share roadmaps,” he said, adding that sometimes “my roadmap is going this way, your roadmap is going that way.”

When that happens, the two offices work out “where can we meet and take advantage of some of the resiliency that each of us is building in to make our products operate better together,” Seville said. But they leave the choice of specific transport options to the users, he said.

Providing new DISA common services for the cloud

Another DISA cloud project now under development, and dubbed Olympus, focuses on common services that surround cloud workloads.

“These are things like name resolution, Domain Name System capabilities, certificates, network time — all of these things that are often overlooked in application deployment,” Seville said. “but they’re crucial to getting an application off the ground.”

Olympus will provide these services as needed. Two minimally viable products created so far for Olympus focus on core competencies:

• Network connectivity and boundary protection
• A basic suite of common services

The addition of common services elements will result in what Seville called a managed platform, “where the customers can just come in and drop their apps, and we remove the burden, or share the burden, of bringing all of those common services up and operational.”

The basic goal is to help DISA’s customers access meet cloud needs quickly by “really lowering the barrier for entry for getting started in cloud.” He pointed out that the Air Force’s Cloud One and the Navy’s Flank Speed programs provide similar services. But because those service-driven projects are focused on their respective organizations, “we designed Olympus to catch the customers that may have fallen through the cracks,” Seville said.

DISA hosts the pilot version of Olympus in the Microsoft Azure cloud. Seville stressed that the Hosting and Compute Center (HAC) takes an iterative approach informed by customer feedback when crafting products, Olympus included.

“When we develop any of our capabilities, we really try to get away from that five-year plan, 10-year plan, where we know exactly where we’re going to go and nothing can force us to deviate,” he said, and added, “The most important thing to us is our customers, the warfighters. They know their missions better than we do. For us to prescribe where we’re going to go doesn’t make sense if our goal is to support the warfighter.”

Ensuring ‘optionality’ in all DISA cloud offerings

HAC views providing choice as a foundational factor in helping DoD users implement the cloud capabilities they need to meet their specific situations and missions.

“One of the design tenets, and one of the tenets of our entire organization, has been optionality,” Seville said. “And so when I have an OCONUS user who’s trying to build out a capability, we’re going to provide them with a menu of options.”

He used the analogy of a pizza parlor menu, where a customer can choose from a variety of toppings for their pie: “Do they want a combination of tactical edge, operational edge and maybe some data center as a service to give them the ultimate level of resilience? Or do they want to go strictly tactical edge and just maintain local ownership of that computing capability?”

As cloud hosting has taken hold in DoD, Seville said he’s now seeing increased use of the elasticity and flexibility cloud computing offers. An important reason is that early estimates of cost savings from simply shifting workloads failed to pan out.

“People are starting to realize that taking advantage of elastic scale, taking advantage of serverless capabilities, that’s how you’re going to save that money,” he said. To get there, though, application owners will have to go the refactoring or redeveloping route. And he said users will also have to keep rationalizing their application sets, retiring those that won’t work in the cloud.

“There is an app refactor model that has to take place in order for you to effectively take advantage of elastic scale,” Seville said. DISA can partner with users redoing applications to help them fully realize cloud benefits.

By going to containerization and microservices for applications, Seville said, users will get closer to cloud interoperability and easily moving workloads among competing cloud providers. That vision of a  “cloud-agnostic, multicloud, hybrid cloud, pick-up-an-app-and-move-it-wherever-I-want model really relies on that app rationalization, that app modernization framework.”

Discover more articles and videos now on Federal News Network’s DoD Cloud Exchange event page.

The post DoD Cloud Exchange 2024: DISA’s Korie Seville on crafting cloud products that easily adapt to user need first appeared on Federal News Network.

A year after a scathing report from the Defense Business Board found general unhappiness with the user experience with technology across the Defense Department, the chief information officer’s office is taking a simple approach to fix the computers.

A big part of this effort came earlier this year when DoD’s CIO created a customer experience office, led by Savanrith Kong, who now serves as the senior advisor for the user experience (UX) portfolio management office (PfMO).

Leslie Beavers, the principal deputy CIO for DoD, said the overarching philosophy behind this improved CX approach is putting the user and their mission first.

