The impact of the U.S. Digital Service is difficult to measure in real numbers or data sometimes.

Sure, USDS’ work with the Social Security Administration to improve its website and customer satisfaction saved an estimated $285 million over five years in infrastructure costs.

But the true measure of USDS comes in ways that don’t always lend itself to numbers, said Mina Hsiang, the administrator of the USDS.

“Every single day that I work with each of our agencies, we get to see the tremendous shifts as a result of small coherent interdisciplinary teams of feds, USDSers and contractors working together can really make these changes. I think it moves everyone’s frame of expectation for how things should be able to shift right,” Hsiang said on Ask the CIO. “The people who rely on Medicaid for their health care and the extent to which the continuity of our health care can sometimes be subjected to bugs and small changes in technical systems that aren’t what the states intended, but aren’t the kind of thing that most of us get to see because technology lives inside of a black box. It is just really nice to be able to share the human, the efficiency impacts of a lot of the work we get to do. So being able to help states preserve continuity of healthcare coverage for 5 million people who really deserved it is an incredibly meaningful number to be able to put a pin on something that feels like a very wonky, like code change, and working through of like technical requirements in collaboration with policy.”

USDS’ annual report tries to detail its impact through stories, examples and other approaches than pure data.

Hsiang said just because cost savings or avoidance data isn’t obvious, it doesn’t mean the organization impact isn’t real to dozens of agencies and millions of citizens.

One example of USDS’ impact is the Digital IT Acquisition Professional Training Program (DITAP). It has trained more than 900 federal acquisition workers across more than 50 agencies on how to buy and manage technology acquisitions. The Office of Federal Procurement Policy had set a 2022 deadline to get all contracting officers who buy technology trained. It’s unclear if OFPP and agencies met that deadline, but DITAP is well regarded as a success in the community.

USDS collaborated on new hiring program

“It has a major hands-on component where the students come in and work on digital services programs and procurements with us sometimes and with agencies. It’s a really practical education, and it means that there are DITAP graduates that we get to work with across government who can be doing a better job of working with contractors and vendors on building out digital services,” she said. “DITAP is a great program, and we are actually refreshing and continuing to update some of that curriculum right now.”

OFPP USDS launched the DITAP program in 2015 through Challenge.gov. The two agencies and the Office of Personnel Management recently built on the concept of DITAP with another challenge to improve how agencies hire and train technology workers.

“USDS, PPM, and OPM aim to create a specialized and immersive training and development program for federal hiring professionals so that they can better understand the rapidly-changing market for technology talent and learn how to implement and scale modern practices for recruiting, implementing hiring authorities and flexibilities, and candidate management at their agencies,” the agencies stated in the challenge.

USDS, OPM and OFPP are about to move into Phase 3 where the Phase 2 winner, Mediabarn, will receive $100,000 to implement at pilot.

$10M rescission ‘disappointing’

Hsiang said DITAP and other examples of how USDS doesn’t just come into the agency, but ensures there is a long-tail of success.

“We never just come in and like do the work for an agency and then leave, both because that wouldn’t work literally at all as there’s nothing about that that would be tenable. They own and run their systems and are the key decision makers for the long term. We ended up doing always in our programs is coming in building an integrated team with agency and their vendors and really running the program together to improve the digital services,” she said. “Through the course of working together, there’s a tremendous amount of knowledge that’s transferred. We give them a hands on training and how to build digital services, and a lot of them have a lot of experience so some of it is just updates to some pieces of IT. But we definitely focus very much on leaving agencies with the tools that they need to continue doing this work.”

Of course that work will become more difficult the rest of this fiscal year as Congress rescinded $10 million from the $200 million in funding USDS received through the American Rescue Plan Act.

Hsiang said the rescission, of course, was disappointing, but it will not prevent USDS from doing its work.

“It’s something that was broadcasted early so we can do some planning around it. Ultimately, this impacts and impedes our ability to invest, particularly in some of the major programs that we were working to update and improve for all of the agencies,” she said. “This will result in a slight decrease in our program for interagency hiring initiatives and supporting agencies in that way.”

The post USDS measures its impact in longevity, not just raw numbers first appeared on Federal News Network.

The Army has a plan to no longer “fight the network.”

Through the Unified Network Operations (UNO), initiative, the Army wants to create an agile, software-defined network that is easy to set up and use. This is the opposite of what soldiers currently must deal with then setting up a tactical network that requires on-premise hardware, cables and unique knowledge and skillsets.

The Army is laying the groundwork for this new network set up under UNO in a new draft request for proposals that Lt. Col. Keith Jordan, the product manager for Tactical Cyber and NetOps, in the Army’s Program Executive Office Command Control Communications-Tactical (PEO-C3T) said will bring efficiency, ease of use and, most importantly, meet the needs of commanders more readily.

“There’s a time component of how long it takes to make the network operate. That’s a concern. But also, it’s a manpower issue. It’s specialized training and skills that our signal soldiers are required to have in order to make all these different components of network work, both from a hardware perspective, a cabling, a software interoperability issue perspective and troubleshooting. So there’s a lot of different factors that the soldiers have to go through to make the network work,” Jordan said in an exclusive interview with Federal News Network. “When they are having to do those tasks across multiple items, one-by-one, it does take a lot more time. And depending on a unit, you’re going to always have a degree of soldiers that have the right requisite training and the right requisite experience. So there’s always a little bit of inefficiency built into that model. What we’re looking to do through this is to really improve that inefficiency, and make it much more a much simpler task for those soldiers, especially if we’re not fully manned that at each unit to do that mission.”

PEO-C3T has been leading the UNO effort for the better part of two years and the draft RFP is the second piece of a three-pronged effort to create this new software-defined network.

Jordan said the draft solicitation, for which responses are due by July 17, will help inform its long term plans to bring in commercial technologies and take advantage of cloud services. PEO-C3T expects to issue a final RFP for this multiple award indefinite delivery, indefinite quantity contract in early 2025 and make awards in early 2026.

In the meantime, Jordan said the Army will soon award “several” other transaction agreements (OTAs) to examine prototypes of what UNO may look like.

“The Army acquisition executive last year decided that UNO would utilize the software acquisition pathway. This is a new pathway under the adaptive acquisition framework that really is focused on how we manage, contract and deliver software capability to the Army. It’s different than what we might typically see under the some of the older pathways. This really is a revolution of thinking in the Army of how we recognize that software is different than hardware and it needs to be procured differently,” he said on Ask the CIO. “Really, what that does is it allows us to deliver capability incrementally versus like a big bang where the product is done all at once. We recognize that this will not be done right off the bat, you’ll get updates to the capability over time and each time we make an update, the capability will get more and more mature, more and more capable. The whole idea is we’re able to rapidly make these updates versus in the past where it may take a really long time to make an update. We want to update very often based on feedback in whatever theater we might be operating in.”

Army testing prototypes through OTA

Through the OTA process, Jordan said vendors will demonstrate SDN capabilities that can bring together several disparate systems and handle a large number of users over a several month period.

He said the vendors will demonstrate the SDN capabilities in the lab and in the field so soldiers can provide real-time feedback and the contractors can add or change the network as required.

Jordan said “usability” and “simplicity” will be key concepts that the Army wants to see in the prototypes.

“We think by doing that we’re going to really get down to a good vendor, and then following that, we’re going to pursue a FAR-based contract that will allow a lot more vendors to get in the mix and be able to deliver various capabilities,” he said. “We don’t know how many vendors we’re going to end up with so that’s why the window [for timing] is a little bit difficult. But we think between late 2024 and 2025, we’ll be able to complete that [OTA award] process. Then as we go into the prototype phase, the idea would be that’s a little bit of a longer phase because there’ll be a downselect. We’re not going to take the same amount of vendors from the lab to the field. We’re going to take those vendors out to the field and that’ll be a little bit longer because what we do want to do is see their agile development process and we want to be able to see as a soldier provides feedback to a particular company, we want to see him make the changes that we’re looking for. It’s not just about the technology, it’s also going to be about the company’s ability to manage the process.”

Jordan said the network of the future will depend on agile and DevSecOps process, where signal soldiers will not have to have special skillsets.

The future network also will enable commanders to make faster and better decisions as data will be easier to get and use.

