CIA Turns to Fast Food for IT Innovation, and FBI Takes Note

When the CIO at the nation’s premier spy agency needed to explain a new business model to his IT team, John Edwards invited an executive from McDonald’s to the CIA to talk about the Big Mac.

According to Edwards, the executive explained how all McDonald’s restaurants follow the same recipe for the signature hamburger, despite being franchisees. The CIA is taking an approach to IT that mimics the franchise model used by McDonald’s and other fast food chains, said Edwards, who has been in his post for a little more than two years. The goal is to give the CIA’s different mission areas more control in how they procure and use IT.

Speaking April 5 at FedScoop’s IT Modernization Summit in Washington, D.C., Edwards noted that there is often a “material difference” between “enterprise IT” for the entire agency and “mission IT” used by specific agency mission areas, such as the Clandestine Service. Having the office of the CIO be responsible for all of that proved to be challenging, Edwards said.

Each office wants to manage its own IT, Edwards said, so the CIA started to look at its different mission areas as franchisees, each with about five IT staff members. They are allowed to manage and run their own, mission-specific IT but, like chain restaurant franchisees, must maintain the overall brand. For the CIA, that means adhering to the agency’s strict IT security controls and not placing equipment or software on the agency’s network “that could compromise our network or our data,” Edwards said.

Now, every CIA mission entity is a franchisee, Edwards said, noting that each quarter a different “franchise” is honored for its performance.

SIGN UP: Get more news from the FedTech newsletter in your inbox every two weeks!

FBI Wants to Give Field Offices IT Flexibility

Speaking alongside Edwards, FBI CIO Gordon Bitko said that he has “tried to beg, borrow and steal” ideas from Edwards. While the FBI has not adopted the franchisee model from CIA, it has attempted to give its different components flexibility.

Bitko noted that the law enforcement agency has 56 field offices, and they deal with hundreds of different threats and all have “very specific, unique challenges.” Some deal with counterterrorism, while others have a focus on violent crime and child pornography. All of those efforts “span different needs, different data collected under different legal authorities,” Bitko said, which can lead to a “fragmented environment.

FBI CIO Gordon Bitko, second from left, speaks alongside CIA CIO John Edawrds, third from left, about IT innovation. Photo credit: Phil Goldstein

The FBI is trying to take a similar approach to the CIA, Bitko said, in that it is focused on delivering a number of core, shared IT services at the enterprise level, and allowing different field offices and mission areas to have more flexibility to pursue mission-specific IT.

“I don’t like the term shadow IT, either,” Bitko said, hitting on a theme he has discussed in the past. Shadow IT — unauthorized technology services and apps that are procured outside of the IT department — is a “pejorative” term, Bitko said.

“It connotes to people that you are doing something wrong and hiding it,” he said. “My goal is to empower them.”

While Bitko said the FBI has not gone down the CIA’s route on franchisees, by delivering a core platform of IT services to field offices, he said the FBI enables and encourages agents and IT professionals to “drive new technology at the mission edge.”

Like many agencies, Bitko said, the FBI is now an IT organization. “There isn’t a single thing we do at the agency that IT isn’t fundamental to our ability to be successful,” he said. His goal is to be able to allow mission areas to be on the “cutting edge, the pointy end of the spear.”