“I always lead off with, it’s got to be functional first. If it’s so secure that we can’t connect, we’re going to go around it and that’s not good,” Beavers said on Ask the CIO. “We have to be able to scale it. That’s the other big challenge that we have in the department. Not just internally, but we have to be able to scale to international allies and partners into the commercial world.  Then the third piece is we have to be secure, and in this case, it’s with the zero trust. It’s tagging the people, tagging the data and doing the audit so that we know what’s happening and we can identify intrusions.”

The DoD CIO’s office got the message multiple times about function over form when it comes to why the user’s experience is so important.

The first time happened in the “fix my computer” post by Michael Kanaan, the director of operations for the Air Force – MIT Artificial Intelligence Accelerator in June 2022 that went viral.

The second moment of truth came from the Defense Business Board in February 2023. The DBB released survey results showing 80% of survey respondents rating their user experience as average or below average. Out of about 20,000 respondents, 48% rated their experience as “worst,” and 32% fell into the category of average.

Over the last year, the DoD CIO’s office has been addressing both process and technology.

DoD’s holistic perspective

DoD CIO John Sherman said last summer that the idea is to bring some standardization to the refresh cycle across all of the military and ensure user experience is a part of every technology initiative.

Beavers said now that Kang is on board, he is shaping DoD’s user experience effort.

“We’re looking at it from a holistic perspective because user experience is more than just having the latest equipment. It is all around the functionality and in the department, it’s different than in the commercial world,” she said. “If you think about an F-35, it’s a flying interoperable networked computer with the pilot. So the user experience is from the warfighters’ perspective. But whether you’re sitting in an operations room or behind a desk or out in a plane or on a ship, does your IT and your communications equipment work together and can you stay secure? The department is also standing up a big effort to get after the IT for the warfighter.”

Through this initiative, Beavers said the challenges are much different, ranging from a huge install base to legacy technology not designed to be interoperable and a limited budget.

At same time, Beavers said there’s a lot of opportunity to make some improvements to the user experience.

“We should make a concerted effort to look at where our policies are standing in the way of the interoperability. Where do we need an engineering solution? And where do we need just a process change?” she said. “The department is really pretty good at buying big things over long periods of time and buying quick things and bringing them when there’s an imperative like a war. But it’s not ingrained as part of the standard operating procedure in the department as much as we would like so we’re working on building that piece out, to help bring in the new technology and also to improve the customer experience.”

DoD, VA collaboration

Beavers added DoD is using the Lean Six Sigma business process improvement approach to help sort through the potential changes and to better understand the broader impacts of process and policy revisions.

Some recent work with the Veterans Affairs Department is a customer experience win, Beavers said.

At the North Chicago Veterans Medical Center, VA and DoD staff have worked closely together for the past decade or more. But their systems and networks were separate and data sharing was basically non-existent.

She said in some cases, it would take around 36 mouse clicks to send an email between the DOD and the VA.

“We spent the last six months pivoting to Office 365 in the cloud and turning on some business functionality,” Beavers said. “This really was a cooperation problem where the security folks on both sides had to decide to configure the clouds the same way to enable that interoperability. We are rolling that out now to the people working in less than six months.”

The post DoD’s approach to fix its computers is function over form first appeared on Federal News Network.

For the Defense Department, the benefits of hosting applications in the cloud bring some challenges. Chief among them? Avoiding  the cost and time of repeatedly developing computing services common across all applications.

The simple answer is that DoD agencies should instead develop once and use many times, said Robert Gordon, director of engineering for Akamai Defense. The development and deployment of such services offers an ideal way to use managed service providers, he said. MSPs operate in a value-added manner between DoD agencies and primary commercial cloud service providers.

“On one side, there are the mission application teams that are trying to move their workloads to the cloud. On the other side, MSPs sit on top of the commercial clouds, and they try to figure out ways to be able to support these applications at massive scale,” Gordon said during Federal News Network’s DoD Cloud Exchange 2024.

DoD components sometimes have hundreds or thousands of cloud-hosted apps in what he called critical mass. Each, though, needn’t have its own unique services.

For example, every cloud application requires a user access mechanism that’s not related to the operation or logic of the app itself. Access solutions, Gordon said, can be difficult to engineer because of the many DoD rules around security and other characteristics.

Akamai “focuses on those common hard problems because the benefit of solving that problem is multiplied by hundreds or thousands of instances,” he said.

After access comes authentication “and how it fits in with the zero trust initiative that’s sweeping through  DoD and is totally tied in with the cloud is another aspect of this,” he said. “The mission application teams are on their own to try to figure out how to do it, unless there’s a common services layer” providing the service.