“We’ve had to fight the network for a long time. This will help us be able to get the network up and running efficiently, tailored to our mission needs and operationalize it,” Jordan said. “For industry, there’s going to be lots of opportunities inside UNO to deliver unique and value added capabilities to the network. We’re really excited because there is so many opportunities for businesses, both small and large, to deliver capability inside the network, around things that we haven’t even thought of yet that we may want. As long as our vendors are able to operate in a modular open system approach, and that we’re able to integrate capability into that architecture in a rapid and easy to do methodology, we’re really going to be successful.”

The post With UNO, Army intends to stop battling its own network first appeared on Federal News Network.

There have been a lot of high profile cyber-related folks on the move recently with Chris DeRusha, the federal chief information security officer, leaving in May, and then Eric Goldstein, the executive assistant director for cybersecurity in the Cybersecurity and Infrastructure Security Agency in the Homeland Security Department, announcing his departure two days later.

While DeRusha landed at Google as its director of global public sector compliance, Goldstein waited until last week to announce his next job. He will be the managing vice president and head of cyber risk at Capital One.

“As with any role, transitions are essential. I’m thrilled that my dear friend Jeff Greene has stepped into the leadership seat for the Cybersecurity Division — there is no one better suited for the role,” Goldstein wrote on LinkedIn. “And I’m equally delighted to be starting the next phase in my journey at Capital One, where I’m joining an amazing team that is transforming the financial sector through innovation, scalable risk management, and a laser focus on customer experiences. I’m looking forward to new perspectives while continuing on our shared mission of keeping our country’s critical services safe and resilient against cyber risks.”

Greene came to CISA in May from the Aspen Institute where he was senior director for the cybersecurity program.  Prior to that, he was the chief, of cyber response and policy at the White House’s National Security Council from 2021 to 2022. He also worked at the National Institute of Standards and Technology for five years, for Symantec and was a senior counsel for the Senate Homeland Security and Governmental Affairs Committee for three years.

Along with the top level changes in federal cybersecurity, two more cybersecurity executives headed out the door.

Ross Foard, as senior engineer in CISA’s cybersecurity division, retired after eight years at the agency where he lead efforts on identity security and helping to shape the continuous diagnostics and mitigation program.

“It was a rewarding experience over the last eight years, on par with the eight years I spent as a U.S. Navy submariner at the beginning of my career,” Foard wrote on LinkedIN. “I have been honored to serve as a subject expert and elevate identity and access management (IdAM) and cryptographic capabilities across the federal civilian executive branch (FCEB) and beyond.”

Among the areas Foard helped lead included serving as CISA’s CDM program lead engineer and architect for IdAM capabilities.

He said this helped the CDM program provide identity management and privileged management capabilities to the largest federal agencies and establish the ability to understand who authorized users were by creating a master user record at each agency.

Additionally, Foard served on the Federal Mobility Group (FMG) Mobile Security Working Group, where he helped demonstrate how mobile devices can serve as important and secure sources of identity and enable phishing-resistant authentication.

Finally, Foard highlighted his time as the co-chairman on the Federal CISO council’s ICAM subcommittee.

White House leaders heading back to academia

Jake Braun is a fourth federal cyber leader to move on over the last two months. Braun, the acting principal deputy national cyber director in the White House’s Office of the National Cyber Director, is returning to the University of Chicago where he is a lecturer and on the faculty of the Harris School of Public Policy.

Braun was the executive director of the cyber policy initiative from March 2018 to February 2021 where he joined DHS as a senior advisor to the Management Directorate, which oversees all operations for the department.

He has been working at ONCD since June 2023 as what some would call the functional chief operating officer for the office where he oversaw the implementation of the national cybersecurity strategy.

“Helping run a startup in the White House has been one of the best experiences of my professional career. ONCD has accomplished so much in such a short period of time,” Braun said in an email statement. “I can’t thank the team at ONCD — especially Director [Harry] Coker and Kemba Walden — as well as President [Joe] Biden enough for giving me this opportunity.”

At the recent AFCEA TechNet Cyber conference, Braun spoke about the changes to ONCD over the last year, including growing to almost 100 people.

“One of the main things we are doing, and we haven’t had this before where there is one agency or White House office like ourselves whose sole job is driving federal cohesion on cybersecurity. We do that through implementation of the national cyber strategy. Nearly every agency in the federal government has some aspect of cybersecurity tied to their part of the Implementation of the national cyber strategy,” Braun said.

In a statement, Coker praised Braun’s dedication and efforts to improve the nation’s cybersecurity posture.

“From the beginning of the Biden-Harris administration, and even earlier, Jake Braun has been a fierce advocate for our Nation’s cybersecurity. At every opportunity, I’ve seen Jake be a champion for the implementation of the National Cybersecurity Strategy, rallying ONCD and our mission partners to collaboratively focus on achieving meaningful outcomes. I am especially grateful for Jake’s advocacy and action on behalf of our nation’s critical infrastructure owners and operators, helping them learn about and take advantage of the resources wisely allocated through the President’s investing in America agenda,” Coker said. “Along the way, Jake repeatedly heard organizations tell us they need two things: resources and trained workers. In every meeting, in every engagement, his focus on having an impact for those on the front lines of our nation’s cybersecurity has been unwavering — that’s leadership. I personally am grateful to Jake for not only his incredible leadership while he’s been here at ONCD, but also his guidance and friendship.”

Outside of the cybersecurity realm, one other federal technology leadership retirement that is worth mentioning. Terryne Murphy, who had been the chief information officer of the Railroad Retirement Board since August 2019, retired after more than 35 years of federal service.

“To my leaders along the way, thank you — I learned so much from you. Thank you for every opportunity to stretch and to grow, for your counsel, your cover, and your patience while I learned to get better at leading/serving!” Murphy wrote on LinkedIN. “To my colleagues, teammates, and my classmates, thank you — I learned so much from you, too. Thank you for the challenges and the tough lessons to always strive to take the high road and to give back better than what we received! I did my best to serve you all well.”

Rich Kramer is the deputy CIO for the RRB, but it’s unclear if he stepped into the acting role with Murphy’s retirement.

Along with her time at RRB, Murphy also worked at the Commerce Department for 18 months serving as the acting CIO for seven of those months.

She began her career with the Army as a telecommunications officer and after nearly 12 years of service, Murphy joined the civilian sector working at the Justice Department, the Homeland Security Department and the Census Bureau.

Beyond these departures, there are several federal executives who have found new roles in government.

For starters, Mike Wetklow, the deputy CFO for the National Science Foundation for the last eight years, is taking a new job at the IRS as its chief risk officer.

“I am excited to join an organization dedicated to public service and to help drive innovation, leverage data, and improve compliance processes,” Wetklow wrote on LinkedIn. “Most importantly, I look forward to collaborating with the talented team at the IRS and contributing to an environment where we can all thrive.

Wetklow also worked at the Office of Management and Budget’s Office of Federal Financial Management for four years as a branch chief and previously worked at DHS and the Government Accountability Office.

He also was the co-chairman of the CFO Council’s working group on improving the federal financial management workforce.

New leaders at HHS, Air Force

A second federal executive heading into a new job is Melissa Bruce, who is taking over as the deputy assistant secretary for the Department of Health and Human Services Program Support Center (PSC).

She joins HHS PSC after spending the last four years working in the Treasury Department’s Special Inspector General for Troubled Asset Relief Program. (SIGTARP) office. Bruce has been acting IG for the last 2-plus years. Previously, she spent 10 years at DHS in the management directorate and worked in the private sector.

Bruce takes over PSC after several turbulent years, including the cut back of its assisted acquisition services and controversial treatment of its leadership.

Finally, Darek Kitlinski is the new chief technology officer for the Air Force’s Manpower, Personnel and Services (A1). He comes to the service after spending the last almost two years as the chief of the cloud services division for the Army’s Enterprise Cloud Management Agency.

In this new role, Kitlinski serves as the senior civilian advisor on cloud computing, computer systems and information technology.

Kitlinski also has been CTO for the Defense Technical Information Center (DTIC) and chief technology advisor for enterprise architecture, cloud, cyber and governance for the Coast Guard.

The post People on the move: RRB CIO retires, IRS gets new CRO first appeared on Federal News Network.

New tools and better data are putting the CFO community in a stronger position to do more to reduce improper payments and fraud in federal programs.

