While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Tens of millions of voters will cast ballots today in the 2016 presidential election, with the victory likely to go to one of the two major party nominees, Hillary Clinton or Donald Trump.
Many issues, foreign and domestic, are being weighed by voters, and the outcome will have enormous impact on the country and the world. But what will the election, and subsequent presidential transition, mean for federal CIOs and IT leaders?
The transition will likely put on hold some IT projects at agencies, as new CIOs come in to fill spots that political appointees will vacate as of Jan. 20, 2017. However, smaller agencies, or those with fewer political appointees, may be spared some of this disruption. Meanwhile, some issues are not going away, including data center consolidation and optimization, the move to the cloud and concerns about cybersecurity.
(For coverage on how states are handling the 2016 election, visit this page.)
Typically, when a new administration comes in, IT projects are disrupted because of changes in agency leadership. “Obviously, it will vary significantly from agency to agency, but generally it is quite disruptive,” Richard Spires, the former CIO of the Department of Homeland Security who now serves as CEO of the IT training firm Learning Tree International, told CIO magazine.
There will likely be a delay in major projects as new agency IT leadership comes in next year. “No one wants to be out in front of where the new political leadership wants to go,” Steve Bennett, director of global government practice at analytics software provider SAS, told CIO. Bennett is the former director of the National Biosurveillance Integration Center at DHS.
Smaller projects could be ones that get delayed. “Sometimes new administrations come in and they stop projects that are underway,” Bennett said. “Often the transition will occur in the middle of the deployment of a project that will get stopped. Operationally, that can create a lot of turmoil in an IT organization.”
However, major governmentwide IT programs, such as the Data Center Optimization Initiative, the government’s cloud-first policy and the drive toward modernizing legacy IT systems, are unlikely to go away, even if progress gets stalled for a short time. Career officials, including deputy CIOs and other nonpolitical appointees, are going to keep the trains moving in the meantime.
Speaking of IT modernization, late last month federal CIO Tony Scott laid out guidance from the Office of Management and Budget on the topic. The guidance distills many of the principles Scott has pushed for ever since the Obama administration outlined plans in February for a $3.1 billion revolving fund for updating legacy technology.
Meanwhile, according to CIO, Scott is preparing something akin to an “IT report card.” According to unnamed industry officials familiar with the effort, Scott will aim “to offer a candid assessment of the current state of federal IT that could help orient the incoming CIO and make for a smoother handoff, should Scott opt to exit the government, than he experienced when he took over the job from his predecessor.”
Where do the candidates stand on the key technology issues? FedScoop has a rundown that compares Clinton’s and Trump’s positions.
In June, Clinton unveiled a comprehensive technology and innovation agenda. Among its many proposals, Clinton is calling for the creation of a Chief Innovation Advisor to reduce federal regulatory barriers. This official “would spearhead reforms across the government such as those spurred by the bipartisan FDA Safety and Innovation Act, which created a pathway for the quicker approval of medical device innovations to catalyze technological development.”
Clinton also wants to make digital services a permanent priority for federal agencies: by making the U.S. Digital Service and other digital services (like the General Services Administration’s 18F unit) “a permanent part of the executive branch to ensure that technical innovation becomes an ongoing feature of American governance.”
The goal is for these digital services teams “to develop a coordinated approach to tackling pressing technology problems,” states Clinton’s technology agenda. Additionally, Clinton wants to “explore ways to leverage these capabilities to help our state and local governments with their own tech issues and agencies.”
Trump’s positions on tech issues beyond cybersecurity are less clear and he has not spelled out a lucid agenda on IT or innovation policy. “There’s a lot less clarity around a Trump administration and what exactly they would do from a technological perspective,” Trey Hodgkins, senior vice president at the IT Alliance for Public Sector, a division of the Information Technology Industry Council, told CIO.
Hodgkins said that senior Trump campaign staffers and officials from the tech sector have discussed ways to ease barriers for companies to do business with the federal government. “The conversations that have been had with the Trump campaign have focused more on the compliance challenges and burdens that being a vendor in the government sector can [entail],” Hodgkins says. “They would be willing to look at those burdens.”
Whoever wins, concerns about cybersecurity threats won’t disappear. Due to the hacking of the Democratic National Committee during the campaign, cybersecurity actually gained in stature as a campaign issue.
As Nextgov notes, the next administration will inherit a highly complex landscape of cybersecurity threats, from both state actors like China and Russia to nonstate actors like “hacktivist” groups.
President Obama earlier this year laid out his Cybersecurity National Action Plan (CNAP), which included the creation of the Commission on Enhancing National Cybersecurity. The Commission was established by executive order in February and includes key strategic, business and technical thinkers from outside of government. The Commission’s goal is to recommend actions that can be taken by the federal government and private sector over the next decade to enhance cybersecurity while at the same time protecting privacy, fostering development of new technologies and promoting cooperation between government and industry. The commission is preparing a report due Dec. 1.
Clinton’s agenda says she wants to build on the CNAP, “especially the empowerment of a federal Chief Information Security Officer, the modernization of federal IT, and upgrades to government-wide cybersecurity.” She wants to “prioritize the enforcement of well-known cybersecurity standards, such as multi-factor authentication, as well as the mitigation of risks from known vulnerabilities.”
Clinton also wants to encourage agencies to consider tools like “bug bounty” programs, modeled on the Defense Department’s recent ‘Hack the Pentagon’ initiative, to encourage hackers to responsibly disclose vulnerabilities they discover to the government. She also wants to enhance government’s ability “to test its own defenses by increasing the capacity of elite, cleared government red teams to help agencies find and fix vulnerabilities before hackers exploit them.”
Meanwhile, Trump has said he will order an immediate review of all U.S. cyberdefenses and vulnerabilities, including critical infrastructure, by “a Cyber Review Team of individuals from the military, law enforcement and the private sector.” This team will then “provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will be followed up regularly at various federal agencies and departments.” The team will “also establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack.”
Trump also plans to instruct the Justice Department “to create Joint Task Forces throughout the U.S. to coordinate federal, state and local law enforcement responses to cyber threats,” states his agenda, and will order the secretary of defense and chairman of the Joint Chiefs of Staff “to provide recommendations for enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain.” Trump also wants to “develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.”
For more coverage on how states are handling the 2016 election, visit this page.