Such common services “are the things the MSPs should look for, the things that everyone’s going to have to do,” he added. “Everyone’s going to have to solve this problem.”

Taking advantage of common services at scale

Some common services occur on the back end of applications, such as database calls or network connections among apps, Gordon said. He named single sign-on systems that require connections from, say, an application in the Army to an application in the Defense Information Systems Agency.

“They may not have a plug into the Army, or Air Force or whatever DoD backend that has all the enterprise information,” Gordon said.

Plus, application owners typically face a complicated process to obtain access.

An agency’s tech or development  staff might know how to write identity cloud service or security assertion markup language, Gordon said. “But that’s only part of the puzzle. The back end is equally important,” he said. “You have no way of figuring out what the attributes are that you need to make your decisions. You have no way of enforcing authorization in a common way, using those attributes.”

Migrating data to the cloud and operating data exchanges also provide opportunities for use of common services, he said.

“Whether database access, or even system-to-system communication, most of these are big, complex systems with a lot of trading partners that are used to being able to FTP files to each other,” Gordon said.

That’s because everyone was on the same DoD information network. The cloud complicates those exchanges and communications connections because now systems use the internet and commercial clouds.

“This is another area where the MSPs provide common services to try to streamline that,” Gordon said. “And when they can’t provide common services, MSPs at least provide playbooks so that the application teams that need to do these things know what they need to do it in a compliant, secure and data-aligned way.”

Discover more articles and videos now on Federal News Network’s DoD Cloud Exchange event page.

The post DoD Cloud Exchange 2024: Akamai’s Robert Gordon on streamlining cloud operations at scale first appeared on Federal News Network.

The Senate got its pound of flesh from the Technology Modernization Fund after all.

Despite the efforts by industry and the Office of Management and Budget over the last six plus months to change the committee’s mind, Senate appropriators rescinded $100 million from the TMF for fiscal 2024.

Senate lawmakers released the remaining 2024 appropriations bill today that detailed the decisions to reduce funding for centralized IT modernization accounts across the board.

The TMF is taking a double hit as the Senate also zeroed out any new funding for this year, possibly leaving the IT modernization effort in a tough spot from a funding perspective.

“The draconian zeroing out and rescinding of these vital funds will only jeopardize the health and safety of veterans, first responders and families that rely on government services every day. We have got to stop treating government IT as a luxury,” said Rep. Gerry Connolly (D-Va.), ranking member of the Oversight and Accountability Subcommittee on cybersecurity, IT and government innovation, in a statement to Federal News Network. “The TMF is not a slush fund to be raided when budget negotiations get tough. It is a vital part of the federal government’s technology infrastructure and it plays an indispensable role in ensuring government agencies are functioning at their best on behalf of the American people we serve. I am deeply disappointed in the decision to slash this funding, but I will not stop fighting until our government has the resources it needs to keep up with 21st Century technological demands.”

On the bright side, however, the Senate only rescinded $100 million instead of the $290 million it initially wanted to pull back from the $1 billion  the TMF received under the American Rescue Plan Act.

It’s unclear how much of the $1 billion the TMF received from the American Rescue Plan Act remains. President Joe Biden’s fiscal 2025 budget request shows about $790 million left in the TMF that is unobligated for 2024, but that also includes money awarded to agencies, but not yet sent out the door.

“The rescission, although less than what was in the Senate bill, is disappointing and damages the U.S. government’s ability to strengthen its cybersecurity and modernize its IT systems,” said a spokesman for Sen. Jerry Moran (R-Kansas), in an email to Federal News Network. “Sen. Moran will continue to be a leader for this program and work to ensure that this program is funded next year to get our agencies back on track.”

An email to OMB seeking comment was not immediately returned.

TMF cuts are ‘pound foolish’

Since Congress created the TMF in the Modernizing Government Technology Act in 2018, the board has received $1.2 billion in funding from Congress and handed out $800 million to 51 investments across 29 agencies. The board says 40 of those investments are from ARP funding, but it didn’t say how much money it spent from that $1 billion investment.

The Biden administration requested $200 million for the TMF in its 2024 budget request. The TMF board received $50 million in 2023 from Congress. For fiscal 2025, the White House is asking for $75 million for the TMF.