The Joint Financial Management Improvement Program (JFMIP) recognized this opportunity in its new three-year plan that it hopes can spur even more progress to ensure agencies are paying the right amount to the right people in a timely manner.

David Lebryk, the fiscal assistant secretary at the Treasury Department, said the JFMIP three-year strategy outlines three pillars of effort that will give agencies tools, best practices and guidance to do more to prevent fraud and improper payments.

“It’s focusing on prevention. It’s promoting best practices, and it’s strengthening the partnerships. The Treasury piece that I think is very much important here is focusing on that prevention. What tools can Treasury bring to the payment process that can actually really help reduce and prevent process fraud from happening?” Lebryk said on Ask the CIO. “The second pillar, which is promoting best practices, was about working with agencies. The Office of Management and Budget has done some good work with this, as well as when a new program has stood up. Do you put controls in place up front that help reduce the potential for improper payments? There are really a number of things you can do like doing risk assessment in your program and you can talk about different data that you need from recipients that you can get from them.”

As part of the focus on prevention, Lebryk said his office has launched several programs where Treasury followed many of the steps outlined in the JFMIP strategy to prevent and reduce fraud in large programs.

In helping local communities recover from the Deep Horizon oil spill back in 2010, Lebryk said ahead of implementing the Resources and Ecosystems Sustainability, Tourist Opportunities, and Revived Economies of the Gulf Coast States Act (RESTORE Act), Treasury designed the program to make sure recipients understood the requirements to apply for funding as well as controls to make sure the money went to the right people.

“We’ve had no fraud in that program that we’re aware of because we’ve really focused on those controls in the design of the program up front. We haven’t had an issue about slowing payment down. It does prove there’s opportunity, both to be quick, but also careful in the issuance of money,” he said. “In the third pillar, which was strengthening partnerships, it comes down to doing more with the states, the inspector general community and other government agencies to really strengthen those partnerships. I think we’re very confident that it’s going to have a real major impact and there’s a real commitment across the different entities to make sure it works.”

Increased focus on improper payments

The JFMIP strategy outlines strategies and objectives for each pillar based on the work by Treasury, OMB, the Government Accountability Office and others.

Both Congress and the Biden administration have increased focus on preventing fraud and improper payments as well as recovering lost money due to bad actors. The Government Accountability Office estimated that agencies spent $236 billion improperly in fiscal 2023, which was down about $11 billion, as compared to 2022.

On Capitol Hill, lawmakers have introduced at least eight bills since February 2023 focused on improper payments and fraud. A recent one from Sen. Gary Peters (D-Mich.), chairman of the Homeland Security and Governmental Affairs Committee, called the Fraud Prevention and Recovery Act, would, among other things, give resources to agency IGs to investigate people who committed pandemic fraud and recover the taxpayer dollars and create a new fund to help agencies prevent fraud and identity theft through a new early warning system for detecting fraud.

The Justice Department’s COVID-19 Fraud Enforcement Task Force (CFETF), for example, reported in April that it “charged more than 3,500 defendants, seized or forfeited over $1.4 billion in stolen COVID-19 relief funds, and filed more than 400 civil lawsuits resulting in court judgements and settlements” since it launched in 2021.

Another administration priority is the rewrite of Circular A-123 internal controls for overseeing and administering programs. OMB’s last major rewrite was in 2016 when it added risk management to its updated internal control processes.

Making A-123 less compliance-based

Lebryk said one of the goals of the A-123 rewrite is to reduce the compliance requirements and make the circular more usable.

“We want to make it less of a compliance exercise and more of a real actual set of practices that will help agencies. Some agencies have been further along in terms of setting up internal programs to actually adhere to the spirit of A-123 and here to the spirit of really trying to reduce the improper payments,” he said. “But again, it’s less so about paperwork and reporting, and more so about how do you make sure you actually make an impact in this area. I think the CFO community can be very helpful in this regard. The CFO community plays a very unique role in that we’re supposed to speak the truth. We have an obligation to raise our hand and say, ‘hey, something isn’t necessarily looking right on the financials.’ We want to make sure that we have integrity and stewardship of government resources, so I think that we can do a better job in a financial community of saying to program agencies, ‘hey, the one way to create problems for you not to be able to meet your program’s mission, is if you do have things like fraud because it means that the right people aren’t getting the money.’”

Treasury already has several tools on new and existing platforms and databases to help agencies move from being reactive to proactive in stopping fraudulent payments. One tool uses machine learning to look for anomalies on paper checks. So far, Treasury has run about 40 million checks through the ML application.

Lebryk said Treasury is the co-chairman of a CFO Council working group, which is determining the impediments for agencies to use these and other fraud prevention tools.

“They’re also doing some important work about creating a fraud catalog that collects trends and fraud, which I think is also very important. But one of these really important workstreams is for us to say, ‘hey, is there something that Treasury can do to make it easier for you to access these tools?’” he said. “Having looked at the government environment over a number of years, one of the real challenges that you have is asking someone to make a systems change. It is a very lengthy, long process because, quite frankly, oftentimes system changes aren’t funded. They can be difficult. So what we’re really looking at is whether there is opportunity for technology to help in this, in terms of things like interfaces with existing systems, which can make it easier to interact. Are there just organizational issues within the agencies that would be helpful if the agency was organized slightly differently or had the information going in one place versus another place, that would mean that you could take action?”

Lebryk added the committee will make a series of recommendations that would lead to improvements with a goal by the end of the year identifying a set of tools that agencies can take more advantage of to prevent fraud and improper payments.

The post New strategy, A-123 update to help reduce improper payments first appeared on Federal News Network.

• It didn't take long for Chris DeRusha to find his next job, after leaving as the federal chief information security officer last month. DeRusha is joining Google Cloud as the director of global public sector compliance. DeRusha was the federal CISO from January 2021 to May 2024. He will work with former CISA executive Jeanette Manfra, who is the global director of security and compliance. In his new role at Google Cloud, DeRusha will focus on the expansion of Google Cloud’s growing suite of products and services — across AI, cloud computing and security to the public sector. Besides being federal CISO, DeRusha has worked as the chief security officer for the state of Michigan and worked at Ford Motor Company.
  (Former Federal CISO DeRusha lands at Google Cloud - LinkedIn)
• The Department of Homeland Security is bringing in some new artificial intelligence talent. DHS has hired the first 10 members of its new AI Corps. The group includes a mix of people with government and industry backgrounds. DHS plans to hire a total of 50 experts into the AI Corps by the end of this year. They will help lead high-priority AI projects across the department. DHS has named some initial use cases for AI, including detecting fentanyl at the border, combating child abuse, and training asylum officers.
  (DHS AI Corps hires an initial 10 experts - Federal News Network)
• Despite a growing caseload, the Equal Employment Opportunity Commission is dealing with limited resources. Managing workloads for EEOC caseworkers is becoming all the more difficult as the agency is currently under a hiring freeze. That means when an employee leaves EEOC, for any reason, they cannot be replaced. The workload challenges are especially true for investigators dealing with discrimination cases: “The average is about 100 per investigator, but we have some districts where we are way north of that. That is a real challenge and something that I personally worry a lot about,” EEOC Chairwoman Charlotte Burrows said in an interview. EEOC is trying to work creatively and doing the best with what they do have, but Burrows said more resources are going to be necessary.
  (Interview with EEOC Chairwoman Charlotte Burrows - Federal News Network)
• The Defense Department’s new IT advancement strategy is a roadmap for better aligning information technology efforts across the entire department. The Fulcrum strategy, signed by Deputy Secretary of Defense Kathleen Hicks, focuses on investing in IT infrastructure and delivering innovative solutions, while prioritizing user experience. Leslie Beavers, the principal deputy CIO at the Defense Department, said the strategy “crystallizes” what success looks like for the DoD in the digital age. The DoD chief information officer office will release an implementation plan this summer.
  (DoD releases IT advancement strategy - DoD)
• The White House plans to conduct a hiring surge to fill open federal cyber jobs this year, according to a new progress report on the national cyber director’s workforce and education strategy. The report said the Office of Personnel Management’s “Tech to Gov” initiative has extended 150 job offers to experienced cyber professionals over the past year. While OPM plans to conduct another Tech-to-Gov job fair this fall, White House officials are working on a longer term plan to transition most federal IT jobs to skills-based hiring starting next summer.
  (Report on “National Workforce and Education Strategy: Initial Stages of Implementation” - Office of the National Cyber Director )
• Federal employees with Flexible Spending Accounts have not been receiving any reimbursement payments on their FSA claims since as early as June 16. Federal News Network has learned that the Office of Personnel Management made the decision to suspend all payments in an effort to strengthen the program's security measures. The decision came after a recent surge in fraudulent activity affecting hundreds of FSAFEDS accounts. But FSAFEDS enrollees are raising concerns and frustrations about the pause on payments. Many said there was no communication from OPM or FSAFEDS about the suspension. The pause on reimbursements, however, has been lifted, and enrollees should see payments resume soon.
  (FSAFEDS update - Office of Personnel Management)
• New data from the Government Accountability Office shows in fiscal 2023, agencies spent $60 billion more on acquisition than in 2022. GAO found total acquisition spending hit $759 billion last year. Civilian agencies accounted for $303.2 billion and the Defense Department spent $456 billion. In 2022, agencies spent $694.2 billion. But it is not just total spending that went up. GAO said agencies spent more on services, on products, and through OTAs (other transaction authority) last year. The one area where an increase isn’t good news is around competition. In 2023, GAO found an overall competition rate of 66%, which is 2% lower than in 2022.
  (Federal procurement spending tops $759B in 2023 - GAO)
• The Defense Information Systems Agency will release its 2025-2027 data strategy in the coming months. The goal of the current data strategy was to understand the data the agency holds and to start breaking down data silos. The agency will now focus on data integration, establishing data governance, and setting data-related policies. Before releasing the strategy, the Office of the Chief Data Officer is gathering input from senior leaders, as well as the emerging technology team.
  (DISA to release data strategy in the coming months - DISA)

