Dec 07 2016

Feds Says Security, Agencies’ Mission Cannot Be Forgotten During 2017 IT Transition

As the Trump administration takes shape, the changeover should not impair how technology helps agencies meet their mission goals, federal IT leaders said at an event in Washington.

With a little more than six weeks before Inauguration Day, federal IT leaders are looking past the transition to what the technology landscape will look like in 2017 under the Trump administration. While the transition remains a key focus, federal IT leaders said that cybersecurity and using technology to help agencies meet their missions and mandates should not be abandoned as new IT leaders come in and fresh priorities get set.

The IT leaders, speaking at an AFFIRM event titled “Beyond the Transition: Government IT 2017,” on Wednesday in Washington, said that it is imperative that career appointees and rank-and-file workers keep their attention focused on executing critical mission priorities. Part of that is maintaining cybersecurity protections, the officials said, because the threat of cyberattacks and intrusions from other countries and nonstate actors is not going away.

Maintaining Key Priorities, Including Security

Luke McCormack, the outgoing CIO of the Department of Homeland Security, urged his successor and career staffers at DHS to “double down” on the various activities that are underway at the agency. “For us, the focus remains on keeping this country safe,” he said, but other agencies should tend to their core missions.

At the same time, he said, agencies need to prepare for new policy directives from incoming agency chiefs and department secretaries, which will inevitably involve IT.

McCormack said that maintaining a strong cybersecurity posture is also critical, as is continuing to meet goals set forth under the Federal Information Technology Acquisition Reform Act (FITARA), especially for streamlining IT acquisitions, adopting agile development processes, cutting down on shadow IT, reducing costs and improving performance.

DHS spends a little over $6 billion annually on IT, McCormack noted, with roughly 70 percent of those costs going to operations and maintenance of existing systems. Going forward, he said, he is seeing a “tectonic shift” in how DHS will spend that money, as the agency adopts agile development, continuous delivery model and the cloud. Agencies need to ensure they have enough capacity in terms of staffers and resources to continue those shifts, he said, and need to be held accountable, both within government and by industry.

Maria Roat, CIO of the Small Business Administration, added that agencies are working diligently tending to the priorities of political appointees who will be leaving come January, while also laying out plans for 2017.

Roat, who joined SBA in October, said she has laid out all of the ways that SBA gets measured on its IT performance, including via FITARA, in one place. “I don’t think my team has ever seen that,” she said. All of those metrics will go into SBA’s performance plans, and it will be critical that the agency’s IT department work with other senior leaders at the agency to make sure the goals are met, she said.

Some officials will stay on during the Trump administration and they will need to keep the trains running. Sanjeev Bhagowalia, CIO of the Treasury Department, is a career appointee who says the department has a huge responsibility. A large chunk of the U.S. GDP, in terms of tax collection and revenue disbursement, flows through Treasury’s systems, he noted.

Bhagowalia said that citizens are demanding a more digital and mobile government that they can access at any time on any device, which remains a challenge to deliver while agencies focus on their missions.

At the same time, he said, Treasury needs to make sure all of its IT systems are secure and reliable and protected against cyberattacks, which are being directed more at private industry than government agencies. Agencies need to adopt multifactor authentication and make sure they are protecting their high-value assets, he said. Bhagowalia said that the appointment of Greg Touhill as the first federal CISO is “very, very important” and that the next CISO will need to help agencies balance privacy concerns with increased security.

Changes Affecting Agencies Big and Small

The transition will affect both tiny and large agencies. One such smaller agency is the International Trade Commission, an independent, bipartisan, quasi-judicial bureau that determines the impact of imports on U.S. industries and directs actions against unfair trade practice.

Kirit Amin, CIO of the ITC, said many of the rules meant to govern IT in federal agencies do not apply to the more than 90 smaller federal agencies like the ITC that are not governed by the CFO Act.

“All of them have some critical mission,” he said. “Where does this go if these agencies are not paid attention to or not included in all of these measures and the missions that the government performs?”

The ITC’s commissioners will stay on past the transition since they are appointed for defined terms, Amin said, but the ITC won’t get a pass if it gets hacked, he noted. Amin urged the CIO Council to add a 25th seat to represent smaller agencies in addition to the 24 CFO Act agencies.

Bhagowalia, who has been working in government since leaving an engineering job at Boeing 17 years ago, said that “the job done by all of us together in government always amazes me.” The country has united in the past across different belief systems and lines of separation, and that energizes government workers. “To me, that is what needs to be done,” he said.

Enano275/Wikimedia Commons