Kevin Cummins, the former staff member lead in the Senate on the MGT Act, which authorized and advocated for funding the TMF through the ARPA, and now a partner with the Franklin Square Group, said the Senate’s decision is a pennywise and a pound foolish.

“Even worse than the dollar amount is the loss of Congressional support for the TMF this rescission represents. The idea for the TMF was proposed by President [Barack] Obama, implemented by President [Donald] Trump, and finally given a major funding infusion under President Biden. The TMF has always been supposed to be more than just an alternative funding mechanism. It is a better way to fund IT initiatives in the modern, cloud computing era,” Cummins said. “As a working capital fund, the TMF allows agencies to invest in IT and software upgrades more flexibly and closer to the way private companies undertake IT modernization, rather than the increasingly uncertain annual appropriations process.”

OMB recently updated the repayment expectations for agencies receiving TMF money, in part because of pressure from lawmakers, who have been unhappy with the administration’s decision in 2022 to change the repayment requirements.

TMF repayment options changed

An OMB spokesperson said in February that the updated TMF repayment policy will apply to all proposals submitted on and after Feb. 6.

“This policy will establish a consistent repayment floor of 50%, enabling the fund to invest in critical IT and cybersecurity modernization for years to come. Under rare exceptions, the GSA Administrator and OMB Director can approve a repayment rate lower than 50%,” the spokesperson said. “As the TMF Board allocates the last of the ARP funding, we are looking to the future of the TMF in a post-ARP setting – balancing congressional intent and agency flexibility to deliver the most impact for the American people.”

Julie Dunne, a former House Oversight and Accountability staff member and now a principal with the Monument Advocacy leading the federal procurement team, said given outside forces pushing on the budget, it’s not surprising the lawmakers ended up pulling the money back.

“In 2023, we had a $1.5 trillion deficit so it’s not surprising that appropriators went looking for recessions from the 2021 American Rescue Plan (ARP). There is no doubt that the need for IT modernization in the federal government ecosystem remains and transitioning away from legacy IT was part of the original vision when I worked on the Modernizing Government Technology Act, which established the TMF,” she said. “I think the adjustment of TMF repayment terms after receiving the $1 billion under the ARP was a mistake and based on the 2024 outcome it appears that there may have been a failure of advocacy to make the case on the importance of the TMF and the success stories.”

To some experts, the rescission also signals the continued struggle of OMB to explain to Congress the true impact of TMF.

Mike Hettinger, a former House staff member and now president of Hettinger Strategy Group, said the Senate’s decision is not surprising.

“What this tells me is that congress still needs more proof from GSA that the projects funded by TMF are having the desired impact, despite progress from the TMF PMO in recent months on this front,” he said. “The TMF remains a vital tool in the IT modernization funding toolbox and everyone involved needs to continue to work to get it right. There’s clearly more work to be done.”

Other IT funds also cut

In addition to the TMF, Senate appropriators also rescinded $10 million from the U.S. Digital Service through the IT Oversight and Reform (ITOR) fund and reduced the Federal Citizen Services Fund, run by the General Services Administration, to $75 million in 2024 from $90 million in 2023.

The bill, however, includes $8 million for the ITOR fund in 2024, which is $6 million less than the administration requested and $6 million less than what Congress appropriated in 2023.

Lawmakers also are adding additional oversight to the citizen services fund. The bill includes a provision requiring GSA to “submit a spending plan and explanation for each project to be undertaken to the committees on appropriations of the House of Representatives and the Senate not later than 60 days after the date of enactment of this act.”

“On the cuts to the Federal Citizen Services Fund, it’s a similar story,” Hettinger said. “Again, this tells me Congress is not yet fully bought in on how these funds are being used.”

One positive outcome of the 2024 spending bill came for the Treasury Department. After asking for permission to set up an IT working capital fund under the MGT Act authority, Congress granted the request.

The bill lets Treasury keep up to 5% of any unobligated appropriation for IT modernization efforts. Treasury’s discretionary budget for 2024 is $287.5 million for salaries and expenses.

Now there are three agencies with specific IT working capital funds authorized under the MGT Act. Treasury joins the Small Business Administration and the Office of Personnel Management in gaining this authority.

Additionally, GSA received $4 million for federal rulemaking modernization from its working capital fund.

The post Senate to take $100M back from TMF, $10M from USDS first appeared on Federal News Network.