The post DeRusha finds new Google gig after departing government first appeared on Federal News Network.

The Department of Housing and Urban Development is looking for a new chief information officer. HUD is now one of five major agencies looking for a new technology leader.

But unlike the departments of Defense and Health and Human Services, and the Small Business Administration and the Centers for Medicare and Medicaid Services, the HUD CIO didn’t actually leave the agency to create the job opening.

Beth Niblock, who has been CIO since July 2021, moved to a new position as senior advisor for disaster management. The reason for the opening is purely political. HUD decided to move the CIO’s position back to a career one from a political one.

“[O]ver the past few years, HUD leadership determined the department would be best served by having a career CIO to ensure steady and consistent leadership, and to better position the department to deliver high-quality, transformative solutions enabling HUD to deliver on its mission,” said a HUD spokesperson in an email to Federal News Network.

HUD posted the CIO job on USAJobs.gov in mid May and applications are due today. In the meantime, Sairah Ijaz will step in as the acting CIO until a permanent career leader is selected.

Political CIOs close to leadership?

The decision by HUD to transition the CIO position back to career from political isn’t that unusual.

Over the course of the last 28 years — January 2026 will be the 30^th anniversary of the Clinger Cohen Act — several agencies ranging from the departments of Commerce, Energy, Treasury and Transportation as well as the Environmental Protection Agency and others have flipped the position back and forth between career and political to suit the needs of the leadership.

But HUD’s decision brought up a long-standing and healthily-debated question of whether CIOs, especially at this point in time of history where technology is at the center of every agency’s mission, are better off being political appointees?

To many, the answer continues to remain as it has for the last almost 30 years: It depends. But what has become clearer than ever is the role of managing, implementing and securing technology puts the CIO and deputy CIO on a higher plane across all agencies. Thus, requiring the federal community to continually re-ask the political appointee question.

“How the agency positions the CIO’s role in theory versus practice for the best possible function is really a question of how the head of the agency and the culture of that agency sets that role up for success,” said Dan Chenok, the former Office of Management and Budget official who helped with the Clinger-Cohen Act and now executive director of the IBM Center for the Business of Government. “Given the ubiquity of technology today, what is the right balance? My own personal view is a political CIO is more likely to be close to the head of the agency, and a career deputy CIO gives you continuity.”

Finding that seat at the table

But that closeness doesn’t always result in a CIO’s success.

If you look at the January 2024 Federal IT Acquisition Reform Act (FITARA) scorecard as one measure of CIO effectiveness, agencies with career CIOs versus those with politically appointed ones faired about the same. Agencies with political CIOs — the departments of Defense, Energy, Homeland Security, Veterans Affairs and HUD — received the same mix of “B” and “C” grades as those with career CIOs.

Simon Szykman, the president and founder of Cambio Digital Transformations and former Commerce Department CIO, said the role of the CIO is inherently not one that strongly aligns with any political ideology.

“Ideally it should not be necessary to make a CIO political appointment in order for that person to support the agency mission, or even the political leadership’s agenda,” he said. “However, the flip side to the argument for career CIOs is that no CIO will be successful if they don’t have that proverbial seat at the table. They need to be able to operate, influence and impact decisions at the senior-most levels. It can be a challenge for career senior executives to fully operate as peers to political leadership, and this challenge can be dependent on agency culture as well the leadership tone set higher up in the administration.”

Many times an agency hires a political CIO because the secretary wants a specific person in that role. That was the case, for example, with Steve Cooper, when he worked at Commerce from 2014 to 2017.

For other agencies like VA, Congress required the position be presidentially appointed and Senate confirmed — one of the few that requires Senate confirmation.

HUD’s great strides

But even then, there is no guarantee of success.

“Moving the CIO to political or a career position is situational and based on the candidates available and what’s going on at the agency at that moment,” said Margie Graves, a former deputy CIO at DHS and federal deputy CIO and now a senior fellow at IBM’s Center for the Business of Government. “A lot of times the decision to bring on a political CIO may be because the secretary wants a specific person on board to do something specific. I would advocate for choosing the best person for the moment. It’s really no different than what you’d do in private sector. And the times I’ve see the decision fail is when the person has no background in the technology management discipline and no expertise. I saw a couple of those at DHS.”

Graves added, at least for the CFO Act agencies, she would prefer to have someone in the C Suite who is “hearing” those political conversations as opposed to someone who is relegated as an “outsider.”

HUD’s reason for moving the CIO back to a career position is not entirely clear. The spokesperson said Niblock and her team have made “great strides over the past few years” to modernize the technology and improve the cyber posture of the agency’s infrastructure. But the spokesperson seems to insinuate there may be some bumpy roads ahead.

“However, HUD’s IT only received 0.5% of the department’s fiscal 2024 budget, which is one of the lowest percentages across cabinet level agencies. HUD is continuing to work with its federal and congressional partners to build on the progress of the past several years, while also continuing to pursue the ability to leverage various funding flexibilities that other agencies are able to leverage, including a working capital fund for its IT needs,” the spokesperson said.

HUD’s IT budget for 2024 is $641 million, of which it is spending only $94 million on development, modernization and enhancement projects. The agency requested $540 million for IT in 2025.

The post Political vs. career: Role of CIO remains unsettled first appeared on Federal News Network.

The Army tackled one of its toughest challenges: Creating a common operating picture for all of its allied partners.

The recent Yama Sakura 85 exercise demonstrated how the Army, the Australians and the Japanese could securely share information by using an architecture based on zero trust principles.

Col. Rett Burroughs, the chief information officer & G6 for the Army’s I Corps, said over the course of the 10-to-12 day training event last December, the Army successfully brought their allied leaders onto a single and secured network at the tactical edge.

“What we are looking at is properly being distributed across the entirety of the Pacific. We could have a command and control node anywhere in Australia, Thailand, Philippines, Japan, Korea, Hawaii, Guam or Alaska, and back here at Joint Base Lewis McChord, Washington so that now every node has roles and responsibilities. How do we ensure that conductivity happens across all of those different nodes that are very disparate and spread out? And then how do we leverage the technology of transport to ensure that we’re getting applications all the way to the edge?” Burroughs said on Ask the CIO. “We spent months preparing to ensure we had right safeguards in place. In its simplest form, in the application for the warfighter, which is definitely my area of concern, it brought the Australians and the Japanese together because before it was the Australians and the Americans, and then it was the Americans and the Japanese. The Australians couldn’t be in the same Tactical Operations Center as the Japanese. Now we have the ability for the first Australian division commander to talk directly with senior generals from the Japanese Ground Force Command.”

Burroughs said in previous exercises, the Americans and Australians would talk, and then the Americans and Japanese would talk, with the Army acting as the “go-between” for the Australians and Japanese. And Burroughs readily admits everyone knows what happens when you play the game of telephone.

