The administration is making a significant push to reform federal IT, as seen in the president's 2016 budget request and the appointment of two industry veterans as the nation's top technologists: Google alum CTO Megan Smith and newly appointed Federal CIO Tony Scott, former CIO of VMware.
Scott, in particular, will be charged with leading the government's modernization effort and is expected to bring his vision and experience as CIO of multiple Fortune 500 companies (Microsoft, Disney, General Motors) to bear on the slow, often wasteful realm of federal IT.
As he enters the public sector, Scott's priorities will be focused on three key areas: better efficiency and performance on IT projects; bolstering the workforce through better hiring and training; and cybersecurity.
These priorities are reflected in a number of IT initiatives in the president's 2016 budget proposal. As the government's top IT official, Scott will be coordinating adoption of these programs across all federal agencies but largely in a supervisory, leadership role.
"There is no other CIO job like it," said Jason Kimrey, area director of Intel Federal. "He's going to be looked at as somebody to help be a coordinator and also a leader in terms of identifying what are the top priorities and really leading that federal CIO community … really identify what are those core fundamental issues he's going to lead around."
Project performance and efficiency
A key Management Agenda item outlined in the president's 2016 budget proposal centers on improving technology-delivered services and performance while decreasing waste. The budget includes some $450 million to create public-facing dashboards to detail federal IT project status and oversight, as managed by the White House's PortfolioStat initiative.
Scott will lead the PortfolioStat effort and focus on getting agencies to report more through the program, as well as use the data and lessons learned to improve new projects as they come on board. Creating a culture where reports are seen more as a tool than a mandate should be a central priority for the nation's top CIO, experts say.
The president's budget also calls for scaling up the nascent U.S. Digital Service (USDS) by creating teams at 25 more agencies. The original USDS was established last August to help agencies improve citizen services through technology. Building on successes with Healthcare.gov and Veterans Affairs' E-Verify service, the new USDS teams will be imbedded throughout the federal government to provide consumer-centric support.
How these teams will interact with the existing agency CIOs has yet to be determined, according to USDS Administrator Mikey Dickerson. Ensuring good working relationships and smooth transitions for both sides will require leadership at the top, particularly from the new federal CIO.
Megan Smith currently serves as the federal CTO in the Office of Science and Technology Policy.
Photo Credit: Rob Curtis/Staff
The CIO environment will be going through some drastic changes this year, as well, with the implementation of the Federal IT Acquisition Reform Act (FITARA). The central theme of FITARA gives top department-level CIOs more authority over IT programs and budgets being implemented by lower-level component agencies, increasing accountability across the federal government.
Scott should work directly with the Office of Management and Budget to develop the policies that will be used to implement FITARA and ensure that accountability doesn't become the enemy of progress.
But getting the government to a place where IT projects are both efficient and effective will take more than policy. It requires a change in culture at the workforce level.
"One of the first indications we've gotten from Tony Scott is an early interest and willingness to address workforce issues in the federal government," said Rick Holgate, CIO at Alcohol, Tobacco, Firearms and Explosives (ATF) and president of the American Council for Technology.
Almost 50 percent of the federal IT workforce is over 50 years old, according to Office of Personnel Management numbers. While age doesn't preclude cyber skills, the rapid evolution of technology requires regular training to stay current.
And skills training should extend beyond traditional IT roles, Holgate said.
Training initiatives should be "looking at skill sets in the technology community, not just IT but the community overall and adjusting the skill sets to meet the demands of what we buy and how we buy things today," he said. "Those skill sets stretch across the technology community in terms of IT professionals to contract professionals and acquisition professionals to program managers."
Supporting these kind of initiatives will lead to more creativity in IT contracting, as well as less waste and more agility in IT projects, Holgate said.
"You don't necessarily need them all to be coders," said Dan Chenok, executive director of the IBM Center for The Business of Government and chair of the Industry Advisory Council. "But you do want them to be able to understand enough about technology and how it operates in an agency setting to be able to help advise how to adopt those processes to make intelligent decisions."
Another long-term solution to keeping government on the cutting edge will be to bring in expertise from the private sector, even if it's only on a temporary basis.
The USDS is already doing this on a small scale at OMB, which federal CTO Megan Smith likened to the National Guard model.
"We want the technical people to come and serve," Smith said at an ACT-IAC event on government innovation on Feb. 5, the same day Scott's appointment was announced. "You don't have to come for your whole life — you can if you want to. But come for tours of duty: come as a reserve, come for two weeks, come for months, come for two years and come in and out of government just like our colleagues in other fields are doing."
Scott mentioned this model during a meeting with the Council of CIOs on Feb. 11.
"Two of his interests as a federal CIO were addressing workforce issues and blurring the boundary between government and industry," Holgate said. "Not only attracting new entrants into the federal workforce from industry with the right skill sets, but potentially for a temporary period — bringing them on board for a finite term … and also looking at exchange programs between the government and industry."
As these ideas evolve, Holgate hopes Scott can provide agencies with guidance on how to properly use these arrangements in a consistent way across government.
Any discussion on IT today must include cybersecurity.
"The good news for [Scott] is the administration's focus in support of cybersecurity," said Rob Potter, vice president of public sector for Symantec.
Scott's job will be to communicate those policies down the line to component CIOs and ensure they have the tools to follow through. This won't be an easy task, according to Potter, but there are some support structures already in place for the new federal CIO to capitalize on, as well as significant funding for cybersecurity in the president's 2016 budget proposal.
"Running the IT infrastructure of a federal agency I would argue is one of the toughest jobs out there in IT," Potter said, but Scott can make it easier by promoting collaboration between agency CIOs.
"The thing that's going to help them achieve that type of collaboration is to continue to have these types of committees or organized thought-leadership sessions where CIOs come together and discuss some of the challenges they're seeing inside their particular agency," Potter said, honing in on groups like the Federal Council of CIOs.
Potter cited security challenges like mobility and cloud, along with being able to identify and respond to networks breaches in a timely manner.
The second set of task orders on the Continuous Diagnostics and Mitigation (CDM) program are expected this spring, bringing CDM to some 50 agencies and departments. Continuing to scale continuous monitoring as a service throughout the federal government will require a concerted effort but this program has the biggest potential for real results in cybersecurity.
The second phase of CDM will focus on the other major security issue for federal agencies: identity, credentials and access management.
Agencies are pushing forward with the use of common access cards and personal identity verification cards as a means of ensuring only authorized users gain access to their networks. As simplified multifactor methods like derived credentials and device authentication develop, the federal CIO should be aware of the effects they have on security, as well as employee workflow.
However, any cybersecurity effort is only as good as the people clicking.
A recent SolarWinds survey found the primary concern for federal IT managers is accidental data leaks caused by unwitting or untrained employees. A basic understanding of cyber hygiene and regular training on new and evolving threats would go a long way toward mitigating that risk.
If Scott really wants to lead on cybersecurity, he should start with better training for the federal workforce.
Most are optimistic that Scott is the right person for the job.
"He will bring in a new perspective to the role," Kimrey said. "He's the first incoming federal CIO who was a CIO in his prior life. It's going to be interesting to see how he brings some of the private-sector best practices into the role."