“Our goal here was to establish one common operating picture and the ability to voice video chat, and share specific information,” he said. “The application of this proved critical in the ability for staff to make informed recommendations, and for commanders to make informed decisions. We weren’t just slinging all this data just because commanders need and want everything.”

Broader application than just the Army

The success of the Yama Sakura 85 exercise proved this shared network and zero trust concept for more than just the Army, but any federal organization can take the basic concepts to create a common operating picture.

John Sahlin, the vice president of cyber solutions for General Dynamics-IT, which supported the Army with integration expertise, said these same approaches could help agencies such as FEMA, which has to create shared networks to help cities or states recover from disasters.

“I’ve been fascinated by this problem set ever since I deployed for the Hurricane Katrina relief efforts back about 15 years ago. We started thinking about a military mission for that humanitarian assistance effort and it turned very quickly into an interagency and even local government support mission,” Sahlin said. “We had good communications. We had a good sight picture. We had good mapping data, which nobody else in the area did. We had to quickly share that data with first responders, the local hospital, the parish sheriff, non-government organizations like the Red Cross. I think that these are lessons of zero trust at the tactical edge for information sharing to inform that on scene commander, are lessons that can be learned, not only for the military at the tactical edge, but for any organization that has field-deployed, forward-deployed organizations that need to share data to execute a mission rapidly and make those changes dynamically with first responders with interagency support, things like that.”

Burroughs added this approach of creating a distributed network supported by zero trust tools isn’t just important for the tactical edge, but for Army commanders in garrison or commands who have to coordinate with the National Guard or local first responder communities or anyone outside of the service.

“Now we don’t have to have these disparate networks that do not talk to each other because of classification and policy, which you clearly went through during the Katrina catastrophe,” he said. “Now what we’re doing is we’re taking need to figure this out on the fly out during a catastrophe. We’re actually getting ahead of it now by addressing it before the next catastrophe. So when something does come in competition or crisis, we’re actually able to deal with it in a methodical way instead of reacting.”

Shift toward data-centricity

In many ways what Burroughs and Sahlin are describing is how the Army, and really every agency, must be more of a data-centric organization.

Lt. Col. Roberto Nunez, the chief of signal services support for Army I Corps, said the implementation of zero trust capabilities forces the end users to shift that data culture because they have to tag and label information much more specifically and consistently.

“You can say ‘all right, here’s all my data that I want to share, all my users that are also tagged and labeled as well as what they’re authorized to use and what they cannot use. Therefore, you can plug in with other mission partners to share that information and you can create that common environment moving forward, whether it’s joint coalition, at least from a DoD point of view,” he said. “If you want third parties to join in, whether it’s corporate America, academics, other organizations or other government agencies, you can do that if everything’s data-centric, labeled and tagged accordingly. This is what is great about zero trust.”

Burroughs said planning for the next Yama Sakura 87 exercise in December already is underway. But he said these capabilities aren’t turned on during the exercise and then turned off. The network is always on and therefore the Army is always iterating how to make secure information sharing better, faster and easier.

Chief Warrant Officer 4 Phil Dieppa, a senior services engineer for Army I Corps, said what the Yama Sakura 87 exercise and other demonstrations have shown the service that the “come as you are” model works because of the zero trust capabilities.

“The great thing about zero trust is that we don’t trust anything until we explicitly have that conversation and say that ‘I trust you.’ Once we do that, then we can start communicating and making those services available one at a time,” he said.

The post How the Army is always testing, training on zero trust first appeared on Federal News Network.

The Grants Quality Service Management Office over the last year helped several micro agencies buy award management services.

This pilot was part of how the QSMO is crawling before it tries to walk or run with larger agencies.

Andrea Sampanis, the acting director of the Grants Quality Service Management Office in the Department of Health and Human Services, said the procurement pilots with AmeriCorps, the Inter-American Foundation and the Northern Border Regional Commission opened the door to bigger possibilities to modernize federal grant services.

“We worked with them to explore the vendors on our Catalog of Market Research, making sure they were ready to meet their needs and helping to support them through the procurement process,” Sampanis said on Ask the CIO. “IAF and NBRC are live, on target and on budget, which is not an easy thing to do. AmeriCorps is expected to go live this fall. Huge kudos to these three agencies, as they were prepared to be good customers, willing to accept the system as-is and supported by great leaders in their chief information officer and chief procurement offices.  Their grants teams came together to support a great vendor product from our Catalog of Market Research.”

While the AmeriCorps, the Inter-American Foundation and the Northern Border Regional Commission are considered micro agencies, the amount of money each of them awards through grants is anything but small. Sampanis said the AmeriCorps is more like a medium-sized agency when looking at the amount of money it awards through grants. In fiscal 2024, for example, the agency expects to award $577 million in grants.

The Inter-American Foundation and NBRC are much smaller with IAF, awarding about $145 million and about $50 million in grants, respectively.

Grants QSMO aims to speed acquisition

While these three agencies don’t reach the billions HHS or the Education Department or the NASA hand out, Sampanis said demonstrating how the procurement assistance pilot works opens the door to improve and expand the QSMO’s efforts.

The QSMO marketplace current has approved seven grants management system providers and is in the middle of conducting market research to expand its services.

“We have one quote that says having access to Grants QSMO market research puts you 1,000 steps ahead in your procurement. It’s our goal to speed up the acquisition process and give agencies more buying confidence as they are pursuing a vendor on our catalog.  The vendors on our catalog are selected to support meeting grants standards and align to 2CFR 200 requirements,” Sampanis said. “It just lets them really focus their attention on a fewer number of providers to really say, ‘Hey, this solution is purpose built for grants. It’s an award management solution that is software-as-a-service and very configurable.’ It should feel easy. They don’t have to go and renegotiate a contract.”

The QSMO also works with the agency’s CIO and security leadership, helps develop performance work statements and serves as advisors during the entire acquisition phase.

“I always encourage agencies to meet with all the vendors on our Catalog of Market Research to understand what’s out there and share their specific needs. I think they learn a lot about themselves by talking to the vendors,” Sampanis said. “I helped them all the way through the pilot because I’m learning a lot. Every time I hear a contracting officer ask a new question, I think, ‘hey, that’s something I need in my catalog because that’s true.’ I always say our goal is to speed up an agency’s acquisition and give them buying confidence.”

HHS has led the Grants QSMO since January 2021 and has been building its services over the last few years.

With the Office of Management and Budget finalizing the update to the governmentwide grants guidance under 2 CFR earlier this year, standardizing certain key areas like notices of funding opportunities and overall trying to expand access to more than $1.2 trillion in grants and cooperative assistance agencies pay out each year, Sampanis said the QSMO is ready to expand its services and offerings.

Two common drivers of grants modernization

Having that baseline understanding and confidence in the marketplace is a key factor in success, said Wagish Bhartiya, the chief growth officer for REI Systems, which helps agencies modernize their grant systems.

Bhartiya said there are two basic drivers of grant modernization. The first is budget and second is technology.

“There has been a greater focus on budget and how much of our budget goes towards grant funding and how that funding is being deployed? How much of that is serving management processes, some of the overhead aspects of grant management, which will exist inherently, versus how much should be deployed into the community? That analysis, I think, is getting more acute,” he said. “The technology itself has evolved and shipped in a way that, I think, is much more possible now to be thoughtful about performance and mission. The technology is enabling some of this some of these questions to be asked because we now have the potential and the power to look at it for the first time.”

These two big trends are part of how grants providers are shifting their mindsets away from being so compliance focused to spending more time and money on measuring and ensuring outcomes.

“There’s all these dollars flowing through our grant programs so we need to start to think just as much about the downside, protecting from a compliance and a risk mitigation perspective, as the upside into the mission impact in terms of what are the tangible and successful outcomes,” Bhartiya said. “The other big theme is customer experience and user experience, and now the grantee experience.”

He said this updated point of view is part of why many grant providers are more willing to change today than ever before. He said this means the singularity of the way grants management worked over the last few decades is going away.

“Every grant program thinks they’re a snowflake and they think they’re special or unique and actually bespoke. But when you zoom out, you see that actually 85% of what a grant making agency does is essentially the same in the core lifecycle design,” he said. “Convincing them that they don’t need to make everything bespoke and tailored to the Nth degree because they can leverage best practices, use what’s worked for other agencies because there’s a chance to reduce the burden on their staff and on the recipient community is part of the challenge.”

Bhartiya added that the benefits of an end-to-end system, that’s in the cloud are becoming more clear to agencies.

The post Grants procurement pilots demonstrate speed to modernization first appeared on Federal News Network.

Sherman has accepted a position as dean at the Bush School of Government at Texas A&M University, the same institution he graduated from in 1992 before becoming an Army air defense officer. He’ll start that position on Aug. 1, the school said in a statement.

“The spirit of service and focus on preparing students for the future they instilled in the school will be our guiding light as we look to the challenges the next generation of leaders will face,” Sherman said. “Liz and I are excited to get back home to College Station and beginning this next chapter in our lives.”

Defense officials did not immediately announce who would succeed Sherman in the DoD CIO role. One likely candidate, at least on an interim basis, would be Leslie Beavers, the office’s current principal deputy.

In a statement, Defense Secretary Lloyd Austin credited Sherman with leading the department through several major technology advancements over the past two and a half years, including a restructured cybersecurity approach through DoD’s first-ever zero trust strategy.

“Mr. Sherman has been a steadfast advisor and an innovative leader who has helped the department adopt and utilize modern information technology to keep our country safe,” Austin said. “His technical expertise has proven invaluable in tackling a variety of digital challenges. His focus on mission readiness has ensured that each of the services is equipped with both the capabilities and the digital workforce necessary for modern warfighting.”

Sherman spent most of his federal civilian career in the intelligence community, starting as an imagery analyst. He worked his way up through the IC over the next 20 years, including positions as the CIA’s deputy director for open source intelligence, and eventually as the IC’s chief information officer. He joined DoD as its CIO in December 2021.

At Texas A&M, Sherman will succeed retired Gen. Mark Welsh, a former Air Force chief of staff, as the Bush School’s dean. Welsh now serves as the president of the university.

“When President Bush laid out his vision for the Bush School of Government and Public Service and the importance of preparing new generations of dedicated public servants, he thought of people like John Sherman,” Welsh said. “John is a true public servant, having worked in government service his entire career, including 25-plus years in the U.S. intelligence community. He’s built an incredible professional reputation as a leader in public service and national security, but maybe more importantly, for how he treats others.”

The post DoD CIO John Sherman to step down at end of June first appeared on Federal News Network.

Through the pandemic, the IRS learned it can move with urgency. And now that the emergency has subsided, Nancy Sieger, the former IRS chief information officer, believes that lesson isn’t going to waste.

Sieger, who will retire on June 1 after more than 40 years of federal service, including the last one as the Treasury chief technology officer, said IRS is building on the IT modernization lessons learned over the past few years.

“I think technologists saved the day during the pandemic. As the IRS CIO, I had the opportunity to lead IRS efforts to ensure that services to the public were handled in the most efficient way possible. If you think back to that time, businesses shut down, cities were practically shut down, and our economy was suffering and human beings were suffering. IRS focused really hard to issue three rounds of Economic Impact Payments. I am most proud of how IRS leadership and employees rallied to get money to the people in this country who needed it the most,” Sieger said during an “exit” interview on Ask the CIO. “We had a principle that any new technology would be built in a modernized way. We were really good at relying on the older systems and delivering fast. One of the opportunities we had with the Economic Impact Payments, looking to the future, feeling like IRS might be called upon again to do something similar. We had to challenge ourselves to say that may be easy and fast to build upon old operations, but how do we do this in a modernized way so that it’s repeatable? There were three rounds of payments, each round of payments came faster and faster, culminating within 24 hours. The Economic Impact Payments and that processing were built using new tools, new testing methods, new quality assurance processes and built in a modernized way. If IRS has to do that again, the strong foundation will be there.”

Sieger said it took constant reminders to build the confidence of the developers and engineers to the point where she and then-IRS Deputy CIO Kaschit Pandya, who is now the agency’s CTO, met daily with the technology workers who were writing code and analyzing it.

“We often had to say to our folks, ‘no, no, you have my permission to do it this way. Not [the old] way. It was risky. We managed those risks,” she said. “But ultimately, it resulted in little-to-no rework. I would say to you, on behalf of Kaschit and myself, the hours we spent with a team doing this the way it needed to be done was very fulfilling.”

IRS can accept, manage risks

That experience has helped the IRS continue to launch modern services, such as the direct file application, launched in March across 12 states. The IRS said the direct file pilot helped more than 140,000 citizens file their taxes online and for free.

There are plenty more opportunities for the technology development lessons learned from the pandemic to continue to spread across the IRS. Commissioner Danny Werfel told lawmakers in April that the tax agency needs $104 billion for a multi-year modernization effort.

Sieger said the experience over the last three-plus years taught the IRS it can accept and manage risks differently than before.

“We took a lot of risks. We weighed those risks. We said, ‘the worst thing that could happen is this. What are we going to do when that happens?’” she said. “I think our greatest opportunity is not forgetting how we did that, and bringing that forward into future operations. I’m trying not to say don’t be risk averse, but I’m going to say it. Don’t be risk averse and accept measured risk; know what could happen, know how you’ll adapt, but let’s face it, in our personal lives, especially in the technology space, how many of us get an update on our smartphone that didn’t work. But we know the next day it will be updated and fixed. Now I am not suggesting something so aggressive in government. But I am suggesting that we look back to how the government served this country during the pandemic and bring some of those skills and learnings forward to be even more effective and efficient in government service.”

One of the biggest reasons for the IRS’ success, beyond the urgency of the moment, was the top-cover leaders gave the developers. Sieger said helping employees reduce the fear of failure and ensuring they know they are not going to be left behind should something go wrong was a huge factor in the agency’s success.

“At the time, it was Commissioner Charles Rettig who was constantly keeping his hand on the pulse of the employees, working with Treasury to ensure that we were delivering the payments and processing tax returns and the IT workforce knew they had support. They were constantly asked, ‘What do you need?’ Sometimes they would tell us what they needed. Sometimes, I saw what they needed, and they wouldn’t ask. There was a particular weekend where the team was working really hard,” she said. “This was not a case of the workforce being hesitant to do new things. This was a case of the workforce having the skills they needed to do this in the most elegant way, and once leadership let them know — from Commissioner Rettig through the different deputy commissioners to myself and all the front line executives at the IRS who helped them — they were able to get things done and help the country. It was an example of coming together at the right time in the right way for the right outcome.”

The post How the pandemic changed IRS technology for good first appeared on Federal News Network.

The Marine Corps is close to testing out a key piece to its upcoming Fighting Smart concept.

As part of its goal to create an integrated mission and data fabric, the Marines will pilot an application programming interface (API) standard to better connect and share data no matter where it resides.

“Really over the next 12 months, we hope to have the autonomous piece of this API connection implemented in our environment in what we call the common management plane that allows us to execute enterprise data governance where we can then use the capabilities rather than the native capabilities within our environment to develop those data catalogs, to tag data, to track the data from its lineage from creation all the way to sharing and destruction within our environment and outside of our environment,” said Dr. Colin Crosby, the service data officer for the Marine Corps, on Ask the CIO. “We’re working with what we call the functional area managers and their leads on the data that they own because this is all new in how we’re operating. I need them to help me execute this agenda so that we can then create that API connection.”

Like many organizations, mission areas own and manage the data, but sharing because of culture, technology and/or policy can be difficult.

Crosby said the API connection can help overcome many of these challenges.

“Our first marker is to have a working API connection on test data. Once that happens, then we’re going to start accelerating the work that we’re doing,” he said. “We’re using logistics data so what we’re doing is using a dummy data, and we’re going to pull that data into our common management plane, and then from that CMP, we want to push that data to what we call the  online database gateway. Then, by pulling that into the OTG, we can then push it into the Azure Office 365 environment, where we can then use that data using our PowerBI capabilities within our environment.”

Testing the API before production

Once the API connection proves out, Crosby said the goal is to push data into the Marine Corps’ Bolt platform, which runs on the Advana Jupiter platform.

He said there is a lot of excitement from logistics and other mission areas around the Marine Corps to prove this API connection technology.

“As we get more comfortable moving forward, then we will bring on the next, what we call, coalition of the willing. As of now, we have a line because we have other organizations now that are like, ‘we want to be a part of this,’” Crosby said. “The training and education command is ready to go. So we’re excited about it because now I don’t have to work that hard to get people on board and now I have people knocking on my doors saying they are ready to go.”

Crosby added that before the API connection goes live with each new organization, his team will run similar tests using dummy data. He said building that repeatable process and bringing in some automation capabilities will help decrease the time it takes to turn on the API tools for live data.

Without these new capabilities, Crosby said it takes weeks to pull CSV files, thus delaying the ability of leaders to make decisions.

“With the API, we’re going to near-real time type of pull and push, which is speeding up the decision cycle,” he said. “Then there are opportunities to expand on that by building applications that will aggregate data and then being able to look at data to check the maintenance on equipment, and then it’d be a little bit easier to understand what we need and when. The goal is to shrink that decision cycle a little bit.”

The API connection tool is one piece to the bigger Marine Corps effort to create an integrated mission and data fabric. Crosby said that initiative also relies on the unification of the Marine Corps enterprise network to bring the business side and the tactical side together into one environment.

“The fabric is a framework and approach of our environment today and how we want to connect our environment in an autonomous fashion using APIs, so that we can pull data and we can share data, regardless of the cloud environment that it’s in, regardless of whatever database structure the data resides in,” Crosby said. “It allows us to be flexible. It allows us to scale and to really push data and pull data at a speed that we’ve never done before. What I love about the fabric is it really gets to that decision making. It allows our commanders to make sense and act within real or near real time.”

The post The Marine Corps’ plan to further breakdown data siloes first appeared on Federal News Network.

Federal News Network has learned Caron is heading to a new job in industry. The specifics about where he is going is unknown. His last day at ITA will be May 31.

Caron, who is well-known on the federal speaking circuit, has been the ITA CIO since February 2023.

Before that, he was the CIO for the inspector general office at the Department of Health and Human Services and worked for the State Department for 18 years, including the last two years as director of enterprise network management.

Caron also has played a big role in helping drive the development of zero trust concepts through the CIO Council’s Innovation Counsel for Zero Trust.

During his time at ITA, Caron focused on moving ITA to a more modern network and security infrastructure. For example, he implemented phishing-resistant multifactor authentication, in part, by sending each of ITA’s employees a “YubiKey” authentication device to meet MFA requirements.

“So we’re taking a lot of steps, we’re looking at some identity management things in order to mature identity management and automate our processes around that as well,” Caron said during a January 2024 panel.

He also has focused on ensuring ITA is managing its data so it’s protecting its most important and valuable data as part of its zero trust implementation.

Additionally, Caron said because ITA has been 100% in the cloud for several years, he has focused on understanding the costs of using cloud services and how to manage those costs.

“In the wake of the pandemic and the subsequent move to work from home, Gerry Caron was the right kind of leader at a critical time. Gerry helped galvanize the entire federal government around actual use cases for zero trust,” said Tom Suder, president of ATARC. “The effort led directly to several Technology Modernization Fund awards to agencies, specifically for zero trust that have been the model for funding cybersecurity.”

DISA executives move into new roles

Over the last few weeks, there also has been a few other noteworthy changes in the federal technology community.

Let’s start with the Defense Information Systems Agency where Sharon Woods, who led the agency’s hosting and compute center for the last almost three years moved to new role at the agency. She is now leading DISA’s Endpoint Services and Global Service Center.

“We deliver networking and endpoint solutions at all classification levels to the Department of Defense. This is a crucial mission, connecting the department’s globally dispersed workforce, from the Pentagon to the edge, with unified communications,” Woods wrote on a post on LinkedIn. “Incorporating my experience with cloud technology, I hope to drive modernization and propel J6 forward as the premier communications provider to the department.”

In her place, Jeff Marshall, who has been vice director of the hosting and compute center since February, is now acting director.

During her tenure as the head of the HACC, Woods helped usher the Joint Warfighting Cloud Capability (JWCC) through the implementation phase, launched DISA’s own hybrid cloud instance, called Stratus, and led the effort to provide a DevSecOps platform, called Vulcan, for DoD users.

Bill Dunlap, the acting deputy chief information officer for the information enterprise at the Defense Department, said on Tuesday at the AFCEA Enterprise IT Day that the defense agencies and military services have made 84 awards under JWCC worth more than $634 million.

Marshall joined DISA in February after spending the last 20-plus years in industry. He also served in the Army for 13 years before moving to industry.

New cyber execs at CTIIC, EX-IM Bank

Moving to the intelligence community, the Cyber Threat Intelligence Integration Center (CTIIC) hired Chris Zimmerman as its first director of the Office of Strategic Cyber Partnerships.

In that role, Zimmerman will “further the integration of commercial cyber threat intelligence in the IC and take an innovative approach to partnering with the public and private sector,” Laura Galante, the director of CTIIC and the IC Cyber Executive, said in a statement.

Zimmerman comes to CTIIC from industry where he held leadership positions with Symantec, FireEye, Palo Alto Networks, Cylance and, most recently, as President of FedStarts, LLC, where he led the deployment of software technology to enable stronger cyber defenses.

Finally, the Export-Import Bank has a new chief information security officer and new chief privacy officer. Darren Death joins the agency after spending the last nine years as the vice president of information security and CISO for ASRC Federal.

Death has worked in and out of government during his career, including stints at FEMA, the Library of Congress and the Air Force.

He also is active with cybersecurity education groups like InfraGard MD and is a fellow with the Institute for Critical Infrastructure Technology (ICIT).

The post ITA CIO Caron moving on to industry first appeared on Federal News Network.

Over the last decade, the Centers for Disease Control and Prevention’s website became bloated, making information hard to find.

An 18-month long effort, called Clean Slate, helped the CDC cut the digital fat by 65%.

Carol Crawford, the director for digital media at the CDC, said the agency used a customer-first approach to modernize its website, which relaunched yesterday.

“It was a complete overhaul of the whole user experience, and of course, a new look and feel,” Crawford said on Ask the CIO. “Coming out of the pandemic, we really looked at what we wanted to improve and what we wanted to do different. This went also along with CDC’s moving forward effort and, combining that, we launched what we call ‘Clean Slate’ and a big cornerstone of that project was starting over with a clean slate for CDC.gov. So that meant we were able to reduce about 65% of our content, which gave us more time and more energy to put toward improving the content that we had. We made a number of other updates that we thought would better improve the experience on CDC.gov.”

Crawford said some of changes to the website are basic like ensuring consistency in formats on all pages. Other changes are focused on the user such as CDC added page summaries to the top of every page so the citizen can quickly see if the page meets their needs.

“We’ve also really streamlined the navigation. We call it content first navigation that will guide a user through the journey of the content that they’re looking for,” she said. “ We organize the content by three primary audiences just to make it a little easier to spot the content that is just for just for you, or just for what you you’re looking for. And of course, we worked on the readability and the scanability of the pages on your desktop, mobile, iPad device. We’ve improved the fonts, for example, to make it easier to skim, kept our page length shorter, so that you can read quickly, and there is so much more.”

No IT upgrades needed

One factor that made the website revamp a little easier was the CDC didn’t have to upgrade the underlying technology.

Crawford said this let the CDC improve the existing technology stack, adding functionality like using metadata to automate pages where they used to manually update pages.

“We’ve expanded our application programming interface (API) use. We’ve expanded our data functionality and data visualizations,” she said. “We’re thinking about using AI, machine learning, natural language processing and some generative AI to really think about how to improve the quality of our content.”

Through a series of surveys and other feedback approaches, the CDC found that citizens and other users were “overwhelmed” by the amount of information on the website. Crawford said that stopped users from finding what they needed.

“We evaluated are these pieces of content that a user needs or ever looks for, are these old content and a number of other criteria, and really, it allowed us to just keep our highest performing content and the content that people really need each day,” she said. “We really looked across our site to see where we could improve on duplicate content. We definitely looked at what people were getting from other servers or sites, but we also looked internally, like many people, we also had duplicate content that we wanted to fold together and make it easier for people to find it all in one place on our site.”

The CDC’s website revamp comes as the Office of Management and Budget is emphasizing specific improvements across all agencies. Just recently, OMB said the Digital Experience Council completed the first federal website inventory and found more than 10,000 across the government. Clare Martorana, the federal chief information officer, said recently through this inventory, agencies will have a better idea of their entire ecosystem and what they need to do to secure it and improve the user experience.

The inventory is part of a bigger effort to improve the digital experience of users through the requirements laid out in OMB’s September memo and the 21^st Century IDEA Act.

OMB also recently issued new guidance for how agencies should improve accessibility under Section 508 requirements. The December memo, the first from OMB in more than a decade, requires agencies to design and develop “accessible digital experiences,” by taking a number of steps.

CDC kept users front, center

Crawford said CDC used the U.S. Web Design System standards and leaned into human centered design tactics.

“We worked together across all of our communicators at CDC. The entire group in my digital media division worked on this project along with our CDC.gov web council,” she said. “Human Centered Design was absolutely the cornerstone of what we’re doing. We made every decision thinking about what the users needed. We did extensive research on our audience needs. We included many steps during the process to collect information from our audiences. This included surveys, lots of user testing, things like a new rate this page feature. We also introduced a beta preview so that we could get lots of feedback from users and all in all we received about input from about 6,000 users so evolving, the audience was central to what we did.”

Like all agencies, the CDC had to take steps to make sure it was serving its diverse customer base. Crawford said that meant narrowing down their content around three particular audience areas:

• The general public
• Healthcare providers
• Public health professionals

“We’ve tested specifically with those groups, and then with a lot of diversity within those groups,” Crawford said. “We had to work across every content type CDC had and create ways that we knew would work for people. This meant engaging with people in the programs, the needs for audiences around flu might be different than the needs around audience around an injury topic, so we had to really work collectively. They have done the hard work of rewriting and reformatting content based on these best practices and the results of our testing.”

Going forward, Crawford said CDC will continue user testing and collecting user feedback. She said the agency is considering at least quarterly user testing with real people on the site as well as pop-up and email surveys.

The post CDC cuts the digital fat as part of its website redesign first appeared on Federal News Network.

CISA confirmed his last day will be in June, but didn’t say exactly when. A CISA spokesperson didn’t say who would be acting in his place after Goldstein leaves. Matt Hartman serves as Goldstein’s deputy.

Goldstein joined CISA in February 2021 from the private sector where he was the head of cybersecurity policy, strategy and regulation for Goldman Sachs.

In his role at CISA, he oversaw an assortment of initiatives to protect and strengthen federal civilian agencies and the nation’s critical infrastructure against cyber threats.

CISA Director Jen Easterly praised Goldstein’s contributions over the last few years.

“I could not be prouder of the work that Eric Goldstein has done to move CISA forward as an agency. He has helped catalyze a shift across the agency to data-driven risk reduction and built an inclusive team that has enabled CISA and our partners to confront the serious cyber threats facing our country,” Easterly said in a statement. “Under Eric’s superb leadership, we pioneered new models of operational collaboration, reshaped our ability to detect and address cyber risks and shifted the balance toward building technology that is secure by design. I consider myself fortunate to be Eric’s teammate and know that he will carry his dedication to a secure and resilient nation forward in his next adventure.”

Federal cyber leaders on the move

Goldstein’s decision to leave government comes two days after Chris DeRusha, the federal chief information security officer, announced his decision to move on.

The departures of DeRusha and now Goldstein are also causing several other changes across CISA. Mike Duffy, the associate director for capacity building in the cyber division, is taking a detail to be the acting Federal CISO. On top of Duffy’s leaving, even for a short time, CISA has also seen several other senior cyber leaders head out the door, including Sean Connelly, who led the federal zero trust and Trusted Internet Connections efforts.

Among his accomplishments during his time at CISA include leading an effort to create the first ever CISA cyber strategic plan last summer, which he said will fundamentally shift the way the agency works, how it prioritizes resources and how they work with their stakeholders.

During his tenure, CISA issued seven emergency cyber directives for agencies, including one in April around Russian hackers taking advantage of a Microsoft vulnerability, to address immediate threats.

Another big focus over the last three years was the Federal Enterprise Improvement Team (FEIT), which the agency funded through a portion of the $650 million CISA received under the American Rescue Plan Act of 2021.

This was Goldstein’s second stint in government. He worked from 2013 to 2017 at CISA’s precursor agency, the National Protection and Programs Directorate, in various roles including policy advisor for Federal Network Resilience, branch chief for Cybersecurity Partnerships and Engagement, senior advisor to the assistant secretary for cybersecurity and senior counselor to the undersecretary.

CNN first reported Goldstein’s departure.

The post Second senior cyber leader this week to exit federal service first appeared on Federal News Network.

The Department of the Air Force’s chief information officer’s strategy to increase the capabilities of its airmen and women and guardians is centered on increasing the use of cloud services.

Venice Goodwine, the Air Force’s CIO, said the cloud cannot be thought of as just for business applications. The lines between the back office and the tactical edge have blurred, she said.

“I’m expanding the cloud from NIPERNet [unclassified network] to SIPRNet [classified network] and also having all those capabilities as well in that cloud on both sides. As we think about the different classifications, how do we get there with those same human-to-human capabilities are important?” said Goodwine said at the recent AFCEA NOVA Air Force IT Day, an excerpt of which was played on Ask the CIO. “The other thing when I’m thinking of the cloud, it’s an investment. But I’m also going to create the transparency that we haven’t seen before in the cloud. Now when I think financial operations in the cloud, I now can talk to my system owners about their investment in the cloud, tell them when to pay for reserve instances. I could talk to them about how can they make adjustments in their investment based on the usage or their computing and storage? I didn’t have that visibility before.”

The Air Force is planning to have a single tenet for Office 365 on the secret side, which is different than what the service did with its unclassified version, which had multiple tenets

Several other military services and agencies also have rolled out O365 on the secret side recently.

“What’s important for my cloud strategy is making sure that I have cloud at the tactical edge. That’s my reliance on commercial cloud services at the edge because if I’m going to have decision advantage, I have to make sure that the data is available. The data needs to be where the warfighter is and the data needs to be in the cloud,” Goodwine said. “I don’t intend to put the data in the continental United States (CONUS) when I’m fighting in INDOPACOM. I need the data there. But then I also need the cloud at the edge. I need the data at the edge. I need artificial intelligence to make sense of the data. And it needs to be trusted. So all the attributes, you talk about data, I need all of that there. So it’s not just enterprise IT. It is it for the warfighter. That’s my mantra and you’ll hear me say that all the time and my team speak that same language.”

Air Force expanding virtual environment

The Air Force continues to mature its approach to buying cloud services. Goodwine, who became the CIO in August, said the Joint Warfighting Cloud Capability (JWCC) remains the first option of where to buy cloud services, especially for new workloads. But, she said, those workloads and applications will remain in the CloudOne platform.

The Air Force is working on a new solicitation for CloudOne, called CloudOne Next.

The Air Force released its request for information for CloudOne Next in September and just in March, it offered more details on its acquisition strategy.

The Air Force expects to release three solicitations for CloudOne Next in the third quarter of 2024 and make the award in the fourth quarter of this year. It will be three single-award blanket purchase agreements on top of the schedules program run by the General Services Administration.

As part of this cloud expansion, Goodwine said the Air Force is developing a virtual environment to make it easier to access applications in a secure way.

“If you’re on your home computer, you have a Mac, you can go to portal.apps.mil and you can access your O365.You can be as productive as you need to be. There is no need for you to VPN in and you can use your home network,” she said. “You want to be able to access your OneDrive, all your apps and email, you can do that today. You only VPN in because you’re trying to get to some shared drives that we’re going to shut down eventually anyway. So really, those are the things that we already have in play that we should take advantage of, especially now that we’re in a hybrid environment. As we move forward, yes, understanding the work that’s done, the hours required to do that work so that we can make better investment decisions about the technology that we want to use, so I do think there’s a connection between technology and people hours.”

Additionally, Goodwine said the Air Force will expand its “Desktop Anywhere” initiative beyond just the Air Force Reserve Command.

“It now has an Impact Level 5 authority to operate, and we’re going to move it [off-premise] so we’re expanding that. We’ll have the ability to do more of these virtualized environments,” she said. “From a cybersecurity perspective, it’s a great idea because I just reduced my attack surface and from a productivity perspective, it’s absolutely faster, better, cheaper, and it now really allows you to be mobile, which is what I want my workforce to be the airmen and guardians.”

The post Air Force increasing cloud capabilities for the warfighter first appeared on Federal News Network.